The authenticity of files released by Shadow Brokers has been confirmed. According to multiple sources, the tools and exploits dumped by the hacker group did indeed originate from the NSA systems.
The particulars of these cyber tools and exploits were matched with a recent set of documents leaked by Edward Snowden to confirm its authenticity. The latest batch of Snowden files was published recently by a New York-based online publication along with the confirmation. According to the publication, these tools were extensively used by the intelligence agency to secretly infect computers across the world.
The references to codes present in the files shared by Shadow Brokers was found in a classified NSA manual for implanting malware, including the specific 16-character string. One of the programs called SECONDDATE leaked by the hacking group was found to have the exact string “ace02468bdf13579”. SECONDDATE is an efficient tool used to intercept and redirect internet traffic originating from target computers to NSA’s servers. Once the link is established, the target computers are infected with malware. SECONDDATE is one of the many tools used by the NSA’s broader surveillance and infection network. All these tools together are capable of executing a “man in the middle” attack with a potential of infecting millions of computers across the world. Once infected, NSA can easily access data from the compromised systems.
The Shadow Brokers have demanded 1 million bitcoins to release all the NSA files in their possession. The ongoing auction hasn’t generated as much demand as expected. So far, the bitcoin wallet address provided by Shadow Brokers has received about 1.74 bitcoin which is a bit more than $1000.
Cybersecurity experts believe the auction to be a PR stunt with an intention of increasing their profits. It is also believed that the hackers may end up releasing the files in the coming days even if the contributions fail to meet their original demand.
Most of the files in possession of the Shadow Brokers are expected to be outdated as NSA would have already changed the protocols. But still, they are worth analyzing as it will help gain a better understanding of the spy agency’s inner workings. It will also give a brief idea about the extent of their reach, which may also lead to some serious diplomatic issues between the targeted nations and the United States.
Ref: The Intercept | Motherboard | The Verge | Image: The USB Port