The hacking group ‘the Shadow Brokers’ dump stolen cyberweapons… allegedly from the NSA

Thursday, January 26, 2017 by

The Shadow Brokers are a self-styled satirical hacking group, also known for their encrypted messages, with broken English that hints at the group not being comprised of US citizens. In August, The Shadow Brokers made headlines when they released hacking tools for routers and firewall products, claiming that the tools were acquired from a top cyberespionage team, the Equation Group, who some suspect are working for the NSA. The Shadow Brokers claimed that they had penetrated the NSA, or another similar organization, in which they obtained cyberweapons they believed were valued at a half billion dollars.

The Shadow Brokers released a cache of NSA hacking tools, and promised that they had even more to sell. The group tried crowdfunding and auctioning off the cyberweapons, but were unsuccessful in their attempts. They now appear to be offering a bunch of Trojans, exploits, and implants directly to their potential clients. The group appears to be shutting down operations, but not prior to releasing a slew of tools which are designed to spy on systems using the Windows platform. (RELATED: Find more cyberweapons coverage at Cyberattack.news)

61 files were included in the recent dump, many of which had never been seen before by security firms. After being unsuccessful in sales attempts, the group dumped them online individually, along with other Windows and Unix hacking tools for bitcoin. The group did however gain some credibility with their release, showing several valuable exploits that were previously unheard of. Founder of security provider Rendition InfoSec, Jake Williams, is examining the tools to determine their actual capabilities. Williams initial review indicates that the tools are designed for evading detection.

One of the tools featured in the dump was built to edit Windows event logs. Hackers could potentially use that tool to selectively delete alerts and notifications in those logs, which would prevent victims from being able to identify the breach. When you remove events from the Windows log, even the toughest of security organizations might not be able to detect the change.

The Shadow Brokers released a statement regarding the dump, citing that Kaspersky Lab’s antivirus product is already flagging the Windows hacking tools as harmful. The tools were originally offered at auction for 1 million bitcoins, but the auction only generated a bid of 10 bitcoins after several months. In what is supposedly The Shadow Brokers final encrypted message as a hacking group, they released a statement saying “Despite theories, it always being about bitcoins for TheShadowBrokers.”

Back in August, the US government brought charges against Hal Martin, who was the prime suspect behind The Shadow Brokers leaks. Martin, an NSA contractor, allegedly stole classified information from the agency. The Shadow Brokers have continued to post encrypted messages since Martins arrest, hinting that Martin might have been working in conjunction with The Shadow Brokers, but the two are not necessarily one in the same. (RELATED: See more national security articles at NationalSecurity.news)

Williams suggests that The Shadow Brokers are likely to be spies working for the Russian government. Williams interprets the latest dump as a message to the US. The US has been quick to blame Russia for hacks aimed at influencing the US election, prompting President Obama to respond with sanctions ordered against Russia. Incoming President Donald Trump believes Obama is wrong about Russia, just like reports indicating a Russian dossier alleging damning information about Trump, which was also incorrect.

It’s still unclear how The Shadow Group managed to obtain the cyberweapons, but it’s clear that nobody wants them. The Shadow Group have dropped the price of the weapons continuously and significantly. Former NSA staffers suspect that the leak could have originated from a rogue agency insider, one staffer claimed that the material was only available internally.

Sources:

PcWorld.com

NakedSecurity.Sophos.com

Motherboard.Vice.Com



Comments

comments powered by Disqus

×
Follow us on Facebook
Close This Box