'Shadow Brokers' Claim To Have Acquired Tools Used By NSA-Linked Hackers: Legitimate Threat Or Elaborate Hoax?

An anonymous hacking group which goes by the name of Shadow Brokers claims to have acquired software tools that belong to hackers linked to the National Security Agency of the United States.

The previously unknown group said that it broke into the cyberespionage organization known as the Equation Group and has now put the hacking tools that it acquired up for auction.

In addition to selling the hacking tools to whoever would end up as the highest bidder, the Shadow Brokers said that if it will be paid 1 million bitcoins, which currently carries a value of about $568 million, the cyberweapons will be publicly released.

To back up its claims, the Shadow Brokers uploaded what looks like attack code that focuses on the security systems of routers that direct computer traffic online. According to security experts, the code looks legitimate, affecting routers manufactured by three United States companies and two Chinese companies. Specifically, the companies involved are Cisco Systems, Fortinet, Juniper Networks, Shaanxi Networkcloud Information Technology and Beijing Topsec Network Security Technology.

As to the statement of Shadow Brokers that it actually has acquired such tools from the NSA-linked hackers, that is up for debate. Security experts are saying that either the group was able to carry out a one-of-a-kind security breach or that the group has put in place an elaborate hoax.

Last year, researchers from Kaspersky Lab described the Equation Group as one of the most advanced hacking groups in the world. The compressed data that accompanied the post by the Shadow Brokers had a size of just over 256 MB and is said to contain hacking tools that are dated as early as 2010 belonging to the Equation Group.

The posted data, which is composed mostly of poorly coded python scripts and batch scripts, has not yet been proven to actually have come from the Equation Group. However, there was little doubt that the data did indeed come from an advanced group of hackers.

"These files are not fully fake for sure," said CrySys security researcher Bencsáth Boldizsár, who is widely credited for the discovery of the Flame espionage malware platform, which is linked to the Equation Group.

In the email to Ars Technica, Boldizsár added that the files are likely part of the toolset of the NSA as important attack-related files, with the first guess being that they are indeed somehow linked to the Equation Group.

Boldizsár's findings have been echoed by other security researchers, including Comae Technologies FZE founder Matt Suiche and International Computer Science Institute's Nicholas Weaver.

A researcher from the Citizen Lab of the University of Toronto, Claudio Guarnieri, said that it would seem that the NSA launched an attack and then someone managed to trace the origin of the attack and launched a counter-hack.

Guarnieri cautions that it is still too early to tell if the code and other data uploaded by the Shadow Brokers can definitely be linked to the Equation Group or to the NSA. However, he added that the code coincides with some of the exploits that was part of the catalogue leaked by infamous NSA whistleblower Edward Snowden back in 2013.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics