Skip navigation

NSA Hack: Shadow Brokers No Joke; But Who Are They?

The group responsible for leaking NSA cyber weapons sound like crazy Russian super villains, but there's something strangely familiar about their message.

"How much you pay for enemies cyber weapons?"

That was the question the now infamous hacker group “The Shadow Brokers” asked the Internet on Aug. 13 after dumping 300mB of exploit and malware files — that could infiltrate some of the world’s most widely used network equipment and firewalls — stolen from the Equation Group, a cyber warfare platoon linked to the NSA.

Read the whole crazy/brilliant manifesto here.

Why should you care?

The Russian-based anti-virus firm Kaspersky Lab calls the Equation Group “a threat actor that surpasses anything known in terms of complexity and sophistication of techniques.”

And somehow these Shadow Brokers obtained at least some of their sophisticated cyber arsenal, which in the past includes flame, duqu, and stuxnet.

“Without a doubt, they’re the keys to the kingdom,” a former NSA hacker, speaking on the condition of anonymity, told the Washington Post. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”

"You break many things. You find many intrusions. You write many words. But not all, we are auction the best files."

Those best files, the brokers tease, are “better than stuxnet,” the (allegedly) U.S./Israeli-created malware that ravaged Iran’s nuclear enrichment facility’s centrifuge and accidentally broke free of containment.

And if the bidding war raises 1 million bitcoin ($550 million U.S), more harmful files – supposedly on par with the current leak -- will be made public.

At this point, the unreleased files could contain an Oregon Trail emulator, or a CryptoLocker weapon that could cripple the world’s financial system.

"Equation Group not know what lost. We want Equation Group to bid so we keep secret. You bid against Equation Group, win and find out or bid pump price up, piss them off, everyone wins."

So who are these guys?

Many assume them to be Russian, because evidently society has finally caught up to pandering ’80s movie tropes. It is possible that the Shadow Brokers are huge fans of Ivan Drago, as the syntax and vocabulary indicate.

Rocky Balboa is your firewall, and Ivan "I Must Break You" Drago is the Russian Hacker exploit. Now it
all makes sense, doesn't it?

On Aug. 16, NSA whistle blower Edward Snowden tweeted, “Circumstantial evidence and conventional wisdom indicates Russian responsibility."

He also speculates the data leak has to do with U.S. politicians attributing the DNC hacks to the Russians.


One curious thing to note: Many of the files are dated June 2013, when Snowden outed himself as the NSA leak, and his Twitter had been dark from Aug. 5-15, with many believing he was assassinated.

Snowden and the NSA are now sort of like archenemies, and the manifesto has a few knowing pop culture references more attributable to an American 33-year-old male than a Russian hacker, excluding of course Alan Cumming’s character from Goldeneye, Boris. Furthermore, the disillusioned computer expert has already proved to be an adept NSA troller. The agency is the only account he follows on Twitter.

1990s Version of a Russian hacker

The 1 million bitcoin request? That’s straight up Dr. Evil.

And the scheme itself is an obvious plot heist of a Batman: The Animated Series episode, where Dr. Hugo Strange attempts to auction off the Dark Knight’s identity to his rogue’s gallery.

This could all be circumstantial, a false flag, aliens, or a host of other possibilities.

It’s clear, though, whoever these perpetrators want the world to at least think they’re chaos-loving super villains in the vein of Tyler Durden or the Joker (Heath Ledger version, of course).  There’s even a line at the end of the villainous e-monologue about Wealthy Elites that asks “Do you feel in charge?” In The Dark Knight Rises, Bane asked greasy billionaire developer John Dagget the same thing before killing him.

Who the Shadow Brokers want you to think they are
Who the Shadow Brokers probably are.

But as troll-like and stereotypical- bad-guy-to-the-point-of-absurdity as the Shadow Brokers are, the threat shouldn’t be taken lightly.

On Aug. 17, Cisco verified the hacking tools released on Github contained ”exploit code that can be used against multi-vendor devices, including the Cisco ASA and legacy Cisco PIX firewalls.”

These oddly delicious sounding exploits, EXTRABACON and EPICBANANA, can crash a server, create a denial of service or execute arbitrary code. The files are all dated 2013.

EPICBANANA exploits a vulnerability in the command-line interface (CLI) parser of Cisco Adaptive Security Appliance (ASA) Software. Cisco’s known about this weakness for years, fixing it in 2011.

These mysterious mustache-twirling keyboard bandits aren’t completely impotent, though. Cisco Product Security Incident Response Team (PSIRT) rates the vulnerability in the Simple Network Management Protocol (SNMP) code as “High.” For workarounds and more info, visit Cisco's Security Advisory Site.

List of Cisco’s Vulnerable Products
•    Cisco ASA 5500 Series Adaptive Security Appliances
•    Cisco ASA 5500-X Series Next-Generation Firewalls
•    Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
•    Cisco ASA 1000V Cloud Firewall
•    Cisco Adaptive Security Virtual Appliance (ASAv)
•    Cisco Firepower 9300 ASA Security Module
•    Cisco PIX Firewalls
•    Cisco Firewall Services Module (FWSM)

“Administrators are advised to allow only trusted users to have SNMP access and to monitor affected systems using the snmp-server host command,” Cisco says.

Cisco also recommends anyone in charge of a network “follow[s] sound system administration practices, hardening device configurations, and updating devices to run the current version of software are simple best practices for customers to protect their networks.”

Before you attempt to stem any possible cyber attacks and quell this uprising that would mostly hurt the working class, though, keep in mind the following:

Reporters (not call journalist) make living say write only nice things about Elites, convince dumb cattle, is just politics, everything is awesome, check out our ads and our prostitutes.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.