Leaked NSA Hacking Tools

In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA's ability to secure its own cyberweapons seriously into question.

Now we have learned that the Chinese used the tools fourteen months before the Shadow Brokers released them.

Does this mean that both the Chinese and the Russians stole the same set of NSA tools? Did the Russians steal them from the Chinese, who stole them from us? Did it work the other way? I don't think anyone has any idea. But this certainly illustrates how dangerous it is for the NSA -- or US Cyber Command -- to hoard zero-day vulnerabilities.

EDITED TO ADD (5/16): Symantec report.

Posted on May 8, 2019 at 11:30 AM • 20 Comments

Comments

SpaceLifeFormMay 8, 2019 12:05 PM

Atribution is hard.

The attributions could be completely wrong.

They may have been NSA ops all along.

And NSA may also be working a misdirection ploy.

Ed BearMay 8, 2019 12:42 PM

I've seen at least one article which claimed that the Chinese acquired the tools from systems of theirs that the NSA had penetrated. If that's true, it makes Cyberwar the first combat arena where the only way you can use your weapons is to give them intact to the enemy to examine and duplicate.

Ernst. Stavro BlofeldMay 8, 2019 12:56 PM

I represent a 3rd party organization with global reach that undertakes jobs of the sort described for anyone, provided the price is right.

Please contact my administrative assistant, Ms. R. Klebb for details.

Vesselin BontchevMay 8, 2019 1:09 PM

It's not the same tools, Bruce. What the Chinese had was a variation of the DoublePulsar and EthernalSynergy tools released by The Shadow Brokers. Of course, what this means is anyone's guess.

  • The Chinese might have stolen earlier versions of the tools.
  • The Chinese might have developed their own versions of the tools, based on what they had stolen - and this is what Symantec caught.
  • The Shadow Brokers might have released tweaked versions of what they had stolen.

Gunter KönigsmannMay 8, 2019 1:35 PM

I'm still waiting for how long the time will be between most messengers providing government backdoors and most messengers being affected by government backdoors leaks.

albertMay 8, 2019 1:49 PM

Well, Blofeld, you must have as many lives as your white kitty.
. .. . .. --- ....

Geoffrey NicolettiMay 8, 2019 2:22 PM

One of my worries. Pre-digital the "hardware" of war was known pretty well; even Stalin had a sense we were building the A-bomb. But the multitude of cyber weaponry may mean we get surprised by an unknown weapon so...I worry about what we don't know.

Eloi-ing with the MorlocksMay 8, 2019 4:24 PM

Suveillance-a-lot and the Mighty Joust

Considering the backlog of the past several oddity events dating back to the 2014 calendar year, this article sounds like a "hangover" to me, meaning, (in slang) a less illusory, yet still very illusory and guaranteed to be significantly false story. "Hangovers", which have nothing to do with being drunk in this context, are a way to tell more of the truth than in the past yet still clinging to evasion and false premises or false supportive details so that the lingering falsehoods are still effectively relied upon.

I find that a more effective and truthful communication about our recent modernity is summed up as follows:

https://blowoutbuzz.files.wordpress.com/2017/01/2016-topps-garbage-pail-kids-prime-time-trashy-tv.png

It might look funny at first, but when I first pondered the nested meaning of this succinct satyrical icon, I cried.

I'm not going to bother referencing the specific video content that refutes the article that was posted on this very comments area of this site several times. Even that video was months late compared to the PDF and digital forensics links & contents delivered to this site long before the sensationalistic media and politicians and lobbyists took most everyone for a deliberate ride into fictionland. Bu t don't worry, all that fakery wasn't for nothing, the threats of wars and some actual inspired deaths and violence were real. It's not like all that propaganda was wasted or something. All that time and money and efforts which could have been spent on saving and supporting lives was redirected into Triumph The Insult Comic for the next 4 years.

(like it or not)

I didn't order that, and neither did anybody in America who voted and was tallied by the Popular Vote. Hillary R. Clinton won the Popular vote, and therefore was chosen by most US citizens. However, those that planted the Insult Comic into the White House, seem to want everyone including the offshore diplomats and heads of state they are insulting and threatening to believe otherwise, despite recorded history and experience.

