A group of hackers known as the Shadow Brokers is currently selling off cyber-spying tools , which it claims belong to the U. The Shadow Brokers claimed that their initial public release of the software included tools that could be used to break into firewall systems from companies like Cisco Systems and Juniper Networks. Security experts had claimed that the espionage tools appeared to be old, but Cisco appears to be seeing some of them for the first time.
Meanwhile, Russian security firm Kaspersky has also been interrogating the software. Kaspersky identified the previously unknown Equation Group last year, and at the time Reuters claimed that it was the work of the U. National Security Agency. These scraps of information raise the question of why the NSA had for years been sitting on vulnerabilities that affect widely used networking gear.
They also suggest that the agency may have gone against White House policy on when it is reasonable to keep flaws secret. The Cisco bugs were zero-day vulnerabilities , so called because they give the author of a piece of software zero days to identify and distribute a solution. Zero-days are valuable to criminals and spies because they can be used to break into systems undetected. Organizations in the business of hacking, like the NSA, can secretly stockpile vulnerabilities to keep their operations stealthy.
One is that a disgruntled insider — or a new whistleblower, styling himself like Edward Snowden — "simply walked out of the ROC with a thumb drive. Another is that the secrets dribbled out of the NSA for years, and a country with sophisticated clandestine cyber capabilities had been waiting at the right point on the internet to collect them. According to Top Secret budget documents leaked by Snowden, TAO teams control more than 85, implants hidden in computers and servers all over the world as well as the complex pathways that exfiltrated the data collected by these implants and transmitted the digital "take" back to the NSA for processing and analysis.
Most computers used by employees at that organization have nothing that the U. But a small fraction would. Instead of asking a human asset to break into the building and install a cyber bug on all of its computers, TAO's ROC would find devices on the gateway on the network — often a commercial firewall — and hack through them, installing code that sniffs through all the traffic the server handles, looking for keywords and selectors that might be of interest.
Several documents released by Snowden listed the manufacturers of firewalls, operating systems, and control mechanisms the NSA managed to compromise.
Some of these backdoors the NSA might have purchased directly from companies using secret agreements overseen by the agency's National Commercial Solution Center. Others were no doubt found by NSA developers themselves; whether they were shared with the companies whose products were compromised was a decision made above the heads of those that found them. Others were stolen by the NSA from foreign intelligence services that had discovered them.
Meade, and in field stations in Georgia, Hawaii, and Texas , set up covert nodes on the regular internet to launch the attacks. To protect the locations of these agency-owned and operated nodes, the ROC operators launder their attacks through other computers. These are called "redirectors. As Snowden tweeted on Tuesday, the agency's hackers are taught not leave footprints of their work on those computers; this would be clear evidence to foreign intelligence agencies that the NSA was using them.
But the capacity to move this data around exists," a NSA consultant said. Finding anonymous launch points is expensive and time consuming. That's why the same redirector might be used for hundreds of different operations. Sometimes it's much more complex," the intelligence official familiar with TAO's processes said.
If a foreign intelligence agency managed to "own" one of these redirectors, it could silently record all of the tools that the ROC hackers were using, collecting and archiving them. Intelligence officials and operators with knowledge of the cyber collection process say that the NSA understands that its exploits are sometimes hijacked, and that its redirectors might be discovered.
It has, in the process of defending America's cyber infrastructure, discovered many Chinese and Russian command and control computers that are used to penetrate American networks. According to several experts who have analyzed the source code, the Shadow Broker bundle contains exploits for firewalls , instructions to implant a backdoor into the memory of the device, and a number of self-deleting execution commands.
The files' explanatory language used leaves little doubt that the tools are used by the NSA. The signature of the code is identical to commands and formats known to be used by the NSA. As for the NSA, the site is still unpatched. Vanee Vines, a spokesperson for the agency, did not respond to Motherboard's request for comment. Karthikeyan said that perhaps the NSA didn't bother patching yet because "they didn't care enough about it" since the site doesn't contain or host sensitive information.
But Karthikeyan also noted that the NSA has a careers website, and with this bug, someone could potentially steal the username and passwords of would-be NSAers, and access their job applications.
Sign In Create Account. This story is over 5 years old. March 4, , am. Your Email:.
0コメント