Casimir Legrand Cyber Security and Emerging Threats

Cyber Chaos: The Aftermath of Russia’s NSA Hack

Though the US presidential election is, by definition, an internal matter, allegations are being raised that other countries, such as Russia, are trying to get involved to sway the votes to one particular camp or another. In Russia’s case, claims suggest that Russian president Vladimir Putin, notorious for resorting to “active measures” to upset his adversaries, is meddling in the electoral process by way of cyber attacks to weaken the future US presidency.

Recently, it was revealed that several US organizations were the victims of substantial information leaks at the hands of a hacking group online that goes by the name Shadow Brokers. The group distributed what appeared to be a genuine line of top-secret code originating from the National Security Agency (NSA) used to hack into databases and servers of foreign governments and organizations, such as the Clinton Foundation, and other spy targets.

Examination of this coding has led experts to believe that Shadow Brokers successfully developed a type of malware that can penetrate US-made firewalls and routers almost completely undetected. The group proved the legitimacy of its threat by releasing a sample of NSA files they hacked, beginning on August 13, 2016. Now, the Shadow Brokers are holding an auction to “sell off the cyber weapons” to the highest bidder.

Though outdated, the source code used by Shadow Brokers resembled that of Equation Group, an entity under the NSA widely credited as the world’s largest, most sophisticated “threat actor.” Threat actors conduct investigative work to identify actions that can be made against companies’ assets in order to prevent the threat from being realized.  Equation Group was first exposed by Kaspersky Labs, a Russian cyber security software firm that studies the work of threat agents, in early 2015. Given the recent hacks, David Emm, Kaspersky’s principal security researcher told the BBC that, “on the basis of what we’ve looked at, we certainly believe that there’s a connection to the Equation Group malware,” implying that by mimicking the coding of Equation Group, Shadow Brokers was able to access confidential NSA data.

Kaspersky Labs was quick to point out that the coding used by Shadow Brokers resembled a line of coding that was created by the Tailored Access Operations unit, a highly classified department of the NSA that was described by Edward J. Snowden when he blew the whistle on the NSA in 2013. Though experts deduced Snowden was responsible, no evidence suggested that the malware source code had originated from Snowden’s archive, mostly comprised of PowerPoint and PDF files that described the NSA’s internal actions.

The real mystery and scandal of how this information was leaked merely point to a trail gone cold. No one quite understands how the coding that matched Equation Group’s was created, much less how the information was leaked, leading many to believe that one of the internal servers operated by the NSA may have been hacked. David Aitel, a former NSA employee, suggested that an insider may have decided to steal the data. But, whether that same insider leaked the information remains unanswered.

Despite not being able to pin the cyber crime on a particular suspect, the blame game is already being played full force- and Russia is being cast as public enemy number one.

In a Twitter message released on August 16, 2016, Snowden argued that “circumstantial evidence and conventional wisdom indicates Russian responsibility.” He further contemplated, “Why did they do it? No one knows, but I suspect that this is more diplomacy than intelligence, related to the escalation around the DNC hack.”

In fact, it seems easy to paint Russia in a bad light given their prior involvement in cyber attacks throughout the course of the election. In June 2016, it was revealed that a hacker who went by the name of Guccifer 2.0 had leaked a surfeit of the Democratic National Committee’s (DNC) emails, including the personal contact information of 200 current and former congressional Democrats. The ensuing scandal forced DNC chairwoman Debbie Wasserman Schultz to resign and led the US to suspect Russia’s involvement in tampering with the US election, an allegation that was vehemently denied by Russia.

Even if Russia’s culpability cannot be proven, the paranoia remains rampant. Dmitri Alperovitch, CTO of security firm CrowdStrike explained that there is “no doubt that further leaks will continue and contribute to the chaos of this already way too weird election. I think there is plenty of reasons to be concerned that the election itself would be manipulated.” President Obama bolstered this point by telling NBC’s Today Show that “what we do know is that Russians hack our systems”, adding that, “on a regular basis they try to influence elections in Europe.” James Lewis, Director of the Technology and Public Policy Program at the Center for Strategic and International Studies said it best: “The real problem for us is that the Russians seem to have taken the gloves off in the cyber domain […] and we don’t know how to respond.”


Photo: Russian President Vladimir Putin, via Amur Tiger Programme.

Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.

Casimir Legrand
Casimir Legrand is a Junior Research Fellow at the NATO Association of Canada. Casimir is currently finishing his undergraduate degree in international relations at Trinity College: University of Toronto. This year, Casimir pursued a full year exchange at the University of St Andrews in Scotland, UK. In his studies, Casimir has focused on the intersection between foreign policy analysis and the geopolitical role of international organizations. He has worked extensively with the G20 Research Group at the Munk School of Global Affairs and attended the 2014 G20 Summit in Brisbane, Australia as an accredited media participant for the Toronto Star. Casimir has also conducted and presented research for the Defense Policy and Planning Committee at a Model NATO Youth Summit in Podgorica, Montenegro. In addition to his work for the NAOC, Casimir is interning at the Donner Canadian Foundation, a Canadian/American organization that supports international development, social services, and public policy research projects.