• "Spreading the ideas of freedom loving people on matters regarding metals, finance, politics, government and many other topics"

Mysterious Group Hacks The NSA

mayhem

RIP 9/6. Anything new is posted by his widow.
Silver Miner
Site Supporter
Joined
Mar 30, 2010
Messages
4,334
Likes
6,322
#1
http://www.zerohedge.com/news/2016-08-15/mysterious-group-hacks-nsa

The latest hack revealed over the weekend has nothing to do with the Democratic Party or George Soros, and instead a mysterious hacker group by the name “The Shadow Brokers” claims to have hacked the Equation Group - a government cyberattack hacking group associated with the NSA, and released a bunch of the organization's hacking tools. The hackers are also asking for 1 million bitcoin (around $568 million) in an auction to release more files.

“Attention government sponsors of cyber warfare and those who profit from it!!!!” the hackers wrote in a manifesto posted on Pastebin, on GitHub, and on a dedicated Tumblr.

How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.

In February 2015, Ars Technical dubbed The Equation Group "the most advanced hacking operation ever uncovered." According to Kasperky, the "Equation Group" is a threat actor that surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades." While Kaspersky Lab stopped short of saying it’s the NSA, its researchers laid out extensive evidence pointing to the American spy agency, including a long series of codenames used by the Equation Group and found in top secret NSA documents released by Edward Snowden. The Equation Group, according to Kaspersky Lab, targeted the same victims as the group behind Stuxnet, which is widely believed to have been a joint US-Israeli operation targeting Iran’s nuclear program, and also used two of the same zero-day exploits.



The global "victims" of the Equation Group are laid out in the map below: it is no secret that the group is not particularly enthused by either Iran or Russia.



It is this secretive hacker collective that the "Shadow Brokers" claimed to have hacked, and allegely stole some of its hacking tools. They publicized the dump on Saturday, tweeting a link to the manifesto to a series of media companies.

According to Motherboard, the dumped files mostly contain installation scripts, configurations for command and control servers, and exploits targeted to specific routers and firewalls. The names of some of the tools correspond with names used in Snowden documents, such as “BANANAGLEE” or “EPICBANANA.” The hackers have released 60% of the files they claimed to have taken from the Equation Group. The Shadow Brokers said they would release the remaining data to the highest bidder in a Bitcoin auction (they’ve received three bids so far). If they received an extraordinary 1,000,000 Bitcoins, worth roughly $560 million, they would release all the files.



A review of the files revealed what appear to be vulnerabilities and exploits for some widely-used firewalls — network security technologies that aim to block digital snoops from entering. Suiche posted a handy rundown of the products affected. He said at the very least the exploits for the Cisco products included “real code” designed specifically to take control of the firewalls. “It’s not automatically generated or something like that.”

Alongside those alleged exploits were implants — malware that is covertly dropped on the network once the firewall and other security mechanisms have been bypassed. There were also some scripts and basic instructions for the malware’s usage.

While it was initially unclear if the data is legitimate, some security experts agree that it likely is.

“The code in the dump seems legitimate, especially the Cisco exploits … and those exploits were not public before,” said Matt Suiche, founder of UAE based cybersecurity start-up Comae Technologies. “The content seems legit.”

“If this is a hoax, the perpetrators put a huge amount of effort in,” the security researcher known as The Grugq told Motherboard. “The proof files look pretty legit, and they are exactly the sorts of exploits you would expect a group that targets communications infrastructure to deploy and use.” Claudio Guarnieri, an independent security researcher who’s investigated other hacking operations by the Western intelligence agencies, said that the files might be from a hacked NSA server used in an operation. He also cautioned that this is a preliminary analysis and that more analysis is needed.

The most recent file is dated June 2013, though the hackers could have tampered with the dates. Dmitri Alperovitch, the co-founder of security firm CrowdStrike, theorized that “the leakers were probably sitting on this information for years, waiting for the most opportune time to release.” CrowdStrike is best known for immediately 'concluding' that all recent hacks of Democratic-linked servers have been under the guidance of the Kremlin.

A Kaspersky Lab researcher declined to comment. Another Kaspersky Lab researcher noted on Twitter that there is “nothing” in the dumped files that links them to the Equation Group, but some of their names are from the ANT Catalog, an NSA hacking toolset published by Der Spiegel in late 2013. It’s worth noting that while the files dumped by The Shadow Brokers might not have a direct connection with the Equation Group, they could come from a different operation that those seen by Kaspersky Lab.

The Shadow Broker claimed to have gotten the files by following Equation Group “traffic,” hacking the group and finding its “cyber weapons.” (The hackers did not respond to a request for comment, and neither did the NSA.)

As Motherboard concludes, while the motives behind this dump are unclear, if legitimate, this could be one of the most shocking hacks ever.

As of Monday afternoon, the Bitcoin wallet where the hackers accept auction offers has received three offers so far; it has a long way to go to reach 1 million. If this hack is confirmed to be indeed of an NSA-related organization, we assume much more leaks will follow, even if the payment will ultimately take place behind the scenes.

