The Cable

The Cable goes inside the foreign policy machine, from Foggy Bottom to Turtle Bay, the White House to Embassy Row.

Exotic Code in ‘Shadow Brokers’ Release Points to NSA

An unusual encryption scheme indicates the malware released is authentic.

GettyImages-57585409crop
GettyImages-57585409crop

After a group of mysterious hackers claimed to have broken into the NSA and posted a portion of its stolen code, security researchers were left with a pressing, vexing question: Was the material released by the so-called “Shadow Brokers” actually from the NSA?

The answer appears to be yes. On Tuesday, researchers at Kaspersky, the Russian cybersecurity firm, said their analysis of the Shadow Brokers’ code found a trail of digital breadcrumbs that leads straight back to the NSA.

The Shadow Brokers claim to have broken into the systems of hackers known as the Equation Group. That group was first identified in a Kaspersky report released last year. While Kaspersky’s report tied the Equation Group to operations carried out by U.S. intelligence, it did not definitely identify the group as an NSA outfit. Kaspersky said the group “surpasses anything known in terms of complexity and sophistication of techniques.”

After a group of mysterious hackers claimed to have broken into the NSA and posted a portion of its stolen code, security researchers were left with a pressing, vexing question: Was the material released by the so-called “Shadow Brokers” actually from the NSA?

The answer appears to be yes. On Tuesday, researchers at Kaspersky, the Russian cybersecurity firm, said their analysis of the Shadow Brokers’ code found a trail of digital breadcrumbs that leads straight back to the NSA.

The Shadow Brokers claim to have broken into the systems of hackers known as the Equation Group. That group was first identified in a Kaspersky report released last year. While Kaspersky’s report tied the Equation Group to operations carried out by U.S. intelligence, it did not definitely identify the group as an NSA outfit. Kaspersky said the group “surpasses anything known in terms of complexity and sophistication of techniques.”

Security researchers say privately that the Equation Group is all but certainly a project of the NSA.

In a highly technical analysis, Kaspersky documented how the code released by the Shadow Brokers includes an unusual system for encrypting data. That encryption scheme has only been seen previously in code associated with the NSA, and led its researches to “believe with a high degree of confidence that the tools from the Shadow Brokers leak are related to the malware from the Equation Group.”

The release by the Shadow Brokers of code claiming to have been pilfered from the NSA has been met by extreme skepticism in some quarters. The released code could in theory have been faked, doctored to smear the agency. At a time when Russia has been pilloried for hacking into the DNC and other American political organizations, the release of NSA hacking tools shows how American spies use digital tools to carry out espionage.

But the technical analysis by Kaspersky indicates that the Shadow Brokers’ release is likely not an act of digital forgery. The highly unusual encryption scheme in the code released is “highly unlikely” to have been “faked or engineered,” according to Kaspersky.

NSA via Getty Images

 Twitter: @EliasGroll

More from Foreign Policy

A worker cuts the nose off the last Ukraine's Tupolev-22M3, the Soviet-made strategic aircraft able to carry nuclear weapons at a military base in Poltava, Ukraine on Jan. 27, 2006. A total of 60 aircraft were destroyed  according to the USA-Ukrainian disarmament agreement.
A worker cuts the nose off the last Ukraine's Tupolev-22M3, the Soviet-made strategic aircraft able to carry nuclear weapons at a military base in Poltava, Ukraine on Jan. 27, 2006. A total of 60 aircraft were destroyed according to the USA-Ukrainian disarmament agreement.

Why Do People Hate Realism So Much?

The school of thought doesn’t explain everything—but its proponents foresaw the potential for conflict over Ukraine long before it erupted.

Employees watch a cargo ship at a port in China, which is experiencing an economic downturn.
Employees watch a cargo ship at a port in China, which is experiencing an economic downturn.

China’s Crisis of Confidence

What if, instead of being a competitor, China can no longer afford to compete at all?

Federal Reserve Chair Jerome Powell testifies in the U.S. Senate in Washington on Sept. 24, 2020.
Federal Reserve Chair Jerome Powell testifies in the U.S. Senate in Washington on Sept. 24, 2020.

Why This Global Economic Crisis Is Different

This is the first time since World War II that there may be no cooperative way out.

Chinese President Xi Jinping (left) and Premier Li Keqiang applaud at the closing session of the National People's Congress at the Great Hall of the People in Beijing on March 11.
Chinese President Xi Jinping (left) and Premier Li Keqiang applaud at the closing session of the National People's Congress at the Great Hall of the People in Beijing on March 11.

China Is Hardening Itself for Economic War

Beijing is trying to close economic vulnerabilities out of fear of U.S. containment.