A newly released document from the cache of documents leaked by whistleblower Edward Snowden appear to confirm that hacking tools leaked earlier this week belong to the National Security Agency.
A group that goes by the name of "Shadow Brokers" published a number of malware and tools used by a hacking organization known as the "Equation Group." The Shadow Brokers described the malware as "cyber weapons" that were used by the NSA to conduct surveillance.
The Intercept, which still has a copy of unreported Snowden documents, reported Friday on what it believes is the smoking gun that connects the two.
One of top-secret slide decks used by the intelligence agency instructs NSA hackers to track how they use one of the malware "weapons" using a 16-character string. That string, "ace02468bdf13579," was found in a number of leaked programs, including one dubbed SECONDDATE, which is described as a tool "designed to intercept web requests and redirect browsers on target computers to an NSA web server."
We put in a question to an NSA spokesperson, but didn't hear back at the time of writing. (In the unlikely event that this changes, we'll update the piece.)
What remains unknown is how the Shadow Brokers came about the malware dump in the first place. These are highly-effective, specialized malware programs designed to penetrate some of the best firewalls and networking equipment in the world.
Cisco and Fortinet, which both confirmed their products are affected by the malware, have already begun patching their appliances and technology.
Granted it wouldn't be the first leak at the NSA in recent history. Snowden, who was the source of the most significant leak in the past decade, himself hypothesized on Twitter that the "hack of an NSA malware staging server is not unprecedented."
Snowden too hinted that Russia, where he currently lives in exile, may have been behind the leak.
"This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast," he said.