Mysterious online ‘Shadow Brokers’ group may be selling the NSA malware, in preparation for historic hack of the nation’s top spy agency

( An enigmatic online group that calls itself “The Shadow Brokers” is claiming that it has penetrated the National Security Agency, lifted some of its malware and is now attempting to auction the files to the highest bidder, Foreign Policy magazine reported in its online edition.

The group, which FP tracked to this online site that has since been taken down, appears to be making a legitimate claim, though the authenticity of the files has yet to be confirmed, according to security researchers who have examined their content.

The release closely follows a series of disclosures that emails and documents belonging primarily to Democratic officials, but also some Republicans. Security researchers say they believe those hacks were undertaken by operatives believed to be working on behalf of Russia, as has reported.

The NSA would not answer questions about the alleged breach earlier this week, FP reported. But, if someone has actually managed to penetrate one of the world’s foremost signals intelligence agency and post its code online all to see – and buy – that would represent, in the Internet age, a historic blow.

“It’s at minimum very interesting; at maximum, hugely damaging,” Dave Aitel, a former NSA research scientist and now the CEO of the security firm Immunity, told FP. “It’ll blow some operations if those haven’t already been blown.”

The files, which were posted last weekend, were posted in two sets. Hackers offered one set for free, while the other remains encrypted and is now being auctioned online, payable in bitcoin, the cryptocurrency.

That set, the so-called Shadow Brokers noted, contains “the best files.”

If the group raises at least 1 million bitcoin, or the equivalent of $550 million, it says it will post additional documents and make them free as well.

As FP reported further:

The set of files available for free contains a series of tools for penetrating network gear made by Cisco, Juniper, and other major firms. Targeting such gear, which includes things like routers and firewalls, is a known tactic of Western intelligence agencies like the NSA, and was documented in the Edward Snowden files. Some code words referenced in the material Monday — BANANAGLEE and JETPLOW — match those that have appeared in documents leaked by Snowden. Security researchers analyzing the code posted Monday say it is functional and includes computer codes for carrying out espionage.

If the breach and leak of NSA code is real, and so far, FP says, researchers say it is, then it represents a major escalation in information warfare being carried out in the shadows between Russia and the United States.

Over the course of several weeks Russian hackers have posted stolen emails and other documents on another mysterious site, The same hackers have also broken into information systems operated by the Democratic National Committee, and they likely fed documents lifted from those servers to WikiLeaks.

That leak set of a major political firestorm in the U.S. with the DNC on the eve of the party’s nominating convention. It had larger ramifications in that it led to the resignation of party head Debbie Wasserman Schultz and prompted the campaign of Hillary Clinton to charge that her GOP rival, Donald J. Trump, was benefitting from the Russian intervention, as if Moscow favored him over Clinton. Intelligence officials have not commented one way or the other, but there is no direct evidence to suggest that the Trump campaign is working with the Russians, as the Clinton machine has claimed.

The goal of the operation is not clear at this point, FP noted. The files appear to have been hacked in late 2013, after the Snowden revelations, so that means whomever took the files has been sitting on them for three years. Why post them now and for what purpose are questions that are no doubt being debated within the Obama administration.

Cesium Eliminator (728 x 90)

More: is part of USA Features Media.

value="Enter your email address here..." style=" border-radius: 2px; font: 14px/100% Arial, Helvetica, sans-serif; padding: .2em 2em .2em;" onfocus="if(this.value == 'Enter your email address here...') { this.value = ''; }" onblur="if(this.value == '') { this.value = 'Enter your email address here...'; }" />

style="display: inline-block;

outline: none;

cursor: pointer;

text-align: center;

text-decoration: none;

font: 14px/100% Arial, Helvetica, sans-serif;

padding: .2em 1em .3em;

text-shadow: 0 1px 1px rgba(0,0,0,.3);

-webkit-border-radius: .2em;

-moz-border-radius: .2em;

border-radius: .2em;

-webkit-box-shadow: 0 1px 2px rgba(0,0,0,.2);

-moz-box-shadow: 0 1px 2px rgba(0,0,0,.2);

box-shadow: 0 1px 2px rgba(0,0,0,.2);"


comments powered by Disqus