Shadow Brokers: A super-Snowden on the loose at NSA

If you thought Ed Snowden was a problem, get a look at the hideous hackers, presumably Russian, known as the Shadow Brokers, who got their hands on the NSA's most critical hacking tools – and are now spreading them around to every hack-happy lowlife in assorted basements intent on robbing and disrupting on the internet.  They make Snowden look like a candy-ass piker.

The New York Times has a very long and very worthwhile exposé on this humongous theft of secrets that happened around August 2016, back when everyone was focusing on the election.  Read the whole thing – the only reason a piece this long got by the newspaper's editors is that it's that good.

Here is an abbreviated version from Business Insider if you really want the executive summary.  It's a story that should be leading the news above all other stories, given its impact on all of us.

The Times calls it "one of the worst security breaches" in all the annals of American intelligence. 

Current and former agency officials say the Shadow Brokers disclosures, which began in August 2016, have been catastrophic for the N.S.A., calling into question its ability to protect potent cyberweapons and its very value to national security. The agency regarded as the world's leader in breaking into adversaries' computer networks failed to protect its own.

"These leaks have been incredibly damaging to our intelligence and cyber capabilities," said Leon E. Panetta, the former defense secretary and director of the Central Intelligence Agency. "The fundamental purpose of intelligence is to be able to effectively penetrate our adversaries in order to gather vital intelligence. By its very nature, that only works if secrecy is maintained and our codes are protected."

With a leak of intelligence methods like the N.S.A. tools, Mr. Panetta said, "Every time it happens, you essentially have to start over."

There have been a lot of leaks, and it's easy to tune them out, but this one merits some attention.  The tools the NSA uses to break into computers around the world have been stolen.  The identity of the thieves is still not known – and they could be NSA insiders, given the Obama administration's hiring practices.

Here's why it's important: the break-in tools are being spread around to other hackers – making break-ins at banks, retailers, hospitals, tax agencies, and law offices that much more likely.  Thieves now have their hands on the NSA's levers, which had, up until about a year and a few months ago, been America's most closely guarded and most powerful secrets.  Now any thief can get them and use them.

I went to a presentation on technology opportunities for students working on tech certificates at Grossmont College near San Diego on Thursday.  The little evaluation paper they handed out after the event, which featured speakers from the government, the private sector, and educational and hiring agencies, asked one thing: What stood out for you in the presentations?  I wrote that one of the professors stated that computer security-trained people now have starting salaries of $300,000 a year, and there are 6 million unfilled jobs in the field worldwide.


Surely it must be hyperbole.  But with news like this, it's not.  Every computer security official in that growing field is going to have to have the kind of skills that can come up against hackers capable of breaking into NSA toolboxes, stealing the technology, and then using it on banks and hospitals.  That's a tall order.  No wonder the salaries are high for those who can do that kind of work.

In the wake of this story and the sad reality that the NSA still hasn't resolved the issue, I have the feeling that that community college professor was not exaggerating.

If you experience technical problems, please write to