A shadowy group has released top-secret NSA hacking tools

A group calling itself "The Shadow Brokers" has released a cache of what appear to be genuine and powerful hacking tools developed at the National Security Agency (NSA) to break into the networks of foreign governments and other espionage targets, and nobody seems sure why the hackers leaked them to the public or what other NSA tools they have. The groups says it is auctioning off a separate cache with "the best files" to the highest bidder in a Bitcoin auction, though security experts laugh that off as misdirection.

"The auction is the equivalent of a criminal asking to be paid in new, marked, sequential bills," writes Nicholas Weaver, a computer security researcher at U.C. Berkeley. "Because the actors here are certainly not amateurs, the auction is presumably a bit of 'Doctor Evil' theater." The tools, however, are the work of the NSA's elite hacker division, Tailored Access Operations (TAO), according to experts who've examined the 300 MB of code. "Without a doubt, they're the keys to the kingdom," a former TAO employee tells The Washington Post. "The stuff you're talking about would undermine the security of a lot of major government and corporate networks both here and abroad."

The main suspect is Russia, and it's not clear if the hackers broke into the secure NSA computer network or, perhaps more likely, a TAO employee left the tool kit on an unsecured intermediary server being used in a hacking operation. "NSA's hackers (TAO) are told not to leave their hack tools ('binaries') on the server after an op," former NSA contractor Edward Snowden tweeted Tuesday, amid a longer thread on the malware release. "But people get lazy." Snowden and other experts say that the files leaked so far aren't operationally devastating for America's cyberspies — the most recent ones are from mid-2013, after Snowden's leak of NSA secrets (not code), when the NSA would have locked down and switched servers — but are still a really big deal.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

First, the tools still work on corporate and government servers that haven't been patched. Second, if Russia is responsible, as widely suspected, they are sending a message. Snowden's theory is that this is a warning not to retaliate against the suspected Russian hack of Democratic Party emails and documents, slowly being leaked out by a hacker with the pseudonym Guccifer 2.0. "The real problem for us is that the Russians seem to have taken the gloves off in the cyberdomain," James A. Lewis at the Center for Strategic and International Studies tells The New York Times, "and we don't know how to respond."