What Exactly is Going on With This Alleged NSA Hack?

Hackers demand a $600M ‘reward’ to spill more secret NSA docs

nsa hack hq — National Security Agency headquarters in Fort Meade CreativeTime Reports/Flickr

Speculation continues to run rampant about the extent and scale of the alleged hack that has affected the National Security Agency (NSA). Yesterday, it was reported that a new murky hacking collective, The Shadow Brokers, had infiltrated another hacking sect called The Equation Group, dumping its sensitive documents online over the weekend.

For a long time it has been believed that The Equation Group is linked to the NSA, according to a previous investigation by Kaspersky Lab that found data and code names from the group that matched NSA documents leaked by Edward Snowden in 2013.

The Shadow Brokers are looking for a big reward though. The group claims that the documents released over the weekend, which revealed details on hacking exploits, are just the tip of the iceberg. The group is also demanding a “fee” — one million bitcoins or nearly $600 million — to release the rest of the documents that allegedly show how the NSA’s hacking tools (“cyber weapons”) and procedures work. In one case, the hackers claim the findings will be “better than Stuxnet.”

The group, whose location and nationality are unknown, made many of its claims on a now-deleted Tumblr blog.

Wired reports that the data that was released so far appears to show exploits that target services and equipment made by the likes of Cisco and Juniper.

Snowden himself has said he believes in the veracity of The Shadow Brokers. In a series of tweets, the whistleblower said it was likely that some “lazy” NSA agents left some of their data on the wrong server where it could be picked up. In this case, Snowden said this was probably the “malware staging server” for carrying out operations.

“The hack of an NSA malware staging server is not unprecedented, but the publication of the take is,” he said.

6) What's new? NSA malware staging servers getting hacked by a rival is not new. A rival publicly demonstrating they have done so is.

— Edward Snowden (@Snowden) August 16, 2016

Snowden continued to theorize that the attackers could be a foreign force looking to gather evidence that the U.S. government was the one responsible for alleged hacking or surveillance incidents. “This leak is likely a warning that someone can prove U.S. responsibility for any attacks that originated from this malware server,” he wrote.

The alleged hack comes just weeks after the controversial Democratic National Committee hacking scandal.

So far the data that has been dumped appears to be a couple of years old, according to the security experts that have examined it. Dmitri Alperovitch, CTO of CrowdStrike, said he believes that the culprits have been holding the data for some time and waiting for the most opportune moment to leak it. It’s not clear what’s in the rest of the data they claim to have but a forthcoming presidential election is a pretty opportune time depending on what you’re trying to achieve.