Evidence mounts that NSA computer code was stolen - Albuquerque Journal

Evidence mounts that NSA computer code was stolen

WASHINGTON — Analysis of the cyber weapons that hackers say they extracted from the top secret National Security Agency has left a key team of outside experts increasingly certain that the files came from the NSA.

The Russia-based Kaspersky Lab, which has been at the forefront into research of NSA techniques, said it found 347 instances of encryption algorithms in the leaked files that have been seen previously only in NSA-linked computer programming.

A successful hack of the NSA — if that’s what happened — would mark a major defeat for one of the crown jewels of the U.S. government’s defense establishment. The NSA’s hacking unit has been credited with sophisticated cyber weapons, including the code that is credited with crippling the Iranian nuclear program.

A mysterious group calling itself the Shadow Brokers announced over the weekend that it had penetrated the NSA, stolen sophisticated cyber weapons and digital tools, and opened a global auction for the sale of the still-secret most valuable ones.

The group released 300 megabytes of files to the public for free, and cyber security companies and hackers rushed to examine the coding on the files, which included malware that would allow a controller to get past the most secure of firewalls.

Dave Aitel, a former NSA computer scientist who is chief executive of Immunity Inc., a penetration testing company in Miami Beach, said he found Kaspersky Lab’s assessment credible. He noted that Kaspersky Lab has been the security company most prolific in offering public analysis of software traced back to the NSA.

“They are very reliable. They are very Russian but when it comes to outing an American toolkit, they are reliable,” said Aitel.

In a blog posting late Tuesday, Kaspersky’s global research and analysis team noted that the group “cannot surmise the attacker’s identity or motivation nor where or how this pilfered trove came to be.”

But the team said it had taken a look at the “functional capabilities” of the files released by Shadow Brokers and determined that “several hundred tools from the leak share a strong connection” with previous tools linked to the NSA’s elite hacking unit, Tailored Access Operations, which Kaspersky calls The Equation Group.

That unit came to light in 2013 when Edward Snowden, the former CIA employee and NSA contractor, leaked thousands of documents revealing that the U.S. government spied on dozens of foreign leaders, tapped into fiber optic cables and cracked encryption codes. The NSA hacker team designs the algorithms and malware to monitor digital traffic, penetrate computers and activate anything connected to the internet.

The Kaspersky blog said the leaked cyber tools use two encryption algorithms, called RC5 and RC6, that employ specific setup routines, and in some variants have “only been seen before with Equation Group malware.”

“Comparing the older, known Equation RC6 code and the code used in most of the binaries from the new leak, we observe that they are functionally identical and share rare specific traits in their implementation,” the blog said, adding that the company has “a high degree of confidence” that the leaked malware comes from the NSA.

Some of the digital tools in the released files contain names like ExtraBacon, Epicbanana and Eligible Bachelor that apparently breach the firewall platforms, for example, of Cisco System’s PIX/ASA, Juniper Network’s Netscreen, and Fortigate made by Fortinet.

Another researcher who spent two days examining the cyber tools leaked by the Shadow Brokers described his findings as “terrifying.”

Brendan Dolan-Gavitt, a computer scientist at New York University’s Tandon School of Engineering, said he’d found coding that breaches seven different firewall systems or platforms made by the major manufacturers.

The coding gives a distant hacker at-will surveillance capabilities.

“Think of it as sitting on a chokepoint. You sit and watch everything that passes through,” he said.

The coding targets a hardware chip, or BIOS — basic input output system — that activates when a computer is turned on. Dolan-Gavitt said the malicious coding cannot be removed by turning a computer on or off.

Still unknown is whether the Shadow Brokers obtained the cyber tools through a hack or an inside job.

“I’d say it’s 50/50 that there was no hack, that it was a Snowden-style leak, or what we would call a spy,” Aitel said. “Somebody could’ve walked out with a USB key (flash drive). In some ways, that would have been easier.”

Outside observers said that is a constant concern at the agency.

“The (Tailored Access Operations) Team had severe concerns about how easy it was to just walk out with the data on a USB drive,” Matt Suiche, a French hacker, wrote Wednesday in a blog posting.

Cyber surveillance tools and weapons would normally be maintained on a physically segregated network that has no connection to the internet. That, in theory, at least, should make impossible for someone to hack into the system from the outside.

Home » News » Crime » Evidence mounts that NSA computer code was stolen

Insert Question Legislature form in Legis only stories

Albuquerque Journal and its reporters are committed to telling the stories of our community.

• Do you have a question you want someone to try to answer for you? Do you have a bright spot you want to share?
   We want to hear from you. Please email yourstory@abqjournal.com

taboola desktop

ABQjournal can get you answers in all pages


Questions about the Legislature?
Albuquerque Journal can get you answers
Email addresses are used solely for verification and to speed the verification process for repeat questioners.
First court dates set for Baldwin, armorer and assistant ...
ABQnews Seeker
Movie star Alec Baldwin and the ... Movie star Alec Baldwin and the armorer and assistant director of 'Rust' will have their first court appearances later this month in the fatal ...
Albuquerque police ID 4 recent homicide victims
ABQnews Seeker
Detectives have released the names of ... Detectives have released the names of three men and one woman killed in separate incidents in January around Albuquerque. Gilbert Gallegos, an Albuquerque police ...
Four arrested after woman loses eye to stray bullet ...
ABQnews Seeker
An innocent bystander lost one of ... An innocent bystander lost one of her eyes after being struck in the face by a stray bullet last week while driving on East ...
Rio Rancho police shoot, kill man they say was ...
ABQnews Seeker
Rio Rancho Police officers shot and ... Rio Rancho Police officers shot and killed somebody during a confrontation at an apartment complex shortly after midnight Tuesday.
14-year-old boy dies days after double shooting on West ...
ABQnews Seeker
A 14-year-old boy was taken off ... A 14-year-old boy was taken off life support after being shot and critically injured Friday night in Southwest Albuquerque. The shooting also claimed the ...
Grand jury indicts Solomon Pena in scheme targeting Democratic ...
ABQnews Seeker
Solomon Pena, a 39-year-old failed Republican ... Solomon Pena, a 39-year-old failed Republican candidate for the state legislature, was arrested earlier this month and indicted by a grand jury on Friday.
Bernalillo County sheriff calls current body camera tech 'trash,' ...
ABQnews Seeker
The sheriff's statement on body cameras ... The sheriff's statement on body cameras was in response to a recommendation from the Sheriff's Office Advisory and Review Board. The board gave BCSO ...
US Marshals arrest fugitive in homicide at Albuquerque motel
ABQnews Seeker
Federal authorities arrested the suspect in ... Federal authorities arrested the suspect in a 2021 robbery turned homicide at a motel in Northeast Albuquerque. Jimmie Glisson, deputy US Marshal in the ...
2 teens shot, 1 killed, in Southwest Albuquerque shooting
ABQnews Seeker
Authorities are looking for the shooters, ... Authorities are looking for the shooters, who fled in a ‘dark-colored’ sedan