Shadow Brokers posted online some examples of the data it said it had stolen, including scripts and instructions for breaking through firewall protection. Cybersecurity analysts poring over that information are confident that the material is in fact from Equation Group. This news raises a bigger question: What are the consequences if the Equation Group – and by extension the NSA – were actually hacked?
The NSA holds a massive amount of data, including information on U.S. citizens' and foreign nationals' phone calls, social connections, emails, web-browsing sessions, online searches and other communications. How much data? NSA's Utah data center alone is reported to have a storage capacity of 5 zetabytes – 1 trillion gigabytes. However, judging from what has been made public of what has been stolen by Shadow Brokers, this massive data trove has not been breached.
The Shadow Brokers have claimed to have copies of this software and information on security vulnerabilities the NSA uses in its attacks, including instructions for breaking into computer networks. If true, these would be of very high strategic value to someone seeking to defend against cyberattacks, or wanting to conduct their own.
If the material Shadow Brokers have stolen can link cyberattacks on Gazprom, Aeroflot and other Russian targets with the NSA, Russia can argue to the international community that the United States is not an innocent victim, as it claims to be. That could weaken support for its sanctions proposal.
Russia and China, among other adversaries, have used similar evidence in this way in the past. Edward Snowden's revelation of the U.S. PRISM surveillance program, monitoring vast amounts of Internet traffic, became an important turning point in China-U.S. cyberrelations. Commenting on the NSA's alleged hacking of China's major mobile companies and universities, an editorial in China's state-run Xinhua News Agency noted: "These, along with previous allegations, are clearly troubling signs. They demonstrate that the United States, which has long been trying to play innocent as a victim of cyberattacks, has turned out to be the biggest villain in our age."
In general, allegations and counterallegations have been persistent themes in Chinese-American interactions about cybercrimes and cybersecurity. China's approach shifted toward more offensive strategies following Snowden's revelation of the PRISM surveillance program. It is likely that this hack of cyberweapons may provide China and other U.S. adversaries with even more solid evidence to prove American involvement in cyberattacks against foreign targets.
Cyberattack tools now more widely available
There are other dangers, too. Hackers now have access to extremely sophisticated tools and information to launch cyberattacks against military, political and economic targets worldwide. The NSA hack thus may lead to further insecurity of cyberspace.
The attack is also further proof of the cybersecurity industry's axiom about the highly asymmetric probabilities of successful attack and successful defense: Attackers need to succeed only once; defenders have to be perfect every time. As sophisticated as NSA's highly secure network is, the agency cannot ever fully protect itself from cyberattackers. Either these attackers have already gotten in, or some other group will be the first to do so in the future.
Actors with fewer financial and technical resources can compromise high-value targets. What will come of this attack remains to be seen, but the potential for profound and wide-ranging, even global, effects is clear.