Content, Breach

The NSA Mess: Cyber Weapons Robbed by Shadow Brokers For Sale to U.S. Adversaries

Three questions: First, who’s responsible for stealing the National Security Agency’s (NSA) cyber survelliance tools -- the mysterious Shadow Broker hackers, leakers or both? Second, have adversaries (Russians, North Koreans) outmaneuvered U.S. intelligence to take up virtual residence in the NSA? Third, are hackers, attackers and leakers crushing secrecy?

The answers are so elusive that after more than a year of investigation, NSA officials still have no certainty of who the Shadow Brokers are and how they got inside the agency, a New York Times expose revealed. What’s more, internal inquiries to ferret out leakers have apparently aroused suspicion and chipped away at agency morale.

Let’s be clear that it’s those Shadow Brokers -- who began stealing NSA spy tools last year and subsequently offered a subscription service to monthly data dumps of the agency’s hacker tools -- that have moved upward from biting its ankles to twisting its arms. Remember, it’s pilfered NSA kits that catalyzed the destructive WannaCry ransomware outbreak last May.

The fallout has now appeared: The NSA’s stealthy hacking code, its cyber weapons to steal documents, spy on email, change data without detection or key a hacking operation, are for sale by the Shadow Brokers to Russian and North Korean antagonists looking to do to the agency what it seeks to do to them, the report said. And to add insult to injury the notorious hackers have humiliated the NSA with taunting, cryptic messages along the way.

"It's a disaster on multiple levels," Jake Williams, an ex-NSA cybersecurity expert, told the newspaper. "It's embarrassing that the people responsible for this have not been brought to justice."

There’s a reasonable argument that trying to pin down the hackers or uncover internal leaks misses the point. Did the NSA get what it had coming? For years, the agency has been allowed to hoard the nastiest of zero day vulnerabilities rather than disclosing them to software vendors for the greater good. It’s not a stretch to say the NSA’s prime directive for cyber attacks shrouded the necessity to protect itself from hackers. If that’s the case, it’s a misfit way to think -- seemingly inattentive to the value of its trove of malicious code to cyber criminals.

However, as the Times points out, the NSA maintains that it shares 90 percent of the vulnerabilities it finds and only stashes the most valuable for when it needs them.

“We’re obviously dealing with people who have operational security knowledge,” Williams told the Times. “They have the whole law enforcement system and intelligence system after them. And they haven’t been caught.”

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.