The Shadow Brokers

Part Two: Execute

The enigmatic Shadow Brokers, who seemingly disappeared in January of 2017, would break their silence just three months later. This time, however, the intelligence they leaked would go on to have devastating effects in the real world...

On April 7th, 2017, US President Donald Trump announced the launch of 59 Tomahawk cruise missiles, which were aimed at a Syrian airbase - used by both Syrian and Russian forces. As you just heard, this launch was in response to a brutal chemical attack, which had killed 89 people and wounded more than 500 others. Altogether, it was the deadliest use of chemical weapons since 2013, and a major escalation in an already-brutal conflict.

US intelligence had named that airbase in particular as the origin point for the chemical weapons, and this decision to attack it marked the tipping point for American forces. The US had already been supporting Syrian rebels since 2011, but had not gotten directly involved in the conflict until those missiles were launched in April of 2017.

Surprisingly, this decision - to enter a conflict that had already taken the lives of countless thousands, many of them innocent casualties - would mark the beginning of a new chapter in a totally unrelated story. This announcement would breathe new life into a hacker collective that had been taunting the US's cyber-intelligence community, but had been dormant since January of that year.

This is part two of the Shadow Brokers.

On April 8th, 2017, the day after President Trump announced he was giving the green-light for American forces to begin participating in the Syrian Civil War, the mysterious entity known as the Shadow Brokers returned with a post - their first in roughly three months.

This post was made on the website Medium, and had the title "Don't Forget Your Base." In short, it was a 1500-word diatribe that seemed to show support for Donald Trump's presidential campaign, but railed against his current personnel and policy decisions.

"Dear President Trump, Respectfully, what the fuck are you doing? TheShadowBrokers voted for you. TheShadowBrokers supports you. TheShadowBrokers is losing faith in you. Mr. Trump helping theshadowbrokers, helping you. Is appearing you are abandoning "your base", "the movement", and the peoples who getting you elected."

The majority of the post critiqued Trump for his abandonment of the political ideals that had gotten him elected, as well as some personnel decisions (including the removal of advisor Steve Bannon from the National Security Committee). In particular, though, the post seems to have been spurred on by Trump's decision to get the US involved in the Syrian Civil War - which had implications for not only the US, but Russia's involvement in the Middle East.

Speaking of which, the post went on to rail against globalism, and seemed to show support for nationalism. Specifically, the Shadow Brokers referred to Russia as "the enemy of my enemy" (therefore an ally).

I could go on and on with the content of this post, which also decried the spread of socialism and even lamented the fall of the white man in America. The post offered up the suggestion that Trump raise $1 trillion to create what the Shadow Brokers referred to as "Obama Tickets," which would be permanent, one way tickets to the continent of Africa. I wish I could be making this up, but really, the entire thing reads like the depraved ramblings of a Fox News viewer after either too little sleep or too much cocaine. Maybe both.

The post itself was pretty newsworthy, but would prove to just be a prelude to the real story: which was the release of another batch of tools and exploits - all of which had been stolen from the NSA months, if not years, prior. In fact, this was pretty much the entirety of the original auction file, which the Shadow Brokers had intended to auction off for a million bitcoin months prior.

These were all tools and exploits created and/or used by the Equation Group, a secretive cyber-unit that is believed to be an elite branch of the NSA's Tailored Access Operations, but that has never been confirmed. Despite being one of the most secretive branches in the cyber-intelligence community - so much so that they don't even technically exist - the Shadow Brokers had now publicly unleashed a treasure trove of their secrets for the third time.

Over the next several days, experts and journalists would investigate the files, determining that many of them were legitimate. However, most of them were old exploits that targeted Linux-based operating systems, having been discovered and patched in recent years.

But this was not the full payload of the files originally promised by the Shadow Brokers. Despite that being the consensus at the time, the mysterious hacker collective had an ace up their sleeve, which would become evident a little less than a week later, when the Shadow Brokers dumped their largest collection of cyber-weapons to-date.


On April 14th, 2017 - six days after their last post - the Shadow Brokers Twitter account, which had been mostly dormant, linked to an outside post on the website Steemit, which is a blockchain-based blogging/social media site. There, a post had been made just prior to the tweet, which contained yet another post from the mysterious Shadow Brokers, titled "Lost in Translation."

