National Security Agency Director Adm. Michael Rogers speaks about cybersecurity on April 26. NSA website recovers from outage amid intrigue

The National Security Agency’s website was offline for almost a full day until Tuesday evening, in an unexplained outage that began shortly after hackers claimed to have stolen a collection of the agency's prized cyber weapons.

It's unknown if the two events are connected.


POLITICO first noticed that the agency’s website wasn’t working at 10:54 p.m. Monday. It came back online around 5 p.m. Tuesday.

The outage began a few hours after a mysterious group called the Shadow Brokers claimed to have stolen cyber weapons from the Equation Group, a sophisticated hacking group suspected of being linked to the NSA. Some cybersecurity experts, as well as fugitive NSA whistleblower Edward Snowden, suggested that the alleged thefts may be connected to the uproar over suspected Russian cyber spying on the Democratic Party — but no information has surfaced to link the two, or to connect the alleged thefts with the NSA website outage.

During the outage, the NSA homepage itself was accessible, but all links on the page led to “Service Unavailable” error pages, except for blog posts listed under the “What’s New” section. (Those may be hosted on another server.)

An NSA spokesman declined to comment on the record about the outage, as did a spokesman for the Office of the Director of National Intelligence. A spokesman for the Department of Defense, which also oversees the NSA, said he would look into the issue, but did not follow up with any information.

The White House referred POLITICO to the NSA.

An unnamed source told FedScoop that the outage was due to an ongoing “internal review.”

The Shadow Brokers' claims to have stolen the Equation Group's hacking tools had stirred much intrigue earlier Monday, especially when the Shadow Brokers said they were willing to sell them. The security firm Kaspersky has linked the Equation Group to digital intrusion techniques widely associated with the NSA.

Regardless of how the Shadow Brokers obtained the files — if in fact they’re real — the thieves have been holding onto their merchandise for a while, as POLITICO's Morning Cybersecurity noted Tuesday. One of the leaked tools exploits a vulnerability from 2006.

Capital Alpha Security CEO Matt Tait hypothesized that the hackers acquired the files a long time ago and saved them for a future purpose. If so, he said, their recent unveiling — along with Monday's release of a fresh batch of stolen Democratic documents — may be designed to hit back at the NSA for some behind-the-scenes action the agency took in response to the DNC hack.

Snowden also speculated about a connection, calling it "unprecedented" for anyone to publicize this kind of attack on the agency.

"Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack," Snowden wrote Tuesday on Twitter. He added that "circumstantial evidence and conventional wisdom indicates Russian responsibility," and said it may be an attempt to warn the NSA that the dispute "could get messy fast."

"Accordingly, this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks," Snowden tweeted.

The Obama administration has not publicly assigned blame for the hacking of the Democratic National Committee and other Democratic groups, let alone said whether it is prepared to take retaliatory action.