Hackers have just dumped a treasure trove of NSA data. Here’s what it means.
By Henry Farrell
Apr 15 2017
A group of hackers called the Shadow Brokers has just released a new dump of data from the National Security Agency. This is plausibly the most extensive and important release of NSA hacking tools to date. It’s likely to prove awkward for the U.S. government, not only revealing top-secret information but also damaging the government’s relationships with U.S. allies and with big information technology firms. That is probably the motivation behind the leak: The Shadow Brokers are widely assumed to be connected with the Russian government. Here’s what the dump means.
What information has been released?
The release is only the most recent in a series of Shadow Broker dumps of information. However, it is by far the most substantial, providing two key forms of information. The first is a series of “zero-day exploits” for Microsoft Windows software. Zero-day exploits are attacks that take advantage of unknown vulnerabilities in a given software package. Exploits against commonly used software such as Windows are highly valuable — indeed, there is a clandestine international market where hackers sell exploits (sometimes through middlemen) to intelligence agencies and other interested parties, often for large sums of money. Intelligence services can then use these exploits to compromise the computers of their targets.
Second, information in the dump seems to show that the NSA has penetrated a service provider for SWIFT, an international financial messaging service. Specifically, it appears to have penetrated a SWIFT Service Bureau that provides support for a variety of banks in the Middle East.
Why are zero-day exploits important?
The leak of the zero-day exploits is important for two reasons. First, once the existence of a zero-day exploit is revealed, it rapidly loses a lot of its value. Zero-day exploits work reliably only when they are held secret. Microsoft may already have fixed many of these vulnerabilities (there are conflicting reports from Microsoft and security companies UPDATE: NOW SECURITY RESEARCHERS APPEAR TO HAVE WITHDRAWN THEIR CLAIMS). However, if it hasn’t, or if the attacks provide information to hackers that can be used to generate more attacks, unscrupulous hackers might be able to take advantage. In a worst-case scenario, there may be a period when it’s as if criminal hackers suddenly acquired super powers in an explosion, as in the TV show “The Flash,” and started using them for nefarious ends.
Second, and as a consequence, trust between the United States and big software companies may be seriously damaged. Some weeks ago, Adam Segal of the Council on Foreign Relations wrote a report talking about how the U.S. government needs to rebuild a relationship with Silicon Valley that had been badly damaged by the Edward Snowden revelations. Now, the damage is starting to mount up again.
Most people think of the NSA as a spying agency and do not realize that it has a second responsibility: It is also supposed to protect the security of communications by U.S. citizens and companies against foreign incursions. When the United States learns of a zero-day exploit against software used by Americans, it is supposed to engage in an “equities process,” in which the default choice should be to inform the software producer so that it can fix the vulnerability, keeping the zero-day secret only if a special case can be made for it.