With the leak of exploits developed by The Equation Group, the long-secret, NSA-adjacent super-elite hacking squad — published by The Shadow Brokers, who have some extremely heterodox theories about auction design — it's now possible to audit the source code of some of the NSA's crown-jewel cyberweapons.
The news that a group of anonymous hackers claimed to have stolen some of the NSA's most secret, valuable weaponized vulnerabilities and were auctioning them off for bitcoin triggered an epic tweetstorm from Edward Snowden, who sets out his hypothesis for how the exploits were captured and what relation that has to the revelations he made when he blew the whistle on illegal NSA spying in 2013.
For more than decade, a shadowy, heavily resourced, sophisticated hacker group that Kaspersky Labs calls the Equation Group has committed a string of daring, cutting-edge information attacks, likely at the behest of the NSA.
Chinese spies got a hold of NSA hacking tools, and "repurposed them in 2016 to attack American allies and private companies in Europe and Asia," reports the NYT. How'd they get those cyberweapons? Symantec researchers "believe the Chinese did not steal the code but captured it from an N.S.A. — Read the rest
Kaspersky — a respected Russia-based security company — has been under a cloud since they were accused of stealing NSA cyberweapons on behalf of the Russian government. But the company has a perfectly innocent — if complicated and at times bizarre explanation for how it came to be in possession of the NSA's crown jewels.
As our Cory Doctorow reported previously, a previously unheard of hacker group calling themselves The Shadow Brokers announced this week it had stolen a trove of ready-to-use cyber weapons from The Equation Group (previously), an advanced cyberweapons dealer believed to be operating on behalf of, or within, the NSA. — Read the rest
The Shadow Brokers, a previously unknown hacker group, has announced that it has stolen a trove of ready-to-use cyber weapons from The Equation Group (previously), an advanced cyberweapons dealer believed to be operating on behalf of, or within, the NSA.
Following on the news that the (likely NSA-affiliated) Equation Group has developed a suite of firmware attacks that target the software embedded in your hard-drive and other subcomponents, it's time to expand the practice of information security to the realm of embedded software.