CategoriesHackingSecurity

Are The Shadow Brokers Like Snowden? Theory Suggests Insider Hack

By now, most of our readers have heard of the Shadow Brokers, the hacker group who obtained a large trove of data from the National Security Agency (NSA) and leaked information about the NSA’s cyber tools. The cyber tools were apparently stolen from the Equation Group, a cyber attack operation who experts believe are part of the NSA.

(Watch a quick overview about the NSA hack – “NSA Reportedly Hacked By Group Called The Shadow Brokers”):

Initially, evidence suggested that the Shadow Brokers were Russian, but a new theory is emerging that whoever is leaking this data might be “a second Edward Snowden… albeit one with different motives” (Fortune). James Bamfield, a journalist who is well known for his publications about United States intelligence agencies, believes that Russia would not want to publish these hacks if they obtained them, because companies would quickly patch their vulnerabilities and the information would soon be worthless to anyone trying to sell the data. He also brings up that the bad English used by the hackers seems to be phony. Furthermore, he suggests that the hacker(s) could be linked to the NSA’s Tailored Access Operations (TAO) which is a unit of the surveillance agency that gathers intelligence related to cyber-warfare. He states:

“Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents.

So, if Snowden could not have stolen the hacking tools, there are indications that after he departed in May 2013, someone else did, possibly someone assigned to the agency’s highly sensitive Tailored Access Operations” (Reuters).

As of now, the “second Snowden” theory is just that – a theory. Most experts still say Russia is behind the hacks. Nevertheless, as Bamford puts it in his commentary – the “NSA may prove to be one of Washington’s greatest liabilities rather than assets.”

CategoriesHackingNews

Did Another Hacker Steal NSA Exploits from the Shadow Brokers?

A Twitter user who goes by @1×0123 claims to have stolen the data that The Shadow Brokers hacked from the NSA.

nsa hacker

Gizmodo reached out to the hacker and were unable to verify their claims. However, back in April, NSA whistleblower Edward Snowden, gave them praise for reporting a vulnerability which may lend some credibility.

The hacker says they just need “some money to pay bills and stuff” and offered to share 50% of it with Gizmodo if they wanted to make an offer.

CategoriesBitcoinHackingNews

A Seized Silk Road Wallet is Moving Bitcoin to the NSA Hackers

Last week, a group called the “Shadow Brokers” claimed to have hacked the NSA – stealing their code, exploits and spy tools. They leaked bits of information on GitHub and claimed the information was stolen from the Equation Group, a group who most believe is a computer surveillance wing of the NSA. The Shadow Brokers says they will auction off the data to the highest bidder. Leaks from Edward Snowden have demonstrated that this hack is legit. (The Register) Security experts believe that the hacker group is Russian.

Now it appears that there are some Bitcoin moving from a seized Silk Road wallet to the Shadow Broker’s auction. This leads some experts to believe that “the US government is potentially bidding to prevent stolen NSA exploits and tools from ending up in the wrong hands”. It could also mean that the government might be making an attempt to trace where the Bitcoins are going. Additionally, it must be noted that the co-founder of a major Bitcoin investigation company says that payments are also going in the other direction. This could simply indicate that spam is being sent in very small payments to famous addresses. (ZDNet)

So far, the Shadow Brokers have collected around $1000 in Bitcoin payments – a far cry from the 1 million Bitcoins they have demanded (which would be worth just over a half a billion $USD at the time of this writing). The U.S. government seized several thousand Bitcoin when shutting down Silk Road, so this may be their source of funds when dealing with the Shadow Broker hackers.

Learn more about the Shadow Brokers hack of the NSA here:

CategoriesHackingTechnology

NSA Hoards Zero Days; Doesn’t Disclose Them all to Vendors

The NSA does not always disclose the zero day vulnerabilities it finds to unprotected vendors. Some security flaws are kept secret “when they can be used to serve a clear national security or law enforcement need” (Wired).

The US National Security Agency (NSA) was hacked by a suspected Russian hacker group and many of their exploits and hacking tools were archived. Leaked information was made public that showed the NSA collects exploits and does not always disclose them to vulnerable vendors. When vulnerabilities are not disclosed, problems do not get fixed. The NSA appears to operate “on the premise that secrets will never get out. That no one will ever discover the same bug. That no one will ever use the same bug. That there will never be a leak” (Business Insider).

Unfortunately, as we are currently witnessing with this recent leak, other types of hackers are able to find the same bugs and those hackers could have more malicious intent than the NSA. When hackers obtain a trove of U.S. secrets, that could put the government and corporations worldwide in a susceptible position. For example, the leaked data includes information on breaching popular commercial firewalls. Emergency service providers, governments, financial systems and many businesses all rely on these firewall technologies.

Global networking company, Cisco Systems, confirmed last week that the NSA exploited an undetected severe vulnerability that allows remote attackers “who have already gained a foothold in a targeted network to gain full control over a firewall” (Ars Technica). The NSA knew about this vulnerability since 2013 and did nothing to stop it. Now that the data is leaked, Cisco fears that the information “could be used to breach its Adaptive Security Appliance (ASA) software used in its firewalls. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system”. It can be argued that these exploits would have been patched had the NSA disclosed the vulnerabilities instead of collecting them for their own use.

(Watch – Snowden discusses NSA hack, Cisco to cut 5,500 jobs, NASA preps an asteroid rocket):