Hackers going by the name Shadow Brokers said on Monday they will auction stolen surveillance tools they say were used by a cyber group linked to the U.S. National Security Agency.
Advertisement
Shadow Brokers promised more Equation Group files-“same quality, unencrypted, for free, to everyone”-if its ongoing auction raises 1 million bitcoin”.
“This archive appears to contain a large fraction of the NSA’s implant framework for firewalls, including what appears to be several versions of different implants, server side utility scripts, and eight apparent exploits for a variety of targets”, said Nicholas Weaver, a senior networking and security researcher at Berkeley’s International Computer Science Institution.
According to another expert, Matt Suiche, co-founder of security start-up Comae Technologies, the stolen sample also shows that network security equipment from different manufacturers and brands – including Cisco Systems, Juniper, Fortigate and Chinese industrial giant Topse – are targeted by Equation.
Evidence of the NSA “hack”, as released by mysterious group the Shadow Brokers.
Further tweets made by the former NSA contractor suggest that ties exist between “The Shadow Brokers” and Russian Federation, the country that has hosted Snowden since his escape from the USA and the reported source of the DNC massive leak that took place a couple of months ago.
The content of the files is secret, the group said in its announcement.
The DNC has blamed the Russian government for the hack, though. Although many believe the leak is legitimate, the hack appears to have happened in 2013, so the software is a little dated.
The hackers could be advertising that they have the ability to identify actions the NSA took on the compromised server, Snowden suggests – a warning of sorts.
“It looks very much as if the NSA attacked someone, and that someone managed to source the origin of the attacks, and counter-hacked them”, Claudio Guarnieri, a researcher at the University of Toronto, told the magazine.
Now it’s the National Security Agency’s turn. That’s probably all the hackers wanted.
What followed was a series of screenshots, as well as links to a number of the alleged NSA files, many of which were included among the leaked files obtained by whistleblower Edward Snowden.
Snowden continued to theorize that the attackers could be a foreign force looking to gather evidence that the US government was the one responsible for alleged hacking or surveillance incidents. He said that the disclosure “is likely a warning that someone can prove US responsibility for any attacks that originated from this” redirector or malware server by linking it to the NSA.
Advertisement
If the hacked files can prove that Washington has been hacking its allies, or even interfering in their elections, revealing that could have “significant foreign policy consequences”, Snowden noted. That could have major diplomatic fallout if, for instance, the tools were linked to spying on USA allies, Snowden argued.
