What Experts Are Saying About Shadow Brokers

As we have all heard, there is a group calling themselves The Shadow Broker. They hacked into the NSA's (National Security Agency) server and stole a disk full of secrets last summer. This stunt pulled by shadow brokers publicly mocked the NSA for their vulnerable security and lack of information gathering skills. Despite this, they also distributed some of these sophisticated cyber weapons online for the other hackers to use them at will.

These tools were designed by an elite developer group known as the “Equation Group” which was linked to working with the NSA. This was later confirmed by the technical report provided by Kaspersky Lab on their blog which showed evidence of matching code with the shadow broker leaks and old Equation group malware code. These tools or so-called cyber weapons were designed to find a vulnerability in Cisco networking devices, Microsoft Windows and many Linux based mail services to put many companies and their customers at risk.

After this incident, there were two major cyber attacks, with two ransomware tools that affected more than 150 nations, knows as “Wanna-Cry” and “Petya”. It was later deduced that the tools were designed in such a way to bypass any security or firewall using the same NSA leaked tools named as EternalBlue and EternalLove. When the incident was over, The Shadow Broker spread, threatening messages all over the world that stated they would provide more of these tools every month, giving access to cybercriminals and other governments around the globe.

The Shadow Broker made their comeback last August, in which they released a bunch of hacking tools and exploits, and some information regarding the vulnerability in widely used software. In that release, the group published a set of NSA materials, that were, a couple of exploits and tools for networking devices like routers; another collection for Microsoft Windows and server services; a list of the analysts who broke into the SWIFT banking network.

The group came out from their shadow’s and made a re-appearance with a new catastrophic news regarding the online auction of the NSA exploits and hack tools to the highest bidder and asked the payment to be in the new renowned currency “Bitcoin”. The auction didn’t go well as planned by the group in terms of raising around one million bitcoins (Approx. Four Billion five hundred USD). In January 2017 it was reported that they are selling the tools to different hacking groups online.

How did Shadow Broker carry out the attack? I guess that was the first question that came into everyone's mind, even in the thoughts of security admins at the NSA. I think there was a mole inside their corporation, which helped the group to bypass the security from inside (insider threat). The main suspect for this was Hal Martin, who was a contractor for NSA and was arrested around August for hoarding national secrets. But even the shadow brokers were active in their game, while Hal was in custody. It could be possible that the leaker got the information from Hal stash or his workstation was compromised.

As per the study and references, I have come to some conclusions that the group “Shadow Broker” is not some bunch of hackers, whereas these are a state-sponsored elite group, as these cyber tools are like cyber-nuclear bomb and the one having these in his possession know that more than half of the agencies around the globe are on the hunt for them. Whereas the publishers are not cybercriminals if they were some cybercriminal they would have started making malicious tools for themselves and turning the exploits into virus, worm and profiting themselves from theft.

References:

https://securelist.com/the-equation-giveaway/75812/

https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/

https://en.wikipedia.org/wiki/The_Shadow_Brokers

https://arstechnica.com/information-technology/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/

https://www.theregister.co.uk/2017/06/29/shadow_brokers_threaten_nsa_hacker/

https://thehackernews.com/2016/08/nsa-hack-russia-leak.html

https://www.cyberscoop.com/nsa-hacking-tools-shadow-brokers-dark-web-microsoft-smb/

https://blog.rapid7.com/2017/04/18/the-shadow-brokers-leaked-exploits-faq/