"KEK... last week theshadowbrokers be trying to help peoples. This week theshadowbrokers be thinking fuck peoples. Any other peoples be having same problem? So this week is being about money. TheShadowBrokers showing you cards theshadowbrokers be wanting you to be seeing. Sometime peoples not being target audience. Follow the links for new dumps. Windows. Swift. Oddjob. Oh you thought that was it? Some of you peoples is needing reading comprehension."

Along with this post - which you just heard a part of - the Shadow Brokers released the password for another archived collection of files, which would turn out to be the most damaging release yet. These were exploits that could be used to target numerous systems, but particularly Windows systems.

These exploits were primarily for older versions of Windows, but many of them had still not been patched when the exploits were uploaded. In fact, numerous virus-scans and security tools failed to catch the exploits entirely, indicating that they still might be in use throughout the world... and could prove deadly if repurposed by hackers. And now the Shadow Brokers had made that possible by distributing them to anyone that was interested.

Some of these tools were zero-day exploits; which, generally, are bad news for anyone on the receiving end. Zero-day exploits get their name from the fact that the people on the receiving end of them literally have "zero days" to prepare or fix the issue before it becomes known to them. Stuxnet, the malware that destroyed Iran's nuclear weapons program, is probably the most well-known example of a zero-day exploit, but they are generally the exploits that cause the most lasting damage. In cyber terms, they're basically nuclear weapons when used correctly, and can be used to steal information, shut down systems... basically, whatever the malware is created to do.

Mind you, these were exploits created for Windows, the most widely-used operating system in the entire world. It's estimated that over a billion people use Windows, and even though Apple products and other OS's are incredibly common, Windows is still the industry standard. Think about how many Windows devices are used by you or people you know, for either personal or business use... and just imagine if someone could take control of those systems without those people knowing. That should properly highlight how dangerous exploits for Windows can be, and why this would prove to be the biggest leak that the Shadow Brokers had been a part of.

It would later be determined that roughly one month before the Shadow Brokers unveiled this most recent leak, Microsoft had released a patch fixing all of these previously-unknown exploits.

In March of 2017, Microsoft had quietly rolled out a patch that fixed all of the gaps in their Windows framework, which led to suspicions that the corporate giant had been tipped off by someone; likely the U.S. government itself, aware that this leak could be published in the near-future and could prove dangerous to Microsoft (as well as their literal billions of customers). This theory was pushed heavily over the next few days, when it came to light that many of these vulnerabilities had already been fixed - despite Microsoft seeming to have been unaware of these holes in their security for years without notice.

However, that did not mean that this leak was without fangs. The exploits published by the Shadow Brokers in April of 2017 could still be used on a majority of older devices, which were no longer being supported by Microsoft. And even then, the exploits could be adapted for newer systems, with the tools providing a framework that could be manipulated to create destructive cyber-weapons.

Matthew Hickey, a security expert that founded Hacker House, told CNN about this leak by the Shadow Brokers:

"This is quite possibly the most damaging thing I've seen in the last several years. This puts a powerful nation state-level attack tool in the hands of anyone who wants to download it to start targeting servers."

In addition to the Microsoft exploits that could prove to be invaluable for hackers everywhere, there were other files that could do some damage worldwide. This included an exploit named "Jeepflea_Market," which had been used in the past to break into bank networks; particularly, in the Middle East, where the NSA had likely been tracking money shipments to and from terrorist groups.

All-in-all, this would prove to be the most damaging release yet from the Shadow Brokers, and would ultimately prove to be their swan song. From this point forward, the mysterious hacking entity would back off from publishing any other major leaks, and would only make sporadic, random posts hinting at more to come but... primarily taunting the NSA.

The legacy of the Shadow Brokers would live on, though, in the form of the cyber-weapons they had just unleashed upon the world...

Roughly one week after the Shadow Brokers leaked the folder full of tools and exploits that had been allegedly stolen from the NSA, they began to show up in the wild.

Security researchers started to take note of tens of thousands of computers that had been infected with one of the tools released by the Shadow Brokers: a tool known as DoublePulsar, which was a full-on backdoor implant, meaning that it could essentially break into unsecure computers without them knowing, and begin installing malicious malware.

