Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Group Leaks 'NSA's Top Secret Arsenal of Digital Weapons' (vice.com)

Posted by msmash on from the what's-happening dept.

Hacker group 'The Shadow Brokers', which last year allegedly released top-secret tools that the National Security Agency had used to break into the networks of foreign governments and other espionage targets, today said it is disappointed with President Donald Trump, and released more such alleged tools. From a report on Motherboard: On Saturday, The Shadow Brokers, a hacker or group of hackers that has previously dumped NSA hacking tools, released more alleged exploits. The group published a password for an encrypted cache of files they distributed last year. "Be considering this our form of protest," the group wrote in a rambling, politically loaded rant published on Medium. Back in August, The Shadow Brokers released a number of exploits stolen from the NSA. Many of these affected hardware firewalls, from companies such as Cisco and Juniper. At the time, the group also dumped another cache allegedly containing more hacking tools, and said they would release the corresponding password to the winner of a bitcoin auction. That fund-raising effort was ultimately unsuccessful, and The Shadow Brokers claimed they were calling the whole thing off in January. But now, anyone can unlock the auction data dump. (Motherboard confirmed that the password did indeed decrypt the original auction file). In a series of tweets, Edward Snowden said, "NSA just lost control of its Top Secret arsenal of digital weapons; hackers leaked it. 1) https://github.com/x0rz/EQGRP 2) For those who have never heard of the hacker group behind today's leak of NSA's cyberweapons, last year's story."

He adds, "quick review of the ShadowBrokers leak of Top Secret NSA tools reveals it's nowhere near the full library, but there's still so much here that NSA should be able to instantly identify where this set came from and how they lost it. If they can't, it's a scandal."

23 of 69 comments (clear)

  1. Not as big as you think by Anonymous Coward · · Score: 1

    "Security researchers are still going through the files, but many of the exploits appear to be used for attacking older or little-used system."

    -- TechCrunch

    1. Re:Not as big as you think by ravenshrike · · Score: 1

      So basically the Shadow Brokers probably got the hacking equivalent of tools stuffed into a storage closet and forgotten about?

    2. Re:Not as big as you think by TechyImmigrant · · Score: 1

      "Security researchers are still going through the files, but many of the exploits appear to be used for attacking older or little-used system."

      -- TechCrunch

      Like Solaris and "Linux 2.4"

      It makes sense that you would keep a library of tools for hacking older systems and software. There's so much more there to hack.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    3. Re:Not as big as you think by BostonPilot · · Score: 1

      If you were trying to change the behavior of the government, it wouldn't make sense to release all the most up to date exploits - as soon as you've done it, you've lost all your leverage. At that point it would be "and if you don't do what I want, I'll continue to release the old exploits that you probably don't care about"... not much of a threat.

      By releasing older exploits the message is, "see - I can release your tools to the wild... do what I want or I'll start releasing the exploits you really do care about"

  2. Re:This is what the NSA has? These are their tools by mnemotronic · · Score: 1

    Maybe they should make an offer to Taylor Huddleston.

    --
    The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
  3. Why is nobody leaking... by bazmail · · Score: 1

    ...Russian government hacking code? Are they more loyal workers? Better at preventing leaks? Just strikes me as very odd that all leaks are American.

    1. Re:Why is nobody leaking... by Anonymous Coward · · Score: 1

      The hacking tools from CIA and NSA have Russian code. They are leaking, just not to the public.

    2. Re:Why is nobody leaking... by AHuxley · · Score: 3, Insightful

      Russia does not have any need for "code". They have generations of well placed spies and people who want to help globally.
      They don't have to trust consumer grade networks and junk encryption on standard digital devices. The Soviet Union understood codes fail, like in the 1950's.
      So the Soviet Union and Russia got smart and moved to more secure methods and went for the human side of spying.
      The NSA, CIA and GCHQ just kept on putting more funding into computers and digital collection methods, always just expecting the world to always be more digital.
      Everyone has a home computer, every one has a smart phone, every hotel has a smart TV, every company keeps their secrets near the internet. The US and UK also have a culture of contractors and people from the outside helping/giving "orders" to gov/mil staff.
      Wage difference, lack of dignity, lack of advancement, no esprit de corp in the West over generations adds to issues only found in the West.
      The GCHQ finally fully understood why information leaks, staff walk out and had the methods to keep staff happy in the West by the 1970's.
      But the US private sector would have be shut out of gov and mil contracts. So the GCHQ ideas about a better gov workplace got replaced by every more lobbying for more US contractors and private sector support.
      In Russia its your rank, your profession, your uniform, your medals, your advancement, your mil, your nation to defend, your honour, a privilege with good educational support.
      In the West its a day job, the boss with party political connections, their private sector profit and shareholders, lobbyists and job insecurity. Government workers who dream of private sector wealth, private sector workers who dream of some full time employment.
      Moving around the US or UK as a contractor to support the mil/gov with its data collection, computer issues is not a fun profession.

      --
      Domestic spying is now "Benign Information Gathering"
    3. Re:Why is nobody leaking... by Anonymous Coward · · Score: 1

      Probably because the Russians haven't undermined their own security by creating a system of low-bid subcontractors.

  4. misinformation by the bucketload by Anonymous Coward · · Score: 1

    why would nsa bother with hacking anything when they can have intel chips contain all of the snooping capabilities they ever need?

