The ‘Shadow Brokers’ NSA theft puts the Snowden leaks to shame | ExtremeTech

Article on NSA cyber weapons revealing hack and it’s significance to cyber security.

For more details check also my earlier posting on NSA hack.


  1. Tomi Engdahl says:

    The Real Russian Mole Inside NSA | | Observer

    The media has finally noticed that the National Security Agency has a problem with Kremlin penetration

    Moles—that is, long-term penetration agents—are every intelligence service’s worst nightmare. Though rarer in reality than in spy movies and novels, moles exist and can do enormous damage to a country’s secrets and espionage capabilities. They’re what keep counterintelligence experts awake at night.

    The recent appearance on the Internet of top secret hacking tools from the National Security Agency has shined yet another unwanted spotlight on that hard-luck agency, which has been reeling for three years from Edward Snowden’s defection to Moscow after stealing more than a million classified documents from NSA. As I explained, this latest debacle was not a “hack”—rather, it’s a clear sign that the agency has a mole.

    Of course, I’ve been saying that for years. It’s not exactly a secret that NSA has one or more Russian moles in its ranks—not counting Snowden. Now the mainstream media has taken notice and we have the “another Snowden” meme upon us.

    This shouldn’t be shocking news since the agency has suffered from moles since its birth in 1952. While many intelligence services have tried to steal secrets from NSA, only the Russians have been able to do so consistently. Kremlin penetration of NSA has been a constant. A brief historical sketch outlines the problem.

    The record of our Intelligence Community, indeed our whole government, in counterintelligence is nothing less than dismal.

  2. Tomi Engdahl says:

    Experts have two theories for how top secret NSA data was stolen — and both are equally disturbing – Business Insider

  3. Tomi Engdahl says:

    Commentary: Evidence points to another Snowden at the NSA | Reuters

  4. Tomi Engdahl says:

    US-CERT tells network operators to pay attention and harden up
    Recent exploits and golden oldies are making packets perilous

    The US-CERT is warning organisations to harden their networks, because resurgent malware plus the recent publication of powerful exploits proved too hot to ignore.

    The organisation says that threats like the a leak of Equation Group Adaptive Security Appliance (ASA) tooling are bad enough by themselves, but warns plenty of organisations are also yet to knock 2015′s SYNful Knock on the head, too.

    Together, the two attacks should put Cisco users in a state of alert.

    US-CERT is not alone in its fears: security outfit Rapid 7 reckons it has found more than 50,000 ASA-susceptible devices, many un-patched..

    US-CERT made the warnings about the advanced attacks in an alert this week detailing how the exploits occur and offering admins defensive strategies.

    “The rising threat levels place more demands on security personnel and network administrators to protect information systems,” US-CERT says.

    The agency is also warning of separate ASA attacks in which net scum lure admins to payload websites that exploit a crustier vulnerability (CVE-2014-3393). It says “several reports” of attacks using that malicious code injection in June.

    Alert (TA16-250A)
    The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations

  5. Tomi Engdahl says:

    “Shadow Brokers” Data Obtained From Insider: Flashpoint

    New evidence uncovered by researchers after the group calling itself “Shadow Brokers” made available some new files reinforces the theory that the exploits and tools were obtained from a rogue insider and not by hacking NSA systems.

    In mid-August, The Shadow Brokers leaked 300 Mb of firewall exploits, implants and tools, claiming that the files had been obtained from the NSA-linked Equation Group. The threat actor launched an all-pay auction in hopes of making a serious profit for a second batch of files that included exploits, vulnerabilities, RATs and data collection tools.

    The extensive use of Markdown, a lightweight markup language commonly used in code repositories, has led researchers to believe that the files have been copied from an internal system or a code repository, not obtained through remote access or from an external staging server.

    Flashpoint has assessed with “medium confidence” that the information was likely obtained from a rogue insider.

  6. Tomi Engdahl says:

    Russian spies used Kaspersky AV to hack NSA contractor, swipe exploit code – new claim

    Russian government spies extracted NSA exploits from a US government contractor’s home PC using Kaspersky Lab software, anonymous sources have claimed.

