Hard Facts Scarce in Purported Theft of Hacking Tools From NSA Server

NEWS ANALSYSIS: Whether a hacking group actually succeeded in breaching National Security Agency server remains shrouded in mystery and conjecture.

Equation Server Hack 2

The public release by a previously unknown group called the Shadow Brokers of information purportedly stolen from a server run by the National Security Agency's hacking team is providing a lot of fodder for conspiracy theorists, but hard facts are in short supply.

Shadow Brokers announced in a Tweet that the group was auctioning the results of a hack of a server operated by an NSA team known outside of the U.S. spying agency as the Equation Group.

The Equation Group is a name given to a team of U.S. state-sponsored hackers by researchers at Kaspersky Lab which has collected a great deal of information that seems to indicate that the NSA has created an office with extremely talented developers who appear to have unlimited resources. This is the group that is generally credited with creating the Stuxnet worm that wreaked havoc on Iranian nuclear labs.

When Kaspersky Lab revealed the existence of the Equation Group, one thing the security researchers didn’t do was to specifically name the NSA. However, their description of the group, made it clear that there was only one likely sponsor, which was the NSA.

Shadow Brokers claim to be offering for sale the contents of a computer containing exploits for a variety of operating systems, along with software designed to implant those exploits and to clean up evidence of the penetration. It all looks very official, with file names that echo code words revealed by former NSA contractor Edward Snowden.

It all looks very real, but is it?

And if it is real does it really matter at this point? While the revelation (assuming it’s real) will be of great interest to security researchers and to cyber-warriors generally, the fact is that it’s probably not a big deal to the average CISO trying to keep employees from writing their passwords on their monitors or who is trying to keep up with the reports from the network intrusion detection system.

The fact is that even if the information allegedly revealed by Shadow Brokers is both real and current it won’t really change the threat landscape for your business. If your organization is going to be the focus of state-sponsored hackers with an unlimited budget and a global reach, your problems are going to extend far beyond password management and software upgrades.

On the other hand, if the information released by Shadow Brokers is real, you know that this could be a viable means of asking for a rational security budget. There’s nothing like a mysterious threat with shadowy figures and maybe even some black helicopters to free up some security funding.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...