NSA Hackers The Shadow Brokers Dump More Files

The hacker (or a group of hackers) who call themselves The Shadow Brokers today published more files. From an article on Motherboard: This latest release comes while Hal Martin, an NSA contractor and, according to The Washington Post , the prime suspect in The Shadow Brokers case sits in detention after being arrested for allegedly stealing swaths of classified material. "TheShadowBrokers is having special trick or treat for Amerikanskis tonight," a message from the hackers posted to Medium reads. The message is signed with the same PGP key used to sign several previous posts, including the group's original announcement that came with links to a slew of NSA exploits. As for the files, The Shadow Brokers claim they reveal IP addresses linked to the Equation Group, a hacking unit widely believed to be tied to the NSA. "This is being equation group pitchimpair (redirector) keys, many missions into your network is/was coming from these ip addresses," The Shadow Brokers' post continues.The report adds that the dump contains 300 folders of files -- all corresponding to different domains and IP addresses. Security researcher who goes by the alias Hacker Fantastic the dump contains 306 domains and 352 IP addresses relating to 49 countries in total. "If accurate, victims of the Equation Group may be able to use these files to determine if they were potentially targeted by the NSA-linked unit."

Typing with a Russian accent

[penguinoid]

It's rather meaningless that someone accused of stealing information is in prison when some of the information was released. It does bring a smile to my face that their announcement is written in "Russian accent" English, especially with all the blaming Russia because we don't like the leaked info going around.

Re:Typing with a Russian accent

[butzwonker]

I feel sorry for Harold T. Martin. He seems to be a hard working guy with a lax sense of operational security, not a criminal. Hard to see any connection to the Shadow Broker.

Re:Typing with a Russian accent

[XXongo]

"Lax sense of operational security" you say? That seems to mean, here, that he took home a metric ton of hard drives with classified stuff on them. - if you want to be sympathetic to him, maybe he was just an obsessive compulsive hoarder, but it seems to go a bit beyond merely a "lax sense of security"-

Re:Typing with a Russian accent

[FatdogHaiku]

...It does bring a smile to my face that their announcement is written in "Russian accent" English...

Am not seeing what is to be smiling about!
You perhaps are working with Moose and Squirrel?

Re:Typing with a Russian accent

Maybe he didn't 'intend' to do that?
Maybe he thought it was 'mistake' and 'won't do it again'
or maybe 'he wouldn't do it again'
Maybe he 'didn't understand the markings'
Maybe he thought keeping the stuff 'at home' in his 'personal storage' was okay?
Maybe his security training was provided by the Secretary of State?

Re:Typing with a Russian accent

[Robert+Goatse]

Yeah right, 500 TB of data and stuff stored in his house, car and shed. Sounds like an honest mistake to me. :|

Re:Typing with a Russian accent

[TFlan91]

My wife is eastern european, she constructs her english sentences (sometimes) in the way her native language structures their sentences.

Typing with an accent is a real thing.

Re:Typing with a Russian accent

"That's what she said..."
  -- Hillary Rodham Clinton

Re:Typing with a Russian accent

How convenient they have used the term "Amerikanski". Maybe it is becoming clear who really is behind this group. No, not the ruskies, but probably the ones who like to blame them for everything. False flags abound!

Re:Typing with a Russian accent

[LifesABeach]

It looks like finding a dumb ass in a group of people is about all The Shadow Brokers(TSB) can do? Try publishing IBM's WATSON's source code and interface specs, at maybe WikiLeaks? If TSB can't, I understand about not being even the semi-brightest crayon in the box.

Re:Typing with a Russian accent

Oh Hillary, I just knew you'd come to his rescue! Quick, get out the big clinton foundation guns ...

Re:Typing with a Russian accent

It is possible he is an obsessive compulsive hoarder, which then means he should have been playing pokemon GO! instead of NSA secrets to go.

Re:Typing with a Russian accent

Whom would you sell the watson source code to, and how can you use it personally? You cant. It is almost completely useless, without poaching the developers who made it.

