[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /cyb/ - 35298



File: 1471292684961.png (1.92 MB, 300x296, EFF_version_of_NSA_logo.jpg)

No.35298

  No.35303

>hacked equation group
>posted to tumblr
yeah...nah...

  No.35305

Magnet link: magnet:?xt=urn:btih:ICS7CUKFCT5WPFB7CN7X7XQKPNPJSH3W&dn=EQGRP-Auction-Files.zip&tr=http%3a%2f%2fdiftracker.i2p%2fannounce.php

To decrypt the files: https://theshadowbrokers.tumblr.com/

  No.35309

>>35305
Got an archive of that m9?

  No.35312

self.parser.add_argument('--msg',
help='print success message on console of target (DO NOT USE)',
dest='msg',
action='store_true',
required=False,
default=False)

>these are the people

  No.35314

File: 1471304921051.png (25.03 KB, 200x150, chum.jpg)

>NSA was hacked
C2 somewhere, or a staging server got owned. I guess you could technically call that hacking the NSA.

  No.35319

If you don't want to turn off your blockers to read the article:

------

The NSA’s elite teams of hackers have for years made it their mission to silently compromise computer systems around the globe. Now one group of anonymous hackers claims to have executed a counter-hack with none of the same discretion: They’ve brazenly announced the theft of a collection of files they say belonged to an NSA-linked spy group. And they’re auctioning those files off to the highest bidder.

On Monday an anonymous group calling itself the Shadow Brokers posted a page to Tumblr claiming to have breached computer systems used by the Equation Group, a team of highly sophisticated cyberspies that the security firm Kaspersky found last year was hacking targets around the world and has been tied to the NSA based in part on evidence from the leaks of Edward Snowden. The Shadow Brokers released a sample of the stolen data,as well as another encrypted file whose decryption key they’re offering for sale in a bitcoin auction.

“How much you pay for enemies cyber weapons?” reads a message on the site. “We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free…But not all, we are auction the best files.” The group brags lower on the page that the unreleased code for sale is “better than Stuxnet,” the NSA’s notorious malware targeting Iranian nuclear facilities that was discovered in 2010.

Despite the group’s unverified, over-the-top claims and comically broken English, researchers who downloaded the sample posted by the group say it does include intriguing data, such as 300 megabytes of code that match up with actual exploits used by the NSA. “It looks very much as if the NSA attacked someone, and that someone managed to source the origin of the attacks, and counter-hacked them,” says Claudio Guarnieri, a researcher at the University of Toronto’s Citizen Lab who specializes in state-sponsored malware analysis.

It’s too early to say for certain that the code and other data can be attributed to the Equation Group or any other NSA-linked hacker team, Guarnieri cautions. But he says the code does corroborate several of the exploits named in a catalogue leaked by Snowden in 2013 that lists tools used by the NSA’s elite Tailored Access Operations hacking team. “The content is credible enough and properly reflects what we know of some of the program names in there,” Guarnieri says.

Or, as University of California at Berkeley researcher Nicholas Weaver puts it on Twitter:

There are a lot of people in Ft Meade shitting bricks.

— Nicholas Weaver (@ncweaver) August 15, 2016

(cont.)

  No.35323

>>35319

Among the sample files released by the group are exploits that target equipment sold by companies including Cisco, Juniper, Fortigate and Topsec, a Chinese network security firm, according to Matt Suiche, founder of UAE-based incident response and forensics startup Comae Technologies. Suiche says those exploits attack older versions of the equipment and don’t use “zero-days”—previously undiscovered flaws in target software or hardware. But he believes they had nonetheless remained unpublished until now and hadn’t been included in public collections of exploits like the tool Metasploit.

All of that weighs against any theory that the leaked data is a mere scam to score a few quick bitcoins. “To create [all this evidence] from scratch, it’s very unlikely but not impossible,” says Suiche. “It seems pretty legitimate to me, and I’m not the only one.”

On the other hand, the Shadow Brokers group certainly doesn’t seem to be running its auction in a very professional fashion. They require bidders to send cryptocurrency blindly to their bitcoin address, with no hope of getting their coins back if they don’t submit the winning bid. “Sorry lose bidding war lose bitcoin and files. Lose Lose. Bid to win!” the message reads. But it also promises a “consolation prize” to all bidders and adds that if bids reach the ludicrous sum of one million bitcoins, they’ll publicly release another trove of high quality data.

