The “Shadow Brokers” are in the spotlight.
Advertisement
A mysterious online group is claiming to have hacked the Equation Group, an organisation believed to be an affiliate of the US National Security Agency (NSA).
Written in poor English, the original post by Shadow Brokers has been deleted but the technology website Ars Technica linked to an archived version in Google’s cache. They said they would release more if the bidding reached some $565 million in the digital currency bitcoin.
Cisco said in a note on Wednesday that it “immediately conducted a thorough investigation of the files released”, identifying two flaws affecting Cisco Adaptive Security Appliances (ASA) devices, which are typically used to protect networks and data centers. That’s more than half a billion dollars, and almost 1/15th of all the bitcoins in circulation. Their madcap, Borat-like manifesto rails against the “Wealthy Elite” and the group’s name appears to be a nod to the “Mass Effect” series of video games, where an elusive Shadow Broker traffics in sensitive information.
Yet this latest incident differs in that the perpetrators appear to be seeking financial gain, implementing a convoluted auction process which promises to release the remaining files to the highest bidder.
The hackers, calling themselves the Shadow Brokers, posted sample files to prove they had actually stolen the source code from the so-called Equation group on Monday.
And both security experts also say that the nature of the leak and the type of material leaked indicate that a state player is behind it: nearly certainly Russian Federation, they conclude. “If that would be the best of what they had, it would be disappointing. Then you pay for more – but you get bored”.
“NSA malware staging servers getting hacked by a rival is not new”.
The dumped files contained configurations for command and control servers, installation scripts, and exploits targeted to specific routers and firewalls.
The exploits are not run-of-the-mill tools to target everyday individuals. The weapon is said to include the code that the United States government uses to bypass firewalls, routers and other means of defense used by hostile intelligence organizations as well as foreign governments, armies, strategic facilities and research institutions.
“This is risky”, said New York University computer security professor Justin Cappos. Researchers say numerous files were copied in 2013, implying the thieves have had the data at their disposal for at least three years.
“Why did they do it?”
Snowden suggested the alleged Russian move was “more diplomacy than intelligence, related to the escalation around the DNC hack”. The answer to that question remains unknown, but it’s clear that some of the NSA’s most closely guarded files have been compromised.
NSA is in deep shit if we are to believe what Shadow Brokers says.
Cybersecurity researchers around the world have been intensely and rapidly studying the leaked information. “We break out the Nerf guns and have epic Nerf gun fights”, one of the former hackers said.
The National Security Agency did not respond to a request for comment.
Advertisement
But he said, “If these allegations were true, I’d be very concerned about the impact on the intelligence community”.
