Buy the NSA's secrets for bitcoin

Thursday 18 August 2016

It looks like the NSA has been hacked, and their warez auctioned off to the public.

A group of hackers calling themselves the Shadow Brokers say they have stolen malware from an organisation linked to the NSA. Whistleblowing site Wikileaks has independently confirmed they have the same material.

The group has released a sample of the stolen data, which experts have checked and concluded may well be genuine.


The National Security Agency needs to improve its, er, Security

This is kind of a big deal. The NSA has long been suspected of using malware for all kinds of purposes, from routine surveillance of their home population to projects like the Stuxnet worm - an extremely specific piece of software designed to shut down Iran’s nuclear reactors. Such was the sophistication of Stuxnet and related projects like Duqu and Flame that experts concluded they could only have been created by nation states, and likely Israel and/or the US. It appears that the NSA may have outsourced its cyber-warfare programme to The Equation Group, the outfit from which the files were stolen.

Shadow Brokers are auctioning off the data, and say they will give it to the highest bidder. The money will be paid in - of course - bitcoins. Alternatively, they say that if a total of 1 million BTC is pledged by any number of parties, they will release the data to everyone.

Should the data be delivered, it would enable the holder to learn what the NSA had been up to, proving decisively whether they were behind Stuxnet and other projects - including many that may not yet have come to light. It is very embarrassing - not least because a company specialising in cyber warfare has had their security compromised to such an extent.

There are some problems with their auction: bidders have to deposit their bitcoins up-front and there are no refunds, even if you don’t win the auction. That alone will presumably discourage many from bidding in the first place. The irreversible nature of bitcoin transactions means your money is gone for good once you hit send. 

Do not fear, however, because Wikileaks say they will release the data themselves in due course - presumably once the Shadow Brokers auction has run its course. At that point, assuming it is legitimate as it seems to be, we will know a lot more about what the NSA has been up to.

It raises the question of how much they have so far used their considerable resources to look at bitcoin itself, not least as a tool that can be used to facilitate organised crime and terrorism. Do they have tools to unscramble and de-anonymise transactions? Are they aware of flaws in the protocol that could be exploited?

Given that the NSA have now been the victim of a major hack, there’s suddenly a lot more reason for them to take an interest in cryptocurrency.

comments powered by Disqus