Who watches the watchers? Apparently, now it’s…well, everybody with a computer. A massive hack against the NSA has revealed a treasure trove of previously-private exploits and other data, and it doesn’t make our “security agency” look very secure at all…
|If the future won't let us have space-war, we'll have cyberspace-war.|
(Image courtesy techworm.com.)
According to TechCrunch.com, the hack was perpetuated by a group called the Shadow Brokers, who lifted a stash of NSA-created malware from an internal hacking team called The Equation Group. Two chunks of data have been published, one that is open to the public for perusal and one that contains “the best files”, which will likely be auctioned off at the starting price of $1 million.
An additional image collection of a file tree containing NSA exploits was released, as well as a page calling out “cyber warriors” and “WealthyElites.” The full extent of the free file contains staging programs that the NSA could ostensibly use to inject malware into servers for the purposes of espionage. These hacking tools include “RATS” – remote access Trojans – and exploits that target web and file servers. Such programs could be used to remotely access a machine, copy or monitor its information, and then be deleted (theoretically) without a trace.
They couldn't name it "Punk Rock Tracks - The Exploited" or anything less overt?
(Image courtesy techcrunch.com.)
The files are mostly written in Python or shell script, with a few compiled binaries. The Shadow Brokers have released the following statement regarding the acquisition:
￼"￼How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files."
The stunted English grammar may imply Russian origin for the group, or may be ruse to throw others off the trail. Regardless, the second file will be sold to the highest bidder via bitcoin, and the files are promised to be “better than stuxnet” (the computer worm that derailed Iran’s nuclear program several years ago.)
|How nice...they even included user instructions.|
(Image courtesy techcrunch.com.)
Wikileaks claims that they are already in possession of the “best” files, and will publish them “in due course.” In the meantime, whistleblowing winner Edward Snowden calls the entire affair “not unprecedented.” Snowden went on to elucidate, “This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server."
While this is not (yet) thought to be a tremendously devastating hack, it does not look favorably on the much-maligned NSA. This sort of sloppy spywork is not the sort of thing that inspires confidence in those who repeatedly exhorted that they were keeping us secure by ransacking our privacy. Loose ‘chips sink ships.
|We don't know all of what we don't know,|
but we learn more about it every day.
(Image courtesy sdxcentral.com.)