On the other other hand, humiliating the self-proclaimed top dawg leet fed haxxors with the largest budget on the planet is quite an achievement, no?

Re:Typing with a Russian accent

[another_twilight]

I see the '50TB' number thrown about a lot, but the original FBI 'Criminal Complaint' says;

7. Among the classified documents located thus far, six of them appear to have been obtained from sensitive intelligence

and goes on to talk about the markings on the documents that identify them as belonging to the government. The next part that seems interesting

10. During execution of the warrants, investigators located property of the United States with an aggregate value in well excess of $1000, which MARTIN had stolen.

And then talks a bit about the $1000+ worth of stolen goods.

I'm genuinely curious. Is $1000 a magic number that makes this a certain class of crime? I've seen it suggested that the 50TB represents the total capacity of the storage he had taken, not the volume of the data. Are you aware of any further information about what has actually been taken?

Just from the Complaint, it could just as well be someone who has been in the job long enough that they have been careless about what work they take home, and who has been 'salvaging' old kit from work. Or he really could have 50TB of classified data and just been profoundly arrogant about being caught - but I'd like some more evidence of it before I make up my mind.

(quotes from http://www.documentcloud.org/d...; linked from the wikipedia entry. Caveat, I haven't spent much time digging)

Re:Typing with a Russian accent

[arglebargle_xiv]

Typing with an accent is a real thing.

Typing with accent is real thing. FTFY.

Re:Typing with a Russian accent

[TFlan91]

Ha!

NSA

[Big+Hairy+Ian]

They are probably both working for rival NSA Teams the same as the clowns that were trying to sell the NSA's Exploit Toolkit

The fake Russian accent is so bad

it's like it comes straight out of a bad Hollywood movie. These people are not Russian, they're just doing a terribly bad job at pretending to be. My guess, it's some U.S. intelligence agency doing these releases, and anyone who picks these tools up will in some carefully calculated way be worse off than you were before installing them.

Re:The fake Russian accent is so bad

I agree. The question is: "are they US intelligence agents who are angry at the establishment, or is it the establishment who is trying to blame the russians for this incident too?". Maybe the term "Amerikanski" is a message the angry agents are sending at Hillary and her friends.

Re:The fake Russian accent is so bad

[Opportunist]

Using that accent is actually pretty smart. Yes, it's fake, but it's supposed to be fake. That's the whole point.

A person's writing gives his origin away. If he is a non-native speaker, the way he words certain phrases and certain mistakes, grammatical or orthographic, he makes give an analyst an idea what his native language would be. Even if he is a native speaker, certain idioms and expressions can lend a hint to his origin, at the very least you'd be able to find out whether he's English, Aussie or American, and it's even likely that you can pinpoint him more exactly.

You pretty much eliminate this threat by putting on a fake accent. Then it becomes a bit like reading old Soviet Pravda for the analyst: Which of the thousands of lies is actually true?

Re:The fake Russian accent is so bad

[imatter]

Yep given the accent, they are trying to pin it on FPS Russia.

Re:The fake Russian accent is so bad

[russotto]

Pretty sure it's intentionally bad. Almost certainly American; I don't think anyone else (well, maybe a Canadian who saw too much Moose and Squirrel) would do a "bad Russian accent" that way.

Networks aren't secure

[110010001000]

No network is secure. The very concept of security is antithetical to what networks are about: sharing information. Any attempts to add security to networks is ultimately useless. Of course people will get mad to me for saying this, but this is proven over and over again: once information is on a network - it is shared. Due to the way networks are constructed there is no way to reliably exclude the sharing of the information, because there is no way to reliably validate connected endpoints. An endpoint can be a computer, a router or some guy plugging in a thumbdrive. Intelligence agencies need to stop using computer networks for sensitive information. The bigger the network, the more insecure it is. And the agencies have large networks.

Re:Networks aren't secure

No network is secure. The very concept of security is antithetical to what networks are about: sharing information. Any attempts to add security to networks is ultimately useless.

