A group calling itself "Shadow Brokers" says it has released another gem from its trove of high-level hacking tools stolen from the U.S.'s National Security Agency, potentially offering added insight into how America's spies operate online.
The leak discloses NSA-style codenames — including "Jackladder" and "Dewdrop" — and carries internet protocol information about scores of organizations, many based in Japan, China and South Korea, according to severalexperts who have examined the data.
Matthew Hickey, co-founder of U.K.-based cybersecurity consultancy Hacker House, said it was plausible that the servers would have seen use as staging posts to help obfuscate the origin of electronic eavesdropping operations. More worrying for the NSA, the leak backs Shadow Brokers' claims to have stolen an as-yet undisclosed set of electronic lock picks from the agency.
"Those can be hard to generate," Hickey said in a telephone interview, calling it "quite expensive to replicate all those tools."
Shadow Brokers has been closely followed by intelligence watchers and cybersecurity specialists since the group released an initial set of NSA hacking tools back in August. The seriousness of the leak was confirmed when security companies rushed to patch holes in their software revealed by the disclosure.
The Intercept, an investigative publication with access to NSA material leaked by former intelligence contractor Edward Snowden, later confirmed Shadow Brokers' tools were really from the NSA by cross-referencing the leaked data with information held in a previously unpublished top secret manual.
The authenticity of the latest batch of material could not immediately be established, although Hickey said any hoax would have to have been unusually elaborate.
Shadow Brokers did not return messages seeking comment Monday. The NSA declined to comment.
Deb Reichmann in Washington contributed to this report.
Raphael Satter can be reached at: http://raphaelsatter.com