A MYSTERIOUS hacker collective calling themselves “The Shadow Brokers†has given the United State’s top spy agency a serious fright for Halloween.
The hacker group says it has released more files from a trove of high-level hacking tools stolen from the US National Security Agency, potentially offering added insight into how America’s spies operate online and launch their own cyber attacks.
The leak discloses NSA-style codenames — including “Jackladder†and “Dewdropâ€- and carries internet protocol information about scores of organisations, many based in Japan, China and South Korea, according to several experts who have examined the data.
Matthew Hickey, co-founder of UK-based cybersecurity consultancy Hacker House, said it was plausible that the server information released in the hack would have been used as staging posts to help obfuscate the origin of electronic eavesdropping operations, the Associated Press reported.
So who is this group of hackers taking on the might of America’s spy apparatuses?
Of course that remains a mystery, and so far their presence on the surface web has been pretty sparse, and rather strange.
A Twitter account under the name The Shadow Brokers was established in August 2016. Despite only posting a handful of tweets since it appeared online a few months ago, it has some cyber security heavy hitters among its nearly 2000 followers, including notorious white hat hacker Kevin Mitnick who was once jailed and held in solitary confinement because a judge believed he could launch a missile attack by whistling codes into a phone.
The establishment of the group’s Twitter account came around the same time as its previous leak.
In August the group leaked information reportedly stolen from the NSA which included malware believed to be used by the highly secretive agency as recently as 2013.
At the time of that leak the group said it would auction off other information taken from the NSA including the “best files†in the stolen trove.
Shadow Brokers has been closely followed by intelligence watchers and cybersecurity specialists since the group released an initial set of NSA hacking tools back in August. The seriousness of the leak was confirmed when security companies rushed to patch holes in their software revealed by the disclosure.
Aside from the August leak and prior to the latest dump, Shadow Brokers has done little but post sexually explicit fanfic of Bill Clinton and US Attorney General Loretta Lynch.
But the leaks this week contained a list of servers previously compromised by the Equation Group, a hacking outfit linked to the NSA.
According to researcher Mustafa Al-Bassam, the data is old as the servers were compromised between 2000 and 2010.
But if the information is true it reveals which staging servers the NSA used to launch covert cyber attacks — and it does appear that the data is reliable.
Investigative online publication The Intercept, run by journalist Glenn Greenwald who broke the story of NSA’s mass surveillance program after receiving stolen files by whistleblower Edward Snowden, seems to have verified its veracity.
The publication confirmed Shadow Brokers’ tools were really from the NSA by cross-referencing the leaked data with information held in a previously unpublished top secret manual.
However what is most worrying for the NSA is the latest leaks appear to corroborate the Shadow Brokers’ claims that they have stolen an as-yet undisclosed set of electronic lock picks from the agency.
“Those can be hard to generate,†Mr Hickey told AP, calling it “quite expensive to replicate all those tools.â€
The latest hack comes at an interesting time and provokes questions over the possibility of involvement from former NSA contractor Harold Martin.
Mr Martin is currently in jail accused of stealing massive amounts of classified material from the spy agency.
The former NSA worker who faces theft charges, is accused of stealing top secret information from the government over two decades but has not been linked to the Shadow Broker’s disclosures.
— With AP