Powerful NSA Hacking Tools Have Been Revealed Online: ‘Keys to the Kingdom’

NSA headquarters. Image: Wikimedia Commons

Strings of code were released to the Internet by a group calling themselves ‘the Shadow Brokers’. They claim the code is a tool that can be used to hack into any computer. 

The cache mysteriously surfaced over the weekend and appears to be legitimate. 

Ellen Nakashima reports: Some of the most powerful espionage tools created by the National Security Agency’s elite group of hackers have been revealed in recent days, a development that could pose severe consequences for the spy agency’s operations and the security of government and corporate computers.

“Faking this information would be monumentally difficult, there is just such a sheer volume of meaningful stuff. Much of this code should never leave the NSA.”

— Nicholas Weaver, a computer security researcher at the University of California at Berkeley

A cache of hacking tools with code names such as Epicbanana, Buzzdirection and Egregiousblunder appeared mysteriously online over the weekend, setting the security world abuzz with speculation over whether the material was legitimate.

panic-betty

The file appeared to be real, according to former NSA personnel who worked in the agency’s hacking division, known as Tailored Access Operations (TAO).

[Read the full story here, at The Washington Post]

“Without a doubt, they’re the keys to the kingdom,” said one former TAO employee, who spoke on the condition of anonymity to discuss sensitive internal operations. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”

Said a second former TAO hacker who saw the file: “From what I saw, there was no doubt in my mind that it was legitimate.”

 0624-ANSA-NSA_Phone_Records_Big_Data_full_600

“Without a doubt, they’re the keys to the kingdom. The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”

Strings of code were released to the Internet by a group calling themselves “the Shadow Brokers”. They claim the code is a tool that can be used to hack into any computer.

The file contained 300 megabytes of information, including several “exploits,” or tools for taking control of firewalls in order to control a network, and a number of implants that might, for instance, exfiltrate or modify information.

The exploits are not run-of-the-mill tools to target everyday individuals. They are expensive software used to take over firewalls, such as Cisco and Fortinet, that are used “in the largest and most critical commercial, educational and government agencies around the world,” said Blake Darche, another former TAO operator and now head of security research at Area 1 Security.

The software apparently dates back to 2013 and appears to have been taken then, experts said, citing file creation dates, among other things.

us_nsa_cyber_ap

“The tools were posted by a group calling itself the Shadow Brokers using file-sharing sites such as BitTorrent and DropBox.”

“What’s clear is that these are highly sophisticated and authentic hacking tools,” said Oren Falkowitz, chief executive of Area 1 Security and another former TAO employee.

Several of the exploits were pieces of computer code that took advantage of “zero-day” or previously unknown flaws or vulnerabilities in firewalls, which appear to be unfixed to this day, said one of the former hackers.

The disclosure of the file means that at least one other party — possibly another country’s spy agency — has had access to the same hacking tools used by the NSA and could deploy them against organizations that are using vulnerable routers and firewalls. It might also see what the NSA is targeting and spying on. And now that the tools are public, as long as the flaws remain unpatched, other hackers can take advantage of them, too.

The judge says the government learned from its mistakes on 9/11. | AP Photo

“The disclosure of the file means that at least one other party — possibly another country’s spy agency — has had access to the same hacking tools used by the NSA and could deploy them against organizations that are using vulnerable routers and firewalls. It might also see what the NSA is targeting and spying on. And now that the tools are public, as long as the flaws remain unpatched, other hackers can take advantage of them, too.”

The NSA did not respond to requests for comment.

“Faking this information would be monumentally difficult, there is just such a sheer volume of meaningful stuff,” Nicholas Weaver, a computer security researcher at the University of California at Berkeley, said in an interview. “Much of this code should never leave the NSA.”

The tools were posted by a group calling itself the Shadow Brokers using file-sharing sites such as BitTorrent and DropBox. Read the rest of this entry »


The Suicide of the Liberal Arts

Achillles-slay-Hector

Indoctrinating students isn’t the same as teaching them. Homer and Shakespeare have much to tell us about how to think and how to live.

John Agresto writes: I was a few minutes early for class. Father Alexander, my high-school sophomore-homeroom teacher, was standing outside the room, cigarette in his mouth, leaning on the doorjamb. “Morning, Father.”

His response was to put his arm across the door. “Agresto,” he said, “I have a question I’ve been thinking about and maybe you can help me.”

“Sure, what’s up?”

“Do you think a person in this day and age can be called well educated who’s never read the ‘Iliad’?” I hadn’t read the “Iliad,” and am not even sure I had heard of it. “Hmmm. Maybe, I don’t see why not. Maybe if he knows other really good stuff . . .” His response was swift. “OK, Agresto, that proves it. You’re even a bigger damn fool than I thought you were.”

I grew up in a fairly poor Brooklyn family that didn’t think that much about education. My father was a day laborer in construction—pouring cement, mostly. He thought I should work on the docks. Start by running sandwiches for the guys, he told me. Join the union. Work your way up. There’s good money on the docks. And you’ll always have a job. He had nothing against school, except that if bad times came, working the docks was safer.

I also grew up in a house almost without books. All I remember is an encyclopedia we got from coupons at the grocery store and a set of the “Book of Knowledge” from my cousin Judy. Once in a while I’d head over to the public library and borrow something—a book on tropical fish, a stamp catalog, a book by someone called Levi on pigeons. It never dawned on me to look at what else there was. Who read that stuff anyway?

So now I’m a professor and former university president who grew up without much real childhood reading until eighth grade, two or three years before the “Iliad” question. Sister Mary Gerald asked me one day if I read outside of class. I told her about the pigeon book and the stamp catalog. No, she asked, had I ever read any literature?

Whereupon she pulled out something called “Penrod and Sam,” by a guy named Booth Tarkington. She said I should read it. I did. I can’t say that “Penrod and Sam” is great literature, but it changed a small bit of my neighborhood. Penrod had a club. So my friends and I put together a club. Penrod’s club had a flag; we had a flag. Penrod would climb trees and spy on the surroundings. We had to be content with climbing on cyclone fences.

[Read the full story here, at WSJ]

Who would have thought there was a new way of having adventures, learned from a book? A book, by the way, of things that had never happened. Something had pierced the predictable regularity of everyday street life. And that something was a work of someone’s imagination.

So I started to read, and with the appetite of a man who finally realized he was hungry. I became a reader of fairly passionate likes and dislikes. Dickens was fine, though he could have gotten to the point sooner. O. Henry, Stevenson and later Tolkien, Lewis, Swift. Read the rest of this entry »