The National Security Agency has no idea how a rogue hacking group leaked its exploits-A group called The Shadow Brokers has been Leaking NSA exploit kits online
• By Andreas Clarke Updated April 3rd, 2017 09;27 EDT
The US intelligence community is still attempting to figure out how a hacking group called the Shadow Brokers was able to obtain and leak a slew of NSA computer exploits used to circumvent security of routers and firewalls, top officials have admitted.
“We are still sorting this out,” said James Clapper, director of national intelligence, at an event at the Nixon Presidential Library on 24 August. As reported by AP, he added: “It’s still under investigation. We don’t know exactly the full extent – or the understanding – of exactly what happened.”
In what amounted to the first official comment on the hack, it’s clear the US government is still attempting to find out the true scope of the embarrassing blunder.
The leaked toolkits, reportedly from 2013, contained NSA surveillance and infiltration exploits that relied upon previously unknown zero-day vulnerabilities.
The Shadow Brokers, the hacking group with suspected ties to Russian intelligence, released the files on 13 August. The group, which claimed to have obtained them from the NSA-linked ‘Equation Group’, published one file as proof of legitimacy and put the remaining one up for ‘auction’ for a massive 1m bitcoin – equivalent to over $550m (£416m).
Many of the exploits – such as Bananaglee and Zestyleak – were eventually confirmed to be real by previously unreleased Edward Snowden documents published by The Intercept. Following this, multiple US firms – including Cisco, Fortinet and Juniper – were forced to rush out security patches and warnings to their customers.
Now, cybersecurity researchers are calling on the NSA and the US government to disclose more information about the troubling leak of tools that were never meant to see the light of day. “It now safe to say that the ‘Equation Group’ leak by Shadow Brokers is real and consists of a genuine trove of NSA tools used to hack firewalls,” said Nicholas Weaver, a senior computer security researcher at the International Computer Science Institute in California.
“The leaked code references known programs, uses a particularly unusual RC6 and cruddy crypto techniques previously associated with NSA implants,” he added, writing on Lawfare. “The whole episode raises a host of oversight questions. How and why did NSA lose 280MB of top secret attack tools, including multiple zero day exploits and un-obfuscated implants?” Weaver said that tough questions now been to be asked of the NSA, including when it became aware of the breach, why it didn’t contact the vulnerable technology firms and if it has identified the source of the breach. “Certainly somewhere there’s been a substantial screw up,” he said. “Congress should not let the agency off the hook, good security systems should make things difficult to fail.”
Speaking with IBTimes UK, Douglas Crawford, a cybersecurity expert at BestVPN, a firm that analyses the mounting number of virtual private network products on the market, said it was a concern – but not a surprise – to see the NSA exploiting US technology firms.
“The affected companies – Cisco, Juniper and Fortinet, are all high-profile US brands,” he said. “That their products were directly targeted by the NSA demonstrates that the security agency has gone rogue, and is acting against the best interests of the country whose job it is to serve.”
He continued: “The only way for the NSA to help restore confidence in US security products would be to adopt a policy of transparency.
“Critically, international encryption standards should be developed as open source projects that can be independently audited, and NIST – which by its own admission works closely with the NSA – certification should be replaced with certification by a transparent and international body of independent experts. Is this likely to happen? The phrase ‘snowball’s chance in hell’ comes to mind.”
Now, the US intelligence officials have said its probe will continue. John Brennan, the director of the CIA, who appeared alongside Clapper at the Nixon Presidential Library event, added that cybersecurity is now viewed as one of the most serious issues facing the US.
“This administration, the intelligence community is focused like a laser on this and I would say the next administration really needs to take this up early on as probably the most important issue they have to grapple with,” he said.