Thursday, July 03, 2025, 2:56AM | 
MENU
Advertisement
This June 6, 2013 file photo shows a sign outside the National Security Agency campus in Fort Meade, Md.
1
MORE

Trove of stolen NSA data is 'devastating' loss for intelligence community

Patrick Semansky/The Associated Press

Trove of stolen NSA data is 'devastating' loss for intelligence community

Last week’s dump of National Security Agency malware sparked brief hysteria until Microsoft reassured customers that most of the Windows exploits had already been patched, but several former intelligence officials say the leak points to a larger erosion of espionage capabilities.

“These were multimillion-dollar exploits,” one former cyberintelligence employee told Foreign Policy. “This is a big deal.”

On Friday, the mysterious group known as the Shadow Brokers released a large number of sophisticated, refined capabilities most likely developed by some of the NSA’s top hackers - the Tailored Access Operations group, known as TAO. Those capabilities, now rendered useless, joined similar CIA tools exposed in WikiLeaks’ recent Vault 7 release.

Advertisement

Although digital exploits are used for spying rather than destruction, they allow operators to break down invisible doors, pilfering information. Seeing these latest tools published online was “devastating,” the former cyber intelligence employee said.

Three recently retired intelligence employees who worked on hacking tools for the government requested anonymity in order to speak freely about sensitive matters and to protect ongoing work and employability.

“By my estimation, there’s not much left to burn,” another former intelligence official who worked for several three-letter agencies told Foreign Policy. “The tools that were released were pretty critical.”

Discovering vulnerabilities in code and developing a plan to get in and out undetected is difficult work, and there are only a limited number of holes in the digital fence. “There really isn’t a never-ending supply of tools and techniques,” the former intelligence official said. “I don’t know if our SIGINT [signals intelligence] ability will recover from this for decades. I mean that with deadly seriousness.”

Advertisement

“These were God mode tools that, used sparingly, were an incredible asset to U.S. intelligence,” Nicholas Weaver, senior researcher at Berkeley’s International Computer Science Institute, wrote to Foreign Policy.

Many of the more advanced exploits could be deployed remotely, requiring nothing more than an IP address to activate. Some of the CIA tools were similarly powerful, allowing spies to remotely take over the “kernel,” the nucleus of a phone’s operating system.

Judging from the documents, the NSA had backdoor access to EastNets, a Middle Eastern banking system; SWIFT, a secure system for financial information sent around the globe; and several versions of Windows, including older versions like Windows XP that are no longer supported - meaning they will never be fixed. These targets largely appear to be directed toward monitoring terrorism and its financial infrastructure.

Weaver believes that when the Shadow Brokers published a broad list of the tools in their possession in January, hoping to auction them off, the NSA moved quickly.

The NSA “did clearly, quietly tell Microsoft,” Weaver said, allowing the company to repair the holes before script kiddies and criminal hackers started figuring out the specifics of the exploits.

Microsoft published a massive patch exactly a month before the Shadow Brokers unleashed its trove.

Neither Microsoft nor the NSA immediately responded to a request for comment.

Before Microsoft revealed it had patched most of the holes, the Shadow Brokers’ release reignited the debate about when government agencies should be required to disclose vulnerabilities it finds in such major products as devices and browsers.

The White House’s Vulnerabilities Equities Process, which determines whether those flaws should be shared with the company in order to be repaired, or taken advantage of by intelligence agencies, was reinvigorated in 2014. The process involves several major agencies, which consider the likelihood that other nation states or criminal actors would come across the same flaws.

It’s unclear, however, which agencies are involved in the process and how those decisions are made. The agencies are not required to disclose vulnerabilities purchased or researched through government sponsorship. If the NSA told Microsoft about the tools, it was because the agency knew or suspected the vulnerabilities had been compromised.

