User Controls
Latest NSA hack might reveal ugly side of US spying, Snowden says
-
2016-08-16 at 8:02 PM UTCWhat do you guys think of this? Before I go scouring for other credible sources, CNN seems to have a done a fair job at summarizing some recent NSA news:
Now that it appears powerful NSA cyberweapons have been leaked to the public, a former spy warns the United States might get caught red-handed.
Over the weekend, a mysterious group called "The Shadow Brokers" leaked what appear to be hacking tools that the U.S. National Security Agency uses to spy on people.
This bundle of computer code is about three years old. But it's still dangerous, since it puts a high-tech military arsenal online within reach of all kinds of criminals. They can use these tools to rob banks, steal government secrets or expose personal lives.
And on Tuesday morning, in a series of tweets, ex-NSA whistleblower Edward Snowden pointed out yet another potential repercussion from the leak.
If these digital weapons are found on a computer, that's evidence of an attack – similar to finding fragments of a blown up missile.
Computer security researchers around the world are now reviewing computer networks for these tools. And wherever they find this leaked code, they'll know the NSA was spying.
The United States currently claims the moral high ground and censures China, Iran, North Korea and Russia for hacking Americans. But it could soon be caught doing the same to others.
http://money.cnn.com/2016/08/16/technology/nsa-hacking-tools-snowden/
Hacker claims to be selling stolen NSA spy toolsThe NSA develops high-powered hacking tools. Now a hacker claims to be selling a stolen batch of them.
On Saturday, a load of computer code – whose purpose is to break into other computers – was leaked to the public by an anonymous entity called "The Shadow Brokers."
The same mysterious entity also promised an upcoming "cyber weapons auction" – the digital equivalent to putting stolen military missiles up for sale.
The gang claims the stolen hacking tools were developed by "the Equation Group" – a spying entity widely thought to be the U.S. National Security Agency and spying departments from four international allies: Australia, Canada, New Zealand and the United Kingdom. Together, that group is called the "Five Eyes."
Computer security experts worldwide now worry that sensitive NSA spying tools are accessible to common criminal hackers.
"It definitely looks like a toolkit used by the NSA," said Matt Suiche, a French computer researcher who has been reviewing the leaked code.
Of particular importance: These hacking instruments are in the form of a neatly packaged tool, which means they're ready "to use easily against a target," said Suiche, who runs the UAE-based cybersecurity firm Comae Technologies.
"This is dangerous," said New York University computer security professor Justin Cappos. "People who want to launch attacks but were not aware how to do it now have the tools and information available to do this."
On the popular computer coding website Github, where the group initially made its statement, the hacker post starts with this: "!!!! Attention government sponsors of cyber warfare and those who profit from it !!!!"
Then came the implications of danger: "How much you pay for enemies cyber weapons?" it said in a cheeky style. "We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions."
Cybersecurity researchers around the world have been intensely and rapidly studying the leaked information.
"This appears to be legitimate, and a framework designed to take control of routers and firewalls," said Nicholas Weaver, senior researcher at the International Computer Science Institute. "The likely conclusion is that the code was stolen from the NSA itself or a 5EYES ally with access to this particular code."
After examining the leaked computer code, Weaver believes this batch of tools was stolen from the NSA or its partners in 2013.
Brendan Dolan-Gavitt, a computer science assistant professor at New York University, has experimented with some of the samples the hacker made public. He said one tool matches "pretty well" with a top secret NSA tool that was described in documents leaked by ex-NSA whistleblower Edward Snowden.
"If it's fake, someone put a huge amount of work into it," Dolan-Gavitt said about the leak.
The FBI declined to say whether it's investigating the potential theft of sensitive information. The office of the Director of National Intelligence, which oversees the NSA, did not return requests for comment.
Computer security experts noted that the vulnerabilities exploited by these hacking tools are at least three years old and might be stopped if people, corporations and governments keep their software updated.
http://money.cnn.com/2016/08/15/technology/nsa-spy-tools-stolen/
From a tech side, does this sound feasible?
From a sec side, should I be worried?
From a philosophical side, do you agree or disagree with the NSA having this ability/power?
-
2016-08-16 at 8:18 PM UTCSomeone from inside the NSA probably leaked it. Information should be free, keeping it private it is impossible.
They can use these tools to rob banks
[greentext]>mfw[/greentext]
-
2016-08-16 at 9:28 PM UTCI read a couple posts about this on twitter. They mention github in the article, have you seen the account they're talking about? Sounds like interesting content.
[greentext]>it puts a high-tech military arsenal online within reach of all kinds of criminals. They can use these tools to rob banks, steal government secrets or expose personal lives.[/greentext]
Pfft, they do like to fear monger don't they. The serious threat actors have been doing this without the aid of the NSA for years now. Also the Equation Group is more than likely a subcontractor of the NSA, a little like Hacking Team. Perhaps the same person is responsible, although, the otehr hacks were politically motivated and it seems "The Shadow Brokers" are in it for the profit. -
2016-08-16 at 9:37 PM UTCWhere will that auction take place, haha? The NSA will just buy all their shit back and take the L. There's no way that shit becomes available to anyone who doesn't already have similar tools.
-
2016-08-16 at 10:53 PM UTCTotally missed this first time around.
[greentext]>From a tech side, does this sound feasible?[/greentext]
Media hype notwithstanding, with the resources an agency like the NSA can pour into the development of malware and related frameworks it does indeed sound feasible.
[greentext]>From a sec side, should I be worried?[/greentext]
Probably not more than usual, especially since the article mentions the vulnerabilities exploited by this software/malware/whatever(They should have been more specific than just saying 'code') appear to be three years old and researchers are already looking into it. just keep your virus definitions up to date and watch the developments regarding this for any tools that help you check if you have been affected by related exploit packs.
[greentext]>From a philosophical side, do you agree or disagree with the NSA having this ability/power?[/greentext]
Personally i am opposed to the NSA having this. However if i were to view it from a statist perspective i'd say the NSA would be justified in having these tools/capabilities as long as they're being used against enemies of the United States, not private citizens, foreign or domestic. -
2016-08-17 at 1:18 AM UTCuglier than what's already been released?
I suspect it's an archive of 0day and currently-unpatched exploits; most of their actual tools rely on multiple servers and providers so they're not something that can be distributed easily.
if this is true, wikileaks will be in the process of sending the exploits to the vendors to expedite patching - amusing because a LOT of the NSA's intrusion tools are about to stop working.Where will that auction take place, haha? The NSA will just buy all their shit back and take the L. There's no way that shit becomes available to anyone who doesn't already have similar tools.
wikileaks have reported they have a copy. -
2016-08-17 at 1:02 PM UTCThat woul be sweet.
*fast forward 2 months wikileaks are the bad guys*