Within days, that original estimate - tens of thousands of computers all over the globe - quickly skyrocketed to hundreds of thousands of PCs. That was when another NSA-created exploit named EternalBlue started to execute a malware on the unsecure computers, taking advantage of the backdoor created by DoublePulsar.

WannaCry - which was short for WannaCrypt - was a malicious malware that would infect computers and then encrypt all available data, demanding a ransom of $300 in bitcoin within three days (or $600/bitcoin in six days). The virus began spreading through Asia on May 12th, 2017, using the EternalBlue exploit to spread to local PCs. In this way it was ingenious, as it did not spread through the usual virus-spreading method of phishing emails, but through holes in the Microsoft Windows code itself.

WannaCry targeted primarily older devices still using Windows XP or Server 2003 - which were both still being used by less tech-savvy individuals, or businesses and organizations that had not upgraded in years - but was still effective at spreading. Within days, WannaCry had infected hundreds of thousands of devices, including health services computers throughout the United Kingdom.

The virus became such an urgent global matter that it sparked a response from the White House. On May 15th, 2017, everyone's least favorite "Dancing With The Stars" competitor Sean Spicer started off his daily press briefing by ceding time to Homeland Security Advisor Tom Bossert.

The WannaCry virus was thankfully killed off within days, but by then, the damage had already been done. The malware had infected hundreds of thousands of devices around the world - across over half the planet, in fact - and many of the people affected had given in and ended up paying the ransom, against authorities' wishes. This resulted in the still-unknown hackers making off with around $130,000 worth of bitcoin, but the information encrypted by WannaCry was never returned by the hackers themselves.

The WannaCry virus was a major wake-up call to the world when it came to cyber-security, and would lead to massive overhauls in that sector in almost all of the nations affected. But officials feared that the tools and exploits stolen from the NSA - which had been released by the Shadow Brokers in April of 2017 - could have even more damaging impacts upon the world. That fear would become a reality when another similar virus began spreading weeks later, proving that the Shadow Brokers' legacy was intact, and would continue to live on for some time.

Just weeks after the WannaCry virus began to spread worldwide, another similar malware hit, this time based primarily in Ukraine.

This malicious software seemed to be based on an older malware named Petya, earning it the nickname NotPetya by cyber-security experts. Unlike WannaCry - which had spread to foreign computers without rhyme or reason - this malware was spread through a Ukrainian tax accounting service named MeDoc, which was not-too-dissimilar from products like Turbotax and used on over one million PCs in Ukraine. The individuals that created NotPetya had managed to hack into the MeDoc servers, and uploaded the malware into the program itself. Users were greeted by an update notification for MeDoc, and when they clicked on it, the malware began to take hold in their system.

Using the same NSA exploit utilized by WannaCry, the program nicknamed EternalBlue, this malware was able to break into each computer's programming. From there, it followed a similar path: encrypt all available data and then extort each user for roughly $300/bitcoin.

Like the WannaCry virus, NotPetya was self-propagating, meaning that it could spread to other unsecure computers without them being aware or even doing anything. It would eventually spread into other countries - including the US, the UK, France, Germany, Italy, and Poland - but primarily targeted Ukrainian and Russian computers. It even managed to shut down the radiation monitoring system at Ukraine's Chernobyl Nuclear Power Plant, as well as countless Ukrainian government facilities.

Ultimately, NotPetya would prove to be the most devastating cyber-attack of all-time, with estimates putting the damages in excess of $10 billion.

Due to the timing of this attack - June 27th - it was believed that this had been a Russian operation meant to disrupt Ukraine, who celebrate Constitution Day on June 28th. Following an extensive investigation, in 2018 the United States officially blamed Russian hackers for the virus that had wreaked havoc across Europe... which did nothing to ease the belief that the Shadow Brokers - whose public release of the hacking tools had precipitated this cyber-attack - might have some relationship with Russia itself.

The Shadow Brokers would return to make some more online posts in May of 2017, announcing that they were planning to do what any internet entrepreneur does: they were launching a monthly subscription service, where you could access their still-unreleased hacks and exploits on a regular basis.

{On a side-note, please remember to head to to support this show!}

In this announcement, the Shadow Brokers claimed to possess roughly 75% of the entire US cyber arsenal, including tools that could exploit holes and gaps in browser, router, and phone security. They also promised to have other exposed network information, including information from compromised networks throughout Russia, Iran, China, and North Korea.

