Shadow Brokers' sample files include a 16-character tracking string identified in a Snowden document Credit: National Security Agency Documents leaked by former National Security Agency contractor Edward Snowden share a malware tracking code with several files released this week by hacking group Shadow Brokers, according to a news report.Shadow Brokers claimed they had hacked a cyberespionage team linked to the U.S. spy agency when they released a group of sample files earlier this week. Similarities between the Shadow Broker files and information in documents leaked by Snowden give credence to the claims by the anonymous hacking group.Fourteen files in the Shadow Brokers leak contain a 16-character string, “ace02468bdf13579,” that NSA operatives used to track their use of one malware program, The Intercept reported Friday. That tracking string was described in an NSA manual for implanting malware originally leaked by Snowden, The Intercept reported.That tracking string was tied to malware called Seconddate, allegedly designed to intercept web requests and redirect browsers to an NSA server, according to the story. Snowden’s leaks provided information on Seconddate, and the Shadow Broker files also include information on the malware, including a file titled SecondDate-3021.exe, The Intercept said. The Shadow Brokers have offered to sell the trove of supposed NSA files.One security expert suggested the NSA may have arranged the leak. “You’re talking about the world’s top intelligence agency here,” John Gunn, vice president of communications at VASCO Data Security, said by email. “I think it is much more likely that the tools were intentionally leaked and were being used — just as marked money is used — to trace criminal and state-sponsored hacking activity.” The leak confirms some information about the NSA that many security experts already knew, added Jonathan Sander, vice president at Lieberman Software, another security vendor.“We knew from Stuxnet and Snowden’s documents that they were engaging in cyberwarfare, and we knew that means they were developing malware to do it,” he said by email. “We knew that the NSA is a department of humans using technology, which means they are vulnerable to mistakes and attacks like all other humans using technology.”The leaks also show the NSA is doing good work, he added. “If anything, the universal agreement on the quality of the tradecraft which was stolen and its clear value on a black market should tell us that our tax dollars are getting quality results,” he said. Related content brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe