The Cable

The Cable goes inside the foreign policy machine, from Foggy Bottom to Turtle Bay, the White House to Embassy Row.

Exotic Code in ‘Shadow Brokers’ Release Points to NSA

An unusual encryption scheme indicates the malware released is authentic.

GettyImages-57585409crop

After a group of mysterious hackers claimed to have broken into the NSA and posted a portion of its stolen code, security researchers were left with a pressing, vexing question: Was the material released by the so-called “Shadow Brokers” actually from the NSA?

The answer appears to be yes. On Tuesday, researchers at Kaspersky, the Russian cybersecurity firm, said their analysis of the Shadow Brokers’ code found a trail of digital breadcrumbs that leads straight back to the NSA.

The Shadow Brokers claim to have broken into the systems of hackers known as the Equation Group. That group was first identified in a Kaspersky report released last year. While Kaspersky’s report tied the Equation Group to operations carried out by U.S. intelligence, it did not definitely identify the group as an NSA outfit. Kaspersky said the group “surpasses anything known in terms of complexity and sophistication of techniques.”

After a group of mysterious hackers claimed to have broken into the NSA and posted a portion of its stolen code, security researchers were left with a pressing, vexing question: Was the material released by the so-called “Shadow Brokers” actually from the NSA?

The answer appears to be yes. On Tuesday, researchers at Kaspersky, the Russian cybersecurity firm, said their analysis of the Shadow Brokers’ code found a trail of digital breadcrumbs that leads straight back to the NSA.

The Shadow Brokers claim to have broken into the systems of hackers known as the Equation Group. That group was first identified in a Kaspersky report released last year. While Kaspersky’s report tied the Equation Group to operations carried out by U.S. intelligence, it did not definitely identify the group as an NSA outfit. Kaspersky said the group “surpasses anything known in terms of complexity and sophistication of techniques.”

Security researchers say privately that the Equation Group is all but certainly a project of the NSA.

In a highly technical analysis, Kaspersky documented how the code released by the Shadow Brokers includes an unusual system for encrypting data. That encryption scheme has only been seen previously in code associated with the NSA, and led its researches to “believe with a high degree of confidence that the tools from the Shadow Brokers leak are related to the malware from the Equation Group.”

The release by the Shadow Brokers of code claiming to have been pilfered from the NSA has been met by extreme skepticism in some quarters. The released code could in theory have been faked, doctored to smear the agency. At a time when Russia has been pilloried for hacking into the DNC and other American political organizations, the release of NSA hacking tools shows how American spies use digital tools to carry out espionage.

But the technical analysis by Kaspersky indicates that the Shadow Brokers’ release is likely not an act of digital forgery. The highly unusual encryption scheme in the code released is “highly unlikely” to have been “faked or engineered,” according to Kaspersky.

NSA via Getty Images

 Twitter: @EliasGroll

More from Foreign Policy

The Taliban delegation leaves the hotel after meeting with representatives of Russia, China, the United States, Pakistan, Afghanistan, and Qatar in Moscow on March 19.

China and the Taliban Begin Their Romance

Beijing has its eyes set on using Afghanistan as a strategic corridor once U.S. troops are out of the way.

An Afghan security member pours gasoline over a pile of seized drugs and alcoholic drinks

The Taliban Are Breaking Bad

Meth is even more profitable than heroin—and is turbocharging the insurgency.

Sviatlana Tsikhanouskaya addresses the U.N. Security Council from her office in Vilnius, Lithuania, on Sept. 4, 2020.

Belarus’s Unlikely New Leader

Sviatlana Tsikhanouskaya didn’t set out to challenge a brutal dictatorship.

Taliban spokesperson Zabihullah Mujahid

What the Taliban Takeover Means for India

Kabul’s swift collapse leaves New Delhi with significant security concerns.