Security breach shakes NSA to its core
WASHINGTON — Jake Williams awoke in April in an Orlando, Florida, hotel where he was leading a training session. Checking Twitter, Williams, a cybersecurity expert, was dismayed to discover that he had been thrust into the middle of one of the worst security debacles ever to befall U.S. intelligence.
Williams had written on his company blog about the Shadow Brokers, a mysterious group that had somehow obtained many of the hacking tools the United States used to spy on other countries. Now the group had replied in an angry screed on Twitter. It identified him — correctly — as a former member of the National Security Agency’s hacking group, Tailored Access Operations, or TAO, a job he had not publicly disclosed. Then the Shadow Brokers astonished him by dropping technical details that made clear they knew about highly classified hacking operations that he had conducted.
America’s largest and most secretive intelligence agency had been deeply infiltrated.
“They had operational insight that even most of my fellow operators at TAO did not have,” said Williams, now with Rendition Infosec, a cybersecurity firm he founded. “I felt like I’d been kicked in the gut. Whoever wrote this either was a well-placed insider or had stolen a lot of operational data.”
The jolt to Williams from the Shadow Brokers’ riposte was part of a much broader earthquake that has shaken the NSA to its core. Current and former agency officials say the Shadow Brokers disclosures, which began in August 2016, have been catastrophic for the NSA, calling into question its ability to protect potent cyberweapons and its very value to national security. The agency, regarded as the world’s leader in breaking into adversaries’ computer networks, failed to protect its own.
“These leaks have been incredibly damaging to our intelligence and cyber capabilities,” said Leon E. Panetta, the former defense secretary and CIA director. “The fundamental purpose of intelligence is to be able to effectively penetrate our adversaries in order to gather vital intelligence. By its very nature, that only works if secrecy is maintained and our codes are protected.”
Fifteen months into a wide-ranging investigation by the agency’s counterintelligence arm, known as Q Group, and the FBI, officials still do not know whether the NSA is the victim of a brilliantly executed hack, with Russia the most likely perpetrator, an insider’s leak, or both. Three employees have been arrested since 2015 for taking classified files, but there is fear that one or more leakers may still be in place. And there is broad agreement that the damage from the Shadow Brokers far exceeds the harm to U.S. intelligence done by Edward J. Snowden, the former NSA contractor who fled with four laptops of classified material in 2013.
“It’s a disaster on multiple levels,” Williams said. “It’s embarrassing that the people responsible for this have not been brought to justice.”