Security Market Segment LS
Monday, 31 July 2017 06:20

Ex-NSA insider suspected to be link to Shadow Brokers Featured


The US government is trying to trace the identities behind the group called Shadow Brokers which dumped a number of NSA Windows exploits on the Web in April, some of which were used in the last two global ransomware attacks.

A report in Cyberscoop said the counter-intelligence investigation had made contact with a number of ex-NSA employees to try and find out how these tools came into the possession of the Shadow Brokers.

While ex-NSA officials are under suspicion, there is also a theory that someone who is currently employed by the NSA is connected to the group.

The probe is led by a joint team from the FBI, the US National Counter-Intelligence and Security Centre, and the NSA's internal policing group Q Group.

The Shadow Brokers first surfaced in August last year, offering for sale hacking tools which were said to have been pillaged from the Equation Group, an outfit which has long been suspected to have NSA links.

In January this year, the group offered a number of Windows exploits from the NSA for sale. It later dumped these exploits on the Web.

One exploit, known as ETERNALBLUE, was used to craft the ransomware known as WannaCry which hit a number of countries in May.

A second, ETERNALROMANCE, was used to craft ransomware which was given various names — Petya (nomenclature given to ransomware that already existed), NotPetya, ExPetr, Nyetya and GoldenEye — which attacked Windows machines in Europe in June and spread to other countries.

The Shadow Brokers have taken to periodically issuing messages in broken English, advertising new exploits for payment. Two researchers, who tried to raise money to buy the exploits, called off their effort after being advised that they could fall foul of the law.

The Cyberscoop report was unclear on whether the Shadow Brokers' source was an employee of the NSA or a contractor. One contractor, Harold Martin, is in jail at the moment after having been caught with a massive trove of data which he had removed the NSA premises.

Last week, the Shadow Brokers again advertised a subscription service through which they claimed they would share more NSA tools with anyone who was willing to pay a fee that was in the thousands of dollars.


Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.



Some of the most important records are paper-based documents that are slow to issue, easy to fake and expensive to verify.

Digital licenses and certificates, identity documents and private citizen immunity passports can help you deliver security and mobility for citizens’ information.

Join our webinar: Thursday 4th June 12 midday East Australian time


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments