Someone hacked the US National Security Agency, considered the world’s most advanced electronic espionage and surveillance group. An anonymous group of hackers calling itself the Shadow Brokers said that it breached the networks of the world’s most advanced spying agency, the NSA. On Monday, the hacker group claimed that it extracted software used by the NSA to hack computers and networks belonging to governments and corporations, including Cisco Systems and Fortinet Inc. The Shadow Brokers released a bit of the captured data (some 300 MB) on the web to prove their claim. Security experts analysed the files and agreed that the software is authentic. Curiously, the hackers put the rest of the software on an online auction, aiming to collect 1 billion USD (63.9 billion Roubles. 6.62 billion Renminbi. 67.14 billion INR. 1.286 billion CAD. 1.312 billion AUD. 883 million Euros. 765 million UK Pounds) in bitcoins. They claim that the package has software “weapons better than Stuxnet”, a malicious worm that caused significant damage to computer networks serving the Iranian nuclear programme. When the online auction raises one million bitcoins (some 568 million USD (36.3 billion Roubles. 3.76 billion Renminbi. 38.14 billion INR. 730 million CAD. 745 million AUD. 502 million Euros. 435 million UK Pounds)), the group says that it’d release another chunk of software to the public free of charge. The group claims that it successfully hacked the NSA’s Equation Group division. Moscow-based software security group Kaspersky Lab first announced the Equation Group’s existence in 2015. Kaspersky called the Equation Group the most sophisticated cyber-attack group in the world, and “the most advanced… we have seen”. Whistleblower Edward Snowden provided documents that allowed the Intercept to confirm that the Equation Group has connections with the NSA.
The malware package is part of the NSA’s involvement in violating vulnerabilities in computer systems, which first became public in 2014, when President Barack Obama signed an order that government agencies must disclose discovered vulnerabilities to developers. However, according to Wired, this order had a major loophole, in that one can keep secret and exploit vulnerabilities that have “a clear national security or law enforcement” significance. This led to creating a massive arsenal of attack software, now in hands of unknown hackers. NSA-veteran-turned-whistleblower William Binney told Sputnik’s Loud & Clear that the Agency “has a tendency not to fix things”, as once they report a vulnerability, “this window is closed for them and they can’t see through it”. Binney thought that this particular attack was likely an inside job. He stated that the NSA network isn’t physically part of the internet, so someone inside the NSA, “another Snowden-type person”, must have compromised the software and handled it over to the Shadow Brokers. If that isn’t the case, and if the internal network was, in fact, breached from the outside, “the implications are much, much greater in terms of compromising information and data than simply [someone] draining their exploitation software”. Binney also underscored the clear and present danger that, should the offensive software fall into hands of foreign specialists, it could be reverse-engineered, updated, and used for attacks even after they patch the exposed vulnerabilities. Binney believes that Iran is already studying Stuxnet, seeking to reverse engineer and upgrade it, to use it in its own interests.
Edward Snowden suggested that Russia is behind Shadow Brokers, tweeting, “Circumstantial evidence and conventional wisdom indicates Russian responsibility”. James A Lewis, of the Center for Strategic and International Studies, added to his comments, suggesting that the NSA dump is “some Russian mind game”. Snowden observed:
The NSA leak is likely a warning that someone can prove US responsibility for any attacks that originated from this [NSA] malware server. That could have significant foreign policy consequences. Particularly, if any of those operations targeted US allies.
Thus, a simple hack balloons from being a cyber-security issue to, possibly, becoming a full-scale foreign policy crisis.
20 August 2016