Nevermind that perhaps Hillary didn't even want to win, claiming, "I can't believe I lost!" even though she actually won! But yea, we can thank ye olde Electoral College System for mathematical insanity designed to cater to the dirty deal the rural areas purchased in exchange for housing hidden silos maybe?--not a question! don't answer! don't ask, don't tell!

Why else do fewer people get more voting power? Population demographics aren't evil. People tend to live exactly where they live. Gerrymandering doesn't repair anything.

My words are tired too.
Pass the SALT treaty revival, please.
And stick a fork in 21st Century Psyops, or at least give some credit to some other scapegoats than "The NSA".

I'm not buying it. Although, I did purchase plenty of bogus clout with monopoly money via direct deposit.

Someday it will happen; someday this will all make sense.

Jery Jaxon ahaMay 8, 2019 4:34 PM

OK, I get that the forum caters to the "one time pad" philosophy.

However, those 1337 OCD-plagued riddlers seem to really get off on that behavioral demonstration of removing the letter 'R's from their own texts/speech and from the texts/speeches of others. The kiddo's seem to really believe that pushing grade 2 "noir" (get it "no R?" har har har har har) innuendos (ooooh spookey! salad fingers!) is really going to somehow change the fabric of reality and spread kryptonite sourpatch kid gummies around the world in a crescendo of PWNage.

It implies that they think the world runs on UrbanDictionary.com custom entries.
But I understand that communications noise generators have their occupational hazards too.

Maybe they can give each other lumps of compressed coal for X-mas in the hopes that the debris will turn to diamonds overnight while they dream of "zero-night"* exploits.

*=why not?

CuriousMay 8, 2019 5:32 PM

Was the collateral damage worth it?

We don’t know what the NSA was doing with its hoarded zero days. We can list a few guesses plus leaked documents.

If we knew what they got from the zero days we might be happier with the collateral.

Dr. EvilMay 8, 2019 7:23 PM

Without Ernst Stavro Blofeld, there would have been no ... mwuh-huh-huh mwuh-ha-ha ...

Clive RobinsonMay 9, 2019 9:55 AM

@ Bruce,

Most people believe it is a front for the Russian government

Assumption 1 made in a highly politically charged time.

Does this mean that both the Chinese and the Russians stole the same set of NSA tools? Did the Russians steal them from the Chinese, who stole them from us? Did it work the other way?

Ahh the inevitable problem caused by Asumption 1...

I don't think anyone has any idea.

They never did, which is why you probably will not hear a peep out of those who were absolutly certain assumption 1 must be true.

Maybe one day people will stop and think befor leaping into the political favouritism pool.

I may be old, caloused, jaded and more than a little cynical, but there is more evidence that the US politicians are playing "political mind games" with their civilians via the US MSM.

All the supposed evidence produced for about a decade by the administrations, does not make it as even "circumstantial evidence" which I've kind of being hoping people would "de-hype and take on board".

Maybe it's time people actuallt realised two things,

Firstly attribution is at best hard and usually impossible.

Second because of the first false flag and other operations are thus comparitively simple to do.

The NSA tools supposed to make the first happen, went "walkabout" as did the CIA tools to make the second happen... What conclusions can be drawn from this?

The PullMay 9, 2019 2:57 PM

Attribution could be hard, if China posed as the Shadow Brokers, affecting themselves as Russian, who the Shadow Brokers certainly appear as.

But, occam's razor: China does do the dirty work of spying, but they tend to be civil, cultured about it. Whereas, Russia tends to not be.

Russia has a long history of this sort of behavior, trusting very strongly on mind games. Their intelligence mindset has changed little since Czarist times.

Whether true or not, this is the conclusion most will take: It is as it seems. China first grabbed some of the tools from an attack on them. Then, Russia came out, and played their game, the way they like to.

Pretending NSA was secretly behind all of this is not something anyone would listen to. NSA are sneaky, keeps their cards close to their chest. They do not bother with sophisticated influence games.