This subscription service was billed as being like the "wine of [the] month club" for hackers and aspiring cyber criminals, and was actually pretty successful for a while. Over the first few months of this service, the Shadow Brokers earned around $90,000 in cryptocurrency from interested parties who bought these tools and exploits on their dark marketplace, but the people who paid for these exploits felt jaded afterwards. Anonymously speaking to tech publications about the exploits distributed by the Shadow Brokers during this time period, sources described them as virtually useless and as outdated pieces of garbage.

Like the other money-making endeavors launched by the Shadow Brokers, this idea would quickly fade into oblivion and the group would eventually stop communicating entirely. For the better part of two years, the mysterious hacker collective has remained quiet, but there remain many that believe them to just be biding their time.

Kaspersky - or Kaspersky Lab - is a Russian-based company that provides cyber-security analysis and research, and also produces antivirus software used by millions of people around the world.

In 2017, the United States government banned the usage of Kaspersky software on government computers, later informing the public that the company itself had been using the software as a backdoor into countless computers. Basically, it was said that Kaspersky antivirus could be used to root around the inside of your computer, and the US government alleged that it could extract documents almost at-will.

As you can imagine, this was a major security breach, but one that wasn't really picked up on until 2016 - the same year that the Shadow Brokers started to leak classified NSA files. It was later determined that Russian hackers had used this exploit in Kaspersky's antivirus software to extract documents from an NSA employee's home computer, dating back to 2015.

That year, an NSA employee named Nghia Pho was secretly arrested by federal agents after it was discovered that he had been secretly taking home hacking tools in an effort to practice with and improve them in his off-hours. Like Harold Martin - the other NSA contractor, who would be arrested the following year, 2016 - Pho had worked with the NSA's Tailored Access Operations unit, and unnamed officials would confirm that many of the tools he had taken home would be files released by the Shadow Brokers (although no direct link has ever been determined).

Using the backdoor in Pho's home computer created by Kaspersky Antivirus, Russian hackers had been able to hack into his network and were able to extract all of this information. At least, that's what has been alleged by the US government in the years since. This information contained what the government described as:

"... details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S."

Sound familiar?

Kaspersky has denied any of these claims: that their antivirus was illegally collecting information or had been used as a backdoor by Russian hackers. But the banning of their products for government use in 2017 has remained in-effect.

Meanwhile... Nghia Pho, the NSA employee arrested in 2015, was later charged with a felony for stealing numerous NSA exploits and storing them on a home computer. Despite having good intentions in doing so, he was sentenced in 2018 to 66 months in prison for willful retention of classified national defense information... a sentence that authorities hoped would serve as a deterrent for other possible leakers.

Speaking of other possible leakers...

Harold T. Martin III was the only individual ever publicly suspected of having involvement in the Shadow Brokers leak, having been arrested in August of 2016. The former NSA contractor - who had been stockpiling classified information for roughly two decades - had been sitting in jail without bail since his arrest, and was officially indicted in February of 2018 on 20 counts of willfully retaining national defense information.

Martin's trial didn't start until earlier this year - 2019 - and his defense argued that he was a man suffering from mental health issues, who hoarded things out of habit (not only the classified information stolen from his job, but things like firearms, as well). His attorneys argued that he was a patriot who had not acted out of maliciousness; but rather a sick and selfish nature that inspired him to hoard all of this info for... no real reason whatsoever.

The prosecution did its best to lay out the facts themselves, which were hard to argue against. From 1996 to 2016, Harold Martin had abused his security clearance to obtain highly-classified, top secret intel, which he had stolen and stored inside his house for a motive that was hard-to-comprehend. This was over 50 terabytes of information, which included millions of pages of government data, as well as intel containing the names of covert agents that were engaged in ongoing operations all around the globe. Him simply having the information was a massive breach of national intelligence, but prosecutors were unable to prove that he had disseminated this information to anyone.

Despite there being no smoking gun linking Harold Martin to any foreign agents or shady actors, there was definitely evidence pointing towards him engaging in activity that was deemed... untoward.

