The posting of a catalog offering the supersecret National Security Agency’s hacking tools has been blamed on Russia by the Obama administration, but America’s most respected journalist covering the NSA beat writes that rather than a Russia hack, the raid on the NSA’s family jewels was more likely an inside job.
From James Bamford, writing for Reuters:
Like a bank robber’s tool kit for breaking into a vault, cyber exploitation tools, with codenames like EPICBANANA and BUZZDIRECTION, are designed to break into computer systems and networks. Just as the bank robber hopes to find a crack in the vault that has never been discovered, hackers search for digital cracks, or “exploits,” in computer programs like Windows.
The most valuable are “zero day” exploits, meaning there have been zero days since Windows has discovered the “crack” in their programs. Through this crack, the hacker would be able to get into a system and exploit it, by stealing information, until the breach is eventually discovered and patched. According to the former NSA officials who viewed the Shadow Broker files, they contained a number of exploits, including zero-day exploits that the NSA often pays thousands of dollars for to private hacking groups.
The reasons given for laying the blame on Russia appear less convincing, however. “This is probably some Russian mind game, down to the bogus accent,” James A. Lewis, a computer expert at the Center for Strategic and International Studies, a Washington think tank, told the New York Times. Why the Russians would engage in such a mind game, he never explained.
Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents.
So, if Snowden could not have stolen the hacking tools, there are indications that after he departed in May 2013, someone else did, possibly someone assigned to the agency’s highly sensitive Tailored Access Operations.
[W]e now have entered a period many have warned about, when NSA’s cyber weapons could be stolen like loose nukes and used against us. It opens the door to criminal hackers, cyber anarchists and hostile foreign governments that can use the tools to gain access to thousands of computers in order to steal data, plant malware and cause chaos.
It’s one more reason why NSA may prove to be one of Washington’s greatest liabilities rather than assets.