A secretive group known as the Shadow Brokers has claimed to have hacked into a cyber warfare unit linked to the National Security Agency and stole “cyber weapons”. The group is now reportedly auctioning them off to the highest bidder.
The stolen “weapons” were said to belong to Equation Group, a hacking unit believed to be backed by the NSA. The Shadow Brokers have only released a portion of their loot, but according to security researchers, the group is not likely to be bluffing.
The leak was announced on social media by the group in broken English, saying: ““We auction best files to highest bidder. Auction files better than Stuxnet.” The digital weapons are believed to have been funded by the US and Israel, in connection to the sabotage of Iran’s nuclear program. The hackers have an asking price of 1 million bitcoins, which is worth around US$580m.
Some of the files in the cache that were released for free matched those in documents leaked by whistleblower Edward Snowden, such as “BANANAGLEE”, “JETPLOW” and “EPICBANANA”. Also included were several hacking tools for tapping into network equipment such as routers and firewalls made by major firms like Cisco and Juniper.
“These files are not fully fake for sure,” said security researcher Bencsáth Boldizsár in an interview with Ars Technica
“Most likely they are part of the NSA toolset, judging just by the volume and peeps into the samples. At first glance it is sound that these are important attack-related files, and yes, the first guess would be Equation Group.”
Kaspersky Lab, the cyber security firm that first exposed Equation Group’s cyber-espionage activities in 2015, released a blog post detailing a “strong connection” between the leaked files and their previous findings about Equation. Encryption algorithms in over 300 files from the Shadow Brokers’ cache resemble those seen in previous Equation Group malware, according to Kaspersky.
“The chances of all these being faked or engineered is highly unlikely,” the security company added.
There are no leads on the identity of the Shadow Brokers, but there are some speculations that this could be retaliation from Hillary Clinton’s blaming of Russian intelligence agencies for the Democratic National Committee hacking incident.
Snowden made a series of tweets, positing that it was a Russian-backed attacked that aims to expose evidence of the NSA’s cyber warfare activities.
“This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server. That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies,” Snowden tweeted.
Threat awareness drives cyber insurance market, says expert
Symantec stresses necessity of cyber insurance for Singapore firms
DUAL Asia and MSIG Singapore unveil cyber insurance solution