That group was first identified in a Kaspersky report released past year. The Equation Group was first identified in February 2015 by the Russian cybersecurity firm Kaspersky Lab, which recently described it as the “apex predator” of the hacking world.
Advertisement
The tracking string in the manual, ace02468bdf13579, also appears inside code for a software implant called “Second Date”, which was leaked as part of the archive posted earlier this week.
The NSA itself routinely hacks into servers used by opposing groups, Snowden added.
“I can think of a dozen ways” the tools could have been stolen, Falkowitz said, such as being taken from an outside server and being pilfered from an unsecured laptop. “Our rivals do the same thing to us – and occasionally succeed”.
Some former agency employees suspect that the leak was the result of a mistake by an NSA operator, rather than a successful hack by a foreign government of the agency’s infrastructure.
It looks as if the NSA has indeed been hacked.
But the code, which was created in 2010 and updated constantly until 2013, suggested domestic providers could be vulnerable to overseas attacks too, experts said. If this is indeed Russian Federation, then one assumes that they probably have their own exploits, but there’s no need to give them any more.
In addition to Topsec, three American companies – Cisco, Juniper Networks and Fortinet – were targeted by the Equation Group, according to the analysis by Risk Based Security.
That’s bad news for user security: For one, these tools are now available to criminal hackers.
It is now not clear whether the files are genuine or not, but some IT specialists believe that they are.
The NSA has steadfastly declined to comment on whether it has been the victim of a security breach. “We continue to investigate this exploit and are conducting an additional review of all of our Fortinet products”, an official statement reads.
The company issued two security advisories – one for a newly found defect and one for a defect that was found and fixed in 2011, she told TechNewsWorld. “And-most chillingly-what else might be released before this war of leaks is over?” Encryption algorithms in over 300 files from the Shadow Brokers‘ cache resemble those seen in previous Equation Group malware, according to Kaspersky.
Allegedly, the files were stolen from the Equation Group, a top cyberespionage team that may be connected with the NSA.
“Faking this information would be monumentally hard, there is just such a sheer volume of meaningful stuff”, Nicholas Weaver, a computer security researcher at the University of California at Berkeley, said in an interview.
Time notes the Shadow Brokers are demanding non-refundable bids be submitted in advance, with the auction to end at an unspecified time, so interested parties should “keep bidding until we announce victor”.
Advertisement
Last month, WikiLeaks published tens of thousands of hacked emails from the Democratic National Committee (DNC), days before the Democratic convention in Philadelphia. Their madcap, Borat-like manifesto rails against the “Wealthy Elite” and the group’s name appears to be a nod to the “Mass Effect” series of video games, where an elusive Shadow Broker traffics in sensitive information. The other remains encrypted and is the subject of an online auction, payable in bitcoin, the cryptocurrency.
