Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Submission Preview

Link to Story

"The Shadow Brokers" Claim to Have Hacked NSA

Accepted submission by takyon at 2016-08-15 17:40:26
Security

A group is claiming that they hacked the NSA [vice.com] and obtained advanced malware and hacking tools (such as Stuxnet):

A mysterious hacker or hackers going by the name "The Shadow Brokers [twitter.com]" claims to have hacked a group linked to the NSA and dumped a bunch of its hacking tools. In a bizarre twist, the hackers are also asking for 1 million bitcoin (around $568 million) in an auction to release more files.

"Attention government sponsors of cyber warfare and those who profit from it!!!!" the hackers wrote in a manifesto [archive.is] posted on Pastebin, on GitHub [github.com], and on a dedicated Tumblr [tumblr.com]. "How much you pay for enemies cyber weapons? [...] We find cyber weapons made by creators of stuxnet, duqu, flame."

The hackers referred to their victims as the Equation Group [arstechnica.com], a codename for a government hacking group widely believed to be the NSA.

Also at Computerworld [computerworld.com]:

The whole episode screams elaborate SCAM [twitter.com], but maybe it is legit as Twitter chatter by some security experts seem to lean toward believing it. On the flipside, it doesn't appear as if many trust it enough yet to have coughed up bitcoins [blockchain.info]. Other hackers are suggesting the auction is made up of really old vulnerabilities; this is partially based on the "free" files being offered by Shadow Broker as proof of hacking the Equation Group. Or it could be a mix, old and new, to keep everyone off-balance. Another oddity, pointed out in a Pwn All The Things tweet [twitter.com], is that the "free sample" file size is actually larger than the auction file size.

Yet security pro Matt Suiche [twitter.com] dived into the free files offered by Shadow Broker, then took to Medium to say [medium.com], "Most of the code appears to be batch scripts and poorly coded Python scripts. Nonetheless, this appears to be legitimate code." Suiche said the main targets in the dump he reviewed "appeared to be Fortigate, TopSec, Cisco and Juniper firewalls." He described some of the codenamed-exploits such as Eligible Bachelor, Extra Bacon and Banana Glee. The latter, he pointed out, is "particularly interesting because it allows references to the JETPLOW explanation from the 2014 NSA's Tailored Access Operations (TAO) catalog."


Original Submission