The files made public revealed tools to get past firewalls and embed in network equipment or software made by Fortinet, Cisco Systems and Juniper Networks in the United States, as well as TopSec, China’s largest information security vendor.
Advertisement
“We’re going to need the government’s help to do defense, not just offense”, he said. “We find many many Equation Group cyber weapons“, Shadow Broker said in a statement accompanying the release.
“Without a doubt, they’re the keys to the kingdom”, said the former NSA worker. As for the odd auction itself, it looks like nobody is really interested in paying for the hacked documents at this point. They can be extremely valuable to both hackers and governments, especially when it comes to cyberespionage.
A file containing the tools first appeared online a few days ago.
The recent issue was considered to be a modern spying. The NSA from time to time outsources the development of offensive cyberweapons to private contractors, according to cybersecurity experts. Given example was when China launching a missile to U.S., they will go to Peru and fire from there.
“I’d say it’s 50/50 that there was no hack, that it was a Snowden-style leak, or what we would call a spy”, Aitel said. The file disclosure shows why it’s important to tell software-makers when flaws are detected, rather than keeping them secret, one of the former agency employees said, because now the information is public, available for anyone to employ to hack widely used Internet infrastructure. That could have major diplomatic fallout if, for instance, the tools were linked to spying on US allies, Snowden argued.
The companies did not respond to request for comment, nor did the NSA.
NSA whistleblower Edward Snowden has said “circumstantial evidence and conventional wisdom” indicates that Russian Federation is behind a major hack on the National Security Agency.
Still, the fear is that the stolen hacking tools are real and that more zero-day vulnerabilities may be in the hands of malicious actors. The rogue programs appear to date back to 2013 and have whimsical names like EXTRABACON or POLARSNEEZE.
An anonymous group of hackers known as “The Shadow Brokers” recently posted online the “cyber weapons” NSA hackers reportedly used to hack into other governments’ servers. An exploit included among the samples relies on a zero-day vulnerability in a Cisco firewall that could be more than three years old.
“The Intercept’s line of reasoning is that the data published onto the web by the Shadow Brokers matches up with never-before-seen classified documents from the Snowden archive”.
Advertisement
The main suspect is Russian Federation, and it’s not clear if the hackers broke into the secure NSA computer network or, perhaps more likely, a TAO employee left the tool kit on an unsecured intermediary server being used in a hacking operation.
