By Robert McMillan 

A previously unknown hacking group claims to have broken into a cyberespionage organization linked to the National Security Agency and is offering to sell what it says are U.S. government hacking tools.

The group, calling itself the "Shadow Brokers," said in an internet post on Saturday that it had access to a "full state sponsor tool set" of cyberweapons. To back up its claims, the group posted what appears to be attack code that targets security software on routers that direct computer traffic around the internet.

In a post written in broken English, the Shadow Brokers offered to sell a complete trove of tools to the highest bidder. The group said if it is paid one million bitcoin, valued at roughly $568 million, it will release the tools publicly.

Security experts doubt the group has access to the hacking treasure trove that it boasts, but several said the code it released appears to be legitimate. It affects routers built by three U.S. firms -- Cisco Systems Inc., Juniper Networks Inc. and Fortinet Inc. -- and two Chinese companies -- Shaanxi Networkcloud Information Technology Co. and Beijing Topsec Network Security Technology Co.

A Cisco spokeswoman said her company was investigating the incident, but "so far, we have not found any new vulnerabilities."

A Fortinet representative didn't have a comment. Juniper, Topsec and Shaanxi Networkcloud didn't immediately respond to requests for comment.

The Shadow Brokers' claims are still being analyzed by security experts. If true, they would reflect an unprecedented breach of a computer-espionage outfit dubbed the "Equation Group."

In a report last year, Russian computer security firm Kaspersky Lab ZAO said the Equation Group launched hacking efforts against governments, telecommunications companies and other organizations in countries such as Russia, Iraq and Iran. Kaspersky didn't name any U.S. agencies in its report, but it appeared to detail the kind of work typically conducted by the NSA.

The NSA didn't return messages seeking comment. In the past, the agency has neither confirmed nor denied involvement with the Equation Group.

an internet postIn an internet post, the Shadow Brokers rail against "wealthy elites." The Shadow Brokers didn't respond to email and Twitter messages seeking comment.

Security experts who have examined the code published by the hackers said it appears to contain genuine NSA programs that could manipulate or redirect computer traffic as it passes through a router.

"The more we look at it...it looks more and more like a tool kit from the NSA," said Matt Suiche, the founder of Comae Technologies FZE, a computer-security startup based in the United Arab Emirates.

"It looks genuine," said Nicholas Weaver, a researcher with the International Computer Science Institute, a nonprofit research center affiliated with the University of California, Berkeley. Mr. Weaver said that, in addition to the router-attack programs, the code includes tools that would be available only to someone with access to NSA computers and tools that appear to interact with NSA software described in documents leaked by former NSA contractor Edward Snowden.

However, security experts questioned the ransom demand, saying it was unlikely anyone would pay millions for the promised tools, sight unseen. Mr. Weaver believes the bitcoin auction scheme was most likely a distraction to obscure whoever obtained the documents.

"Whoever stole the data wants the world to know that they stole it," he said in an email message. "The suspect list is almost certainly short -- Russia or China, and given the recent espionage troubles between the U.S. and Russia, probably the former."

The Shadow Brokers say that they obtained their code via hacking. However, the origin of the documents remains unclear, said Oren Falkowitz, the CEO of Area 1 Security Inc., and a former NSA analyst.

"We don't know what hacking means," he said. "Did some guy just walk in and steal it?"

Ben Johnson, co-founder of Carbon Black Inc. and a former NSA computer scientist, cautioned that the Equation Group hasn't been definitively linked to the NSA and that it is unclear how much data was taken.

"People should not be thinking that the NSA has been hacked," he said. "Certainly there's been some effort put into [the Shadow Brokers' data], but I'm by no means convinced that this is a full toolset of a nation state."

Write to Robert McMillan at Robert.Mcmillan@wsj.com

 

(END) Dow Jones Newswires

August 15, 2016 22:42 ET (02:42 GMT)

Copyright (c) 2016 Dow Jones & Company, Inc.
Fortinet (NASDAQ:FTNT)
Historical Stock Chart
From Feb 2024 to Mar 2024 Click Here for more Fortinet Charts.
Fortinet (NASDAQ:FTNT)
Historical Stock Chart
From Mar 2023 to Mar 2024 Click Here for more Fortinet Charts.