Prior to the first leak by the Shadow Brokers, Martin had engaged in online activity that was described as troublesome by investigators. Just hours before the Shadow Brokers would make their first post online - in August of 2016 - Martin had reached out to two separate researchers at Kaspersky Labs, the Russian-based security firm whose products were later banned from being used on US government computers. He had sent direct messages on Twitter to the two foreign agents - in Russian - and seemed to be trying to make contact with the founder of the company, Eugene Kaspersky. He also wrote to the two Russian researchers "Shelf life, three weeks", implying that he had information of some kind that was only available for a limited time. I'll let you make your own assumptions on what that might mean.

This information was paired up with some other known facts in the case - such as Martin learning Russian in the months prior to his arrest, and his usage of an encrypted operating system nailed Tails, which would have allowed him to use the internet anonymously (without leaving any kind of digital fingerprint).

While this information was of-value - and helped inform the public about the actions that Martin had taken in the summer of 2016 - it was ultimately unable to definitively prove that he had any involvement in the Shadow Brokers release. Prosecutors had no evidence directly connecting him to any outside source, and to-date, no link could ever be established between Martin and the Shadow Brokers themselves.

Martin would eventually plead guilty to one count of willfully retaining national defense information, and was later sentenced to 9 years in federal prison.

There still exists a very real fear of the Shadow Brokers; not only on behalf of the millions of lives they affected, either directly or indirectly, but through the government entities who have been forced to abandon entire programs and tools that had been long in-development. Their tricks had been exposed to the world at-large, and they had to essentially start from scratch.

Leon Panetta, the former US Defense Secretary and CIA director, told the New York Times in 2017:

"These leaks have been incredibly damaging to our intelligence and cyber capabilities. The fundamental purpose of intelligence is to be able to effectively penetrate our adversaries in order to gather vital intelligence. By its very nature, that only works if secrecy is maintained and our codes are protected."

Panetta admitted in the same interview that leaks of this magnitude mean that - as far as intelligence agencies are concerned:

"... you essentially have to start over."

The NSA has yet to recover fully from this breach, which was the worst since Edward Snowden's leak in 2013. Comparatively, it would actually prove much costlier in the long run , primarily due to the WannaCry and NotPetya malwares (which would ultimately cost companies and governments around the world tens of billions of dollars to recover from).

The fear created by the mysterious Shadow Brokers remains a very valid one, more than three years after they originally unveiled the NSA's secrets to the world. They exposed us all to our true vulnerabilities, especially since the world we know is transforming and evolving every single day. Things continue to become more and more digitized and our lives become governed by internet access. As any hacker will tell you, everything has a weakness, and this access just creates more vulnerabilities that can be exposed in the future.

Thankfully, many of the exploits leaked by the Shadow Brokers had been caught and fixed in the years and months prior to their release, but others had existed without notice for years - having infected millions of of devices for a still-unknown purpose.

While it is likely that the NSA had been involved in the creation and distribution of these tools in an effort to protect American interests, we should all be concerned about the type of backdoor into our private lives our electronic devices have... and the potential catastrophe these cyber-weapons can wield. I'm not just saying that for my own selfish interests, but we need to remember that the exploits dispersed by the Shadow Brokers were essentially cyber-nukes, which - in the past - have been used to bring entire nations to a crippling halt.

What could these exploits do if they were used against us? Or the companies we work for? Or the town we live in?

We've seen ransomware attacks similar to WannaCry and NotPetya hit American cities such as Baltimore, where a malicious malware took over government computers and essentially held the city's systems ransom. Mind you, this is Baltimore - one of the most populous cities in America, which you would expect to place some emphasis on cyber-security, considering the type of exploits that are developed just down the road (at the NSA's headquarters in Fort Meade, Maryland).

This wasn't a long time ago, either. This happened just a few months ago (May of 2019), and basically brought the entire city of Baltimore's system down, demanding a ransom of $100,000 in bitcoin. It would be determined that the malware used was almost identical to WannaCry and NotPetya, having been built upon the NSA exploit EternalBlue - the same exploit released by the Shadow Brokers back in 2017.

Baltimore isn't alone in these cyber-attacks either. We've seen similar incidents in cities like San Antonio, Texas; Allentown, Pennsylvania; and even Atlanta, Georgia (who ultimately paid out nearly $10 million to recover from a similarly-destructive hack as seen in Baltimore). These attacks show us that virtually no one is safe and that - as we continue to advance as a species and grow dependent upon technology - we need to place a higher importance on cyber-security. If we don't... well, then let's just say that the legacy of the Shadow Brokers will continue to grow in the years to come.

