Shadowbrokers Steal NSA Hacking Tools

Uploaded on 2016-08-30 in TECHNOLOGY--Hackers, INTELLIGENCE--USA, INTELLIGENCE--International, FREE TO VIEW

Firewalk is one of 50+ expolits in the NSA Ant Catalog of hacking expoits reportedyly stolen 

Recently, a group with the moniker ShadowBrokers posted two encrypted dossiers on online file-sharing sites. One contained about 300 megabytes of tools and techniques to infiltrate computer systems’ firewalls, with the files dating to late 2013, according to Kaspersky Lab, a software security firm. The contents are open for the taking. The second trove, though, remains locked with the password up for auction.

In a post, Kaspersky said that several hundred tools from the leak "share a strong connection" with what it calls the Equation Group, a hacking entity it’s been tracking that other analysts have said is the NSA. The NSA isn’t talking.

Cybersecurity analysts are still poring over the material, which raised questions about whether the leak poses a threat to national security or was just a warning from US adversaries. Meanwhile, on the day of the leak, much of the NSA’s public website was down.

For now, here’s what people are asking:

Who’s behind it?

The “suspect list” of actors who could likely get this kind of data as well as publicise it points to Russia and China, according to Nicholas Weaver, a senior researcher at the International Computer Science Institute at University of California at Berkeley. Both nations have repeatedly denied hacking accusations.

But it is also possible that an NSA worker left behind a toolkit in a server the agency hacked into - and did a sloppy job covering his or her tracks, according to Jason Healey, a senior cyber research scholar at Columbia University’s School of International and Public Affairs. Or, more nefariously, an insider could have used removable media, such as a USB drive, to take the content from the NSA and disclose it.

Lance James, chief scientist at cybersecurity firm Flashpoint, said an Internet protocol address found in one of the leaked files pointed to a Defense Department-owned "non-routable IP address space," which he said suggests the material came from a testing server rather than an operational one.

"That to me is a red flag," James said via e-mail. "This could indicate this was not stolen from outside the network but within and could have been taken from a source code repository where this software resided before it was launched."

Is it a big deal?

The short answer: probably. The leak contains scripts and means to "attack, disable, alter and bypass firewalls from vendors" such as Cisco Systems Inc., Fortinet Inc. and Juniper Networks Inc., according to Justin Harvey, chief security officer at Fidelis Cybersecurity.

Because time-stamps on the files date to 2013, some of the software weaknesses could have since been fixed. In a statement Wednesday, Cisco said it investigated the information from the breach and found exploits of two Cisco product vulnerabilities, one of which is a newly discovered defect. The company says it’s patching those gaps.

Yet the leak does provide new ideas and concepts that hackers could build on.

"You’re releasing these very advanced tools in the wild," said Bob Stasio, a fellow at the Truman National Security Project and former chief of operations at the NSA’s Cyber Operations Center, who likened it to a new weapons arsenal at hackers’ fingertips. "What this does is actually severely increases the risk to the US private sector, especially for financial institutions" that are less prepared than the government to respond to such threats, he said in an interview.

Why did they do it?

"The message is: ‘Hey, NSA we hacked you and we want the world to know," Weaver said. "We can damage you further because we have all this other information and you don’t even know what it is."

In a series of recent tweets, Snowden echoed that idea, saying, "This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server." Snowden also backed the idea that Russia, where he resides in exile, could be behind the hack.

What’s next?

The NSA will likely be doing a “thorough examination” to see if there are any remnants of the code revealed in the leak in their current operations, and if so, they’ll stop using it, Paulo Shakarian, chief executive officer of IntelliSpyre Inc. and director of the Cyber-Socio Intelligent Systems Laboratory at Arizona State University in Tempe.

Cyber analysts will also watch for any malware from the auctioned files and if those tools end up on sale on the dark web. They’ll also monitor whether the group releases additional material from the NSA.

“They said there is more stuff coming," Shakarian said.

Information-Management:

 

« UK Police Hire Law Firms To Tackle Cyber Criminals
Uber’s First Self-Driving Cars »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Steptoe & Johnson

Steptoe & Johnson

Steptoe is an international law firm with offices in the USA, Europe and China. Practice areas include Cybersecurity, Privacy & National Security.

BeOne Development

BeOne Development

BeOne Development provide innovative training and learning solutions for information security and compliance.

Evidence Talks Ltd

Evidence Talks Ltd

A leading forensic computing authority developing unique digital forensic technologies. Tools that detect potential terrorists & criminals & used by the military, enforcement & intelligence commmunity

SenseOn

SenseOn

SenseOn’s multiple threat-detection senses work together to detect malicious activity across an organisation’s entire digital estate, covering the gaps that single point solutions create.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

VIPRE Security Group

VIPRE Security Group

VIPRE Security Group is an award-winning global cybersecurity, privacy and data protection company.

Computer Network Defence (CND)

Computer Network Defence (CND)

Computer Network Defence (CND) are a Broad-Spectrum Cyber Security Consultancy and Recruitment Agency.

Calypso AI

Calypso AI

Calypso AI build software products that solve complex AI risks for national security and highly-regulated industries.

ARCON

ARCON

ARCON offers a proprietary unified governance framework, which addresses risk across various technology platforms.

Berkeley Varitronic Systems (BVS)

Berkeley Varitronic Systems (BVS)

Berkeley Varitronics Systems is an engineering think tank delivering custom wireless RF engineering products and solutions including cyber security.

Binary Defense

Binary Defense

Binary Defense protect businesses of all sizes through advanced cybersecurity solutions including Managed Detection and Response, Security Information and Event Management and Counterintelligence.

NodeSource

NodeSource

NodeSource helps organizations run production-ready Node.js applications with greater visibility into resource usage and enhanced awareness around application performance and security.

Otorio

Otorio

OTORIO delivers industrial cybersecurity and digital risk-management solutions and services. We help our customers to keep their revenue-generating operations resilient, efficient, and safe.

CYMAR

CYMAR

CYMAR The “CYBER” Smart Solution to offer sustainability and bring resilience to Global SMART Terminals and protect the supply chain of the World’s economy.

Certera

Certera

Certera is a modern and affordable SSL Certificate, Code Signing Certificate, and Cyber Security Services provider.

Aura Information Security

Aura Information Security

Aura Information Security consists of a team of highly-skilled and renowned information security professionals spanning Australia and New Zealand.