Shadow Brokers said it is releasing the archive – following other resources previously leaked by the group – as a “protest” against U.S. President Donald Trump’s apparent change of course on some of his policies.
Shadow Brokers accused Trump of “abandoning your base,” referencing the Trump administration’s bombing of Syria in the wake of last week’s chemical weapons attack as “good evidence” for its views.
The group had previously tried to sell its collection of NSA hacking tools in an online auction. After failing to raise the funds last year, it has now published the password for the archive in a post on its Medium-powered blog. The files include NSA-created malware and a list of the security agent’s targets.
The NSA has not commented on Shadow Brokers’ claims. It has refused to acknowledge whether it created the tools. Preliminary analysis of the malware completed by cybersecurity experts has concluded it’s likely to be genuine. However, much of the archive is old material that may no longer be in use. This has given rise to suggestions that Shadow Brokers could still have more tools to publish in the future.
NSA whistle-blower Edward Snowden confirmed the leak is “nowhere near” to containing the full NSA catalogue of attacks. Despite the lack of recent files, Snowden believes the release is still sufficient for the NSA to be able to identify how the material made it outside the organisation. Failing to do so would be a “scandal.”
“Quick review of the #ShadowBrokers leak of Top Secret NSA tools reveals it’s nowhere near the full library, but there’s still so much here that NSA should be able to instantly identify where this set came from and how they lost it,” Snowden wrote on Twitter. “If they can’t, it’s a scandal.”
Shadow Brokers’ background remains unclear. Although the group often appears to advocate Russian viewpoints on global discussions, it insists its members are “not fans of Russia or Putin.”
Nonetheless, many experts speculate Shadow Brokers may be backed by the Russian government. The latest breach appears to be a response to the American bombing of a Syrian airbase, leading some established industry commentators to suggest the group is “probably a front for or infiltrated by” Russian cybercriminals.
Another viewpoint is that Shadow Brokers is an NSA insider leaking tools out of the organisation. However, the group’s new Medium post, expressing views highly critical of Trump, has been taken as new evidence of its links to Russia. Shadow Brokers called on Trump to interpret its message as “constructive criticism” and the release of the NSA’s hacking tools as “protest” at its failure to sell them online.
