Apr 14, 2017

The NSA might have another inside leaker

Thomas Heylen via Flickr CC

A new leak about the National Security Agency suggests that the NSA targeted banks and financial systems in the Middle East, and has compromised the anti-money laundering firm EastNets' Dubai office, according to an AP report. That would give the NSA access to financial transactions throughout the region.

Who: TheShadowBrokers, a hacker or group of hackers, facilitated the leak. The files dumped indicate whoever is behind the leak has access to more data than previously known. No one knows who is behind the leaks, but Motherboard's 2016 analysis of the language used indicates it is an English-speaker. Cybersecurity expert James Bamford speculated in a Reuters op-ed that it is likely a disgruntled intelligence agent. As Forbes puts it: "If so, that's a ticking bomb waiting to go off for the NSA."

Edward Snowden weighed in: Snowden's take on the leak, in two tweets: "[I]t's nowhere near the full library [of Top NSA Tools], but there's still so...much here that NSA should be able to instantly identify where this set came from and how they lost it. If they can't, it's a scandal."

What's in the leak:

  • A list of servers the NSA allegedly targeted in the Middle East
  • A password for the encrypted files the group originally leaked in 2016
  • PowerPoint slides
  • "TOAST," the framework used to erase the NSA's server logs to clear its tracks
  • The files leaked, labeled "TOP SECRET," deal with Swift Alliance Access (SAA) systems, which are used by banks to make transactions
  • The files reveal the NSA likely also targeted older Windows computers, indicating the targets were using outdated Windows versions

Why now? TheShadowBrokers authored a Medium post addressed to Trump, entitled "Don't Forget Your Base," indicating disappointment with leadership. The opener is quite a shot: "Respectfully, what the f**k are you doing?" The group dumped the documents and access passwords Saturday after no one paid the requested $7,070,300 in bitcoin for the leak.

Note: The AP reports the leak could not be independently verified, but the group's previous leaks of NSA hacking tools have been corroborated by leaks from Snowden.

Go deeper