The Shadow Brokers

The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016.[1][2] They published several leaks containing hacking tools, including several zero-day exploits,[1] from the "Equation Group" who are widely suspected to be a branch of the National Security Agency (NSA) of the United States.[3][4] Specifically, these exploits and vulnerabilities[5][6] targeted enterprise firewalls, antivirus software, and Microsoft products.[7] The Shadow Brokers originally attributed the leaks to the Equation Group threat actor, who have been tied to the NSA's Tailored Access Operations unit.[8][9][10][4]

Name and alias

Several news sources noted that the group's name was likely in reference to a character from the Mass Effect video game series.[11][12] Matt Suiche quoted the following description of that character: "The Shadow Broker is an individual at the head of an expansive organization which trades in information, always selling to the highest bidder. The Shadow Broker appears to be highly competent at its trade: all secrets that are bought and sold never allow one customer of the Broker to gain a significant advantage, forcing the customers to continue trading information to avoid becoming disadvantaged, allowing the Broker to remain in business."[13]

Leak history

Equation Group leaks

While the exact date is unclear, reports suggested that the preparation of the leak started at least in the beginning of August,[14] and that the initial publication occurred August 13, 2016 with a Tweet from a Twitter account "@shadowbrokerss" announcing a Pastebin page[6] and a GitHub repository containing references and instructions for obtaining and decrypting the content of a file supposedly containing tools and exploits used by the Equation Group. The initial response to the publication was met with some uncertainty about its authenticity.[15]

On October 31, 2016, The Shadow Brokers published a list of servers supposedly compromised by the Equation Group, as well as references to seven supposedly undisclosed tools (DEWDROP, INCISION, JACKLADDER, ORANGUTAN, PATCHICILLIN, RETICULUM, SIDETRACK AND STOICSURGEON) also used by the threat actor.[16]

On April 8, 2017, the Medium account used by The Shadow Brokers posted a new update.[17] The post revealed the password to encrypted files released the previous year, which allegedly had more NSA hacking tools.[18] This posting explicitly stated that the post was partially in response to President Trump's attack against a Syrian airfield, which was also used by Russian forces.

April 14 hacking tool leak

On April 14, 2017, The Shadow Brokers released, amongst other things, the tools and exploits codenamed: DANDERSPRITZ, ODDJOB, FUZZBUNCH, DARKPULSAR, ETERNALSYNERGY, ETERNALROMANCE, ETERNALBLUE, EXPLODINGCAN and EWOKFRENZY.[19][20][21]

The leak was suggested to be the "...most damaging release yet"[19] and CNN quoted Matthew Hickey saying, "This is quite possibly the most damaging thing I've seen in the last several years".[22]

Some of the exploits targeting the Windows operating system had been patched in a Microsoft Security Bulletin on March 14, 2017, one month before the leak occurred.[23][24] Some speculated that Microsoft may have been tipped off about the release of the exploits.[25]

EternalBlue

Over 200,000 machines were infected with tools from this leak within the first two weeks,[26] and in May 2017, the major WannaCry ransomware attack used the ETERNALBLUE exploit on Server Message Block (SMB) to spread itself.[27] The exploit was also used to help carry out the 2017 NotPetya cyberattack on June 27, 2017.[28]

ETERNALBLUE contains kernel shellcode to load the non-persistent DoublePulsar backdoor.[29] This allows for the installation of the PEDDLECHEAP payload which would then be accessed by the attacker using the DanderSpritz Listening Post (LP) software.[30][31]

Speculations and theories on motive and identity

NSA insider threat

James Bamford along with Matt Suiche speculated[32] that an insider, "possibly someone assigned to the [NSA's] highly sensitive Tailored Access Operations", stole the hacking tools.[33][34] In October 2016, The Washington Post reported that Harold T. Martin III, a former contractor for Booz Allen Hamilton accused of stealing approximately 50 terabytes of data from the National Security Agency (NSA), was the lead suspect. Martin had worked with the NSA's Tailored Access Operations from 2012 to 2015 in a support role. He pleaded guilty to retaining national defense information in 2019, but it is not clear whether the Shadow Brokers obtained their material from him. The Shadow Brokers continued posting messages that were cryptographically-signed and were interviewed by media while Martin was detained.[35]

