One week after a group of hackers claimed to have stolen top-secret “cyber weapons” from the NSA, a review of documents provided by fugitive whistleblower Edward Snowden show that the stolen data contains real NSA software, according to the Intercept.
The Intercept was launched in February 2014 by editors Glenn Greenwald, Laura Poitras, and Jeremy Schaill. Greenwald and Poitras worked closely with Snowden on stories about the NSA in 2013, and they carried the full Snowden archive with them when they created the Intercept with funding from eBay founder and multibillionaire Pierre Omidyar.
With the hacking group known as ShadowBrokers sounding the alarm, the stolen code exploded into view on Monday thanks to the group’s leak of a number of exploits they say were taken from NSA-linked hacking team Equation Group. Despite initial skepticism, cybersecurity experts and others have been pointing to the possibility that it is the real deal ever since its initial release.
Kaspersky, the security firm who closely tracked the “omnipotent” NSA group that was allegedly hacked, said the code was likely real on Tuesday.
Former NSA employees have told various media outlets that the code appears to be legitimate as well.
The Intercept’s line of reasoning is that the data published onto the web by the Shadow Brokers matches up with never-before-seen classified documents from the Snowden archive.
“The evidence that ties the ShadowBrokers dump to the NSA comes in an agency manual for implanting malware, classified top secret, provided by Snowden, and not previously available to the public,” Sam Biddle wrote at the Intercept.
“The draft manual instructs NSA operators to track their use of one malware program using a specific 16-character string, ‘ace02468bdf13579,'” Biddle continued. “That exact same string appears throughout the ShadowBrokers leak in code associated with the same program, SECONDDATE.”
The report also details how SECONDATE was used to spy in Pakistan and Lebanon.
You can read the evidence fully laid out here.
U.S. officials have yet to comment on the record about the legitimacy of the hack or who was ultimately behind it.