The “Shadow Brokers” hacker group has released malware allegedly created by the US National Security Agency (NSA). The group, which earlier tried to sell the encrypted cache of hacking tools in an online auction, released a password for it via a blog on 8 April. Cris Thomas (aka Space Rogue), Strategist at Tenable Network Security commented below.
Cris Thomas (aka Space Rogue), Strategist at Tenable Network Security:
“It’s important to note that this is not a new leak, breach or hack. This information was previously released by the Shadow Brokers as an encrypted data dump, and the group has resurfaced again after last week’s U.S. missile strike in Syria. What is new is that the Shadow Brokers have released the passphrase for the NSA hacking tools.
“The contents of the encrypted data dump seem to be pretty extensive, but include essentially old or esoteric exploits and documentation that have either been patched or made irrelevant. For example, one exploit is for Linux on DEC Alpha. Even in DEC Alpha’s heyday, few people ran Linux on it, let alone today. Although, at L0pht we used to run OpenBSD on DEC specifically for that security through obscurity angle. Another example is a remote root for Solaris, which while still an active operating system, has declined in use since its peak in the late ’90s.
“Although this latest dump does seem to show the depth and breadth of tools that NSA’s Tailored Access Operations (TAO) has access to, nothing indicates that this is fairly current. While the data dump is extremely embarrassing to the NSA, it’s unlikely to cause them much discomfort in the area of current operations.”