A group of hackers calling themselves ‘The Shadow Brokers’ recently claimed to have hacked the cyber attack unit ‘Equation Group’ and released some hacking tools online in search for the highest bidder to sell more private ‘cyber weapons’.
These hacking tools leaked by The Shadow Brokers include malware, private exploits, and hacking programs They were published on Github and Tumblr, divided into two parts – one is hacking tools available for free; another is encrypted files described as the ‘best files’ by the hackers, who demand $1 million Bitcoins (around $568 Million) to leak them.
Github has deleted the files from its page, since these tools are ‘stolen property’, and the behavior of requiring cash to release more data is also against their company policy.
Why does this hack spark a large discussion?
The leak of these hacking tools allegedly dumped from the Equation Group. According to its discoverers, The Equation Group is “one of the most sophisticated cyber attack groups in the world”.
Not only being capable of reprogramming hard disk drive firmware with complex and sophisticated techniques, but also linked to the previous allegedly US sponsored Regin and Stuxnet attacks, the Equation Group is also suspected to be part of the United States intelligence agency NSA.
With the association between the Equation Group and NSA, people start to ask if these leaked hacking tools and exploits are legitimate.
If the answer to this question is ‘yes’, it would mean that a hacker group has successfully hacked the NSA, the last organization one would expect to be hacked. The stolen tools are suspected to be powerful enough to suppose a threat to governments and large organizations, making this attack a critical incident for cyber security.
Security experts believe the leaked hacking tools to be legitimate
Security Experts have confirmed that the leaked hacking tools bear the identical digital signatures that are found in malware or data exploit tools used by the Equation Group before.
According to security researchers, even if the attacker’s identity, motivation, or the approach to this hack still remains unknown, “we can state that several hundred tools from the leak share a strong connection with our previous findings from the Equation group.”
In addition, RC5 and RC6 encryption algorithms are commonly implemented in the released files. These algorithms have also been widely used by the Equation Group. “The chances of all these being fakes or engineered is highly unlikely,” indicate the security experts.
Former NSA employee: ‘There was no doubt in my mind that it was legitimate.’
In addition to the proofs provided by security researchers outside the NSA, one former NSA personnel who used to work in the Tailored Access Operations also made a confirmation of these tools’ authenticity.
Another TAO employee also noted, “Without a doubt, they’re the keys to the kingdom. The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”
Considering the aforementioned evidence and statement, one can reasonably deduce that the leaked NSA hacking tools are legitimate, and their power not to be ignored.
The Shadow Brokers are now auctioning this advanced hacking software online. If the arsenal falls into the wrong hands, major government and big corporation networks may become the next target, causing severe security issues and financial loss.