Intelligence officials see the latest Shadow Brokers release as part of a larger erosion of capabilities that has been going on since 2013, when former NSA contractor Edward Snowden gave journalists internal NSA documents. Snowden’s leak kicked off a chain of damaging exposures that, while sparking an important worldwide debate about privacy, severely damaged U.S. intelligence capabilities, the former intelligence official argued.

One former TAO employee who spoke with Foreign Policy believes the release is “a bit dated,” because hacking tools to access more current Windows projects and other browsers weren’t included.

“It is a significant leak. . . . It gets harder to develop tools as defenses improve,” the former TAO employee said. “But it’s still entirely possible. There are many bugs to be found.”

But the intelligence community’s ability to keep those bugs secret for any amount of time continues to be questioned. In this latest leak, detailed NSA notes and work product were included in addition to technical details about the hacking tools - likely indicating deep-level access to TAO troves. “This should be on an NSA computer only,” Weaver told Foreign Policy.

The details the Shadow Brokers revealed are “scary,” the former cyberintelligence employee said, details that must be from internal emails, chat logs, or insider knowledge.

Only a handful of countries could have pilfered such sensitive material from the NSA remotely, the former TAO employee wrote, Russia and Israel the mostly likely among them.

“If it was an inside job like an operator [typically military] walking out with a thumb drive, then who knows,” the former TAO source wrote.

In recent years, the intelligence community has largely failed to detect insider threats and stem leaks from contractors. Thousands of private companies and their employees make up a massive percentage of the intelligence community’s workforce. As of a decade ago, about 70 percent of the intelligence community’s budget was spent on contracts, according to the Congressional Research Service.

Snowden was working for Booz Allen Hamilton when he copied the documents later released to journalists. Contractors, including Xetron Corp., a subsidiary of Northrop Grumman in Ohio, are being investigated in connection with the March CIA dump published by WikiLeaks.

Regardless of who is to blame, those familiar with the United States’ signals intelligence capabilities fear the massive leaks are having profound consequences. “The U.S. intelligence community needs to get their act together,” the former cyberintelligence official wrote. “We’re getting trounced in an information war we didn’t ask for.”

First Published: April 18, 2017, 4:54 p.m.

RELATED
SHOW COMMENTS (0)  
Join the Conversation
Commenting policy | How to Report Abuse
If you would like your comment to be considered for a published letter to the editor, please send it to letters@post-gazette.com. Letters must be under 250 words and may be edited for length and clarity.
Partners
Advertisement
New Pennsylvania highway welcome signs and license plates were unveiled by Gov. Josh Shapiro on Tuesday, July 9, 2024.
1
news
Here's how many new Pa. license plates have been issued so far
Minkah Fitzpatrick waves to fans as he runs on the field before a game against the Jaguars at Acrisure Stadium on the North Shore on Sunday, Oct. 29, 2023.
2
sports
Joe Starkey: Steelers clearly won the Minkah Fitzpatrick trade — but to what end?
Pittsburgh Pirates pitcher Mitch Keller delivers during the first inning of a baseball game against the St. Louis Cardinals, Wednesday, July 2, 2025, in Pittsburgh.
3
sports
Instant analysis: Pirates shut out Cardinals to complete sweep without allowing a run
Pittsburgh Pirates pitcher Mitch Keller delivers during the fifth inning of a baseball game against the St. Louis Cardinals, Wednesday, July 2, 2025, in Pittsburgh.
4
sports
3 takeaways: Pirates' sweep over Cardinals highlighted by dominance on the mound
Gov.  Josh Shapiro, who is shown delivering his 2025-26 budget address in February, on Monday said negotiators are “very, very close” to reaching a deal on a budget.
5
news
Pace of Pa. budget talks hit by 'big beautiful bill' as Gov. Josh Shapiro slams cuts to Medicaid, SNAP
This June 6, 2013 file photo shows a sign outside the National Security Agency campus in Fort Meade, Md.  (Patrick Semansky/The Associated Press)
Patrick Semansky/The Associated Press
Advertisement
LATEST news
Advertisement
TOP
Email a Story