Shadow Brokers Revisited

Almost three years ago a contractor for the NSA, Harold Martin was arrested for stealing classified information and possibly selling it.  As The New York Times wrote at the time:

“Investigators pursuing what they believe to be the largest case of mishandling classified documents in United States history have found that the huge trove of stolen documents in the possession of a National Security Agency contractor included top-secret N.S.A. hacking tools that two months ago were offered for sale on the internet.

They have been hunting for electronic clues that could link those cybertools — computer code posted online for auction by an anonymous group calling itself the Shadow Brokers — to the home computers of the contractor, Harold T. Martin III, who was arrested in late August on charges of theft of government property and mishandling of classified information.”

I wrote about the case at the time in this post, and noted some of the oddities involved in this case:

The hacking tools were reported to have “lost” several years earlier by being inadvertently left behind on a compromised computer.

The Intercept reported that a previously unpublished draft document from the NSA (probably from the Snowden leaks) describes the tools.

In 2016, 3 years after the hacking tools are supposed to have been ‘lost,’ Harold Martin is charged with stealing and selling them.

All of that made it odd that they were looking at Martin (publicly at least) as the thief who stole and sold the hacking tools.  Yet with all of the NSA’s capabilities, they couldn’t seem to find any evidence Martin had actually done that, which brings us to this week:

“…Yet none of that is likely to be mentioned at Martin’s July 17 sentencing. The hearing instead will turn on dramatically different depictions of the enigmatic Martin, a Navy veteran, longtime government contractor — most recently at Booz Allen Hamilton — and doctoral candidate at the time of his arrest.

Martin was never charged with disclosing information and was accused only of unlawfully retaining defense information. The Shadow Brokers, which two weeks before Martin’s arrest surfaced on Twitter with the warning that it would auction off NSA hacking tools online, continued trickling out disclosures after Martin was in custody, a seeming indication that someone else may have been responsible.”

So either the government couldn’t come up with enough evidence to charge Martin with stealing and selling the hacking tools (the tools that had been lost years earlier), or it was a red herring and there was never real evidence that he was involved in the hacking tools theft in the first place.

When I wrote about this case two and a half years ago, I surmised both that Martin was innocent of selling hacking tools (but not of hoarding classified material at home-he seems guilty as hell of that) and that the Shadow Brokers were a front group possibly of the NSA itself.  My theory, as I stated at the time, goes like this:

“So the information on the hacking tools is out there, even if the tools themselves are not.  But there is no doubt enough technical data that would make it possible for a sophisticated intelligence service to perhaps identify and defend from those particular tools. So maybe, just maybe, the NSA wants to muddy the waters a bit by “losing” their tools, only to be found by a hacking group which then brags about having them and uses them to intrude into systems worldwide.

So…what if the tools were never lost, or stolen by Martin?  What if it’s an elaborate setup to create a black hat hacking group, that can be the fall guy for failed or identified computer systems intrusions?  Since the technical manual stolen by Snowden is out there, that means the useful shelf life of these hacking tools are limited, so an entirely new set of software has to be created, but that takes time.  In the meantime, there is a fall guy for failed or identified computer intrusion operations, the Shadow Brokers.

So it looks like I was right that Martin wasn’t the source of the release of the hacking tools, but to my second point, are the Shadow Brokers actually a puppet group operated by the NSA?  In a world of perfect security, we would never know the answer to that.  However given the absolute security bungling that the government has been guilty of, it’s possible that The Intercept may one day have a scoop on that very issue.  Hopefully that won’t be for a very long time.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.