As for the origins of the new "mysterious" hacker group, speculation is already rife that Russians are (again) behind it. However, as Forbes notes, whatever the alleged hack’s origins, the NSA does have something to worry about: Someone is out to embarrass the agency and might have the tools to do just that at a particularly heated time in US politics. The agency should, of course, have a response plan. Snowden managed what the Shadow Brokers are shooting for on a far greater scale.
 

the_shootist

Old Pasty White Guy
Midas Member
Midas Supporter ++
Joined
May 31, 2015
Messages
52,907
Likes
96,251
Location
Earth
#3
I say we start a gofundme page to raise the 1 million BTC. Who's with me?
 

the_shootist

Old Pasty White Guy
Midas Member
Midas Supporter ++
Joined
May 31, 2015
Messages
52,907
Likes
96,251
Location
Earth
#4
With all of these Hackings going on, I wouldn't be surprised to see alot more"mysterious" deaths occuring. Some people out there just know too much for their own good.
I have a list of people I'd like to see turn up suicided...they're all traitors to America
 

mayhem

RIP 9/6. Anything new is posted by his widow.
Silver Miner
Site Supporter
Joined
Mar 30, 2010
Messages
4,334
Likes
6,322
#5
I really dislike this software because the links within the article are so obscure and on my screen they barely appear.

This is a good one. Lists what's up for randsom.
https://archive.is/rdYpc#selection-633.0-638.0

Welcome to the "Badlands" folks. Right out of the pages of Thieves Emporium. (4.5 stars at Zon) Damn that book was so good and real. If you like a thriller about hacking, the badlands, where you can get anything, that read is good. I visited one night and was looking where I could buy 4k worth of perfect 20's for four hundred delivered.

Believe me the dark net may be the only place to get anything when Martial Law is imposed. But DYYDD, it's no place for the week at heart, or SJW. There are no safe places.

Here is a safe link to the Badlands Listings to get an small idea what is available. This is not a secure link, (https) so just look, and don't click on the internal links unless you are using a VPN w/https everywhere, or TOR. Your information will not be protected if you click on any of the links displayed at the site linked below. I would NEVER put a GIM'er in any danger, ever.
http://thehiddenwiki.org/
 

Aurumag

Ag mirror of truth Aurum purity of mind
Midas Member
Site Supporter ++
Joined
Mar 31, 2010
Messages
12,075
Likes
17,053
Location
State of Jefferson
#6
I really dislike this software because the links within the article are so obscure and on my screen they barely appear.

This is a good one. Lists what's up for randsom.
https://archive.is/rdYpc#selection-633.0-638.0

Welcome to the "Badlands" folks. Right out of the pages of Thieves Emporium. (4.5 stars at Zon) Damn that book was so good and real. If you like a thriller about hacking, the badlands, where you can get anything, that read is good. I visited one night and was looking where I could buy 4k worth of perfect 20's for four hundred delivered.

Believe me the dark net may be the only place to get anything when Martial Law is imposed. But DYYDD, it's no place for the week at heart, or SJW. There are no safe places.

Here is a safe link to the Badlands Listings to get an small idea what is available. This is not a secure link, (https) so just look, and don't click on the internal links unless you are using a VPN w/https everywhere, or TOR. Your information will not be protected if you click on any of the links displayed at the site linked below. I would NEVER put a GIM'er in any danger, ever.
http://thehiddenwiki.org/
Thanks! I'll access it from the public library.

And for those who may not know it, those Cisco vulnerabilities equate to Internet security weaknesses, since 90% plus of the routers and firewalls within the web are running Cisco IOS, or a knock-off version.

Interesting timing.

Will the great hack be the rationale for a financial collapse? Just look at the systemic dependencies.

Oh, and don't forget to blame the Russians.
 

mayhem

RIP 9/6. Anything new is posted by his widow.
Silver Miner
Site Supporter
Joined
Mar 30, 2010
Messages
4,334
Likes
6,322
#7

oldgaranddad

Platinum Bling
Platinum Bling
Midas Supporter ++
Joined
Feb 21, 2012
Messages
6,087
Likes
12,140
Location
On the top shelf.
#8
I wouldn't put it past one faction of US.gov screwing over another faction of US.gov with the Russians, Chinese and others wondering WTF is going on over here.
 

dacrunch

Platinum Bling
Platinum Bling
Joined
Apr 9, 2010
Messages
6,069
Likes
6,529
#9
How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.
Sure looks like a direct "google translate" from Chinese, eh?
 

oldgaranddad

Platinum Bling
Platinum Bling
Midas Supporter ++
Joined
Feb 21, 2012
Messages
6,087
Likes
12,140
Location
On the top shelf.
#10

Sure looks like a direct "google translate" from Chinese, eh?
If you wanted people to think it was the Chinese that were the hackers you'd write the message in Chinese then let Google translate it for you into English wouldn't you? That would be a great way to hide any linguistic clues.
 

Usury

Site Supporter
Site Supporter
Platinum Bling
Joined
Apr 1, 2010
Messages
4,819
Likes
4,411
#11
I've never trusted Kaspersky. Russian antivirus company? Riiiight.....
 

mayhem

RIP 9/6. Anything new is posted by his widow.
Silver Miner
Site Supporter
Joined
Mar 30, 2010
Messages
4,334
Likes
6,322
#12
I've never trusted Kaspersky. Russian antivirus company? Riiiight.....
Probably a Russian Joo, different breed of Russian.