Hackers going by the name Shadow Brokers said on Monday they will auction stolen surveillance tools they say were used by a cyber group linked to the U.S. National Security Agency. Yesterday, it was reported that a new murky hacking collective, The Shadow Brokers, had infiltrated another hacking sect called The Equation Group, dumping its sensitive documents online over the weekend. “At first glance it is sound that these are important attack-related files, and yes, the first guess would be Equation Group”. Shadow Brokers hackers also said that they obtained the malware used for cyber-espionage.
Advertisement
The hackers noted that if they get one million bitcoins they will publicly dump all of the NSA Cyber-Weapons. The Equation Group is a name given to a team of US state-sponsored hackers by researchers at Kaspersky Lab which has collected a great deal of information that seems to indicate that the NSA has created an office with extremely talented developers who appear to have unlimited resources.
By claiming to reveal the inner workings of the NSA, the hack is seen by some as the latest salvo between Russia and the United States, after U.S. officials accused Russian hackers of breaking into files belonging to the Democratic National Committee and other Democratic groups and officials in an attempt to aid Republican presidential nominee Donald Trump.
That is the question now confronting the world’s cybersecurity experts, as they try to unpack the announcement by a previously unknown group calling themselves the Shadow Brokers. You see pictures. We give you some Equation Group files free, you see.
Alongside those alleged exploits were implants malware that is covertly dropped on the network once the firewall and other security mechanisms have been bypassed. “Circumstantial evidence and conventional wisdom indicates Russian responsibility”.
On Tuesday, Snowden, a former NSA contractor, tweeted that it isn’t “unprecedented” for cyberspies to try to hack the agency’s malware staging servers. They are expensive software used to take over firewalls, such as Cisco and Fortinet, that are used ‘in the largest and most critical commercial, educational and government agencies around the world, ‘ said Blake Darche, another former TAO operator and now head of security research at Area 1 Security. Dmitri Alperovitch, the co-founder of security firm CrowdStrike, theorized that the leakers were probably sitting on this information for years, waiting for the most opportune time to release. CrowdStrike is best known for immediately “concluding” that all recent hacks of Democratic-linked servers have been under the guidance of the Kremlin. He said that the disclosure “is likely a warning that someone can prove US responsibility for any attacks that originated from this” redirector or malware server by linking it to the NSA. “The likely conclusion is that the code was stolen from the NSA itself or a 5EYES ally with access to this particular code”.
“However, if indeed these techniques were used by the NSA, they will be very anxious that there is now enough information leaked that would allow forensics experts to attribute hacking attacks to the NSA, both disrupting ongoing operations and causing embarrassment”.
‘That could have significant foreign policy consequences.
In recent days, other security experts also have come to believe that the computer code comes from the NSA and that Russian Federation is behind its theft and release.
Advertisement
It’s unclear whether the NSA would have been required to release these tools, even if the interagency process had been working in 2013, when they were apparently found. And while we, as onlookers, can’t know for sure whether Russian Federation is behind this leak, nor whether these are really the NSA’s cyber weapons, the NSA does, and has gotten the message.
