Ex-NSA insiders: There's 'a lot of panic' over what's been exposed by this massive hack
A group calling itself the "Shadow Brokers" claims that it hacked into the National Security Agency and stole an apparent treasure trove of exploits and hacking tools that it now wants to auction off, which some ex-NSA insiders say is extremely bizarre and very serious.
"It's a big deal," Dave Aitel, an ex-NSA research scientist and CEO of penetration testing firm Immunity Inc., told Business Insider. "We'd be panicking."
Yet he added: "But then it is rather old stuff. So the question is, is it so old that it's essentially irrelevant but looks very relevant? Or is some of this stuff still in use every day? I don't know."
Earlier this week, Shadow Brokers announced that it was selling a number of cyber weapons claiming to be stolen from The Equation Group. That is a hacking unit that was uncovered last year by Kaspersky Labs that many believe are within the NSA. In its data dump of proof, the brokers offered files dating back to 2013 to allegedly exploit FortiGate and Cisco firewalls, among others.
Aitel doesn't think that the NSA was actually hacked, though he does think that the files look legitimate. Instead, he told us, the much more likely scenario is that an insider walked out of a secure area with this data on a USB key, which could have been sold or stolen.
"No one puts their exploits on a [command-and-control] server," Aitel said. "That's not a thing."
RELATED: See recent anti-NSA protests
That assessment was echoed by another former NSA employee who worked in Tailored Access Operations, the government's top hacking unit.
"Knowing how the NSA setup is, it's so unlikely that someone would hack it," the source told Business Insider on condition of anonymity. "It's just ridiculous. That's not to say they are so perfect, or so impenetrable. ... The fact that this is consolidated around one specific toolkit, I would totally agree with Dave that someone just left with an infrastructure ops disk."
'There's then a lot of panic'
On one hand, people inside the NSA are likely carrying on with "business as usual," the source said. Networks, operating systems, and platforms constantly evolve, and security research firms are often finding tools and exploits they use, so they have to find other ways to continue hacking into foreign targets.
"I've worked operations where tools were discovered and there was a lot of scrutiny on it, and I think you have to have a practical nature to it, which is, that's kind of the name of the game," the source said. "If you implant a computer, you're leaving something behind."
But on the other hand, the more pressing concern is in trying to understand how that data was taken, and what else could be sitting in the cache. Until NSA knows that, then ongoing operations are likely threatened.
"If you don't know how it was lost, there's then a lot of panic in terms of what else is out there, particularly from a counterintelligence perspective," the source said. "Now you have to really worry, are all of my operations exposed? I think that's very concerning to people because they want to be covert and stealth."
The source added: "That's probably the most chilling effect that you can have is to kind of have everyone second guessing themselves."
So what's next? Security researchers will no doubt continue poking through the files to get an understanding of what is inside, and the companies named will start developing patches that fix their vulnerabilities.
But a larger narrative seems to be emerging that a so-called "cyber cold war" is turning hot, especially when this exploit auction — which Aitel believes is "almost certainly Russia" — comes just two months after two different Russian hacker groups were found inside the network of the Democratic National Committee.
"The Russians are professionals," Aitel said. "They've been trying to operate against the United States for a long time. They have a lot of irons in that fire. And vice versa. We catch them and attribute to them as well."
"When you have someone messing with your presidential election, when you have somebody releasing this kind of capability, when you have the attention of policymakers," he added. "It gets less cold day by day."
- EDWARD SNOWDEN: Russia might have leaked alleged NSA cyberweapons as a 'warning'
- 'Shadow Brokers' claim to have hacked an NSA-linked elite computer security unit
- What it looks like when the NSA hacks into your Gmail and Facebook