Group Claims to Have U.S. Government Hacking Tools for Sale
August 15 2016 - 10:57PM
Dow Jones News
By Robert McMillan
A previously unknown hacking group claims to have broken into a
cyberespionage organization linked to the National Security Agency
and is offering to sell what it says are U.S. government hacking
tools.
The group, calling itself the "Shadow Brokers," said in an
internet post on Saturday that it had access to a "full state
sponsor tool set" of cyberweapons. To back up its claims, the group
posted what appears to be attack code that targets security
software on routers that direct computer traffic around the
internet.
In a post written in broken English, the Shadow Brokers offered
to sell a complete trove of tools to the highest bidder. The group
said if it is paid one million bitcoin, valued at roughly $568
million, it will release the tools publicly.
Security experts doubt the group has access to the hacking
treasure trove that it boasts, but several said the code it
released appears to be legitimate. It affects routers built by
three U.S. firms -- Cisco Systems Inc., Juniper Networks Inc. and
Fortinet Inc. -- and two Chinese companies -- Shaanxi Networkcloud
Information Technology Co. and Beijing Topsec Network Security
Technology Co.
A Cisco spokeswoman said her company was investigating the
incident, but "so far, we have not found any new
vulnerabilities."
A Fortinet representative didn't have a comment. Juniper, Topsec
and Shaanxi Networkcloud didn't immediately respond to requests for
comment.
The Shadow Brokers' claims are still being analyzed by security
experts. If true, they would reflect an unprecedented breach of a
computer-espionage outfit dubbed the "Equation Group."
In a report last year, Russian computer security firm Kaspersky
Lab ZAO said the Equation Group launched hacking efforts against
governments, telecommunications companies and other organizations
in countries such as Russia, Iraq and Iran. Kaspersky didn't name
any U.S. agencies in its report, but it appeared to detail the kind
of work typically conducted by the NSA.
The NSA didn't return messages seeking comment. In the past, the
agency has neither confirmed nor denied involvement with the
Equation Group.
an internet postIn an internet post, the Shadow Brokers rail
against "wealthy elites." The Shadow Brokers didn't respond to
email and Twitter messages seeking comment.
Security experts who have examined the code published by the
hackers said it appears to contain genuine NSA programs that could
manipulate or redirect computer traffic as it passes through a
router.
"The more we look at it...it looks more and more like a tool kit
from the NSA," said Matt Suiche, the founder of Comae Technologies
FZE, a computer-security startup based in the United Arab
Emirates.
"It looks genuine," said Nicholas Weaver, a researcher with the
International Computer Science Institute, a nonprofit research
center affiliated with the University of California, Berkeley. Mr.
Weaver said that, in addition to the router-attack programs, the
code includes tools that would be available only to someone with
access to NSA computers and tools that appear to interact with NSA
software described in documents leaked by former NSA contractor
Edward Snowden.
However, security experts questioned the ransom demand, saying
it was unlikely anyone would pay millions for the promised tools,
sight unseen. Mr. Weaver believes the bitcoin auction scheme was
most likely a distraction to obscure whoever obtained the
documents.
"Whoever stole the data wants the world to know that they stole
it," he said in an email message. "The suspect list is almost
certainly short -- Russia or China, and given the recent espionage
troubles between the U.S. and Russia, probably the former."
The Shadow Brokers say that they obtained their code via
hacking. However, the origin of the documents remains unclear, said
Oren Falkowitz, the CEO of Area 1 Security Inc., and a former NSA
analyst.
"We don't know what hacking means," he said. "Did some guy just
walk in and steal it?"
Ben Johnson, co-founder of Carbon Black Inc. and a former NSA
computer scientist, cautioned that the Equation Group hasn't been
definitively linked to the NSA and that it is unclear how much data
was taken.
"People should not be thinking that the NSA has been hacked," he
said. "Certainly there's been some effort put into [the Shadow
Brokers' data], but I'm by no means convinced that this is a full
toolset of a nation state."
Write to Robert McMillan at Robert.Mcmillan@wsj.com
(END) Dow Jones Newswires
August 15, 2016 22:42 ET (02:42 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.
Cisco Systems (NASDAQ:CSCO)
Historical Stock Chart
From Aug 2024 to Sep 2024
Cisco Systems (NASDAQ:CSCO)
Historical Stock Chart
From Sep 2023 to Sep 2024