“Why I trust you?” reads another question in their FAQ. “No trust, risk. You like reward, you take risk, maybe win, maybe not, no guarantees.”

The Shadow Brokers’ page ends with a long message to “wealthy elites,” arguing that the tactics of hackers like Equation Group could put their control of global politics at risk, and suggesting that they too should bid on the stolen files. “We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control,” the Shadow Brokers’ message reads.

The haphazard auction and political message present a jarring disconnect: Any hackers capable of compromising the Equation Group or another NSA hacker team would likely have to be extremely sophisticated; the Equation Group, after all, went not only uncompromised, but undetected for 14 years, a remarkable track record of stealth and operational security for a team believed to have attacked targets from Russia to Belgium to Lebanon. Anyone capable of finding NSA hackers’ infrastructure, not to mention penetrating it, would likely have to possess government-level resources and talent.

That disconnect has led security researchers to speculate that the leak is some sort of deceptive operation meant to confuse anyone trying to get to the bottom of the supposed compromise. Some researchers are already speculating that the leak is somehow connected to the alleged Russian hack of the Democratic National Committee, an operation that was also obscured by the perpetrators’ attempt to make it appear to be the act of a lone Romanian hacker.

For now, it’s likely too early to pin it on any of the usual cyberintrusion suspects. But the splashy leak, real or fraudulent, is sure to at least have gotten the NSA’s attention—and likely that of a few dozen other intelligence agencies, too.

(tagged: #ANT #CatalogueClaudio #GuarnieriEdward #SnowdenEquation #GroupNSAShadow #BrokersTailored #Access Operations)

  No.35324

Pretty coincidental timing, Guccifer 2.0 twitter account got reactivated, he released shit, then this happens.

theres something cheeki breeki about this 'hack'. My guess is that the NSA was fucking with russki operations and the russkis had enough.

  No.35334

>>35298

As cool as this potentially looks and 'lolol NSA got fukt', this could also be a really sweet NSA-executed deal.

Think about it. The English is broken, but mostly spelled and punctuated properly. The "samples" have already mostly been revealed by Snowden, so they don't lose anything. They're selling some files to the highest bitcoin bidder for EZ cash. They also state to have a strong distaste for the elite that evade prosecution through financial prowess, a theme that adds to the author's character as possibly representing the middle / lower class. It adds more dimension to the author that is further from American state-sponsored suspicion.

It could also very well be a Russian plot as well. It could also be a non-state sponsored hack, but this level of coordination and potential forgery is unlikely to be seen outside of state-sponsored hacks.

Anyways, all that is known is that the files are named like NSA scripts written by English natives and the computer used to show them was set to the English language and is likely running some form of Linux. The majority of the files are either .py, .blob, .pl, or .bin. The author is also seeking bitcoin donations at an address and claims to release the encryption key for the files to the highest bidder.

Apart from that and other claims the author has made, there isn't much else that can be determined for the origin or circumstances surrounding the post or pictures.

  No.35338

>>35334
thing about that is that there's no motive. There's no reason for the NSA to run such an elaborate campaign.

My reckoning is that >>35324 is right and it's the FSB saying "fuck you" to the NSA.

  No.35339

>>35338
Money, public opinion manipulation, and possibly the addresses and information of those that are interested in the information? That's motive.

  No.35340

>>35339
1) the NSA has plenty of cash, congress is fucking falling over to fund them

2) how would this influence pulbic opinion?

3) nobody asking around for NSA scripts(except maybe clueless reporters) would let that info slip.

  No.35341

>>35298
Is it safe to download the samples?

  No.35347

>>35341
Yeah, just scanned with norton antivirus. Checks out.

  No.35380

>>35341
If you're asking whether or not you'll get v&, then you're fine.

Once that shit is out there, its out there. All those tools and implants are burnt and will never be used again. Just like EquationGroup implants and Project Sauron implants will never be seen again.

  No.35387

>>35340
They might want to use this to imply they are weak and embolden other state hacking groups to attempt to hack their servers which are actually honeypots, as to gain intelligence on the specific capabilities of their main adversaries.

  No.35388

>>35387
still seems overly complex.

  No.35389

>>35388
It actually seems like a very simply way of attempting to gain such intelligence.

  No.35392

>>35389
no, it doesn't. They have to know that the Russians and Chinese are constantly trying to breach their networks, they'd just have to set up an easy honeypot and wait for them to find it.

I think what happened is, they did exactly that but then some non-state hackers found it instead.