Theory on ties to Russia

Edward Snowden stated on Twitter on August 16, 2016 that "circumstantial evidence and conventional wisdom indicates Russian responsibility"[36] and that the leak "is likely a warning that someone can prove responsibility for any attacks that originated from this malware server"[37] summarizing that it looks like "somebody sending a message that an escalation in the attribution game could get messy fast".[38][39]

The New York Times put the incident in the context of the Democratic National Committee cyber attacks and hacking of the Podesta emails. As US intelligence agencies were contemplating counter-attacks, the Shadow Brokers code release was to be seen as a warning: "Retaliate for the D.N.C., and there are a lot more secrets, from the hackings of the State Department, the White House and the Pentagon, that might be spilled as well. One senior official compared it to the scene in The Godfather where the head of a favorite horse is left in a bed, as a warning."[40]

In 2019, David Aitel, a computer scientist formerly employed by the NSA, summarized the situation with: "I don't know if anybody knows other than the Russians. And we don't even know if it's the Russians. We don't know at this point; anything could be true."[41]

References

  1. ^ a b Ghosh, Agamoni (April 9, 2017). "'President Trump what the f**k are you doing' say Shadow Brokers and dump more NSA hacking tools". International Business Times UK. Retrieved April 10, 2017.
  2. ^ "'NSA malware' released by Shadow Brokers hacker group". BBC News. April 10, 2017. Retrieved April 10, 2017.
  3. ^ Brewster, Thomas. "Equation = NSA? Researchers Uncloak Huge 'American Cyber Arsenal'". Forbes. Retrieved November 25, 2020.
  4. ^ a b Sam Biddle (August 19, 2016). "The NSA Leak is Real, Snowden Documents Confirm". The Intercept. Retrieved April 15, 2017.
  5. ^ Nakashima, Ellen (August 16, 2016). "Powerful NSA hacking tools have been revealed online". The Washington Post.
  6. ^ a b "Equation Group - Cyber Weapons Auction - Pastebin.com". August 16, 2016. Archived from the original on August 15, 2016.
  7. ^ Dan Goodin (January 12, 2017). "NSA-leaking Shadow Brokers lob Molotov cocktail before exiting world stage". Ars Technica. Retrieved January 14, 2017.
  8. ^ Goodin, Dan (August 16, 2016). "Confirmed: hacking tool leak came from "omnipotent" NSA-tied group". Ars Technica. Retrieved January 14, 2017.
  9. ^ "The Equation giveaway - Securelist". August 16, 2016.
  10. ^ "Group claims to hack NSA-tied hackers, posts exploits as proof". August 16, 2016.
  11. ^ "The 'Shadow Brokers' NSA theft puts the Snowden leaks to shame - ExtremeTech". Extremetech. August 19, 2016.
  12. ^ "Shadow Brokers: Hackers Claim to have Breached NSA's Equation Group". The Daily Dot. August 15, 2016.
  13. ^ "Shadow Brokers: NSA Exploits of the Week". Medium.com. August 15, 2016.
  14. ^ "The Shadow Brokers: Lifting the Shadows of the NSA's Equation Group?". August 15, 2016.
  15. ^ Rob Price (August 15, 2016). "'Shadow Brokers' claim to have hacked an NSA-linked elite computer security unit". Business Insider. Retrieved April 15, 2017.
  16. ^ "'Shadow Brokers' Reveal List Of Servers Hacked By The NSA; China, Japan, And Korea The Top 3 Targeted Countries; 49 Total Countries, Including: China, Japan, Germany, Korea, India, Italy, Mexico, Spain, Taiwan, & Russia". Fortuna's Corner. November 1, 2016. Retrieved January 14, 2017.
  17. ^ theshadowbrokers (April 8, 2017). "Don't Forget Your Base". Medium. Retrieved April 9, 2017.
