Create an FP account to save articles to read later and in the FP mobile app.

Sign Up

ALREADY AN FP SUBSCRIBER? LOGIN

The Cable goes inside the foreign policy machine, from Foggy Bottom to Turtle Bay, the White House to Embassy Row.

Exotic Code in ‘Shadow Brokers’ Release Points to NSA

An unusual encryption scheme indicates the malware released is authentic.

By Elias Groll

August 16, 2016, 7:01 PM

After a group of mysterious hackers claimed to have broken into the NSA and posted a portion of its stolen code, security researchers were left with a pressing, vexing question: Was the material released by the so-called “Shadow Brokers” actually from the NSA?

The answer appears to be yes. On Tuesday, researchers at Kaspersky, the Russian cybersecurity firm, said their analysis of the Shadow Brokers’ code found a trail of digital breadcrumbs that leads straight back to the NSA.

The Shadow Brokers claim to have broken into the systems of hackers known as the Equation Group. That group was first identified in a Kaspersky report released last year. While Kaspersky’s report tied the Equation Group to operations carried out by U.S. intelligence, it did not definitely identify the group as an NSA outfit. Kaspersky said the group “surpasses anything known in terms of complexity and sophistication of techniques.”

Security researchers say privately that the Equation Group is all but certainly a project of the NSA.

In a highly technical analysis, Kaspersky documented how the code released by the Shadow Brokers includes an unusual system for encrypting data. That encryption scheme has only been seen previously in code associated with the NSA, and led its researches to “believe with a high degree of confidence that the tools from the Shadow Brokers leak are related to the malware from the Equation Group.”

The release by the Shadow Brokers of code claiming to have been pilfered from the NSA has been met by extreme skepticism in some quarters. The released code could in theory have been faked, doctored to smear the agency. At a time when Russia has been pilloried for hacking into the DNC and other American political organizations, the release of NSA hacking tools shows how American spies use digital tools to carry out espionage.

But the technical analysis by Kaspersky indicates that the Shadow Brokers’ release is likely not an act of digital forgery. The highly unusual encryption scheme in the code released is “highly unlikely” to have been “faked or engineered,” according to Kaspersky.

NSA via Getty Images

Twitter: @EliasGroll

Tags: Cyber Security & Hacking, National Security Agency, North America, United States

More from Foreign Policy

Keri Russell as Kate Wyler walks by a State Department Seal from a scene in The Diplomat, a new Netflix show about the foreign service.

At Long Last, the Foreign Service Gets the Netflix Treatment

Keri Russell gets Drexel furniture but no Senate confirmation hearing.

Chinese President Xi Jinping and French President Emmanuel Macron speak in the garden of the governor of Guangdong's residence in Guangzhou, China, on April 7.

How Macron Is Blocking EU Strategy on Russia and China

As a strategic consensus emerges in Europe, France is in the way.

Chinese President Jiang Zemin greets U.S. President George W. Bush prior to a meeting of APEC leaders in 2001.

What the Bush-Obama China Memos Reveal

Newly declassified documents contain important lessons for U.S. China policy.

A girl stands atop a destroyed Russian tank.

Russia’s Boom Business Goes Bust

Moscow’s arms exports have fallen to levels not seen since the Soviet Union’s collapse.

Make the most of FP.

Explore the benefits of your FP subscription. Explore the benefits included in your subscription.

Stay updated on the topics you care about with email alerts. Sign up below. Stay updated on the topics you care about with email alerts. Sign up below.

Choose a few newsletters that interest you. Get more insight in your inbox.

Here are some we think you might like. Update your newsletter preferences.

Your guide to the most important world stories of the day.
Essential analysis of the stories shaping geopolitics on the continent. Delivered Wednesday.
One-stop digest of politics, economics, and culture. Delivered Friday.

The latest news, analysis, and data from the country each week. Delivered Wednesday.
Weekly update on developments in India and its neighbors. Delivered Thursday.
Weekly update on what’s driving U.S. national security policy. Delivered Thursday.

A curated selection of our very best long reads. Delivered Wednesday & Sunday.
Evening roundup with our editors’ favorite stories of the day. Delivered Monday-Saturday.
A monthly digest of the top articles read by FP subscribers.

Keep up with the world without stopping yours. Keep up with the world without stopping yours.

Download the FP mobile app to read anytime, anywhere. Download the new FP mobile app to read anytime, anywhere.

Read the magazine
Save articles (and read offline)
Customize your feed
Listen to FP podcasts

Analyze the world’s biggest events. Analyze the world’s biggest events.

Join in-depth conversations and interact with foreign-policy experts with

Are America and Europe Aligned on China?

June 7, 2023 | 11:00am ET

The war in Ukraine has propelled the United States and Europe closer on a variety of foreign-policy issues. But do Washington and Brussels agree on how to deal with Beijing’s growing clout...Show more

US-China-Tech-Wars-Dan-Wang-FPLive-Site-1500x100

Inside the U.S.-China Tech War

June 20, 2023 | 11:00am ET

Over the last few years, the United States has moved to limit China’s technological rise. U.S.-led sanctions have imposed unprecedented limits on Beijing’s access to advanced computing c...Show more

WASHINGTON, DC - SEPTEMBER 24: U.S. President Joe Biden (R) and Indian Prime Minister Narendra Modi participate in a bilateral meeting in the Oval Office of the White House on September 24, 2021 in Washington, DC. President Biden is hosting a Quad Leaders Summit later today with Prime Minister Modi, Australian Prime Minister Scott Morrison and Japanese Prime Minister Suga Yoshihide. (Photo by Sarahbeth Maney-Pool/Getty Images)

Is America Making a Bad Bet on India?

June 21, 2023 | 12:00pm ET

Ask a Question

For decades, the U.S. foreign-policy establishment has made the assumption that India could serve as a partner as the United States jostles with China for power in the Indo-Pacific region. B...Show more

Exotic Code in ‘Shadow Brokers’ Release Points to NSA

An unusual encryption scheme indicates the malware released is authentic.

Editors’ Picks

Latest

Will South Africa Arrest Russia's Putin at BRICS Summit?

China Brief: Why Beijing Won't Engage With Washington

Kakhovka Dam Breach Sparks Ukraine-Russia Blame Game

Probes Into Bank Chief Riad Salameh Offer Hope for Lebanon

Neutrality and Nonalignment Are Signs of Strength

More from Foreign Policy

At Long Last, the Foreign Service Gets the Netflix Treatment

How Macron Is Blocking EU Strategy on Russia and China

What the Bush-Obama China Memos Reveal

Russia’s Boom Business Goes Bust

Trending

Russians Are Unraveling Before Our Eyes

What Ukraine’s Dam Collapse Means for the War

The Battle for Eurasia

6 Swing States Will Decide the Future of Geopolitics

Facebook’s Litmus Test in Cambodia

Latest

South Africa’s Putin Problem

Why Beijing Won’t Engage With Washington

Attack on Ukraine Dam Sparks Blame Game

Will Lebanese Bankers Finally Face Accountability?

In Defense of Neutrals

FP’s flagship evening newsletter guiding you through the most important world stories of the day. Delivered weekdays.

Welcome to a world of insight.