Share

NSA hacking tools have been hacked and revealed online

The ex-CIA 33-year-old shed some more light on the nature of the attack, besides offering his perspectives and theories regarding the reason for the breach.

Advertisement

A successful hack of the NSA – if that’s what happened – would mark a major defeat for one of the crown jewels of the US government’s defense establishment.

Whether code published online by a mysterious group called “Shadow Hackers” is genuine has been the source of much debate in recent days.

On 13 August, the anonymous hacking group claimed to have infiltrated the Equation Group’s computer systems, saying they have stolen some of its advanced cyberweapons and are auctioning them off.

The leaked tools also appear to be powerful, according to a running analysis maintained by Richmond, Virginia-headquartered Risk Based Security.

Cisco and Fortinet have issued patches for zero-day exploits affecting their products contained in a dump of intrusion and surveillance tools allegedly used by an NSA-affiliated hacking group.

Security researchers who have seen the stolen data believe it’s authentic, including Kaspersky researchers and Nicholas Weaver. The bug is in the SNMP implementation in Cisco’s appliances and the company said that it does not yet have a patch ready to fix it.

The company said in a blog post that the other vulnerability was fixed in 2011.

But it’s not clear that the NSA at large was hacked.

“They are very reliable”.

The documents have been leaked as part of a surreal online auction by a group calling itself “Shadow Brokers”.

The Shadow Brokers, however, have painted themselves as hacktivists who oppose “wealthy elites”.

NSA whistleblower Edward Snowden commented on the hack, faulting a lazy staffer for the possible leak. Those hacks were widely seen as attempts by Moscow to influence the United States electoral process. That would be a politically charged development in the context of recent allegations that Russian Federation is trying to tamper with America’s presidential campaign.

“This leak looks like somebody sending a message that an escalation in the attribution game could get messy fast”, Snowden said.

The disclosure of the file means that at least one other party – possibly another country’s spy agency – has had access to the same hacking tools used by the NSA and could deploy them against organizations that are using vulnerable routers and firewalls.

“Given the timeframe (Post-DNC hack), this could possibly be orchestrated by the Russian government so America will be stuck with Donald Trump as a President”, said Matt Suiche in a Medium post.

Advertisement

Should the auction go bust, the Shadow Brokers could still decide to divulge vulnerabilities to the grand public. The cyberweapons are apparently created to target products from several large vendors of networking equipment including Cisco and Juniper. “Attached to the cache was an “auction” note that purported to be selling a second set of tools to the highest bidder: “!

Headquarters of the NSA in Fort Meade Maryland.   Digital Trends