  18. ^ Cox, Joseph (April 8, 2017). "They're Back: The Shadow Brokers Release More Alleged Exploits". Motherboard. Vice Motherboard. Retrieved April 8, 2017.
  19. ^ a b "NSA-leaking Shadow Brokers just dumped its most damaging release yet". Ars Technica. Retrieved April 15, 2017.
  20. ^ "Latest Shadow Brokers dump — owning SWIFT Alliance Access, Cisco and Windows". Medium. April 14, 2017. Retrieved April 15, 2017.
  21. ^ "misterch0c". GitHub. Retrieved April 15, 2017.
  22. ^ Larson, Selena (April 14, 2017). "NSA's powerful Windows hacking tools leaked online". CNNMoney. Retrieved April 15, 2017.
  23. ^ "Microsoft says users are protected from alleged NSA malware". AP News. Retrieved April 15, 2017.
  24. ^ "Protecting customers and evaluating risk". MSRC. Retrieved April 15, 2017.
  25. ^ "Microsoft says it already patched 'Shadow Brokers' NSA leaks". Engadget. April 15, 2017. Retrieved April 15, 2017.
  26. ^ "Leaked NSA tools, now infecting over 200,000 machines, will be weaponized for years". CyberScoop. April 24, 2017. Retrieved April 24, 2017.
  27. ^ "An NSA-derived ransomware worm is shutting down computers worldwide". May 12, 2017.
  28. ^ Perlroth, Nicole; Scott, Mark; Frenkel, Sheera (June 27, 2017). "Cyberattack Hits Ukraine Then Spreads Internationally". The New York Times. p. 1. Retrieved June 27, 2017.
  29. ^ Sum, Zero (April 21, 2017). "zerosum0x0: DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis". zerosum0x0. Retrieved November 15, 2017.
  30. ^ "Shining Light on The Shadow Brokers". The State of Security. May 18, 2017. Retrieved November 15, 2017.
  31. ^ "DanderSpritz/PeddleCheap Traffic Analysis" (PDF). Forcepoint. February 6, 2018. Retrieved February 7, 2018.
  32. ^ "Shadow Brokers: The insider theory". August 17, 2016.
  33. ^ "Commentary: Evidence points to another Snowden at the NSA". Reuters. August 23, 2016.
  34. ^ "Hints suggest an insider helped the NSA "Equation Group" hacking tools leak". Ars Technica. August 22, 2016.
  35. ^ Cox, Joseph (January 12, 2017). "NSA Exploit Peddlers The Shadow Brokers Call It Quits". Motherboard.
  36. ^ "Circumstantial evidence and conventional wisdom indicates Russian responsibility. Here's why that is significant". Twitter. August 16, 2016. Retrieved August 22, 2016.
  37. ^ "This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server". August 16, 2016. Retrieved August 22, 2016.
  38. ^ "TL;DR: This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast". twitter.com. Retrieved August 22, 2016.
  39. ^ Price, Rob (August 16, 2016). "Edward Snowden: Russia might have leaked alleged NSA cyberweapons as a 'warning'". Business Insider. Retrieved August 22, 2016.
  40. ^ Eric Lipton; David E. Sanger; Scott Shane (December 13, 2016). "The Perfect Weapon: How Russian Cyberpower Invaded the U.S." New York Times. Retrieved April 15, 2017.
  41. ^ Abdollah, Tami; Tucker, Eric (July 6, 2019). "Mystery of NSA leak lingers as stolen document case winds up". Associated Press. Archived from the original on July 6, 2019.

Read other articles:

For the album by Chemistry, see Second to None (Chemistry album). For the rap band, see 2nd II None. ELVIIS: 2nd to NoneCover to the standard edition of the albumGreatest hits album by Elvis PresleyReleasedOctober 7, 2003 (2003-10-07)[1]RecordedJuly 5, 1954 – February 4, 1976Genre Rock and roll rockabilly country Length78:39LabelRCAProducer Ernst Mikael Jorgensen Ray Bardani[2] Elvis Presley chronology ELV1S: 30 #1 Hits(2002) ELVIIS: 2nd to None(2003) