The NSA is under daily pressure by hackers – and there are dozens of hackers that claim to have hacked into the network of the NSA, but there are only a few that have actually proofed their hack.
People like Edward Snowden, Chelsea Elizabeth Manning and Julian Assange can be considered as a direct threat to the NSA, but advanced persistent threat groups like the Shadow Broker group are a much bigger concern for the NSA. The advanced persistent threat actors are often after intellectual property and financial gain, and to make it worse, these advanced persistent threat actors can work for criminal agencies or government identities – making it very likely that they will receive all the finances and equipment to perform their attack.
Now the most people are aware of the acts that have been performed by Edward Snowden, Chelsea E. Manning or Julian Assange, but the actions that have been performed by the Shadow Broker group will show you the full damage a successful hack can have when it comes to intellectual property and espionage.
Hack on the NSA
The Equation group is a special unit at the NSA, security companies like Kaspersky state that the Equation Group can be considered as one of the well-armed cyber-attack groups that are currently present. Knowing that the Equation Group is one of the well-armed cyber-attack units makes them very interesting for foreign or criminal groups.
Now there is one group that calls themselves ‘Shadow Broker’ that claims that they have hacked the NSA Equation group unit, they support their claim with pictures of the stolen data.
The data that they have stolen from the NSA, contain instructions on how to use specific cyber weapons and much more. Now if we take a look at what types of attacks have been performed by the Equation group, there will be plenty of reasons to worry about the complete arsenal that has become public for anyone with the right amount of money. The NSA Equation group has been linked to devastating pieces of malware like Stuxnet and Flame.
Shadow broker has stated that they will provide the stolen arsenal to anyone that is prepared to pay the right amount of money.
In their statement, they provide the following information:
How much you pay for enemies cyber weapons? Not malware you find in networks. Bothsides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.
We have final message for "Wealthy Elites". We know what is wealthy but what is Elites? Elites is making laws protect self and friends, lie and fuck other peoples. Elites is breaking laws, regular peoples go to jail, life ruin, family ruin, but not Elites. Elites is breaking laws, many peoples know Elites guilty, Elites call top friends at law enforcement and government agencies, offer bribes, make promise future handjobs, (but no blowjobs). Elites top friends announce, no law broken, no crime commit. Reporters (not call journalist) make living say write only nice things about Elites, convince dumb cattle, is just politics, everything is awesome, check out our ads and our prostitutes. Then Elites runs for president. Why run for president when already control country like dictatorship? What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what "Equation Group" can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker + stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? "Do you feel in charge?" Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?
So how is it verified if the hack is real or not?
Well, there are various security professionals out there that have a very keen eye on APT actors, tools and techniques that are used. Bencsáth Boldizsár, one of the security professionals from CrySys stated towards Arstechniqa that the tools are not fully fake for sure. CrySys is one of the companies that reported on the Flame malware.
These files are not fully fake for sure, most likely they are part of the NSA toolset, judging just by the volume and peeps into the samples. At first glance it is sound that these are important attack related files, and yes, the first guess would be Equation Group.
The exploits that were found in the dataset are said to be old exploits, the exploits would allow the attacker to exploit routers, firewalls and various security solutions like Fortigate.
Samples of the stolen files are dated most recently to 2013 and contain implants, exploits, and other tools for controlling routers and firewalls, including those from Cisco Systems, Juniper, Fortigate, and China-based Topsec – MEDIUM
What this will mean to the world will reveal itself in time