{"id":77894,"date":"2016-08-22T12:00:51","date_gmt":"2016-08-22T11:00:51","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=77894"},"modified":"2016-08-18T17:00:32","modified_gmt":"2016-08-18T16:00:32","slug":"powerful-nsa-hacking-tools-have-been-revealed-online","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2016\/08\/powerful-nsa-hacking-tools-have-been-revealed-online\/","title":{"rendered":"Powerful NSA Hacking Tools Have Been Revealed Online"},"content":{"rendered":"

Possibly Stolen NSA Spy Tools May Be Auctioned Off to Any Bidder Soon<\/em><\/p>\n

16 Aug 2016 – <\/em>Some of the most powerful espionage tools created by the National Security Agency\u2019s elite group of hackers have been revealed in recent days, a development that could pose severe consequences for the spy agency\u2019s operations and the security of government and corporate computers.<\/p>\n

A cache of hacking tools with code names such as Epicbanana, Buzzdirection and Egregiousblunder appeared mysteriously online over the weekend, setting the security world abuzz with speculation over whether the material was legitimate.<\/p>\n

The file appeared to be real, according to former NSA personnel who worked in the agency\u2019s hacking division, known as Tailored Access Operations (TAO).<\/p>\n

\u201cWithout a doubt, they\u2019re the keys to the kingdom,\u201d said one former TAO employee, who spoke on the condition of anonymity to discuss sensitive internal operations. \u201cThe stuff you\u2019re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.\u201d<\/p>\n

Said a second former TAO hacker who saw the file: \u201cFrom what I saw, there was no doubt in my mind that it was legitimate.\u201d<\/p>\n

[National Security Agency plans major reorganization<\/a>]<\/em><\/p>\n

The file contained 300 megabytes of information, including several \u201cexploits,\u201d or tools for taking control of firewalls in order to control a network, and a number of implants that might, for instance, exfiltrate or modify information.<\/p>\n

The exploits are not run-of-the-mill tools to target everyday individuals. They are expensive software used to take over firewalls, such as Cisco and Fortinet, that are used \u201cin the largest and most critical commercial, educational and government agencies around the world,\u201d said Blake Darche, another former TAO operator and now head of security research at Area 1 Security.<\/p>\n

The software apparently dates back to 2013 and appears to have been taken then, experts said, citing file creation dates, among other things.<\/p>\n

\u201cWhat\u2019s clear is that these are highly sophisticated and authentic hacking tools,\u201d said Oren Falkowitz, chief executive of Area 1 Security and another former TAO employee.<\/p>\n

Several of the exploits were pieces of computer code that took advantage of \u201czero-day\u201d or previously unknown flaws or vulnerabilities in firewalls, which appear to be unfixed to this day, said one of the former hackers.<\/p>\n

The disclosure of the file means that at least one other party \u2014 possibly another country\u2019s spy agency \u2014 has had access to the same hacking tools used by the NSA and could deploy them against organizations that are using vulnerable routers and firewalls. It might also see what the NSA is targeting and spying on. And now that the tools are public, as long as the flaws remain unpatched, other hackers can take advantage of them, too.<\/p>\n

[Russian government hackers penetrated DNC, stole opposition research on Trump<\/a>]<\/em><\/p>\n

The NSA did not respond to requests for comment.<\/p>\n

\u201cFaking this information would be monumentally difficult, there is just such a sheer volume of meaningful stuff,\u201d Nicholas Weaver<\/a>, a computer security researcher at the University of California at Berkeley, said in an interview. \u201cMuch of this code should never leave the NSA.\u201d<\/p>\n

The tools were posted by a group calling itself the Shadow Brokers using file-sharing sites such as BitTorrent and DropBox.<\/p>\n

As is typical in such cases, the true identity of whoever put the tools online remains hidden. Attached to the cache was an \u201cauction\u201d note that purported to be selling a second set of tools to the highest bidder: \u201c!!! Attention government sponsors of cyber warfare and those who profit from it !!!! How much you pay for enemies cyber weapons?\u201d<\/p>\n

The group also said that if the auction raised 1 million bitcoins \u2014 equivalent to roughly $500\u00a0million \u2014 it would release the second file to the world.<\/p>\n

The auction \u201cis a joke,\u201d Weaver said. \u201cIt\u2019s designed to distract. It\u2019s total nonsense.\u201d He said that \u201cbitcoin is so traceable that a Doctor Evil scheme of laundering $1 million, let alone $500 million, is frankly lunacy.\u201d<\/p>\n

One of the former TAO operators said he suspected that whoever found the tools doesn\u2019t have everything. \u201cThe stuff they have there is super-duper interesting, but it is by far not the most interesting stuff in the tool set,\u201d he said. \u201cIf you had the rest of it, you\u2019d be leading off with that, because you\u2019d be commanding a much higher rate.\u201d<\/p>\n

