New documents confirm that a hacking group calling itself the Shadow Brokers has indeed managed to steal “cyber weapons” from the National Security Agency.
The classified top secret documents, which were published by the Intercept this morning, were leaked by NSA whistleblower Edward Snowden in 2013. They were not included in previous dumps of Snowden’s document trove.
The connection between the Shadow Brokers leak and the Snowden documents depends on a unique 16-character string — “ace02468bdf13579” — that appears in 47 files related to a tool code-named SECONDDATE. (The NSA is fond of giving its surveillance programs whimsical names that belie their serious implications for privacy rights.)
The documents reveal that SECONDDATE was used in conjunction with other tools like BADDECISION to conduct man-in-the-middle attacks over wireless networks, allowing the NSA to trick people into thinking they’re using a secure connection to a website while they were actually connecting to agency servers.
This connection lends veracity to the claim that the Shadow Brokers hacked the Equation Group, a hacking group with ties to the NSA, and could make the auction for more sensitive data a bigger threat than people expected.
On Tuesday, Snowden tweeted about the Shadow Brokers hack to pin the blame on the Russian government and say that it could have been even worse if he hadn’t leaked his documents because the NSA probably changed things up afterwards.
Snowden also said that it’s unlikely the NSA itself was hacked. Instead, the Shadow Brokers were probably able to compromise a computer system used by the agency, which would not have the same protections as its headquarters. Still, access to legitimate malware created by the NSA should sell for quite a bit, right?
Nope. Few people have bid in the auction, and the Shadow Brokers have only managed to raise about 1.723 bitcoin. That’s less than $1,000 — which pales in comparison to the $500 million the group requested when it revealed its hack.