Computer source code purportedly stolen from the National Security Agency’s hacking division and published online this week appears to be authentic, former members of the US intelligence community said Tuesday.
Advertisement
Fortinet was also forced to admit to customers that some of its products are similarly vulnerable.
“We have issued a formal security advisory to increase its visibility with our customers so they can ensure they are running software versions that defend against the exploit Shadow Broker has shared”, Cisco security Omar Santos wrote.
To say the United States is the most powerful nation in the world is a given fact and non-debatable.
Technical experts have spent the past day or so picking apart a suite of tools purported to have been stolen from the Equation Group, a powerful squad of hackers which some have tied to the NSA. As for the how, multiple theories have been proposed, but one of the most popular suggests an NSA hacker using the tools failed to clean up after an operation, allowing someone to grab the tools without a major hack. They also pride themselves on offering for sale a unique code, “better than Stuxnet”.
A similar analysis by Kaspersky Lab led analysts to conclude “with a high degree of confidence that the tools from the Shadow Brokers leak are related to the malware from the Equation Group”.
Brian Martin, a director of vulnerability intelligence at Risk Based Security, said he was surprised the hackers offered up these exploits as free samples. But the stolen hacking tools might be old, the company noted. For instance, the exploits found within the samples rely on having direct access to the firewall’s interface, which is normally restricted from outside Internet users, Martin said.
Via Twitter, Snowden commented on the apparent hack, saying the most notably thing wasn’t that NSA servers were breached, but that the hack has now been publicized.
“From what I saw, there was no doubt in my mind that it was legitimate”, a second former NSA TAO employee told The Post. For example, some of the zero day exploits that have supposedly leaked from the Equation Group to the Shadow Brokers have to do with Cisco products.
Advertisement
What this implies is of the utmost severity, for this practice is not unique to the NSA and the recent security breach means “The Shadow Brokers” have probably been sitting on US servers undetected for years. The group distributed two encrypted bundles this week, one with the decryption key as the “proof” files and the other missing that key. Their madcap, Borat-like manifesto rails against the “Wealthy Elite” and the group’s name appears to be a nod to the “Mass Effect” series of video games, where an elusive Shadow Broker traffics in sensitive information. That’s nowhere near the asking price of 1 million bitcoin that the hackers are looking for (that’s $576 million).
