Hackers claim to have infiltrated an elite hacking unit known as the Equation Group, which is widely speculated to be an offshoot of the National Security Agency. The hacking group provided proof of the hack and say they have made off with the NSA’s ‘Cyber Weapons’ and surveillance tools.
This is bad news for all of us.
/READ MORE // Divers Caught Trying To Destroy Internet
The hacker group, known as the Shadow Brokers, have provided images that seem to correlate with their claimed hack, and say they will auction off the rest of the hacked information to the highest bidder.
The information/programs/keys/tools in questions belong(ed) to the Equation Group, an equally shadowy but sophisticated hacking group believed to be operated by the NSA. In 2015, Kaspersky Labs, a security company blew the whistle on Equation Group as a cyber-espionage team, and in a detailed blogpost about this most recent hack, noted a “strong connection” between file names provided in the proof of the hack by the Shadow Brokers and NSA secret files that were leaked by NSA contractor Edward Snowden. Kaspersky also noted that an encryption algorithm found inside the 300 files that the Shadow Brokers provided as proof were only seen previously in Equation Group malware.
“The chances of all these being faked or engineered is highly unlikely,” – Kaspersky Labs
The Hack was announced in broken English in a series of posts on Tumblr, Twitter, Pastebin, and Github, along with claims that the group now had possession of ‘state-spondered cyber weapons’
!!! Attention government sponsors of cyber warfare and those who profit from it !!!!
How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files
The hackers are asking for 1 million in bitcoins, which is around $580 million USD, as ransom to release the best files.
The files and images released as proof of the hack include filenames that correspond to those in documents leaked by NSA whistleblower Edward Snowden, such as “BANANAGLEE”, “JETPLOW” and “EPICBANANA”. There are also a series of hacking tools used to penetrate routers and firewalls – tools known to be used by the NSA.
“These files are not fully fake for sure…Most likely they are part of the NSA toolset, judging just by the volume and peeps into the samples. At first glance it is sound that these are important attack-related files, and yes, the first guess would be Equation Group.”
– Bencsáth Boldizsár, Security Researcher
This #EquationGroup free dump seems mostly binary builds, installation scripts, and general configuration for a C&C. Seems credible.
— Nex ~ Claudio (@botherder) August 15, 2016
Other researchers have pointed about that this might not be an NSA leak directly. The information could come from a compromised system outside the NSA network, hosting NSA files and malware. They point out the if the Shadow Brokers did actually have access to the NSA network, they would be insane to have blown their cover by posting the leak.
— Stefan Rothenbuehler (@creative83) August 16, 2016
It’s also not clear who the Shadow Brokers are, but some security researchers are pointing out that, given the recent Democratic National Committee hack, which was publicly attributed to Russian intelligence by Hillary Clinton, this attack could be retaliation.
“Given the timeframe (Post-DNC hack), this could possibly be orchestrated by the Russian government so America will be stuck with Donald Trump as a President,”
– Matt Suiche, Hacker
In a series of tweets, Edward Snowden himself illustrated his theory about what happened. He suggested the Hack was indeed of Russian origin and was designed to expose evidence of the NSA’s Cyber Warfare.
“Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack…“This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server. That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies…This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast,”
– Edward Snowden
While this sounds bad for the NSA, it could be very bad for everyone else. The tools in question are used specifically to hack into routers, firewalls, and other places the NSA wants to get into. It was long been suggested that those tools in the wrong hands, even in the NSA’s, could be disastrous. Now they appear to be on the auction block. If those tools get out in the wild, digital security and privacy may be a thing of the past.