I cannot express, in mere words, how tired of hearing shit like this I am. There are an ass-ton of secure networks in the world. Not perfectly secure, but secure enough where attackers move to easier targets. They are literally everywhere. You don't hear about them, because they are not compromised.

Of course people will get mad to me for saying this, but this is proven over and over again: once information is on a network - it is shared. Due to the way networks are constructed there is no way to reliably exclude the sharing of the information, because there is no way to reliably validate connected endpoints.

I can harden networks to the point that exploitation relies on a damn good measure of luck and is reasonably certain to be detected. I've been doing it for about 25 years. On a Windows network (mild flame, but honestly I've been able to secure those since about NT 4), a linux network (since the RSBAC/SELinux/GRSec convention where they added the kernel security hooks and GCC added non-patched support for PIE/ASLR/NX stack) - it is really basic network and endpoint hardening - distribution of acls through the environment, heterogeneous network (rely on one flavor of anything and your butt will hurt), host patch management, intrusion detection, and an application whitelisting strategy that isn't on the wrong side of retarded (never go full retard). There are tools to help with all of these tasks in larger enterprises. Most (large enterprises) don't use the tools they own. This doesn't mean security is impossible, users can't do their jobs, or information can't be restricted to legitimate users - and uses. All of that is possible, in a way that minimizes user impact. Most people are too dumb to view the enterprise holistically, so miss the easy, obvious wins and cop out with "security is impossible."

DISCLOSURE: I honestly have no serious experience with apple or *BSD nets; from limited experience, I'm reasonably certain I could harden *BSD to the point of linux (reliable exploitation horribly unreliable and easily detected). I suspect a homogenous Apple network + any vendor's network gear is exceptionally difficult to secure, but that is more from the vendor's attitude than anything, other than anecdotal evidence.

SANS (no burn, but also no plug) has made tons of cash trying to point this out, in super obvious ways.

An endpoint can be a computer, a router or some guy plugging in a thumbdrive. Intelligence agencies need to stop using computer networks for sensitive information. The bigger the network, the more insecure it is. And the agencies have large networks.

Does the computer have a documented need to communicate with other computers in the environment? Does it have a need to talk out on that port? Did the proxy allow that traffic and authenticate the user, before the connection was allowed? What process initiated the connection through the proxy, and is it authorized to initiate network traffic?

Why did the firewall allow an in or outbound connection to the router? Why didn't the passive monitoring device (IDS) on the ISP facing external interface alert defenders on the monitor net when the router was talking out?

Does the user have a documented use for a thumb drive? Why is USB storage enabled, if not? Is that thumb drive on the list of authorized enterprise thumb drives? Are they accounted for before and after work and after-hours? What documentation supports write permission to the USB device? Why is unauthorized media allowed on his workstation? What non-him-administrator authorized the data transfer?

See how that works? With the tools they own, they can secure their networks. Their will to do so is weak; organizational lack of inertia (bureaucracy) is hell to overcome (source: previou

Re:Networks aren't secure

[Maritz]

No network is secure.

Doubtless you think that is some kind of stunning insight. It's really just the Nirvana fallacy. Just because security can't be perfect doesn't mean it's pointless. You can't make it impossible, but you can always try your best to make it really fucking hard.

Is NSA taking any responsibility for this debacle?

Of course not. Federal bureaucrats never take responsibility for anything. Someone(s) in NSA needs to hang for this. And soon.

Has anyone seen any of these IP addresses in logs?

Maybe we could take a break from trolling around Shadow Brokers English usage - Has anyone seen any traffic from these IP addresses in system/firewall logs, etc.?

Bunch of clowns

[dcollins117]

This is the National Security Agency we're talking about. The narrative we're supposed to believe is that these are the best and brightest security professionals on the planet. All evidence suggests otherwise, with terabytes of classified information being carted out their own doors.

You'd think they would focus more on their own operational security and less on violating the civil liberties of normal, law-abiding American citizens, and yet they don't. What does that tell you.

Re:Bunch of clowns

> What does that tell you.

I dunno. Why not just state your premise outright rather than pull a Trump and let the audience fill in the blank with whatever they think you mean? It's hard to have an actual discussion when one participant isn't willing to commit to any actual positions.

Re:Bunch of clowns

[AmiMoJo]

They can't be the best, because the following groups of people won't work for them:

- People with a conscience
- People who care about the Constitution
- People who want to be really well paid
- People who can't get security clearance (previous crimes etc.)
- People who don't want security clearance (due to background checks etc.)

In fact I imagine they have suffering from a bit of a brain-drain since the Snowden revelations. You see a lot of ex-NSA people on LinkedIn, often leaking the codenames of the top secret projects they were working on via the CVs.

Re:Bunch of clowns

You'd think they would focus more on their own operational security and less on violating the civil liberties of normal, law-abiding American citizens, and yet they don't. What does that tell you.

That their mission is to stop BIG BAD THING from happening, or at least appearing to. How they go about it hasn't been a problem until lately. The obvious solution is to become more secretive and change their operational security to prevent any disclosure, not to stop doing what they are doing, since if the info doesn't get out, no problem!

Re:Bunch of clowns

This is the National Security Agency we're talking about. The narrative we're supposed to believe is that these are the best and brightest security professionals on the planet. All evidence suggests otherwise, with terabytes of classified information being carted out their own doors.

As Snowden would say, the NSA isn't made of magic. They fuck up just like anyone else. It seems the biggest fuckup of the NSA, and likely ANY large organization is protecting themselves from internal threats. DOD has/had the same problem with Manning. NSA had previous problems with Snowden. They haven't gotten much better.

If you think private industry is any better, I'll laugh. I've worked for private industry that tried to protect its secrets, and it's laughable. In 2 minutes I thought of 3 different ways of getting around the "security" they had in place.

It's just incredibly difficult to give people access to information, and not have them take it outside the building. If you think it's so easy, how would you do it? Body cavity searches at every exit? Clever people always find a way around the system.

Re:Bunch of clowns

You could start by always having TWO guys doing sensitive stuff such as adding or removing mass storage devices. Yes, that means all USB ports must be removed.

And airport-style checking on exiting the building would also help.

Costs money, but saves a lot on the long run.

Re:Bunch of clowns

operational security - hard

violating the civil liberties - easy

Any reasonable person responsible for a budget is going to put the money where it can have the most effect, change can be measured and return on investment can be quantified. Again not easy to do that with operational security.

Re:Bunch of clowns

If you think it's so easy, how would you do it?

First, TEMPEST. Read it. Pretty fucking hard to exfiltrate data out of a box, that is embedded in 20 kg of metal. Led works great. And it covers all the ports. Second, proper supervision. You go work on The System today? An armed guard and a senior sysadmin go with you, and look over your shoulder while you do it. Camera on the ceiling records whole ordeal, and it gets packaged with whatever sequence of actions you did on the console and you make a graph out of it later, store it in a database and a dedicated team of people off-site analyzes it. Make unauthorized data access/modifications/et cetera to The System be punished legally with 20 years of KZ. House The System in a bunker full of soldiers, 50 meters underground, in the middle of wilderness.

Unauthorized modification of data stored in The System would be practically impossible without a whole lot of insiders, and really not worth it.
Oh, whats that? Its inconvenient and expensive? Then i think you should suffer.

Re:Bunch of clowns

[russotto]

All the security in the world won't completely protect you against privileged insiders.

Support Trump !

Folks, YOU can make a difference by going to the mainstream discussion boards and drum up support for Trump. Here is why:

A) He has publicly blasted the Wahabists. Those who sponsor ISIS and Clinton. Those who did 9/11 and Boston Pressure Cookers.

B) He has promised to care about Americans, not American corporations. Clinton wants more H1B and more unemployed Americans.

C) Trump will make a deal with Russia, so that Ankara's and Riad's terror operatives can be quickly dispatched to their 72 virgin piglets in hell.

Go to

Economist.com

NyTimes.com

guardian.co.uk

Washington Post

FAZ.net

Re:Support Trump !

