The authenticity of files released by Shadow Brokers has been confirmed. According to multiple sources, the tools and exploits dumped by the hacker group did indeed originate from the NSA systems.
The particulars of these cyber tools and exploits were matched with a recent set of documents leaked by Edward Snowden to confirm its authenticity. The latest batch of Snowden files was published recently by a New York-based online publication along with the confirmation. According to the publication, these tools were extensively used by the intelligence agency to secretly infect computers across the world.
The references to codes present in the files shared by Shadow Brokers was found in a classified NSA manual for implanting malware, including the specific 16-character string. One of the programs called SECONDDATE leaked by the hacking group was found to have the exact string “ace02468bdf13579”. SECONDDATE is an efficient tool used to intercept and redirect internet traffic originating from target computers to NSA’s servers. Once the link is established, the target computers are infected with malware. SECONDDATE is one of the many tools used by the NSA’s broader surveillance and infection network. All these tools together are capable of executing a “man in the middle”