Group Claims to Hack NSA-tied Hackers, Posts Exploits as Proof

Extraordinary claim gets attention of security experts everywhere.

By Dan Goodin | 15 August 2016

ARS TECHNICA — In what security experts say is either a one-of-a-kind breach or an elaborate hoax, an anonymous group has published what it claims are sophisticated software tools belonging to an elite team of hackers tied to the US National Security Agency.

In a recently published blog post, the group calling itself Shadow Brokers claims the leaked set of exploits were obtained after members hacked Equation Group (the post has since been removed from Tumblr, but a cached version here was still available as this post was going live). Last year, Kaspersky Lab researchers described Equation Group as one of the world’s most advanced hacking groups, with ties to both the Stuxnet and Flame espionage malware platforms. The compressed data accompanying the Shadow Broker post is slightly bigger than 256 megabytes and purports to contain a series of hacking tools dating back to 2010. While it wasn’t immediately possible for outsiders to prove the posted data—mostly batch scripts and poorly coded python scripts—belonged to Equation Group, there was little doubt the data has origins with some advanced hacking group.

Not fully fake

“These files are not fully fake for sure,” Bencsáth Boldizsár, a researcher with Hungary-based CrySyS who is widely credited with discovering Flame, told Ars in an e-mail. “Most likely they are part of the NSA toolset, judging just by the volume and peeps into the samples. At first glance it is sound that these are important attack related files, and yes, the first guess would be Equation Group.”

The Shadow Broker post came the same day that Guccifer 2.0, the online persona behind high-profile hacks of the Democratic National Committee and the Democratic Congressional Campaign Committee, posted a new batch of private material purportedly taken during the breach of the latter Democratic group. Monday’s Guccifer post came on the heels of Friday’s separate document dump that leaked a massive amount of personal data belonging to every Democratic member of the US House of Representatives.

Taken together, the three posts, and several earlier Guccifer 2.0 dispatches, represent a major broadside against US interests, although it’s impossible to directly connect the people behind the two online personas. Shadow Brokers’ post also differed in that it was offering to auction off the stolen data in exchange for a payment reaching one million Bitcoins (current value is more than $500 million). (The 256 MB of data included in Monday’s post was offered as a small sample of what Shadow Brokers had acquired.) Many researchers doubt the group has any hope of selling the data. As international tensions over hacking remain high, those experts speculate the true aim of Shadow Brokers is to discredit and embarrass the US government and its intelligence apparatus. []

Be the first to comment

Post a Comment

Winter Watch

Discover more from Winter Watch

Subscribe now to keep reading and get access to the full archive.

Continue reading