    The clumsy snoop broke regulations by taking the classified code, documentation and other materials home to work on using his personal computer, which was running Kaspersky’s antivirus, sources told the Wall Street Journal. It is alleged Kremlin hackers exploited the security package in one way or another to identify those sensitive files and exfiltrate them.

    In effect, it means the Russian government has copies of the NSA’s tools used to exploit vulnerabilities in computer systems and equipment to spy on other nations and targets. It also means Russia can turn the cyber-weapons on American corporations, government agencies and other networks, and steal secrets, cause merry havoc, and so on.

    The theft, reported today, is said to have occurred in 2015, but apparently wasn’t discovered until earlier this year.

    The allegedly stolen NSA code and dossiers sound an awful lot like the Shadow Brokers archive of stolen agency spyware. The brokers’ pilfered exploits dates back to 2013, though.

    Russian Hackers Stole NSA Data on U.S. Cyber Defense
    The breach, considered the most serious in years, could enable Russia to evade NSA surveillance and more easily infiltrate U.S. networks

    Updated Oct. 5, 2017 7:31 p.m. ET

    WASHINGTON—Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter.

  7. Tomi Engdahl says:

    The NSA Officially Has a Rogue Contractor Problem

    The NSA is one of the world’s most notoriously secretive and powerful government agencies, guarding its powerful hacking tools and massive caches of collected data under layers of security clearances and world-class technical protections. But it turns out that three times in three years, that expensive security has been undone by one of its own contract employees simply carrying those secrets out the door.

    In 2013, an NSA contractor named Edward Snowden walked out of the agency’s building in Oahu, Hawaii, carrying a USB drive full of thousands of top-secret documents. Last year, a 53-year-old Booz Allen contractor for the NSA named Hal Martin was arrested last year for taking 50 terabytes out of the agency over a period as long two decades. And Thursday, the Wall Street Journal reported that in 2015, a third contract employee of the NSA in as many years took home a trove of classified materials that included both software code and other information that the agency uses in its offensive hacking operations, as well as details of how it protects US systems from hacker adversaries.

    That classified data, which wasn’t authorized to be removed from the perimeter of the facility where that contractor worked, was then stolen from the contractor’s home computer by Russian spies, who exploited the unnamed employee’s installation of antivirus software from Kaspersky, a Russian company. And while that revelation has raised yet another round of serious concerns and unanswered questions about Kremlin spying and the role of Kaspersky’s widely used commercial software, it also points to a more fundamental security problem for the NSA: The own-goals it has committed, as a series of its paid employees spill some of its most sensitive secrets—including its intensely guarded and dangerous hacking techniques.

    Going Rogue

    The revelation of the latest unidentified contractor, whose employer also hasn’t been publicly named, comes a year after Martin was caught leaving sensitive data on hard drives in his home and car, a collection that included 75 percent percent of the hacking tools used by the NSA’s elite hacking team, known as Tailored Access Operations, according to the Washington Post. Prosecutors in Martin’s case have said the data also contained the highly secret identities of undercover agents.

    It’s not yet clear if either Martin or the most recent contractor to breach the agency’s secrecy rules had any intention of selling or exploiting the documents they took. The latest incident in particular seems to be a case of carelessness, rather than profit or malice, according to the Wall Street Journal’s reporting. Both of those leaks contrast with the whistleblowing-motivated data thefts of Edward Snowden—another Booz Allen contractor—who stole his thousands of top secret files with the intention of giving them to media.

  8. Tomi Engdahl says:

    Russian Hackers Stole NSA Hacking Tools Using Kaspersky Software

    Russian Government Hackers are using Kaspersky software to stole NSA Advance cyber Weapons such as secret spying tools from NSA Contractor Personal Home Computer who has been used the Russian Based Kaspersky Security Products.

    This Incident reported by The Wall Street Journal says, Stolen Information are Highly Sensitive Data such as how the NSA penetrates foreign computer networks.


Leave a Comment

Your email address will not be published. Required fields are marked *