NSA Also Hacked?--Apparently, Yes!

WOW! If this is true, then it could be incredibly damaging and possibly extremely embarrassing.
The fact that this material has been acknowledged as authentic appears to prove a hack successfully took place.

To me, the fact that some of the NSA Malware they extracted is being auctioned online...leads me to believe that it is NOT the Russian government.
WHO are these "Shadow Brokers"...WHAT else did they get?...and WHY is the material they DID reveal, from 2013?

I fear we will be hearing much more about them very soon.

REPORT ‘Shadow Brokers’ Claim to be Selling NSA Malware, in What Could Be Historic Hack

A mysterious online group calling itself “The Shadow Brokers” is claiming to have penetrated the National Security Agency, stolen some of its malware, and is auctioning off the files to the highest bidder.

The authenticity of the files cannot be confirmed but appear to be legitimate, according to security researchers who have studied their content. Their release comes on the heels of a series of disclosures of emails and documents belonging mostly to Democratic officials, but also to Republicans.

“It’s at minimum very interesting; at maximum, hugely damaging,” said Dave Aitel, a former NSA research scientist and now the CEO of the security firm Immunity. “It’ll blow some operations if those haven’t already been blown.”

The files posted over the weekend include two sets of files. The hackers have made one set available for free. The other remains encrypted and is the subject of an online auction, payable in bitcoin, the cryptocurrency. That set includes, according to the so-called Shadow Brokers, “the best files.” If they receive at least 1 million bitcoin — the equivalent of at least $550 million — they will post more documents and make them available for free.

The set of files available for free contains a series of tools for penetrating network gear made by Cisco, Juniper, and other major firms. Targeting such gear, which includes things like routers and firewalls, is a known tactic of Western intelligence agencies like the NSA, and was documented in the Edward Snowden files. Some code words referenced in the material Monday — BANANAGLEE and JETPLOW — match those that have appeared in documents leaked by Snowden. Security researchers analyzing the code posted Monday say it is functional and includes computer codes for carrying out espionage.

FULL Article:
foreignpolicy.com...

a reply to: IAMTAT

Hate to be that guy, especially in one of your threads, but...

So, Uh, Did The NSA Get Hacked?

nvm

a reply to: jadedANDcynical

It's fine, the rule is one in BAN, one in another forum is not considered a dupe thread.

On topic, this is pretty ridiculous if true.

~Tenth

a reply to: tothetenthpower

It's fine, the rule is one in BAN, one in another forum is not considered a dupe thread.

You're quite right, I didn't even notice that it was in two different threads.

Apologies to IAMTAT.



Now to the topic.

I've thought a little more about this and taken a few other things in to consideration.

Wikileaks maintains that they have a copy of these same files but that they came from a different source and are described as 'pristine.'

This leaves me with a few questions.

1) Was this part of a honeypot?
2) If the answer to 1 is 'yes,' then who was the target(s)?
3) If 'no,' then why would such items be kept in a place where they are accessible?

Always interesting to think about what might be happening compared to what we are told is happening.

a reply to: jadedANDcynical

Again, the date and timing may be very telling as to the ultimate goal of the hack.

The goal of the operation remains something of a mystery. The files appear to be from late 2013 — after the Snowden revelations — in which case whoever burned this NSA operation has been sitting on explosive government files for some three years. Why post these documents now? And to what end? Those questions are probably being debated in the White House, where a spokesman declined to answer questions on what may go down in history as a landmark day in the history of cyberwarfare.

foreignpolicy.com...

a reply to: IAMTAT

Indeed, following up on a post in that other thread lead me here:

Here are some code names that I extracted from the free files offered as a teaser on the Shadow Broker's dump, the main targets appear to be Fortinet, TopSec, Cisco & Juniper firewalls.

Most of the code appears to be batch scripts and poorly coded python scripts, and seems to be a Toolkit against firewalls. Nonetheless, this appears to be legitimate code.

...

Banana Glee is particularly interesting because it allows references to the JETPLOW explanation from the 2014 NSA’s Tailored Access Operations (TAO) catalog: [link removed by jadedANDcynical]. This lends much credence that this hack is legitimate.

A Quick Breakdown of the Equation Group Hack

So from early investigation, it looks like this might be the real deal.

a reply to: IAMTAT

Im going out on a limb here...but I would suspect the one agency that has the most protections and encriptions and redirects...would be the very one that hacks OUR protections, encriptions and servers, emails, correspondence.

I would think that would be highly improbable, and unlikely..since THEY are consider "the watchers".

Still, not impossible...

I'd wager a guess, and think Snowden's tweet "Its time"
is connected. Also interesting because the bitcoin part is
nothing but a ruse. Entirely traceable.

