Hackers calling themselves ‘The Shadow Brokers’ have penetrated NSA government spies, making off with important surveillance tools in the process. The unknown hackers have declared that they intend to sell off those cyber exploits in a forthcoming auction, presumably on the dark web.
The surveillance tools have reportedly been stolen from the servers of a hacking collective known as ‘Equation Group‘. That group is thought to be the most elite branch of NSA hackers. Among the software taken is malware, hacking tools (akin to those taken from Hacking Team last year), and private exploits used during NSA surveillance operations.
As unlikely as the hack seems, most cybersecurity experts agree that the cyber attack looks legitimate. Whoever the hackers are, they seem to have taken what they claim.
Although little is actually known about ‘Equation Group,’ a report released last year by Russian cyber security firm Kaspersky said that the surveillance operation was,
‘A threat actor that surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades.’
With that in mind, it would appear that whoever ‘The Shadow Brokers’ are, they have taken one of the most active and powerful surveillance teams on earth by storm. In a surprise offensive that has got tongues wagging throughout the cyber security industry.
The Million Bitcoin Exploit Sell-off
In addition to the preliminary data-dump (that has so far served to corroborate the cunning hackers’ claims), the Shadow Brokers are threatening to sell the contents of the cyber penetration in an online auction. Those cybercriminals claim that they plan to auction-off the stolen hacking tools for a whopping 1 Million Bitcoins (about $568 Million).
According to the hackers (who wrote in imperfect English on a number of blogs – including Tumblr), the hacking tools they plan to sell for that lofty sum will allow the winning bidder to penetrate prominent industry firewalls by firms such as Cisco Systems Inc, Juniper Networks Inc, Fortinet Inc and TopSec.
As of yet, those companies (and the NSA) have failed to pass comment on the hackers’ claims. One would imagine, however, that behind closed doors the NSA are running around like headless chickens at the thought of their elite hacking team’s secrets being sold off online.
Equation Group and the NSA
In its report from 2015, Moscow-based security firm Kaspersky commented that it had found evidence that Equation Group had infected a huge number of personal computers with its private exploits. Earlier this year, Kaspersky released new revelations detailing that the NSA’s surveillance team had discovered a way to hide exploits within the hard drives of top technology firms including Seagate, Western Digital, and Toshiba. According to those reports, that means that the NSA-linked hackers have the capability to spy on huge numbers of computers around the world.
On top of that, Kaspersky claimed it had found evidence of the NSA’s tools within computers from 30 countries. Among those, the most infected places where Iran, Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen, and Algeria. Locations which add credence to the allegations that it was cyber warfare executed at the hands of the NSA.
Within the published data (relating to places found to be infected by Equation Group) stark evidence was found of ‘medium infection rates’ within the UK. Revealing that even US allies were subjected to infections at the hands of the NSA’s spies. Hardly surprising, considering the levels of domestic surveillance that were shown to be occurring by the Snowden revelations.
On a side note, Equation Group has also been linked to the famous Regin and Stuxnet attacks. Attacks which are believed to have been US-led initiatives, and include the Stuxnet attack on Iran’s Natanz nuclear power station back in 2013.
Who are the Shadow Brokers?
‘How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of Stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.’
The comment appears to reveal the hackers’ wish to sell the contents of the cyber attack onto enemies of the US. A rather frank admission that could see whoever carried out the incredibly ostentatious act of hacking placed high on the US’ most wanted list.
After all, consider the infamous hacker Guccifer (Marcel Lazăr Lehel from Romania; not to be confused with Guccifer 2.0), who hacked a number of high profile US targets and found himself extradited to the US to face charges. With that in mind, it seems obvious that whoever has dared to penetrate what is considered to be the number 1 spy agency in the world, will likely be a highly wanted person in the US should the hackers’ real identities ever be uncovered.
So far not much is known about the hackers. What is known, however, is that the Shadow Brokers appear to have been preparing for this release since the beginning of August. At that time, their Reddit, Twitter, Imgur, and Github accounts were all suddenly created. In preparation for their – currently circulating – message, which unlike most data dumps seems to be some kind of advertising campaign for the forthcoming auction of Equation Group’s cyber exploits.
Does Snowden know something!?
Edward Snowden has also gone on the record today with his belief that the hackers may be acting from within Russia. That theory, he claims, is due to the fact that many of the files that have been dumped so far are dated from 2013. Snowden says he finds that (and the timing of the data dump’s proximity to the ongoing DNC debacle) suspicious. What the dates do demonstrate, is that whoever the Shadow Brokers are, they have been sitting on this data for three years.
‘Circumstantial evidence and conventional wisdom indicates Russian responsibility,’ Snowden commented on Twitter. Followed by, ‘this leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server.’
What is a little perplexing, is that no one appears to be able to confirm what Snowden considers this ‘circumstantial evidence’ to be. A point that – despite being asked – he has not come forward to clear up. Leading myself (and other cyber security analysts) to ponder on the meaning of his words.
Is Snowden’s implying some sort of inside information about the Shadow Brokers? And if that is the case; what does Snowden know!?
One thing is for certain. With the timing of the events surrounding the Shadow Brokers and Snowden’s cryptic Tweets from earlier this month, one can’t help wondering if Snowden is somehow involved.
On Friday the 5th of August, Snowden suddenly Tweeted a 64 character code that was then rapidly deleted. Hours before that key code was released, the infamous privacy-hero Tweeted the rather cryptic message ‘It’s Time’. In a message apparently directed at his former NSA colleagues.
With this NSA-related hack suddenly hitting the news – and Snowden’s hints that he may know more than he is letting on – one can’t help pondering if this is what it was time for. For now, however, I admit that those thoughts are wild conjecture.