{"id":46277,"date":"2016-08-16T06:25:33","date_gmt":"2016-08-16T10:25:33","guid":{"rendered":"https:\/\/stateofthenation2012.com\/?p=46277"},"modified":"2016-08-16T06:29:00","modified_gmt":"2016-08-16T10:29:00","slug":"46277","status":"publish","type":"post","link":"https:\/\/stateofthenation2012.com\/?p=46277","title":{"rendered":"NSA malware being peddled by ‘shadow brokers’?"},"content":{"rendered":"

\u2018Shadow Brokers\u2019 Claim to be Selling NSA Malware, in What Could Be Historic Hack<\/strong><\/h1>\n
\n

Programs posted online allow espionage on network devices.<\/h3>\n<\/section>\n

<\/p>\n

By Elias Groll
\n<\/a>Foreign Policy<\/span><\/p>\n

\"gettyimages-57585409crop\"<\/a><\/p>\n

 <\/p>\n

\n

A mysterious online group calling itself \u201cThe Shadow Brokers\u201d is\u00a0claiming<\/a> to have penetrated the National Security Agency, stolen some of its malware, and is auctioning off the files to the highest bidder.<\/p>\n

The authenticity of the files cannot be confirmed but appear to be legitimate, according to security researchers who have studied their content. Their release comes on the heels of a series of disclosures<\/a> of emails and documents belonging mostly to Democratic officials, but also to Republicans<\/a>. Security researchers believe those breaches\u00a0were perpetrated by agents thought\u00a0to be acting on behalf of Moscow.<\/p>\n

The NSA did not answer Foreign Policy<\/span>\u2019s questions about the alleged breach on Monday. But if someone has managed to penetrate the American signals intelligence agency and post its code online for the world to see \u2014 and purchase \u2014 it would constitute a historic black eye for the agency.<\/p>\n

\u201cIt\u2019s at minimum very interesting; at maximum, hugely damaging,\u201d said Dave Aitel, a former NSA research scientist and now the CEO of the security firm Immunity. \u201cIt\u2019ll blow some operations if those haven\u2019t already been blown.\u201d<\/p>\n

The files posted over the weekend include two sets of files. The hackers have made one set available for free. The other remains encrypted and is the subject of an online auction, payable in bitcoin, the cryptocurrency. That set includes, according to the so-called Shadow Brokers, \u201cthe best files.\u201d If they receive at least 1 million bitcoin \u2014 the equivalent of at least $550 million \u2014 they will post more documents and make them available for free.<\/p>\n

The set of files available for free contains a series of tools for penetrating network gear made by Cisco, Juniper, and other major firms. Targeting such gear, which includes things like routers and firewalls, is a known tactic<\/a> of Western intelligence agencies like the NSA, and was documented in the Edward Snowden files. Some code words referenced in the material Monday \u2014 BANANAGLEE<\/a> and JETPLOW<\/a> \u2014 match those that have appeared in documents leaked by Snowden. Security researchers analyzing the code posted Monday say<\/a> it is functional and includes computer codes for carrying out espionage.<\/p>\n

The Equation Group is a collection of hackers whose activities were first documented<\/a> by Kaspersky Lab, a Russian cybersecurity firm, last year. Kaspersky connected the activities of the Equation Group, which it called \u201ca threat actor that surpasses anything known in terms of complexity and sophistication of techniques,\u201d to operations carried out by U.S. intelligence. While Kaspersky did not outright attribute the Equation Group to\u00a0the NSA, security researchers say in private that they believe it is a project of the American signals intelligence unit.<\/p>\n

If the leak is a genuine sample of NSA code \u2014 which, so far, researchers say is the case \u2014 then this month\u2019s season of information warfare has taken yet another bizarre turn. In the span of several weeks, Russian hackers have posted hacked emails and other documents on a mysterious site known as DCLeaks.com. Those same hackers have infiltrated the Democratic National Committee, and then likely fed documents exfiltrated from its servers to WikiLeaks. Those documents ignited a major political firestorm within the DNC on the eve of the party\u2019s presidential nominating convention, led to the resignation of party chief Debbie Wasserman Schultz, and prompted the Clinton campaign to argue that Moscow was intervening in the election in favor of Moscow-friendly Republican nominee Donald Trump.<\/p>\n

To muddy the waters, a persona calling itself Guccifer 2.0 \u2014 and which intelligence agencies and security researchers say is a Russian invention \u2014 has surfaced to take credit for the attack on the DNC and other political institutions. On Monday, he posted<\/a> his latest set of pilfered documents: internal assessments of Florida congressional races obtained from the Democratic Congressional Campaign Committee.<\/p>\n

In a Twitter message to Foreign Policy<\/span>, Guccifer 2.0 called the Shadow Broker dump \u201cbullshit\u201d but wouldn\u2019t elaborate on what he meant. \u201cThe hacking world operates differently,\u201d he said.<\/p>\n

So is Russia also responsible for this alleged penetration of the NSA? Aitel believes that it is, and that we are witnessing a small part of the shadow war playing out between Washington and Moscow.<\/p>\n

On the heels of the DNC breach, a chorus of American politicians has called for the United States to respond, and Aitel believes that the posting of NSA may be an escalating conflict in cyberspace between the two powers.<\/p>\n

In a note along with the files, the Shadow Brokers come across as merry pranksters with a distinctly populist set of political ideas. \u201cWe follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.\u201d<\/p>\n

The group delivered a message to what it called \u201cwealthy elites\u201d and assailed the integrity of elections. \u201cElites is making laws protect self and friends, lie and fuck other peoples,\u201d they wrote in idiosyncratic English. \u201cThen Elites runs for president. Why run for president when already control country like dictatorship?\u201d<\/p>\n

\u201cWe want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites,\u201d the group added. \u201cYour wealth and control depends on electronic data.\u201d<\/p>\n

A penetration of an NSA tool of this kind, which Aitel said is similar to what an NSA agent would see when carrying out cyber operations, would probably require the tools of hackers working on behalf of nation-state because the agency is typically careful in hiding its tools and using computer defenses.<\/p>\n

The goal of the operation remains something of a mystery. The files appear to be from late 2013 \u2014 after the Snowden revelations \u2014 in which case whoever burned this NSA operation has been sitting on explosive government files for some three years. Why post these documents now? And to what end?<\/p>\n

Those questions are probably being debated in the White House, where a spokesman declined to answer questions on what may go down in history as a landmark day in the history of cyberwarfare.<\/p>\n

___
\nhttp:\/\/foreignpolicy.com\/2016\/08\/15\/shadow-brokers-claim-to-be-selling-nsa-malware-in-what-could-be-historic-hack\/<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

\u2018Shadow Brokers\u2019 Claim to be Selling NSA Malware, in What Could Be Historic Hack Programs posted online allow espionage on network devices.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-46277","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=\/wp\/v2\/posts\/46277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=46277"}],"version-history":[{"count":0,"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=\/wp\/v2\/posts\/46277\/revisions"}],"wp:attachment":[{"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=46277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=46277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/stateofthenation2012.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=46277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}