Reg comments12

Shadow Brokers leak systems hacked by NSA – mostly mail and uni servers in India, China

With gibberish encouraging disruption of the US election

The Shadow Brokers crew has dumped online a list of servers apparently compromised by NSA hackers.

The list contains historic targets of the NSA-linked Equation Group. The date stamps suggest the systems were compromised around 2001 and 2003, and they appear to be used as bases from which US snoops could carry out surveillance or other attacks.

It demonstrates why attribution is difficult in cyber-security – just because an assault comes from systems in a particular nation doesn't mean that nation is orchestrating the attack. Systems can be hacked and commandeered from the other side of the world.

Mail providers, universities and targets in China make up the bulk of the Equation Group roster. Each were targets of INTONATION and PITCHIMPAIR, codenames for cyber-spy hacking programmes.

Documents leaked by whistleblower Edward Snowden provide strong evidence that previous dumps by the Shadows Brokers feature malware and exploits that originated at the NSA, as previously reported. The latest Shadow Brokers dump was signed using the same key as the initial dump of NSA exploits, which the Shadow Brokers unsuccessfully tried to auction off.

A message accompanying the latest dump somewhat incoherently calls for attempts to disrupt the forthcoming US presidential election.

This poorly argued rabble-rousing has been met with some derision. Security experts have questioned the value of the leaked target list, at least outside the realm of cyber-espionage historians. "The list of servers is nine years old. [Many] likely no longer exist or [are] reinstalled," said security researcher Kevin Beaumont, in an update on Twitter. ®


Biting the hand that feeds IT © 1998–2017