id2957885nationalsecurityagencynsaheadquarters100040921orig100601285orig
Security

Shared code in Snowden leaks and NSA breach support hackers' claims

Documents leaked by former National Security Agency contractor Edward Snowden share a malware tracking code with several files released this week by hacking group Shadow Brokers, according to a news report.

Shadow Brokers claimed they had hacked a cyberespionage team linked to the U.S. spy agency when they released a group of sample files earlier this week. Similarities between the Shadow Broker files and information in documents leaked by Snowden give credence to the claims by the anonymous hacking group.

Fourteen files in the Shadow Brokers leak contain a 16-character string, "ace02468bdf13579," that NSA operatives used to track their use of one malware program, The Intercept reported Friday. That tracking string was described in an NSA manual for implanting malware originally leaked by Snowden, The Intercept reported.

That tracking string was tied to malware called Seconddate, allegedly designed to intercept web requests and redirect browsers to an NSA server, according to the story. Snowden's leaks provided information on Seconddate, and the Shadow Broker files also include information on the malware, including a file titled SecondDate-3021.exe, The Intercept said.

The Shadow Brokers have offered to sell the trove of supposed NSA files.

One security expert suggested the NSA may have arranged the leak. "You’re talking about the world’s top intelligence agency here," John Gunn, vice president of communications at VASCO Data Security, said by email. "I think it is much more likely that the tools were intentionally leaked and were being used -- just as marked money is used -- to trace criminal and state-sponsored hacking activity."

The leak confirms some information about the NSA that many security experts already knew, added Jonathan Sander, vice president at Lieberman Software, another security vendor.

"We knew from Stuxnet and Snowden’s documents that they were engaging in cyberwarfare, and we knew that means they were developing malware to do it," he said by email. "We knew that the NSA is a department of humans using technology, which means they are vulnerable to mistakes and attacks like all other humans using technology."

The leaks also show the NSA is doing good work, he added. "If anything, the universal agreement on the quality of the tradecraft which was stolen and its clear value on a black market should tell us that our tax dollars are getting quality results," he said.

IDG Insider

PREVIOUS ARTICLE

« Hyundai in talks with Google on developing self-driving cars

NEXT ARTICLE

Samsung Galaxy Note 7 and wire-free Gear IconX earphones on sale in U.S. »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

How to (really) evaluate a developer's skillset

Adrian Bridgwater’s deconstruction & analysis of enterprise software

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Cloudistics aims to trump Nutanix with 'superconvergence' play

Martin Veitch's inside track on today’s tech trends

Poll

Is your organization fully GDPR compliant?