The National Security Agency’s most elite hackers use some very strange names for their hacking tools and exploits.
And for some reason, a lot of those names involve bananas.
With nearly 40 exploits, tools, and implants leaked online by a mysterious group calling itself “The Shadow Brokers,” we now have a better sense of the various hacking tools and tricks NSA was using in 2013.
Mustafa Al-Bassam, a computer science student at King’s College London, put together a comprehensive listing of what’s in the “Shadow Brokers” archive, and the tools have funny names like “Egregious Blunder,” “Wobbly Llama,” and “Extra Bacon.”
A lot of the names involve bananas. There’s
- “Epic Banana,” an exploit for Cisco hardware and software
- “Banana Glee,” a software implant for certain Cisco devices
- “Banana Ballot,” which is associated with another implant
- “Banana Liar,” which is related to the others
- “Bannana Daiquiri” (yes, “bannana” with two “n”s), also related.
And yes, NSA insiders say the files appear to be real. Two of the implants contained in the leaked archive, Jet Plow and Banana Glee, appeared previously on PowerPoint slides leaked by ex-NSA contractor Edward Snowden.
This isn’t the first time we’ve gotten a look inside the hacking toolkit of the NSA’s hacker unit, known as Tailored Access Operations. The Snowden leaks revealed a massive 50-page catalogue of what was available to use. The catalogue from 2008 had names like “Howler Monkey” and “Deity Bounce,” and it looks like in the years since, their weird naming convention hasn’t changed much.
The naming practice even inspired an Akamai security architect to code a parody NSA product name generator.
Since the archive appeared online at various file-sharing sites, experts have been analysing what’s inside for clues, speculating on how it could have been taken from NSA, and wondering who is really behind the “Shadow Brokers.” A number of experts who spoke with Business Insider see Russia as being behind the heist, though some believe it could be an agency insider creating a smokescreen to mask his or her identity.
Right now, either of those theories are plausible.
“I would say that anything’s possible,” an ex-NSA hacker who worked in TAO, told Business Insider on condition of anonymity to discuss sensitive matters. “Again, people who are operating these attacks — I’ve certainly done that in the past, I’ve worked on those teams — you know, things happen. It’s possible someone copied the wrong file somewhere. It happens.”
The source added: “There’s probably a dozen different ways these things can end up in the public.”