NSA leaked files, confirm new documents

20 Aug 2016

Newly-released documents from former National Security Agency contractor Edward Snowden have confirmed the genuineness of  the 234 megabyte archive of NSA hacker tools, exploits, and implants leaked online earlier this week. (See: Group claims to hack NSA linked hackers)

The key to confirming the leaked files, which were uploaded to various file-sharing sites earlier this week by a group called "Shadow Brokers", was included in a top-secret agency manual published yesterday by The Intercept.

The manual carried instructions for NSA hackers on tracking their malicious software by using a 16-character string buried in the code.

The tracking string in the manual, "ace02468bdf13579," also appeared inside code for a software implant called "Second Date," which was leaked as part of the archive posted earlier this week.

That is not the only piece of evidence that showed the leak was, essentially a software 'toolbox' for NSA hackers to target adversaries. The other files in the archive are implants code-named Banana Glee, Jet Plow, and Zesty Leak, which were all documented in a top-secret 50-page catalog of NSA tools, published in late 2013.

"One of the interesting things about the exploits is they are very professional and they clean up after themselves," Dave Aitel, an ex-NSA research scientist who now leads penetration-testing firm Immunity, told Business Insider.

Meanwhile, Edward Snowden had already  publicly speculated that the intrusion and theft formed part of the Digital Cold War, which was being waged by the US and Russia. However, nobody was 100 per cent certain that the tools for sale really belonged to the NSA.

According to commentators, now with Snowden releasing  documentation to The Intercept, it could be said that the tools really were what the Shadow Brokers say they were.

According to commentators, the danger was not just that the monitoring tool was publicly available, which put any user with a vulnerable router at risk, there was also the issue that Shadow Broker was successful in the first place.

The fact that they could break into a supposedly secure NSA staging server and take away dozens of the agency's hacking tools -- without being immediately caught meant that the group (and whoever was bankrolling them) possessed exploits that the US could not currently defend against.