Someone Hacked the NSA, but Who?

Sources: The Hacker News, Pastbin, Kaspersky. 

It would appear that the National Security Agency (NSA) has been hacked. But, by who?

Cybersecurity researchers are still at wits ends, as they attempt to gain answers, after a random unidentified group made a statement on Monday stating they had exploited a section of the NSA. This specific target, or ‘section,’ happens to have been the Equation Group.

The Equation Group is an elite cyber-attack group associated directly with the NSA. This group has also allegedly dumped a bunch of the NSA hacking tools including, but no limited too:

* Malware

* Private Exploits

* Penetration Testing Tools

* Trojans
* + More

The United States of America’s strongest line of defense, as well as offense – digitally speaking of course – has been played with as if it were a child’s play toy. However, some of those cybersecurity researchers handling the case, have examined this leaked data, as well as the series of exploits and other hacktivist tools, in which they believe are legitimate.

To make matters more serious, this hack group who are calling themselves The Shadow Brokers are demanding a total sum of $568 million by means of Bitcoin currency (1 million Bitcoins), to leak all tools and other data found on an online auction. They are – within this – threatening to release the so called “Best Cyber Weapons,” also.

Kaspersky described the NSA Equation Group in a 2015 article,  as “a threat actor that surpasses anything known in terms of complexity and sophistication techniques, and that has been active for almost two decades.”

This Equation Group has also been linked directly to the infamous Regin, as well as Stuxnet attacks, back in 2010.

The Stuxnet had in fact made the international headlines everywhere in 2010, as it had specifically targeted a large Uranium enrichment compound that is located in Natanz, Iran. This highly advanced software, Stuxnet, was well designed. So well, that the program was targeting centrifuges and causing them to spin out of control by either speeding the centrifuges up to the point they start to shack their housings, or causing them to go so slow that they performed a “top” effect, and loosely wobbled. The Stuxnet virus ended up disabling a total of 1,000 centrifuges, in which the Iranians were utilizing for the enrichment of uranium.

Just two days ago, The Shadow Brokers released some of the files in which they had confiscated from the NSA’s The Equation Group. They released their files on sites such as Github and Tumblr. However, under both accounts, any and all information has been deleted.

The leaked files mostly contained various install scripts, as well as some configuration scripts for Command-and-Control (C&C) server, and even contained exploits in which were allegedly designed to properly target routers and firewalls – more specifically, targeting the Amercian manufacturers of these routers and firewalls for Cisco, Juniper and Fortinet.

The leaked files also shined light on an interesting topic, in which concluded that the Chinese organization Topsec had also been a major aspect of the Equation Group target.

The information leaked spoke of names consistent with hacking tools that seemed to correlate with other identities utilized in the documents leaked by whistleblower, Edward Snowden. Such correlation names include “BANANGLEE” as well as “EPICBANANA.”

shadow-brokers-640x1323

 

While several links leading to the exposure of this NSA exploit appear to lead you to a 404 wild goose chase, I did manage to uncover a specific URL leading to the downloads of their files.
And when looking at the files, they appear to be broken .rar files with added zip extensions. However, if you would take the extensions and convert them into a .txt format, you get a whole other picture. 
Please download your copy of the exploits on the NSA top-secret tools here.

While the leaked documents’ evidence of legitimacy is still unclear, some security experts working on the case are strongly agreeing that these are legit NSA sector copies.