Whoever the Shadow Brokers are or were, they have managed to avoid identification in the years since their emergence; remaining just as much a mystery now as they were over three years ago. They remain total enigmas to the world at-large; even, supposedly, to the intelligence community, who are the people in the world best-equipped to track them.

Since their final leak in April of 2017, the Shadow Brokers have only surfaced on-occasion to taunt the NSA and intel agencies with more of their cryptic messages (which were still written in broken English). Surprisingly, though, they have been pretty quiet over the past two years, as we continue to experience the fallout of their leaks.

It may be years before we face what one former-NSA employee describes as the "full fallout" of the Shadow Brokers' leak, as noted in a New York Times article about the case (written by Scott Shane, Nicole Perlroth, and David E. Sanger). The mysterious Shadow Brokers may have a dead man's switch of some kind, which would allow them to release the entirety of the information they stole from the NSA should something happen to them.

In that same New York Times article, it's also pointed out that whoever the Shadow Brokers were, they have managed to not only cover up their tracks so well that the best hackers in the world are unable to simply identify them, we are all also unable to truly pin down their motivations. It's possible that they were black hat hackers, after a quick buck with the NSA's intel, but... they might have been involved in something more nefarious or calculated than that. To many, it still feels like the Shadow Brokers were involved with a foreign power playing the long game: slowly trickling out information to deal the most damage (not only in the form of a direct hit to the NSA, but overall global chaos).

The are three possible theories when it comes to the stealing of the NSA's information.

The first revolves around Nghia Pho, the NSA employee arrested in 2015 for taking home NSA intelligence, whose home computer had been compromised by Russian company Kaspersky.

The second revolves around Harold Martin, the NSA contractor who was arrested in 2016 for stockpiling decades of classified intelligence. Despite having attempted to reach out to researchers with Kaspersky through Twitter just hours before the emergence of the Shadow Brokers (and showing other major character issues) no direct link has been established proving he distributed the stolen information.

Then there is the third possibility, that the stolen information came from elsewhere - possibly a third party that is still working for or with the NSA, who has yet to be identified. While regulations have been updated to prevent leaks like this from reoccurring, the fear that there could be another leaker is still always there... especially since the identity and motivations of the Shadow Brokers remain as unknown today as they were back in 2016.

Those are the theories regarding where the information came from, but there also exist theories about who distributed the information... who were the Shadow Brokers?

If you would believe the numerous posts they made online, the Shadow Brokers were just hackers after money: "for-profit black hats," a theory that I personally find unlikely. After all, they demanded half-a-billion dollars from the get-go, but then gave up on the auction just months later. Ultimately, they gave away most of the stolen information for free, which - in my opinion - nullifies any argument that they were chasing riches.

If you would believe the numerous experts who dedicate their lives to cyber-security and cyber-research, then the most likely culprits of this leak are individuals involved with the Russian government. This is regarded with almost-unanimous certainty among tech journalists and experts, who believe that this entire scandal has Russian cyber-intelligence all over it. This theory has only been expanded upon with time, as we've learned more about Harold Martin and Kaspersky Labs.

But other than these two theories, there remain an almost-countless number of possibilities for the Shadow Brokers. They could just be hacktivists of some sort, who have managed to cloud their motivations and identities enough to confuse literally everyone: you, me, and the world's intelligence agencies, who have been scrambling for over three years to ID those that perpetrated this release of information.

It's even possible that the Shadow Brokers had some ties to China, as it was just learned this year (2019) that a hacker group nicknamed "Buckeye" had been using similar stolen NSA exploits back in March of 2016 - more than a year before the exploits were released by the Shadow Brokers. It remains unknown how they had acquired these tools, but simply having them seems to point towards a story that predates the Shadow Brokers release.

To-date, it remains unknown who the Shadow Brokers were, and what their true purpose was. But we do know that their leaks exposed gaping flaws in the cyber-security realm, and highlighted just how much of a digital world we now live in. It remains unknown just how much their leaks levelled the cyber-warfare playing field, but we are still feeling the effects of those leaks months and years later... and they could ultimately lead to circumstances beyond what any of us can imagine at this time.

Until more information is made publicly available, the story of the Shadow Brokers remains unresolved.


Episode Information

Episode Information

Written, hosted, and produced by Micheal Whelan

Published on October 6th, 2019

Producers: Maggyjames, Ben Krokum, Roberta Janson, Matthew Brock, Quil Carter, Peggy Belarde, Evan White, Laura Hannan, Katherine Vatalaro, Damion Moore, Amy Hampton Miller, Scott Meesey, Steven Wilson, Scott Patzold, Marie Vanglund, Lori Rodriguez, Emily McMehen, Jessica Yount, Aimee McGregor, Lauren Harris, Danny Williams, Cody Ketterling, Brian Rollins, Sue Kirk, and Sara Moscaritolo

Special thanks to the following individuals for contributing their voices to this episode:

Music Credits

Original music created by myself through Amper Music

Other music created and composed by Ailsa Traves

Sources and further reading

Wikipedia - The Shadow Brokers

Wikipedia - Equation Group

Wikipedia - Booz Allen Hamilton

Wikipedia - Harold T. Martin III

Wikipedia - WannaCry

Wikipedia - Petya (malware)

Wikipedia - 2017 cyberattacks on Ukraine

Wikipedia - EternalBlue

Risk Based Security - “The Shadow Brokers: Lifting the Shadows of the NSA’s Equation Group?”

Comae Technologies (Blog by Matt Suiche) - “Shadow Brokers: NSA Exploits of the Week”

Vice Motherboard - “Hackers Say They Hacked NSA-Linked Group, Want 1 Million Bitcoins to Share More”

The Daily Dot - “Hackers claim to be selling NSA cyberweapons in online auction”

Business Insider - “‘Shadow Brokers’ claim to have hacked an NSA-linked elite computer security unit”

ABC News - “Hackers claim to Hit NSA-Linked Super-Cyberespionage Group”

The Washington Post - “Powerful NSA hacking tools have been revealed online”

Vice Motherboard - “Email Provider Linked to Alleged NSA Dumps: We Can’t Help”

Vice Motherboard - “Why Github Removed Links to Alleged NSA Data”

Vice Motherboard - “Hack of NSA-Linked Group Signals a Cyber Cold War”

Business Insider - “EDWARD SNOWDEN: Russia might have leaked alleged NSA cyberweapons as a ‘warning’”

Ars Technica - “Confirmed: hacking tool leak came from ‘omnipotent’ NSA-tied group”

Vice Motherboard - “The Current Highest Bid for Alleged NSA Data is 999,998.371 Bitcoin Short”

Vice Motherboard - “What We Know ABout the Exploits Dumped in NSA-Linked Hack”

Vice Motherboard - “Former NSA Staffers: Rogue Inside Could Be Behind NSA Data Dump”

AP - “‘Auction’ of NSA tools sends security companies scrambling”

Vice Motherboard - “The NSA Data Leakers Might Be Faking Their Awful English To Deceive Us”

ABC News - “In ‘Bizarre’ NSA-Linked Hacking Saga, Some Exploits Prove Real”

The Intercept - “The NSA Leak Is Real, Snowden Documents Confirm”

Extreme Tech - “The ‘Shadow Brokers’ NSA theft puts the Snowden leaks to shame”

Ars Technica - “Hints suggest an insider helped the NSA ‘Equation Group’ hacking tools leak”

Reuters - “Commentary: Evidence points to another Snowden at the NSA”

Vice Motherboard - “NSA Targeted Chinese Firewall Maker Huawei, Leaked Documents Suggest”

The New York Times - “N.S.A. Contractor Arrested In Possible New Theft of Secrets”

AP - “NSA contractor arrest highlights challenge of insider threat”

AP - “Ex-contractor committed ‘breathtaking’ theft of secrets”

The Washington Post - “NSA contractor thought to have taken classified material the old-fashioned way”

AP - “US: Contractor in NSA case had intelligence officers’ names”

Vice Motherboard - “While Alleged NSA Thief Sits in Detention, Shadow Brokers Post Messages”

Medium - “TheShadowBrokers Message #3”

Pastebin - “TheShadowBrokers Message #4 Bill Clinton/Lynch Conversation”

Vice Motherboard - “NSA Hackers The Shadow Brokers Dump More Files”

Medium - “Message #5 - Trick or Treat?”

