A whistle-blower Edward Snowden on Tuesday injected himself into an escalating cyberstruggle that could affect the U.S. presidential election.
The reported hack of The Equation Group might have been a warning shot from Russia, Snowden claimed.
The group, which is widely believed to be a front operation for the NSA, apparently was hacked over the weekend by a previously unknown outfit called the "Shadow Brokers," which then claimed to have valuable files in its possession that would be available to the highest bidder.
The group posted a free preview of its alleged stash on Tumblr, in a broken-English post that later was deleted. A cached version of the page, as it appeared on Monday, was still accessible as of Wednesday evening.
The Shadow Brokers could provide additional access to Equation Group tools, according to the post, and if the auction were to raise 1 million bitcoins, then the group would dump more files for free.
Cisco's Response
Cisco's Product Security Incident Response Team investigated the information published by the Shadow Brokers, and identified two vulnerabilities affecting Cisco ASA devices that required customer attention, according to PSIRT spokesperson Yvonne Malmgren.
The company issued two security advisories -- one for a newly found defectand one for a defect that was found and fixed in 2011, she told TechNewsWorld.
The advisories include free software updates and workarounds.
Warning Shot
Snowden said in a series of tweets said that "circumstantial evidence and conventional wisdom" pointed to the Russians as being behind the hack.
9) This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server.
— Edward Snowden (@Snowden) August 16, 2016
11) Particularly if any of those operations targeted elections.
— Edward Snowden (@Snowden) August 16, 2016
The FBI is investigating those attacks.
There appear to be several hundred tools in the Shadow Brokers' leak that have "strong connections" to Equation Group malware tools, according to an analysis by Kaspersky Lab's global research and analysis team, which early last year uncovered links between The Equation Group and the NSA.
For example, there are more than 300 files in the Shadow Brokers archive that implement the same specific variation of the RC6 encryption algorithm that has been used by Equation over the years, according to Kaspersky, and it's highly unlikely that it was faked.
Credible Leak
The leaked information appears credible, in part based on the information revealed in the 2013 disclosures related to the NSA by Snowden, said Andrea Castillo, program manager for the Technology Policy Program at George Mason University's Mercatus Center.
"Given the quantity and quality of the dumped data, it does appear to be a valid leak," she told TechNewsWorld. "Some of the tools corroborate techniques that we have already learned about through the Snowden leaks."
However, there are concerns about the idea that the NSA can fall victim to this sort of counterhack, Castillo said.
"Now that these exploits are public, software and service providers will be able to patch up the vulnerabilities that the NSA had been apparently relying upon," she noted.
Publicizing the exploits probably was not the primary driver behind the attack, Castillo said. More likely, it was a demonstration of power by a state-backed or otherwise well-funded hacking organization.
No comments:
Post a Comment