Folks, YOU can make a difference by going to the mainstream discussion boards and drum up support for Trump.

Why in the hell would we want to drum up support for Trump? Doesn't he already have too much with all the bible thumping, hypocritical assholes in the media who spread fake news and try to accuse Hillary of everything they did?

Your link might as well be a link to goatse around here.

Re:Support Trump !

[Maritz]

A) He has publicly blasted the Wahabists.

lol. Let's pretend that that is a word that trump understands/can say, shall we?

He appeals to fear, which is why you like him. You're a coward.

Amerikanskis?

Russians dont say "Amerikanskis"
They say "americos(õ)" - sadly, slashdot does not let to write in russian alphabet...

Bullshit

Just because you Americans and Israelis have infected the informatics world with shit-tech like C and Unix means nothing at all.

Niklaus Wirth, Pascal and Ada, the Algol mainframes have much better security.

We can have secure computers, they are just not American in all likelihood.

Lots of BS

First of all, it's 50TB of stuff they are claiming, not 500TB. Next, did they read all 50TB to decide it was all classified? Or did they just find some classified stuff on disks that in total contained 50TB of stuff? Probably that is 1TB of classified stuff, and 49TB of porn.

If it really is 50TB of classified stuff, my guess would be that it is data that he was going to use either to work on his thesis, or to improve his work stuff, which apparently is how to hack others. For example, it might be 50TB of code snarfed by NSA hacking from around the world, that he wants to figure out how to insert trapdoors or the like. He might well have snarfed it himself from home, but if he used NSA tools to do that, the data would be classified because it would reveal what the NSA can snarf if it so chooses.

The idea that this is 50TB of NSA "documents" is a 10 story pile of ordure. Some idiot journalists even tell us how many "books" this would equal.

Anyone Have A Link to the dump?

Anyone have a link to the actual dump? Looks like this is another clickbait slashdot fuckfest without a link to the source in the story. You know, actual code that geeks would be interested in seeing the NSA use. Yeah fuck you slashdot.

And no; stealing and reposting every motherboard story to keep your failing site alive is not a good business model, especially with no linked sources. Do something original you fucking parasites.

Re:Anyone Have A Link to the dump?

dump is leaked from the article you inept piece of shit. this lack of initiative is the reason no one will hire you.

Re:Anyone Have A Link to the dump?

https://web.archive.org/web/20160815190830/https://theshadowbrokers.tumblr.com/post/148872852770/equation-group-cyber-weapons-auction-invitation

Make a Real Difference

Folks, YOU can make a real difference by going to the mainstream discussion boards and drum down support for Trumpski. Here is why:

A) He has publicly blasted Wasabi. The same stuff enjoyed by ISIS and Clinton. The stuff some people ate during 9/11 and using Pressure Cookers.

B) He has promised to care about his American corporations, not every American corporation. Clinton wants more H1B and more employed Americans.

C) Trumpski will make a deal with Russia, so that Ankara's and Riad's terror operatives can be quickly rewarded to obtain their 72 virgin while you eat your piglets in hell.

Go to
Economist.com
NyTimes.com
guardian.co.uk
Washington Post
LA Times
FAZ.net

Re:Make a Real Difference

Folks, YOU can make a real difference by going to the mainstream discussion boards and drum down support for Trumpski.

This is how desperate the Trump campaign is, to hire idiots like you to come on slashdot and try to inject clickbait for sites for people to add noise to the system? At best this would only affect polling and not actual election results. It does not help that you begin by stating your intent to shift the election in Trumps favor which is off topic here. Go back to the Fox news website and post there where idiots like you are actually interested in what you have to say.

n-i-g-g-e-r-h-e-a-d Lameness filter encounter

you are a n-i-g-g-e-r-h-e-a-d who should immediately commit suicide, whilst you dwell in your mother's basement

Lameness filter encounter
Lameness filter encounter
Lameness filter encounter
Lameness filter encounter
Lameness filter encounter

Re:Make A Difference !

[Maritz]

B) He has promised to

Hahahahaha