Exotic Code in #Shadow_Brokers Release Points to #NSA | Foreign Policy
After a group of mysterious hackers claimed to have broken into the NSA and posted a portion of its stolen code, security researchers were left with a pressing, vexing question: Was the material released by the so-called “Shadow Brokers” actually from the NSA?
The answer appears to be yes. On Tuesday, researchers at Kaspersky, the Russian cybersecurity firm, said their analysis of the Shadow Brokers’ code found a trail of digital breadcrumbs that leads straight back to the NSA.
The Shadow Brokers claim to have broken into the systems of hackers known as the #Equation_Group. That group was first identified in a Kaspersky report released last year. While Kaspersky’s report tied the Equation Group to operations carried out by U.S. intelligence, it did not definitely identify the group as an NSA outfit. Kaspersky said the group “surpasses anything known in terms of complexity and sophistication of techniques.”
Security researchers say privately that the Equation Group is all but certainly a project of the NSA.
In a highly technical analysis, Kaspersky documented how the code released by the Shadow Brokers includes an unusual system for encrypting data. That encryption scheme has only been seen previously in code associated with the NSA, and led its researches to “believe with a high degree of confidence that the tools from the Shadow Brokers leak are related to the malware from the Equation Group.”