The files contain what appears to be part of a sophisticated cyber arsenal.
Advertisement
But the Shadow Brokers leak suggests that the NSA was breaking the rules, according to Columbia University researcher Jason Healey.
He also implied that the hack is not so much about making money and more a warning to the U.S. to back down on blaming Russian Federation for the recent leaks of sensitive information from the Democratic National Committee.
To say the USA is the most powerful nation in the world is a given fact and non-debatable. “This is what it looks like”.
A hacking collective known as the Shadow Brokers are auctioning stolen surveillance tools used by a United States government sponsored information security group.
Reuters reported that some cyber security experts downloaded samples of the surveillance tools and found that they included software that have already been dealt with and defended by existing firewall software.
“Without a doubt, they are the keys to the kingdom”, said one former TAO employee who spoke on condition of anonymity.
Kaspersky has released analysis that led it to believe “with a high degree of confidence that the tools from the Shadow Brokers leak are related to the malware from the Equation group”.
One of the vulnerabilities – Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability – was a newly-discovered buffer overflow defect that was referred to in the Equation Group leak as EXTRABACON. The anonymous hackers who obtained them claim they were stolen from the Equation Group, a top cyberespionage team that may be linked to the NSA and may have helped develop the Stuxnet worm. “Auction files better than Stuxnet”, said the group, referring to the sophisticated digital weapon, believed to be funded by the U.S. and Israel, that sabotaged Iran’s nuclear programme.
In a manifesto published on Pastebin and Github, the hackers asked “government sponsors of cyber warfare” to say how much will they be willing to pay for their enemies’ cyber weapons.
The documents released by The Intercept reveal that SECONDDATE has been used to spy on systems in Pakistan and in Lebanon, where it gained access to data belonging to Hezbollah.
The exposed source code dates from the middle of 2013, when the NSA closed many of its servers and transferred data to new ones after the revelations made by Edward Snowden.
It’s likely that whoever is behind the theft, accessed and removed the data from NSA servers before the agency tightened security, Aitel said. “This is probably some Russian mind game, down to the bogus accent” of some of the messages sent to media organizations by the Shadow Brokers group, delivered in broken English that seemed right out of a bad spy movie.
Advertisement
It is worth remembering that, in July, Russia announced that about 20 Russian government organisations had been targeted by spyware, though it stopped short of attributing the infiltration to any specific state or actor.