Fortuna’s Corner - “‘Shadow Brokers’ Reveal List of Servers Hacked by the NSA…”

The New York Times - “The Perfect Weapon: How Russian Cyberpower Invaded the U.S.”

Vice Motherboard - “Newly Uncovered Site Suggests NSA Exploits for Direct Sale”

Vice Motherboard - “A Brief Interview with The Shadow Brokers, The Hackers Selling NSA Exploits”

Vice Motherboard - “NSA Exploit Peddlers The Shadow Brokers Call It Quits”

Ars Technica - “NSA-leaking Shadow Brokers lob Molotov cocktail before exiting world stage”

Medium - “Don’t Forget Your Base”

Vice Motherboard - “They’re Back: The Shadow Brokers Release More Alleged Exploits”

International Business Times - “‘President Trump what the f**k are you doing’ say Shadow Brokers and dump more NSA hacking tools”

BBC News - “‘NSA malware’ released by Shadow Brokers hacker group”

Steemit - “Lost in Translation”

Vice Motherboard - “Shadow Brokers Dump Alleged Windows Exploits and NSA Presentations on Targeting Banks”

Ars Technica - “NSA-leaking Shadow Brokers just dumped its most damaging release yet”

Ars Technica - “Mysterious Microsoft patch killed 0-days released by NSA-leaking Shadow Brokers”

Vice Motherboard - “Alleged NSA Victim Denies Hackers Ever Broke In”

Vice Motherboard - “The Latest Dump of Alleged NSA Tools Is ‘The Worst Thing Since Snowden’”

Vice Motherboard - “Newly Leaked Hacking Tools Were Worth $2 Million on the Gray Market”

CNN Business - “NSA’s powerful Windows hacking tools leaked online”

DoublePulsar (blog by Kevin Beaumont) - “Latest Shadow Brokers dump - owning SWIFT Alliance Access, Cisco and Windows”

Engadget - “Microsoft says it already patched ‘Shadow Brokers’ NSA leaks”

AP - “Microsoft says users are protected from alleged NSA malware”

Vice Motherboard - “This Is How the NSA Infiltrated a Huge Banking Network in the Middle East”

AP - “White House: Blame cyberattack on hackers, not spy agencies”

CBS News - “Shadow Brokers hacker group says more NSA leaks to come”

The Atlantic - “Who Are the Shadow Brokers?”

The State of Security (Tripwire) - “Shining Light on The Shadow Brokers”

Vice Motherboard - “Hackers Are Crowdfunding Cryptocurrency to Buy Alleged NSA Exploits”

CBS News - “Mysterious Shadow Brokers group re-emerges to taunt U.S. intelligence”

Vice Motherboard - “The Shadow Brokers Have Made Almost $90,000 Selling Hacking Tools by Subscription, Researcher Says”

The Wall Street Journal - “Russian Hackers Stole NSA Data on U.S. Cyber Defense”

Vice Motherboard - “Ex-NSA Hackers Are Not Surprised by Bombshell Kaspersky Report”

The New York Times - “Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core”

Vice Motherboard - “Cryptocurrency Transactions May Uncover Sales of Shadow Broker Hacking Tools”

DarkReading - “Ex-NSA Contractor Was a Suspect In Shadow Brokers Leak”

Politico - “Suspect’s Twitter messages played role in NSA hacking-tools leak probe”

Gizmodo - “The Strange Case of Kaspersky Lab Just Got Messier”

Politico - “Feds lack digital proof alleged NSA hoarder opened classified docs”

The New York Times - “N.S.A. Contractor Arrested in Biggest Breach of U.S. Secrets Pleads Guilty”

Ars Technica - “Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak”

Cyberscoop - “Ex-NSA contractor set to plead guilty for theft of top secret information”

AP - “Mystery of NSA leak lingers as stolen document case winds up”

The New York Times - “N.S.A. Contractor Who Hoarded Secrets at Home Is Sentenced to Nine Years in Prison”

The Washington Post - “NSA contractor sentenced to nine years in theft of massive amounts of classified material”

The New York Times - “In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc”