A group calling itself “Shadow Brokers” says it has released another gem from its trove of high-level hacking tools stolen from the U.S.’s National Security Agency, potentially offering added insight into how America’s spies operate online.
The leak discloses NSA-style codenames — including “Jackladder” and “Dewdrop”— and carries internet protocol information about scores of organizations, many based in Japan, China and South Korea, according to severalexperts who have examined the data.
Matthew Hickey, co-founder of U.K.-based cybersecurity consultancy Hacker House, said it was plausible that the servers would have seen use as staging posts to help obfuscate the origin of electronic eavesdropping operations. More worrying for the NSA, the leak backs Shadow Brokers’ claims to have stolen an as-yet undisclosed set of electronic lock picks from the agency.
“Those can be hard to generate,” Hickey said in a telephone interview, calling it “quite expensive to replicate all those tools.”
Shadow Brokers has been closely followed by intelligence watchers and cybersecurity specialists since the group released an initial set of NSA hacking tools back in August. The seriousness of the leak was confirmed when security companies rushed to patch holes in their software revealed by the disclosure.
The Intercept, an investigative publication with access to NSA material leaked by former intelligence contractor Edward Snowden, later confirmed Shadow Brokers’ tools were really from the NSA by cross-referencing the leaked data with information held in a previously unpublished top secret manual.
The authenticity of the latest batch of material could not immediately be established, although Hickey said any hoax would have to have been unusually elaborate.
Shadow Brokers did not return messages seeking comment Monday. The NSA declined to comment.
The Associated Press contributed to this article.
rod king says
when will hilary, huma, and bill take up residence in git-mo?
Justin W says
The NSA is not going to comment. Even if the reports are false they do not want to be placed in the position where they would have to confirm or deny future revelations.
If a person or organization has something they want to keep secret they should not put it online. It is a good idea to keep your electronic devices powered down when not in use. A device that is off is much more difficult to find and hack than one that is on all the time.