Russia was high in August 2016, stoned from their effective work in dirty business in the US elections. The Shadow Brokers play helped throw smoke on everything, but the reality is 'how they wanted to appear', and 'how they have been read' were two extremely divergent matters.

~

Whatever the case, the game of hoarding zero day - especially by the agency charged with performing security code audits - is a dangerous one.

Finding a security vulnerability is a chance to close it and secure systems. It is presumptuous to assume no one else will find the same security vulnerability. In practice, it happens all the time.

How things played out this last time was actually "not so bad" as to how things could have played out.

Who?May 10, 2019 5:21 AM

Russia and China are allies. I suspect one of them stole the hacking tools from a NSA computer or NSA-hacked computer and shared the tools with the other country. China used them for some time and, as soon as the tools were not a so valuable asset, they released them to the world.

The PullMay 10, 2019 1:21 PM

@Who?

China has more of a history of attempting to influence US elections, then Russia does. China has done so by attempting to - and successfully doing so - providing funds to their favorite candidates. Do you believe China was engaged with Russia, in Russia's efforts to get Trump elected?

If so, it does appear that Russia got substantial benefits from their efforts, while China got the raw end of the deal.

Whatever the case, I do believe it is appearing certain that China did perform the first attacks, and Russia was behind ShadowBrokers.

Abba to Trump: Chiquitita & Oolong TeaMay 10, 2019 6:31 PM

This is so much not a Russia issue. This has been a classic "red herring" where the masses are fed modern Joe McCarthyism and hyped up to a frenzy after frankenstein and the boogie man. Meanwhile, China buys up everyone and their dog's doggie style doghouse ZTE stylee.

Nevermind that Trump and Pence are both FAILED BLACK OPs.

It's difficult to elaborate on those topics, but there's still some peace of mind knowing that I'm not the only person who cannot be bought: https://thehill.com/policy/national-security/443053-chelsea-manning-released-from-jail

"ALL LIES on this wasted desert."

Q: Again, study the history backtracked from today to the 1930s and what do you get?

A: Alot of modern NAZI's trying to destroy and rape and pillage and incite violence and infighting everywhere... classic provacateurism and sabotage.

The NAZI's got EVERYTHING they ever wanted in 1946 with Operation/Project PAPERCLIP and the ensuing mayhem that followed.

They fit the counterterrorism international profile of the main perpetrators every time EXCEPT for when it's others mimicking their playbook. And yes, that does happen too. Operation NORTHWOODS.

Yet, again, that's after the fact of the 1946 handover of USA to the NAZI's/NASA/Eugenics Reality.


Now flashforward to today and read the backchannels. You'll discover several years of a NAZI revival and renaissance combined with DNA Genome mixscheister schlau stuff too.

Germany and Europe are actually healthier than the USA. At this point, the prime suspect source of international intrigue and mishaps seems to be us, the USA, yet of course not all of us.

Much of the deliberate damages are not even covert, because the damagers are proud of their destructiveness and devisiveness. Just watch as much news as you can handle from as many disparate sources and you'll likely catch a glimpse of this.

The armed services worldwide need to be tapped into this awareness to prevent the next several global plagues and communications blackouts.

The PullMay 11, 2019 1:46 AM

It's all just one big show. Like the one at the end of inglorious basterds.

Bad Religion - Empire Strikes First

https://youtu.be/mNBdD5aVMTc

Jedi win.

Russia. China. Nazis. Empire. Rebels.

"Don't wannabe e m p i r e"

Election 2020.

"Don't be afraid... you deserve to be entertained."

DennisMay 11, 2019 3:21 AM

Does anyone else find this all so convenient in light of the pending trade war between US of A and China ?

All these "evidence" and "bodies" seem to pile up when you need them the most.

TIARA GNOMEMay 14, 2019 2:58 AM

Belly laughs in Beijing.

I personally think the U.S. is in deep trouble. CIA, OPM, NSA--leaky like Swiss cheese.

And when I saw the Tongo Tongo Ambush video, in which the Green Berets run away when the shooting starts, it hit me that America is lurching towards the loss of its previous standing.

Shameful really.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.