ROBERT SIEGEL, HOST:
A massive cyberattack earlier this week first struck networks in the Ukraine before quickly spreading to organizations worldwide, including the American drug company Merck. It is not clear who was behind the attack, but the code the hackers used appears to be based on cyber tools that were stolen from the National Security Agency and posted online by a group called The Shadow Brokers. It's not the first time this has happened, and experts warn that it won't be the last.
Nicole Perlroth has been covering this saga for The New York Times and joins us now. Welcome.
NICOLE PERLROTH: Thanks for having me, Robert.
SIEGEL: First, who are the - or do we know who are the shadow brokers?
PERLROTH: We don't know who they are. They first appeared last year online. It was a group. They call themselves The Shadow Brokers. And they said that they had managed to steal classified National Security Agency secrets. And initially they just offered to sell the secrets to the highest bidder.
But eventually they just started posting some of that stolen data online. And just this past April, they dumped a number of classified hacking tools that belong to the agency - dozens, actually. And so for the past two months, we've started to see an increasing number of attacks using those tools. As far as their identities, we - there were some initial theories that it might be Russia. But more recently, the leading theory appears to be that it might have been an NSA insider.
SIEGEL: And it's undisputed that these are from the NSA.
PERLROTH: It is undisputed that these are from the NSA. The NSA itself has been very quiet about the leaks. And more recently, it's been pretty quiet about the fact that its hacking tools are being used by attackers in a series of escalating attacks. But based on the documents themselves, it's pretty clear that these did come from the NSA and specifically the NSA's hacking unit, the - what's called the Tailored Access Operations Unit.
SIEGEL: Do you know - at the NSA, is there a unit whose job is to protect things like these very sophisticated hacking tools that somebody put out there? I mean do they have a strong security group that protects against this sort of thing?
PERLROTH: The NSA does have - defense is a large part of the NSA's mission. The criticism at least has been that the NSA has poured many more billions of dollars into its offensive tools than it's poured into defending its tools. And this would be Exhibit A for that.
SIEGEL: Once a hacking tools of the NSA is in the hands of somebody else, can the NSA pull some kill switch that disables the tool?
PERLROTH: It appears not. You would assume that now that these tools are out there, that they're being used not just against Merck but against American hospitals. That is considered a critical infrastructure attack in the United States. So you would assume that if the NSA has a kill switch, they would have pulled it by now.
SIEGEL: I mean there seems to be a pretty - implication here that what goes around comes around and that - whereas for conventional weapons, say, an outside party might get hold of the plans, but it's a lot harder than that to actually get ahold of a weapon. In this case, if you get ahold of some code, you've got it. You can do the same thing the NSA would do.
PERLROTH: What you have now is truly the nightmare scenario because now you have a situation where those adversaries who are motivated to harm the United States' interests in cyberspace now actually have the world's best attacker, which is the NSA's tools, at their disposal. And they can use them however they want to.
SIEGEL: Nicole Perlroth covers cybersecurity for The New York Times. Thanks for talking with us today.
PERLROTH: Thanks so much for having me, Robert. Transcript provided by NPR, Copyright NPR.