NSA Hacked, Cyber Weapon Toolkit Theft Confirmed By Snowden Docs

We reported earlier this week on a large collection of exploits that have been put up for auction by a group that calls itself Shadow Brokers. The promise was that all of the files were sourced from a secret NSA group called Equation Group, and now, Edward Snowden has released documents to prove that's just the case.

This confirmation comes from The Intercept, a website which ultimately came to be as a direct result of Snowden's leaks three summers ago. With this trove of software confirmed to be sourced from the NSA, it raises some big questions.

nsa hq

When Shadow Brokers put its collection of exploits up for auction, it took only a couple of days before we found out that there was some real threat contained within. Two exploits in particular affected Cisco networking equipment, for example, and while one of the issues was patched years ago, one flew right on under Cisco's radar.

The fact that this other issue was an unknown to Cisco means that the NSA knew about an active exploit, but failed to inform the company about it. That should come as a surprise to no one: the NSA wasn't creating these exploits to act as proof-of-concepts; they were developed to help the agency accomplish its spying goals.


In particular, one thing that perfectly ties Snowden's latest documents with this toolkit is a note of tracking an exploit through a 16-character string (ace02468bdf13579) which happens to be found in the code of one exploit from the collection, called SECONDDATE.

Previously leaked NSA documents painted a picture of such exploits infecting millions of PCs, so it's clear that an exploit like SECONDDATE wasn't just designed to target VIPs, but instead millions of regular people. The NSA simply doesn't hold anyone's privacy in very high regard: it's proven that it will do whatever it takes to get whatever information it requires.