Cybersecurity

Hackers post code in Trump protest: ‘Don’t forget about your base’

An individual or group known for leaking complete computer code for apparently authentic, stolen NSA hacking tools released a new batch of computer code Saturday.

The leaker, dubbed “TheShadowBrokers,” claimed that the newest leak was a “form of protest” against President Trump not continuing the isolationist brand of populism that he campaigned on. Earlier leaks from the group were typically political in nature.

TheShadowBrokers claimed to be releasing samples from the NSA source code to draw attention to its auction. The latest leaks accompany a post titled “Don’t Forget About Your Base.”

In the group’s trademark broken English, the post reads, “TheShadowBrokers voted for you. TheShadowBrokers supports you. TheShadowBrokers is losing faith in you. Mr. Trump helping theshadowbrokers, helping you. Is appearing you are abandoning ‘your base’, ‘the movement’, and the peoples who getting you elected.”

The post goes on to cite “good evidence” of Trump shunning his base, pointing to the GOP’s death on healthcare reform last month, removing White House chief strategist Steve Bannon from the National Security Council principals committee and appointing Cabinet members from Goldman Sachs and the “Military Industrial Intelligence Complex.”

TheShadowBrokers debuted in August, leaking a large package of source code it claimed was from the toolkit of the Equation Group, a vaunted hacking operation long believed to be affiliated with the NSA. Between then and January, the group dumped two more packages of source code. 

Though always in the context of advertising the sale of their wares, the Brokers have mentioned politics in prior posts, including a racist sketch about the Clinton campaign. In the group’s last message to the public in January, it claimed any prior mention of politics was meant for publicity. 

Past releases by TheShadowBrokers appears to be authentic. The Intercept, the publication headed by the fount of Edward Snowden leaks, Glenn Greenwald, published that a tracking ID code that appeared in the Brokers’ files matched a previously unreleased code in the Snowden files. 

Earlier files from the group, while years old, contained working computer code to exploit many previously unknown security flaws in popular cybersecurity hardware from Cisco and other manufacturers.

Those flaws sent cybersecurity companies into a frantic race to repair their products before hackers took advantage. Researchers ultimately did find malware in the wild, which used these product vulnerabilities. 

It is unclear how TheShadowBrokers obtained the files.