TAO, a secretive unit that helped craft the digital weapon known as Stuxnet, has grown in the past decade or so from several hundred to more than 2,000 personnel at the NSA\u2019s Fort Meade, Md., headquarters. The group dates to the early 1990s. Its moniker, Tailored Access Organization, suggests a precision of technique that some officials have likened to brain surgery. Its name also reflects how coding whizzes create exquisite tools from scratch, in the same way a fine tailor takes a bolt of wool and fashions a bespoke suit \u2014 only the computer geeks more often work in jeans and T-shirts. \u201cWe break out the Nerf guns and have epic Nerf gun fights,\u201d one of the former hackers said.<\/p>\n

Some former agency employees suspect that the leak was the result of a mistake by an NSA operator, rather than a successful hack by a foreign government of the agency\u2019s infrastructure.<\/p>\n

When NSA personnel hack foreign computers, they don\u2019t move directly from their own covert systems to the targets\u2019, fearing that the attack would be too easy to trace. They use a form of proxy server called a \u201credirector\u201d that masks the hackers\u2019 origin. They use one or more such servers to make it difficult to trace a hack.<\/p>\n

\u201cNSA is often lurking undetected for years on the .\u2009.\u2009. [proxy hops] of state hackers,\u201d former agency contractor Edward Snowden tweeted Tuesday. \u201cThis is how we follow their operations.\u201d<\/p>\n

[Edward Snowden, the brand<\/a>]<\/em><\/p>\n

At the same time, other spy services, like Russia\u2019s, are doing the same thing to the United States.<\/p>\n

It is not unprecedented for a TAO operator to accidentally upload a large file of tools to a redirector, one of the former employees said. \u201cWhat\u2019s unprecedented is to not realize you made a mistake,\u201d he said. \u201cYou would recognize, \u2018Oops, I uploaded that set\u2019 and delete it.\u201d<\/p>\n

Critics of the NSA have suspected that the agency, when it discovers a software vulnerability, frequently does not disclose it, thereby putting at risk the cybersecurity of anyone using that product. The file disclosure shows why it\u2019s important to tell software-makers when flaws are detected, rather than keeping them secret, one of the former agency employees said, because now the information is public, available for anyone to employ to hack widely used Internet infrastructure.<\/p>\n

Snowden, Weaver and some of the former NSA hackers say they suspect Russian involvement in the release of the cache, though no one has offered hard evidence. They say the timing \u2014 in the wake of high-profile disclosures of Russian government hacking<\/a> of the Democratic National Committee and other party organizations \u2014 is notable.<\/p>\n

Tweeted Snowden: \u201cCircumstantial evidence and conventional wisdom indicates Russian responsibility.\u201d He said that the disclosure \u201cis likely a warning that someone can prove U.S. responsibility for any attacks that originated from this\u201d redirector or malware server by linking it to the NSA.<\/p>\n

\u201cThis could have significant foreign policy consequences,\u201d he said in another tweet. \u201cParticularly if any of those operations targeted U.S. allies\u201d or their elections.<\/p>\n

\u201cAccordingly,\u201d he tweeted, \u201cthis may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks.\u201d<\/p>\n

In other words, he tweeted, it looks like \u201csomebody sending a message\u201d that retaliating against Russia for its hacks of the political organizations \u201ccould get messy fast.\u201d<\/p>\n

____________________________________<\/p>\n

Read more:<\/em><\/p>\n

WikiLeaks, NSA leaker Edward Snowden clash on Twitter<\/a> <\/em><\/p>\n

The NSA\u2019s phone records program is over. That doesn\u2019t mean the data it collected is gone.<\/a> <\/em><\/p>\n

In a major cyber-hack, whom do you call? The White House spells it out.<\/a> <\/em><\/p>\n

Ellen Nakashima is a national security reporter for<\/em> The Washington Post. She focuses on issues relating to intelligence, technology and civil liberties.<\/em><\/p>\n

Go to Original \u2013 washingtonpost.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

16 Aug 2016 – Possibly Stolen NSA Spy Tools May Be Auctioned Off to Any Bidder Soon – Some of the most powerful espionage tools created by the National Security Agency\u2019s elite group of hackers have been revealed in recent days, a development that could pose severe consequences for the spy agency\u2019s operations. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[60],"tags":[],"class_list":["post-77894","post","type-post","status-publish","format-standard","hentry","category-whistleblowing-surveillance"],"_links":{"self":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/77894","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/comments?post=77894"}],"version-history":[{"count":0,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/77894\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media?parent=77894"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/categories?post=77894"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/tags?post=77894"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}