Emerging out of the blue, a cryptic online group that calls itself the Shadow Brokers claims that it has purloined a cache of cyber burglary tools from a little known but highly skilled hacking operation dubbed the Equation Group. The Shadow Brokers made some of the tools available for free, but announced that it would auction off the rest — with a goal of more than half a billion dollars.
The incident might have been written off as routine Internet puffery, except that Equation may be a contractor for or even an arm of the National Security Agency — in other words, a group of the United States’ very own cyber thieves. Kaspersky Lab, a Moscow-based cybersecurity analyst, has said Equation Group could be the world’s most skillful hacking team; its sophistication and resources have led a number of analysts to conclude that Equation is backed by or part of the NSA.
Oh and yes, at least some of the tools the Shadow Brokers dumped online for free reveal previously unknown security flaws in firewalls used to safeguard corporate and government computer networks. How useful they are remains to be seen, but the tools are clearly the work of skillful hackers.
Who created the tools and how the Shadow Brokers obtained them are also in dispute. Kaspersky found unique bits of code in the files the Shadow Brokers released that had also been in malware previously attributed to Equation, giving credence to the claim that the files are, in fact, that group’s handiwork. But some security experts doubt that the Shadow Brokers actually pried into Equation’s servers to nab the files, all of which are at least three years old. Instead, some suggest that they were taken from Equation’s network by an insider using a USB drive, or that they were stolen from a computer Equation used on one of its prior attacks.
Regardless of whether the NSA is behind Equation, it shouldn’t surprise anyone that U.S. intelligence agencies would be developing impressive hacking capabilities. They absolutely should be, especially with Russia, China and other less than friendly governments doing so. And though that sort of work is essential to understanding how to protect U.S. computer networks, “smart” devices and Internet-connected infrastructure against incessant online attacks, the federal government has to do more than play defense in cyberspace. It has to be able to respond in kind in order to deter state-sponsored intrusions. Malware can also be an effective substitute for military force when trying to defuse global threats; witness the use of the Stuxnet worm to cripple Iranian centrifuges that were enriching uranium for that country’s nuclear program. And any hacking tools the U.S. develops and uses are subject to being stolen. That’s true of everything online.
The files dumped online by the Shadow Brokers include several “zero-day” exploits (that is, attacks on previously undisclosed vulnerabilities). Though analysts at cybersecurity firm Risk Based Security have said that most of these tools aren’t terribly useful — they aren’t likely to work remotely through the Internet — security researchers have found at least one that can unlock private online networks that were secured by a specific Cisco product. And it appears that none of the security problems being exploited had been revealed to the products’ manufacturers.
That’s why it’s appalling to think that the NSA may be scouring computer networking equipment — much of it made by U.S. companies — for hidden security holes that it then keeps secret for its own purposes. If the Equation Group can find a vulnerability, it’s reasonable to assume that some other country’s elite hackers can too. The public is already dangerously lax about online security and maddeningly slow to install the patches and updates needed to fix the flaws that security researchers uncover. Washington shouldn’t be adding to the problem by withholding information about the holes it finds.