The Shadow Brokers calls these utilities “weapons” and were taken from an NSA linked group that cyber security firm Kaspersky refers to as the “Equation Group”. This suggests that the Equation Group is truly being operated by the NSA.
Advertisement
The name Equation Group was first used by the computer security firm Kaspersky past year to label a sophisticated hacking operation it described in a report it published.
Mustafa Al-Bassam, a computer-science student at King’s College London, put together a comprehensive listing of what’s in the Shadow Brokers archive, and the tools have amusing names like “Egregious Blunder”, “Wobbly Llama”, and “Extra Bacon”. High level U.S. political officials seemed quite upset about the DNC hacks, which no doubt resulted in a covert response, which this is then likely a counter-response to. Since an addition is faster on certain hardware than a subtraction, it makes sense to store the constant in its negative form and adding it instead of subtracting.
The tools were posted by a group calling itself the Shadow Brokers using file-sharing sites such as BitTorrent and DropBox. The hacker group is demanding bitcoins which cost millions of dollars to release the rest.
The files made public revealed tools to get past firewalls and embed in network equipment or software made by Fortinet, Cisco Systems and Juniper Networks in the United States, as well as TopSec, China’s largest information security vendor. He stated that it’s common practice for intel agencies to hack each other’s malware delivery infrastructure. As for the how, multiple theories have been proposed, but one of the most popular suggests an NSA hacker using the tools failed to clean up after an operation, allowing someone to grab the tools without a major hack.
Via Twitter, Snowden commented on the apparent hack, saying the most notably thing wasn’t that NSA servers were breached, but that the hack has now been publicized. “Auction files better than Stuxnet”, they said. The compressed data accompanying the Shadow Broker post is slightly bigger than 256 megabytes and purports to contain a series of hacking tools dating back to 2010.
According to NSA documents obtained by Edward Snowden and reviewed by The Intercept, several elements in the released code line up with details in the agency’s own manuals and materials. “This leak is likely a warning that someone can prove U.S. responsibility for any attacks that originated from this malware server”, Weaver wrote.
In a series of tweets, Snowden expanded on a theory that Russian Federation was behind the hack and subsequent leak, positioning it as a bold diplomatic gambit designed partly at deflecting sanctions over Russia’s alleged involvement in a recent hack against the US Democratic Party. Particularly if any of those operations targeted US allies.
Advertisement
In other words, he tweeted, it looks like “somebody sending a message” that retaliating against Russian Federation for its hacks of the political organizations “could get messy fast”.
