"How much you pay for enemies cyber weapons?"
That was the question the now infamous hacker group The Shadow Brokers asked the Internet on Aug. 13 after dumping 300mB of exploit and malware files that could infiltrate some of the worlds most widely used network equipment and firewalls stolen from the Equation Group, a cyber warfare platoon linked to the NSA.
Read the whole crazy/brilliant manifesto here.
Why should you care?
The Russian-based anti-virus firmKaspersky Lab calls the Equation Group a threat actor that surpasses anything known in terms of complexity and sophistication of techniques.
And somehow these Shadow Brokers obtained at least some of their sophisticated cyber arsenal, which in the past includes flame, duqu, and stuxnet.
Without a doubt, theyre the keys to the kingdom, a former NSA hacker, speaking on the condition of anonymity, told the Washington Post. The stuff youre talking about would undermine the security of a lot of major government and corporate networks both here and abroad.
"You break many things. You find many intrusions. You write many words. But not all, we are auction the best files."
Those best files, the brokers tease, are better than stuxnet, the (allegedly) U.S./Israeli-created malware that ravaged Irans nuclear enrichment facilitys centrifuge and accidentally broke free of containment.
And if the bidding war raises 1 million bitcoin ($550 million U.S), more harmful files supposedly on par with the current leak -- will be made public.
At this point, the unreleased files could contain an Oregon Trail emulator, or a CryptoLocker weapon that could cripple the worlds financial system.
"Equation Group not know what lost. We want Equation Group to bid so we keep secret. You bid against Equation Group, win and find out or bid pump price up, piss them off, everyone wins."
So who are these guys?
Many assume them to be Russian, because evidently society has finally caught up to pandering 80s movie tropes. It is possible that the Shadow Brokers are huge fans of Ivan Drago, as the syntax and vocabulary indicate.
|Rocky Balboa is your firewall, and Ivan "I Must Break You" Drago is the Russian Hacker exploit. Now it
all makes sense, doesn't it?
On Aug. 16, NSA whistle blower Edward Snowden tweeted, Circumstantial evidence and conventional wisdom indicates Russian responsibility."
He also speculates the data leak has to do with U.S. politicians attributing the DNC hacks to the Russians.
One curious thing to note: Many of the files are dated June 2013, when Snowden outed himself as the NSA leak, and his Twitter had been dark from Aug. 5-15, with many believing he was assassinated.
Snowden and the NSA are now sort of like archenemies, and the manifesto has a few knowing pop culture references more attributable to an American 33-year-old male than a Russian hacker, excluding of course Alan Cummings character from Goldeneye, Boris. Furthermore, the disillusioned computer expert has already proved to be an adept NSA troller. The agency is the only account he follows on Twitter.
|1990s Version of a Russian hacker|
The 1 million bitcoin request? Thats straight up Dr. Evil.
And the scheme itself is an obvious plot heist of a Batman: The Animated Series episode, where Dr. Hugo Strange attempts to auction off the Dark Knights identity to his rogues gallery.
This could all be circumstantial, a false flag, aliens, or a host of other possibilities.
Its clear, though, whoever these perpetrators want the world to at least think theyre chaos-loving super villains in the vein of Tyler Durden or the Joker (Heath Ledger version, of course). Theres even a line at the end of the villainous e-monologue about Wealthy Elites that asks Do you feel in charge? In The Dark Knight Rises, Bane asked greasy billionaire developer John Dagget the same thing before killing him.
|Who the Shadow Brokers want you to think they are|
|Who the Shadow Brokers probably are.|
But as troll-like and stereotypical- bad-guy-to-the-point-of-absurdity as the Shadow Brokers are, the threat shouldnt be taken lightly.
On Aug. 17,Cisco verified the hacking tools released on Github contained exploit code that can be used against multi-vendor devices, including the Cisco ASA and legacy Cisco PIX firewalls.
These oddly delicious sounding exploits, EXTRABACON and EPICBANANA, can crash a server, create a denial of service or execute arbitrary code. The files are all dated 2013.
EPICBANANA exploits a vulnerability in the command-line interface (CLI) parser of Cisco Adaptive Security Appliance (ASA) Software. Ciscos known about this weakness for years, fixing it in 2011.
These mysterious mustache-twirling keyboard bandits arent completely impotent, though. Cisco Product Security Incident Response Team (PSIRT) rates the vulnerability in the Simple Network Management Protocol (SNMP) code as High. For workarounds and more info, visit Cisco's Security Advisory Site.
|List of Ciscos Vulnerable Products|
| Cisco ASA 5500 Series Adaptive Security Appliances
Cisco ASA 5500-X Series Next-Generation Firewalls
Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
Cisco ASA 1000V Cloud Firewall
Cisco Adaptive Security Virtual Appliance (ASAv)
Cisco Firepower 9300 ASA Security Module
Cisco PIX Firewalls
Cisco Firewall Services Module (FWSM)
Administrators are advised to allow only trusted users to have SNMP access and to monitor affected systems using the snmp-server host command, Cisco says.
Cisco also recommends anyone in charge of a network follow[s] sound system administration practices, hardening device configurations, and updating devices to run the current version of software are simple best practices for customers to protect their networks.
Before you attempt to stem any possible cyber attacks and quell this uprising that would mostly hurt the working class, though, keep in mind the following:
Reporters (not call journalist) make living say write only nice things about Elites, convince dumb cattle, is just politics, everything is awesome, check out our ads and our prostitutes.