On Thursday (27 July), the mysterious hacker group Shadow Brokers once again advertised their recently launched monthly dump of NSA cyberweapons. Even as the hacker group's alleged sale of NSA hacking tools continues, US investigators probing the matter are reportedly looking into former insiders, who may have links to the Shadow Brokers.
According to a report by CyberScoop, US authorities believe that a disgruntled ex-NSA agent or an insider within the US intelligence community (IC) is involved in the theft and subsequent leak of the spy agency's cyberweapons. Several former NSA employees have reportedly already been contacted by investigators probing how the Shadow Brokers got their hands on the vast trove of NSA hacking tools.
The agencies investigating the Shadow Brokers and the NSA leaks reportedly include the FBI, the National Counterintelligence and Security Center (NCSC) and the NSA's internal investigatory body called the Q Group.
Despite widespread speculation about the Shadow Brokers' identity and motives by security experts, the hacker group's origins remain a mystery. Security researchers have previously suggested that the hacker group compromised NSA servers to steal the spy agency's confidential data. However, according to US intelligence officials, this theory doesn't explain how the hacker group was able to get their hands on and publish a NSA powerpoint presentation, which allegedly would not have been stored on systems.
CyberScoop cited two anonymous sources familiar with the matter as saying that the probe "goes beyond" the investigation into Harold Martin – the former Booz Allen Hamilton contractor who was arrested for taking home a massive trove of confidential data from the NSA. Martin is currently facing charges for the alleged theft.
The leaked NSA cyberweapons are now believed to be highly potent, after it was discovered that the hacking tools were exploited by cybercriminals to launch global attacks, including the massive WannaCry ransomware epidemic.
The Shadow Brokers' behaviour has undergone several shifts in the past year of steady leaks. Although the group originally planned to auction off the stolen hacking tools to the highest bidder, they later abandoned the sale, not finding any interested parties. Instead, the group publicly leaked exploits, which according to some experts indicate that the group may not be financially motivated.
Republican Texas representative Will Hurd, who serves as a member in the House Intelligence Committee said that the US IC considers it a "serious priority" to uncover the details of the leak. Meanwhile, the Shadow Brokers, in their latest message about their monthly dump have hiked the prices for the NSA hacking tools. The group has previously promised to leak more exploits, including stolen nuclear missile data.