Think of what it would take to successfully hack the NSA.
I think the term "Shadow Brokers" is an apt one.

This is something much bigger and more powerfully advanced than a Snowden or an Assange.

a reply to: IAMTAT

It appears to be a trap.



Jaded touched on it there, a honey pot.

My guess is this was a lure.

originally posted by: burntheships
a reply to: IAMTAT

It appears to be a trap.

Jaded touched on it there, a honey pot.

My guess is this was a lure.

Yeah...I could see that being the case. Still, it seems a little clumsy auctioning in bitcoin.

The best way to combat attacks you might not yet know about is to put yourself out there to be hacked and learn from the attacks, then adapt and overcome.

These guys don't get hacked like we'd think and if they do, I would hope whole divisions are fired for even keeping such on such a vulnerable system.

Handshakes and encryption alone could thwart most of these followed by existing on a closed loop network also called an " infranet " to allow more security and monitoring.

Anytime I see big this and that gets hacked and no credit cards or personal info is stolen but " documents " are, I grow suspicious.

An Bitcoin is about as non traceable as a fart in an elevator...

Looking back a bit at the hackees, it looks like they've been active for a good long time:

CANCUN, Mexico — In 2009, one or more prestigious researchers received a CD by mail that contained pictures and other materials from a recent scientific conference they attended in Houston. The scientists didn't know it then, but the disc also delivered a malicious payload developed by a highly advanced hacking operation that had been active since at least 2001. The CD, it seems, was tampered with on its way through the mail.

It wasn't the first time the operators—dubbed the "Equation Group" by researchers from Moscow-based Kaspersky Lab—had secretly intercepted a package in transit, booby-trapped its contents, and sent it to its intended destination. In 2002 or 2003, Equation Group members did something similar with an Oracle database installation CD in order to infect a different target with malware from the group's extensive library. (Kaspersky settled on the name Equation Group because of members' strong affinity for encryption algorithms, advanced obfuscation methods, and sophisticated techniques.)

Kaspersky researchers have documented 500 infections by Equation Group in at least 42 countries, with Iran, Russia, Pakistan, Afghanistan, India, Syria, and Mali topping the list.

I think burntheships might have hit on something with the Snowden "it's time" comment:

Second, a highly advanced keylogger in the Equation Group library refers to itself as "Grok" in its source code. The reference seems eerily similar to a line published last March in an Intercept article headlined "How the NSA Plans to Infect 'Millions' of Computers with Malware." The article, which was based on Snowden-leaked documents, discussed an NSA-developed keylogger called Grok.

...Besides sharing the unconventional spelling "strait," Snowden-leaked documents note that STRAITBIZARRE could be turned into a disposable "shooter." In addition, the codename FOXACID belonged to the same NSA malware framework as the Grok keylogger.

How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last

Hey, what if Snowden was the original hacker who got these files out and his "It's time" tweet was the key to unlock them?

He originally hit the scene in May of 2013 when he flew to Hong Kong after relieving the NSA of the bits he published.

From the article linked in my previous post:

For clarification, yes there are actual exploits in the dump, with a 2013 timestamp on files. We do not know if they are working as nobody as tried them, but they are actual exploits and not only references.

Coincidence?

originally posted by: IAMTAT

Still, it seems a little clumsy auctioning in bitcoin.

Too clumsy.

a reply to: burntheships

That's the gov business model, wait for others to gather resources for you and then you swoop in and confiscate them and sell for profit... If they weren't the government it would be called " money laundering " .

Happened when they busted silk road up too, and the FBI agents issue too...

originally posted by: IAMTAT
Think of what it would take to successfully hack the NSA.
I think the term "Shadow Brokers" is an apt one.

This is something much bigger and more powerfully advanced than a Snowden or an Assange.

Me thinks their might be some small but key rogue agents helping versus standalone hackings.

Out of the box thought but...

If "the system" has been compromised wouldn't data stored have a "reasonable doubt" if it were to be used in a high profile court case of say a prominent politician that needs some NSA backups of her emails or some such thing?

That is to say, so called authentic copies could be considered to have been forged and inserted documents now.

originally posted by: interupt42

originally posted by: IAMTAT
Think of what it would take to successfully hack the NSA.
I think the term "Shadow Brokers" is an apt one.

This is something much bigger and more powerfully advanced than a Snowden or an Assange.

Me thinks their might be some small but key rogue agents helping to expose the corrupted system versus standalone hackings.

That occurred as a possibility to me, as well.

Related or not?
Soros and the CIA: Are they going to sit by as an ongoing cyber-assault on their clandestine political infrastructure is underway?