I am always intrigued by stories about the esoteric NSA and its cyber expertise. On the one hand, NSA appears to be extremely talented. On the other, there appears to be a lot of internal shortcomings when it comes to preventing insider attacks. Certainly it is important to trust employees who hold TS/SCI clearances. However, there is a point when too much trust becomes an unacceptable risk. NSA seems to have not yet been able to find the right balance.
It is with great interest that the Shadow Brokers breach continues to confuse the NSA and has it reeling to determine the exact cause:
Fifteen months into a wide-ranging investigation by the agency’s counterintelligence arm, known as Q Group, and the F.B.I., officials still do not know whether the N.S.A. is the victim of a brilliantly executed hack, with Russia as the most likely perpetrator, an insider’s leak, or both.
There is broad agreement that the damage from the Shadow Brokers already far exceeds the harm to American intelligence done by Edward J. Snowden, the former N.S.A. contractor who fled with four laptops of classified material in 2013.Mr. Snowden’s cascade of disclosures to journalists and his defiant public stance drew far more media coverage than this new breach.
“Is NSA chasing shadowses?” the Shadow Brokers asked in a post on Oct. 16, mocking the agency’s inability to understand the leaks and announcing a price cut for subscriptions to its “Monthly dump service” of stolen N.S.A. tools.
There were PowerPoint presentations and other files not used in hacking, making it unlikely that the Shadow Brokers had simply grabbed tools left on the internet by sloppy N.S.A. hackers.
N.S.A. employees say that with thousands of employees pouring in and out of the gates, and the ability to store a library’s worth of data in a device that can fit on a key ring, it is impossible to prevent people from walking out with secrets.
The third is Reality Winner, a young N.S.A. linguist arrested in June, who is charged with leaking to the news site The Intercept a single classified report on a Russian breach of an American election systems vendor.
American officials believe Russian intelligence was piggybacking on Kaspersky’s efforts to find and retrieve the N.S.A.’s secrets wherever they could be found.
Watching how Russia has been leveraging cyber security for its geopolitical ambitions has been educational, but the successful attacks on the NSA are the most intriguing. It will be interesting to see how things play out over the coming months and years, and if there will ever be a story confirming exactly how the Shadow Brokers were able to compromise such a huge treasure trove of the most dangerous cyber weapons on the planet.