    1. Re:misinformation by the bucketload by AHuxley · · Score: 2

      To have contractors in the private sector find the code litter and the tech media copy and paste a report its another "nation".
      Thats why the "time zone", "ip range" and "language" litter found was always key to showing the origin of any malware.
      Getting the data out of some network might not even be the mission.
      The code litter is found by the private sector "experts" later is the propaganda win in the tech media.

      --
      Domestic spying is now "Benign Information Gathering"
  5. Better behavior-based detection in AV? by AHuxley · · Score: 1

    What can vendors of quality AV software and networks do?
    Some sort of "other" secure computer on the final network out, apart from all the infected OS, junk hardware, junk big brand firewalls on random days?
    How much is human collected? How much is just kept internally for later network collection after a human infected a system? Human placed? Network placed? Human collected or network collected. Human placed malware and later data is also collected by a human.
    Should AV detection consider the idea that the owners and users with access are a real threat too? Not just something new up or down the network.
    Physical access cant be stopped as the malware is inserted by an operative but AV could send a message back to its creators that something new and interesting was changed by the "owner". Start to phone home more details about every very secure system.
    The infection cant be avoided thanks to lax physical access but changes can be gathered by AV.

    --
    Domestic spying is now "Benign Information Gathering"
    1. Re:Better behavior-based detection in AV? by AHuxley · · Score: 1

      Yes AC, it was interesting to see the AV company that could detect.

      --
      Domestic spying is now "Benign Information Gathering"
  6. Re:No they're Russian State by Anonymous Coward · · Score: 5, Interesting

    Not entirely, Guciffer 2.0 has confirmed his contact was a whistleblower in the DNC, namely Seth Rich. This ties in with Craig Murray's assertations that the DNC leaks were an inside job and that he was the recipient for information from an individual in the DNC. Seth Rich's murder still remains unsolved.

    Link: http://g-2.space/sr/index.html

    This is rather fresh information, so I am not surprised you did not know. Unfortunately, I can only post as AC at this time.

  7. Re:Has... by irving47 · · Score: 1

    Seems *possible* they might, at some point, have leaked warnings to infraguard type people who would patch certain holes quietly... They also released a secure version of linux... centos or ubuntu or something

    --
    I had a sucky sig.
  8. Re:GitHub! GitHub! GitHub! by fisted · · Score: 1

    True words. +1, would fork.

    --
    CLI paste? paste.pr0.tips!
  9. Re: Ransom not paid by buck-yar · · Score: 1

    Should be hanged for treason.

  10. Re:idgi by buck-yar · · Score: 1

    Intel ME - mother of all backdoors

  11. Re:Translation by Mike+Frett · · Score: 1

    There is no 'Deep State' that term was coined by Russian Trolls.

  12. Both sides knew. by DrYak · · Score: 1

    The NSA once allowed the Russians to conduct industrial espionage and planted information they wanted Russia to steal. 6 months later one of Russia's main oil pipelines blew up because the PLC and SCADA information they stole actually provided a RAT that the CIA used to sabotage key pumping stations.

    Do you sincerly think that this was the sole unique time a US governmental agency tried to feed software with bugs planted in for the purpose to cause mayhem ?

    And you are really persuaded that the USSR never ever had the slightest idea that they are receiving bogus software and never had an army of hacker for the sole purpose to review and clean such code ?
    (Come on, you're speaking about the USSR - which has secret service at least as good as their western counter part, if not better. Do you *really* think that they could be bluffed so easily ? Were they still seaking to acquire red mercury until the end of the cold war ?)

    (Said as the descendant of a hacker who did clean code of intentionally planted bugs, on the other side of the iron curtain. Not even Russia, but a small country. So even that small country was spending efforts to sanitized any piece of code received from the west, you can only guess what kind of efforts Russia was spending).

    Plus, in the specific case of that explosion in Siberia the level of cause imputable to the CIA has been debunked.
    Yes, CIA was attempting to feed bogus shit to the USSR in an attempt to cause mayhem (but as said above, this *was* probably a well known fact on the other side of the iron curtain).
    But no, that peculiar explosion wasn't caused directly by CIA, but by the same cause that also caused other catastrophes like Tchernobyl : recklessness of the involved engineers.
    (Pipeline is leaking ? Hey, why should we go investigate ? Just pump up the pressure to keep the gaz flowing ! Easy fix ! Also easy cause for a massive explosion)

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  13. Re:Release the Crack-in by martinfb · · Score: 1

    Appropriate. 'Crackin' is cocaine free-based. And we all know that cocaine is 'the big lie'!
    Perhaps this explains Trump et al...

    --


    Self-importance and self-indulgence is the root of ALL evil.
  14. Re:This is what the NSA has? These are their tools by syntotic · · Score: 1

    Delaying an executable is hacking? OK: now tell me what is it that I have that your antivirus cannot yet find. I cannot record music in any laptop since 2009 after one laptop BSoD crashed and was later robbed.

  15. Re:Has... by GameboyRMH · · Score: 1

    They created SELinux and a set of military cryptography standards that differs from the civilian ones, strongly suggesting that the civilian ones are weak. That's all I can think of. They've certainly done a lot to damage the security of the Internet.

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel