An almost day-long outage of the National Security Agency’s website has raised further questions as to whether America's most secretive surveillance agency has itself been compromised, days after a shadowy cybergroup claimed to have obtained some of the NSA's most powerful hacking tools.
The NSA.gov website went down late Monday, according to Politico, and was not restored until late Tuesday. A request for comment to the NSA from FoxNews.com was not immediately returned.
The outage, however, came after the posting of a cache of hacking tools purportedly by a group known as "The Shadow Brokers" to its Tumblr account over the weekend. The group claimed to have obtained the malware, supposedly used by the NSA, from The Equation Group, a hacking group with alleged ties to the agency.
Foreign Policy magazine reported the hackers were attempting to auction off some of the malware to the highest bidder. The page has since been taken down.
The files contained a series of tools for penetrating network gear such as routers and firewalls, which has been a well-known tactic of Western intelligence agencies, Foreign Policy reported.
Many “hacktivist” groups have been trying to tie The Equation Group – which experts say has launched some of the most sophisticated cyber campaigns in history – back to the NSA, and some experts believe this is the aim of The Shadow Brokers. The group was first linked to the NSA last year in a lengthy report by Kaspersky Lab – a Moscow software security firm, whose co-founder recently joined the board of trustees at a Russian tech institute involved in a project boosted by the Clinton State Department. While Kaspersky Lab's report seemed to imply a NSA-Equation Group link, it stopped short of making a definitive connection.
“It could be an advanced hacktivist or state-affiliated group, or simply a rogue insider. Quite clearly their aim is to embarrass the NSA and tie the Equation Group back to them,” Michela Menting, digital security research director at ABI Research, told FoxNews.com.
Experts are confident that the code produced by The Shadow Brokers is genuine and consists of NSA material.
“Besides NSA, the only plausible candidate for ownership is GCHQ [UK Government Communications Headquarters]—and the implications of stealing Top Secret data from GCHQ and modifying it to frame the NSA would themselves be startling,” Nicholas Weaver, a researcher at the International Computer Science Institute in California, wrote on the Lawfare blog.
“All this is to say that there is relatively high confidence that these files contain genuine NSA material,” he said.
“Without a doubt, they’re the keys to the kingdom,” one former NSA employee told The Washington Post. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”
Menting cast doubt on whether the hackers had actually managed to penetrate the current NSA system, noting the data that was leaked concerns older cyber weapons and therefore could have been obtained via an alternative source, such as an NSA insider.
“I think just to get a hold of this data is significant, even if it’s dated,” she said.
The release of the files comes a month after the Democratic National Committee was hacked, leading to the leak of sensitive and damaging emails that ultimately triggered the resignation of DNC chief Debbie Wasserman Schultz. Some Democrats and experts have speculated Russia could have been involved, in a bid to sway the presidential election toward Donald Trump. The Obama administration has not officially blamed Russia for the hack.
It also comes as shadowy hacker Guccifer 2.0 leaked more Democratic documents over the weekend, including the private email addresses and cell phone numbers of nearly 200 current and former Democratic members of Congress.
NSA whistleblower Edward Snowden said Tuesday on Twitter that details surrounding the attack pointed to Russian involvement and it was “likely a warning that someone can prove U.S. responsibility for any attacks that originated from this malware server.”
Snowden, now living in Moscow, warned that if the hackers are able to connect the U.S. to malware attacks, especially those involving U.S. allies and elections, it could have severe diplomatic consequences. He concluded that it could be a warning to the U.S. not to respond too sharply against Russia over the DNC hack.
Menting said while it was too early to say if the website outage was connected to the hack, it “would stand to reason that [the NSA] would shut down all public-facing resources as a precaution until they know how the intruders got in or obtained the data.”
Menting also warned that, while the immediate consequences for the NSA may be small, if those tools were leaked online, it could have broad consequences.
“Organized cybercrime, hacktivists, other state-sponsored groups will take advantage of such sophisticated tools and use them unscrupulously,” she said. “When you think that companies and individuals still get infected by malware that has been patched years ago, this offers a lucrative opportunity for malicious actors to use some powerful tools.”
FoxNews.com’s Adam Shaw contributed to this report.