We’ve known for a while, thanks to the Snowden leaks and the ensuing investigations, that the NSA has both broad authority to breach and investigate the communications of innocent Americans and the tools to get into your private business with ease. It’s been an ugly chapter in American history, and it’s about to get a lot uglier with the news that the NSA has been hacked, and all its spying tools might soon be online for anybody to use.
What Is The Equation Group?
It starts with a shadowy collection of expert hackers called The Equation Group. Active for at least fourteen years, and quite possibly much longer, the Equation Group was recently uncovered by Kaspersky Labs and has never explicitly been tied to the NSA. The connections that have been found, however, are worrying.
Perhaps most notably, Kaspersky notes that there are a few important similarities between the software the Equation Group uses and Stuxnet, generally considered the first real cyberweapon, and used on Iran to destroy their nuclear capability. Officially, nobody knows who, precisely, created Stuxnet, but unofficially it’s agreed that it likely came from American and Israeli military interests, and there’s other software the group uses that comes straight from the NSA.
In other words, there are a lot of incredibly invasive software tools out there that can easily be used on private citizens as well as government. And somebody may have just stolen them.
Has The NSA Been Hacked?
Recently, a group calling itself “The Shadow Brokers” has claimed it has breached the Equation Group and has posted 40% of the hack to verify the intelligence. They’re trying to sell what they claim is the remaining 60% to the highest bidder. Tellingly, if nations put up bitcoin but get outbid, they still lose the money, although the group claims that if they get one million Bitcoin, they’ll simply release the files to the public.
Some skepticism is undeniably in order, but security experts have examined the code and while some of it is questionable, it appears to be legit in the sense of being actual exploits from a few years ago. And the names of various files and exploits do align with what we know of the NSA’s cybersnooping and cyberwar operations.
Of course, it could simply be a very elaborate and carefully rendered hoax to bilk the gullible, whether they’re tinpot dictators desperate to know what the NSA is using on them or overly credulous conspiracy theorists. But if it’s legit, it’s a potentially massive breach.
What’s Our Risk?
It’s not clear what, precisely, the Shadow Brokers actually have or the implications of how it can be used. If it is legit, it seems likely the race is on to track down just who they are and what they have; it seems unlikely countries like Russia or China, which have strong cyberespionage arms and an interest in U.S. intelligence, would simply pay when they could steal the files. Nor, if the Equation Group is actually breached, would be likely they’d allow such files to be out in the wild for long.
In the end, the real problem is that we have no idea just who the Equation Group is, who they work for, or what they do. They might be nothing more than exceptionally talented criminals with a low profile, or they might be government employees developing the internet equivalent of nuclear weapons that just got stolen out from under their noses. Whether this turns out to be a scam or completely legit, one thing is certain: The American people need to demand more transparency about what’s being done in their name.