WASHINGTON
Cybersecurity experts believe the hacker who leaked the potent software tool that powered last week’s global ransomware attacks is an American – perhaps a disgruntled insider in the U.S. intelligence community.
Such a finding would raise the stakes for halting The Shadow Brokers group, which has bedeviled the National Security Agency with releases of its hacked weaponized cyber exploits for months.
One of those leaked NSA tools allowed extortionists to spark havoc last Friday by encrypting the hard drives of more than 200,000 computers in 150 countries, the largest such cyberattack ever to hit the globe. The attackers demanded $300 or more to unlock each computer.
The NSA did not respond to a request for comment.
The Shadow Brokers group first surfaced last August, claiming to have breached the NSA and stolen sophisticated cyber tools. It sought to auction off the NSA exploits but failed to find many buyers, releasing some for free. It periodically has resurfaced with statements.
The latest statement came at 2:16 a.m. Tuesday, a long, rambling screed that used broken syntax to make it seem as if it were written by a foreigner with poor English. But the message was filled with U.S. cultural references that experts said were likely to have come only from someone with a native’s familiarity.
“I think they are Americans, and I think they are inside somewhere,” said Dave Aitel, chief executive at Immunity, a Miami cybersecurity company, who formerly was a chief scientist at the NSA. “Some of the idioms they use are straight up native. You have to be a native to use them.”
Domestic cultural and political references fill the 1,100-word statement, which carries the headline: “OH LORDY! Comey Wanna Cry Edition.”
In addition to references to James Comey, the ousted FBI director, and the WannaCry ransomware that the extortionists deployed last Friday, the statement made liberal use of idioms like “BFF” – or “best friends forever” – and a vulgar expression that “Late Show” host Stephen Colbert employed May 1 in talking about President Donald Trump.
With links @McClatchy: http://www.mcclatchydc.com/news/nation-world/national/national-security/arti...