16 January 2017

STOLEN NSA ‘WINDOWS HACKING TOOLS’ NOW UP FOR SALE


Mohit Kumar has a January 10, 2017 article in the HackersNews.com webpage with the title above. He begins: “The Shadow Brokers, who previously stole and leaked a portion of NSA hacking tools and exploits — is back…with a bang!” He notes that Shadow Brokers “is now selling another package of hacking tools, “Equation Group Windows Warez,” which includes Windows exploits and antivirus bypass tools — stolen from the NSA-linked hacking unit, The Equation Group.”

This past weekend (Sat.), “the Shadow Brokers posted a message on their ZeroNet-based website, announcing the sale of the entire ‘Windows Warez’ collection for 750 Bitcoin,” near, or over $1M based on latest value of one bitcoin.”

The following NSA Hacking Tools Up For Sale — According To The Hacker News — Are:

— Fuzzing Tools (used to discover errors & security loopholes);

— Exploit Framework;

— Network Implants;

— Remote Administration Tools (RATs);

— Remote Code Execution Exploits for IIS, RDP, RPC, SMB Protocols (Some Zero-Days);

— SMB BackDoor (Implant).

“Interestingly, the Remote Administration Tool (RAT), “DanderSpritz,” included in the list is the one previously leaked,” by fugitive, and Russia-based, Edward Snowden. Malware researcher, Jacob Williams, Principal Consultant at the cyber security firm, Rendetion infosec, analyzed the archive of “screenshots and output of the find command across the dump,” provided by the hacker as an evidence of legitimacy and estimated that the tools may also include a Fully Undetectable Malware (FUD) tool-kit.” Mr Kumar speculates that “the FUD tool-kit might have the ability to “evade/bypass personal security products,” such as Avira, Avast, Dr.Web, ESET Antivirus, Microsoft Essential, Panda, Symantec, Trend Micro, and Kaspersky Antivirus.”

“The buyers can purchase the entire database of hacking tools that the Equation Group used against various countries to expand its espionage operations,” Mr. Kumar wrote.

This issue has been a nightmare for NSA, and the Intelligence Community, since at least August of 2016, when some of our most precious, and fragile intelligence collection tools, sources, and methods were put up for sale on the Internet to the highest bidder. It was subsequently learned that whoever stole these very sensitive and perishable intelligence collection tools and put them up for sale last year — possessed these tools since the summer of 2013; but dud not attempt to sell them at the time — because they either got cold feet, and/or took time to cover their digital tracks, in order to hinder NSA ,counterintelligence investigators and the FBI in attempting to find out who they are.

While there reportedly is strong suspicion among investigators that this theft of some of our most sensitive and precious intelligence collection hacking tools is the ‘work’ of a trusted NSA insider — one does have to wonder whether this is yet another Russian operation designed to damage the United States — and in this specific case – NSA. Perhaps this is one reason why all the hacking tools haven’t been sold yet. What better way for Putin to continue his influence operations campaign against the United States — than to conduct an operation such as this; and, make it appear as if this breach/theft was the work of a trusted NSA insider. They really get bang for their buck, as they sow distrust in our intelligence agencies, and, damage our collection capabilities. And then, there is Edward Snowden. Did any of his very reckless leaks, aid whoever is behind this theft of NSA’s hacking tools — get any aid and assistance, wittingly, or unwittingly from Mr. Snowden? And finally, is Edward Snowden helping or playing any role in the ongoing Russian strategic influence operations campaign?

No comments: