“NSA malware staging servers getting hacked by a rival is not new”, he said on Twitter. However, a server used by the Equation Group, a highly sophisticated cyber-security company that’s believed to support the NSA’s Tailored Access Operations (TAO) hacking group, was hit. “The stuff you are talking about would undermine the security of a lot of major government and corporate networks both here and overseas”.
Advertisement
In their release, the hackers oxposed two exploits, dubbed EPICBANANA and EXTRABACON.
Fortinet similarly warned its customers that the cookie parser buffer overflow flaw identified in the Shadow Brokers files was legitimate and affected older versions of its FortiGate firewalls. Seeing how the data thrown on the market by the Shadow Brokers comprises dates ranging from 2010 to 2013, Cisco firewalls may have been vulnerable for years. The data contained vulnerabilities affecting major firewall products and ignited speculation that the NSA had been hacked.
Either way, the NSA loss is a massive one, which in the near-term puts these tools in the hands of people who might attack U.S. government networks, and which in the long run will mean this huge cache of exploits will be patched by network security companies, making NSA surveillance a lot tougher.
And now that the tools are public, as long as the flaws remain unpatched, other hackers can take advantage of them, too.
In a blogpost, Mr Aitel listed the reasons he said made it “almost certain” that the malware leak was related to the hacks perpetrated on the US Democratic party that resulted in the resignation of some of the party’s senior leadership figures.
The malevolent organization touts that it has unreleased exploits, and it even organized a Bitcoin auction to sell these to the highest bidder.
Working off of hints they found in the code, which was released by a group calling itself the “Shadow Broker,” researchers guessed it was authentic-but new documentation straight from the source appears to confirm the code’s provenance.
Advertisement
Mr Snowden tweeted: “Circumstantial evidence and conventional wisdom indicate Russian responsibility”. It looks like “somebody sending a message” that retaliating against Russian Federation for its hacks of the political organisations “could get messy fast”, he said.
