[ed. The irony is too obvious. See also: 'Auction of NSA tools sends secutiry companies scambling.]
A cache of hacking tools with code names such as Epicbanana, Buzzdirection and Egregiousblunder appeared mysteriously online over the weekend, setting the security world abuzz with speculation over whether the material was legitimate.
The file appeared to be real, according to former NSA personnel who worked in the agency’s hacking division, known as Tailored Access Operations (TAO).
“Without a doubt, they’re the keys to the kingdom,” said one former TAO employee, who spoke on the condition of anonymity to discuss sensitive internal operations. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”
Said a second former TAO hacker who saw the file: “From what I saw, there was no doubt in my mind that it was legitimate.”
The file contained 300 megabytes of information, including several “exploits,” or tools for taking control of firewalls in order to control a network, and a number of implants that might, for instance, exfiltrate or modify information.
The exploits are not run-of-the-mill tools to target everyday individuals. They are expensive software used to take over firewalls, such as Cisco and Fortinet, that are used “in the largest and most critical commercial, educational and government agencies around the world,” said Blake Darche, another former TAO operator and now head of security research at Area 1 Security.
The software apparently dates back to 2013 and appears to have been taken then, experts said, citing file creation dates, among other things.
“What’s clear is that these are highly sophisticated and authentic hacking tools,” said Oren Falkowitz, chief executive of Area 1 Security and another former TAO employee.
Several of the exploits were pieces of computer code that took advantage of “zero-day” or previously unknown flaws or vulnerabilities in firewalls, which appear to be unfixed to this day, said one of the former hackers.
The disclosure of the file means that at least one other party — possibly another country’s spy agency — has had access to the same hacking tools used by the NSA and could deploy them against organizations that are using vulnerable routers and firewalls. It might also see what the NSA is targeting and spying on. And now that the tools are public, as long as the flaws remain unpatched, other hackers can take advantage of them, too.
The NSA did not respond to requests for comment.
“Faking this information would be monumentally difficult, there is just such a sheer volume of meaningful stuff,” Nicholas Weaver, a computer security researcher at the University of California at Berkeley, said in an interview. “Much of this code should never leave the NSA.”
The tools were posted by a group calling itself the Shadow Brokers using file-sharing sites such as BitTorrent and DropBox.
by Ellen Nakashima, WP | Read more:
Image: Spy vs.Spy via: