Suspected NSA tool hackers dump more cyberweapons
16 January 2017 | 0
The hacking group responsible for stealing cyberweapons suspected to be from the US National Security Agency is signing off — but not before releasing another arsenal of tools that appear designed to spy on Windows systems.
The Shadow Brokers have dumped another cache online after a failed attempt to sell them and other supposed Windows and Unix hacking tools for bitcoin.
The group made news in August 2016, when they dumped hacking tools for routers and firewall products that they claimed came from the Equation Group, a top cyberespionage team that some suspect works for the NSA.
Those tools contained several previously unknown and valuable exploits, lending credibility to the hacking group’s claims, according to security researchers.
The Shadow Brokers’ latest dump includes 61 files, many of which have never been seen by security firms before, said Jake Williams, founder of Rendition InfoSec, a security provider.
He has been examining the tools, and said it will take time to verify their capabilities. His initial view is that they’re designed for detection evasion. For instance, one of the tools is built to edit Windows event logs. Potentially, a hacker could use the tool to selectively delete notifications and alerts in the event logs, preventing the victim from realising they’ve been breached, he said.
“If you simply remove a record or two, then even an organisation that is following the best security practices, presumably, wouldn’t notice the change,” he said.
The Shadow Brokers said they released the Windows hacking tools for free because a Kaspersky Lab’s antivirus product could already flag them as harmful.
The clandestine group previously tried to auction off a whole set of hacking tools for 1 million bitcoins or what was at the time $584 million (€551 million). But after several months, that auction only managed to generate 10 bitcoins.
“Despite theories, it always being about bitcoins for TheShadowBrokers,” the group said in broken English in their supposed final message.
However, Williams believes the Shadow Brokers are likely spies working for the Russian government. This latest dump was a message to the US, he said.
Williams points to the timing. In recent weeks, US intelligence agencies have been claiming the Kremlin tried to influence the US election. Based on those findings, President Barack Obama has already ordered sanctions against Russia and vowed covert action.
“If they are Russian, this is a shot across the bow,” Williams said.
It is unclear how the Shadow Brokers managed to steal the hacking tools. But they claim to have many more in reserve. The group has said their arsenal of supposed Linux and Windows-based hacking tools is still up for sale at 10,000 bitcoins.
Microsoft has said it is investigating this latest batch of hacking tools that have been released.
IDG News Service