Ticked at President Trump, Shadow Brokers dump password for NSA hacking tools

Ticked at President Trump, the Shadow Brokers hacking group released the password for the NSA hacking tools which they previously tried to sell.

In an open letter to President Donald Trump, the group asked, “Respectfully, what the f**k are you doing?” In broken English, they accused the president of “abandoning ‘your base’, ‘the movement’, and the peoples who getting you elected.”

After a “quick review” of the tools unlocked with the password, Edward Snowden noted that “it’s nowhere near the full library, but there’s still so much here that NSA should be able to instantly identify where this set came from and how they lost it. If they can’t, it’s a scandal.”

Snowden later pointed out that researchers had determined the Shadow Broker’s file contained “a list of allies’ civil infrastructure unlawfully hacked by the NSA.” On that leaked list of NSA targets, Snowden said, “Universities are distressingly over-represented.”

Researcher “gray” – aka @666glen666 – said the Shadow Broker’s files included “source files for PITCHIMPAIR, the program NSA used to exploit university servers” as well as “SIDETRACK, the implant used in PITCHIMPAIR.” More NSA targets and the list of implants used against them can be found here.

Most of the exploits are old, but there are still interesting tidbits to be learned such as was pointed out by security researcher Tavis Ormandy; the NSA had been exploiting a weakness in Linux for years before it was finally patched. There is speculation that the Shadow Brokers may still be holding onto some of the newer exploits.

Besides universities, the NSA compromised numerous organizations to use as staging points to launch attacks and deploy malware. A researcher going by x0rz has tweeted some interesting findings from the NSA hacking tools unlocked with the released password. You can also find good dirt x0rz posted on GitHub, including how the Equation Group was especially interested in GSM core networks.

The Shadow Brokers had claimed they stole the hacking tools from the NSA-linked Equation Group. When the hacking group first hit the scene in 2016, they leaked some files for free so security researchers could confirm what the group had. More cyber weapon files were encrypted with a password which the group said it would hand over for one million bitcoins. But the auction didn’t go like the group hoped, so the Shadow Brokers released hacking tools which could be used against Windows in January as they called it quits.

Not Russian-linked hackers, but former intelligence agency insiders

The timing of the group’s retirement, right before Trump’s inauguration, fed the fires of speculation that the Shadow Brokers had Russian links. This was something the group addressed in its latest letter. “For peoples still being confused about TheShadowBrokers and Russia,” they wrote. “If theshadowbrokers being Russian don’t you think we’d be in all those U.S. government reports on Russian hacking? TheShadowBrokers isn’t not fans of Russia or Putin but ‘The enemy of my enemy is my friend’.”

Other experts did not believe the group had Russian ties at all, but consisted of a single person. A former NSA employee told Motherboard, “My colleagues and I are fairly certain that this was no hack, or group for that matter. This ‘Shadow Brokers’ character is one guy, an insider employee.” Additionally, NSA whistleblower William Binney and James Bamford, author of books on the NSA, both believe an insider, not Russia, snagged the cyber arsenal from the NSA.

If the Shadow Brokers are to be believed, members of the group were once insiders. The post on Medium stated, “Did you know most of theshadowbrokers’ members have taken the oath ‘…to protect and defend the constitution of the United States against all enemies foreign and domestic…’. Yes sir! Most of us used to be TheDeepState everyone is talking about. But we realized TheDeepState is being the enemy of the constitution, individualism, life, liberty, and the pursuit of happiness.”

As for releasing the password to the files purportedly tied to NSA tools, the group doesn’t believe this makes them traitors. Instead, they said, “We view this as keeping our oath to protect and defend against enemies foreign and domestic.”

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Uncategorized

Leave a Reply