The NSA has been hacked
Saturday morning the news broke that a mysterious group of hackers calling themselves "The Shadow Brokers" claimed it hacked an NSA-linked group and released some NSA hacking tools with a promise to sell more private "cyber weapons" to the highest bidder.
The group dumped a bunch of private hacking tools from "Equation Group" – an elite cyber attack unit linked to the NSA – on GitHub and Tumblr.
The Shadow Brokers hacking group has published the leaked data in two parts; one includes many hacking tools designed to inject malware into various servers and another encrypted file containing the "best files" that they made available for sale for 1 Million Bitcoins.
The first archive contains close to 300MBs of firewall exploits, tools, and scripts under cryptonyms like BANANAUSURPER, BLATSTING, and BUZZDIRECTION. Most files are at least three years old, with change entries pointing to August 2013 the newest timestamp dating to October 2013.
However, GitHub deleted the files from its page, not due to any government pressure, but because the hackers were demanding cash to release more data and the company's policy don't allow the auction or sale of stolen property on its source code management platform.
According to a technical report published Tuesday by security firm Kaspersky Lab, the leaked advanced hacking tools contains digital signatures that are identical to those in hacking software and malware previously used by the Equation Group.
Over 300 computer files found in the Shadow Brokers archive have a common implementation of RC5 and RC6 encryption algorithms – which has been used extensively by the Equation Group.
Also, the implementation of encryption algorithms is identical to the RC5 and RC6 code in the Equation Group malware.
"There are more than 300 files in the Shadow Brokers' archive which implement this specific variation of RC6 in 24 other forms," the researcher wrote. "The chances of all these being fakes or engineered is highly unlikely."
Here's the comparison of the older Equation RC6 code and the code from the new leak, which shows that they have identical functionally and share rare specific traits in their implementation:
This code similarity makes us believe with a high degree of confidence that the tools from the ShadowBrokers leak are related to the malware from the Equation group. While the ShadowBrokers claimed the data was related to the Equation group, they did not provide any technical evidence of these claims. The highly specific crypto implementation above confirms these allegations.
Some ex-NSA insiders say the leaked hacking tools are legitimate and linked to the NSA.
One former NSA employee who worked in its special hacking division, Tailored Access Operations (TAO), told the Washington Post that "without a doubt, they're the keys to the kingdom."
Moreover, another former TAO employee who also saw the leaked file said, "From what I saw, there was no doubt in my mind that it was legitimate."
So, after Kaspersky Labs analysis and former-TAO employees statements, it is clear that the leaked NSA hacking tools are legitimate.
source: Washington, Kaspersky Lab
The group dumped a bunch of private hacking tools from "Equation Group" – an elite cyber attack unit linked to the NSA – on GitHub and Tumblr.
The Shadow Brokers hacking group has published the leaked data in two parts; one includes many hacking tools designed to inject malware into various servers and another encrypted file containing the "best files" that they made available for sale for 1 Million Bitcoins.
The first archive contains close to 300MBs of firewall exploits, tools, and scripts under cryptonyms like BANANAUSURPER, BLATSTING, and BUZZDIRECTION. Most files are at least three years old, with change entries pointing to August 2013 the newest timestamp dating to October 2013.
However, GitHub deleted the files from its page, not due to any government pressure, but because the hackers were demanding cash to release more data and the company's policy don't allow the auction or sale of stolen property on its source code management platform.
According to a technical report published Tuesday by security firm Kaspersky Lab, the leaked advanced hacking tools contains digital signatures that are identical to those in hacking software and malware previously used by the Equation Group.
Over 300 computer files found in the Shadow Brokers archive have a common implementation of RC5 and RC6 encryption algorithms – which has been used extensively by the Equation Group.
Also, the implementation of encryption algorithms is identical to the RC5 and RC6 code in the Equation Group malware.
"There are more than 300 files in the Shadow Brokers' archive which implement this specific variation of RC6 in 24 other forms," the researcher wrote. "The chances of all these being fakes or engineered is highly unlikely."
Here's the comparison of the older Equation RC6 code and the code from the new leak, which shows that they have identical functionally and share rare specific traits in their implementation:
This code similarity makes us believe with a high degree of confidence that the tools from the ShadowBrokers leak are related to the malware from the Equation group. While the ShadowBrokers claimed the data was related to the Equation group, they did not provide any technical evidence of these claims. The highly specific crypto implementation above confirms these allegations.
Some ex-NSA insiders say the leaked hacking tools are legitimate and linked to the NSA.
One former NSA employee who worked in its special hacking division, Tailored Access Operations (TAO), told the Washington Post that "without a doubt, they're the keys to the kingdom."
"The stuff you are talking about would undermine the security of a lot of major government and corporate networks both here and abroad," said the former TAO employee, who asked Post to remain anonymous.
Moreover, another former TAO employee who also saw the leaked file said, "From what I saw, there was no doubt in my mind that it was legitimate."
So, after Kaspersky Labs analysis and former-TAO employees statements, it is clear that the leaked NSA hacking tools are legitimate.
source: Washington, Kaspersky Lab
No comments
Post a Comment