Shadow Brokers vs. NSA

Did the National Security Agency get hacked?

That’s the big question of the week, which people started asking Aug. 13 when a group calling itself the Shadow Brokers kicked off a bitcoin auction for what it said were cyber weapons from the NSA-linked Equation Group.

As security experts dig through the data dump that accompanied the auction, they’re finding ties to NSA and its Tailored Access Operations Unit. The exploits show a high-level of sophistication and target Fortinet, Cisco, Juniper, TopSec and other network security systems. Some of the code names for hacking techniques that appear in documents leaked by Edward Snowden also pop up.

“All this is to say that there is relatively high confidence that these files contain genuine NSA material,” wrote Nicholas Weaver in a Lawfare blog post. “From an operational standpoint, this is not a catastrophic leak. Nothing here reveals some special ‘NSA magic.’”

Though the data dump seems to be older code from 2013, some exploits appear to be previously unreported zero-day flaws, according to Wired. Cisco and Fortinet each recently recommended configuration and software updates.

So who and why now?

“Circumstantial evidence and conventional wisdom indicates Russian responsibility,” wrote Snowden on Twitter. He’s not the only one: James Lewis, a computer expert with the Center for Strategic and International Studies, told The New York Times the incident was “probably some Russian mind game.”

Though NSA has yet to comment publicly, WikiLeaks weighed in, tweeting it has copies of NSA’s cyber weapons and plans to release a “pristine copy in due course.”