PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Evidence Links Leaked Hacking Tools to the NSA

A string of code from the leak also appears in an NSA hacking manual, The Intercept reported.

Tom Brant
 & Tom Brant Managing Editor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

More evidence surfaced this week that computer surveillance tools belonging to the mysterious Equation hacking group are linked to the US National Security Agency.

SecurityWatchCyber-security experts were divided on the origin of the hacking code, which was leaked on Monday by another hacking group called calling itself the "Shadow Brokers." But The Intercept reported on Friday that a specific 16-character string found in a leaked NSA instruction manual also appears in the Shadow Brokers code.

The manual, a 31-page document entitled "FOXACID SOP for Operational Management," describes administrative tools for tracking surveillance targets, including a set of tags used to catalogue servers, according to The Intercept. The tags are used to trick Internet users into thinking they're browsing a safe website when in fact they've been sent a malicious payload from an NSA server.

Although it appears to show a link between the Shadow Brokers hack and the NSA, The Intercept acknowledges its findings don't necessarily mean that the NSA itself was hacked. The code could have been stolen from third-party hackers, a possibility Edward Snowden alluded to on Monday.

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

"NSA malware staging servers getting hacked by a rival is not new," he wrote in a tweet, referring to private servers that are occasionally controlled by NSA agents, but not owned by the agency itself.

Some of the servers in the Shadow Brokers leak used software from Cisco, including the company's Adaptive Security Appliance (ASA) operating system, which powers data center firewalls. Cisco announced on Thursday that it had identified the exploits that allowed the hack and was working on an update.

"The exploit of this vulnerability was publicly disclosed by the alleged Shadow Brokers group," Cisco wrote in an advisory posted to its website. "All Cisco ASA releases are affected. Cisco is working on fixes for supported releases."

Fortinet and Juniper Networks, which also make server firewall software, told Forbes on Wednesday that their products were also involved in the hack. Juniper said it was looking for vulnerabilities, while Fortinet said it found holes in a legacy firmware version and recommended that customers update to the latest version.

About Our Expert

Tom Brant

Tom Brant

Managing Editor

I’m a managing editor at PCMag.com focused on PC hardware. Reading this during the day? Then you've caught me testing gear and editing reviews of Wi-Fi routers, printers, laptops, and tons of other personal tech. (Reading this at night? Then I’m probably dreaming about all those cool products.) I’ve covered the consumer tech world as an editor, reporter, and analyst since 2015.

I've covered most major consumer tech events, including CES, Computex, Google I/O, and IFA. I've also appeared on CBS News, in USA Today, and at many other outlets to offer analysis on breaking technology news.

Before I joined the tech-journalism ranks, I wrote on topics as diverse as Borneo's rainforests, Middle Eastern airlines, and Big Data's role in presidential elections. A graduate of Middlebury College, I also have a master's degree in journalism and French Studies from New York University.

The Technology I Use

While most people buy a phone or laptop and stick with it for years, I’m lucky enough to use devices based on Android, iOS, macOS, and Windows daily as part of my job. As a result, I cycle through lots of tech in addition to my IT-issue work laptop. (Yes, that's a ThinkPad.) Personally, I’ve also owned a lot of tech products both cutting-edge and cringeworthy, from the Nintendo GameCube and the original MacBook to the Palm m105 and the CueCat.

Read the latest from Tom Brant

Read full bio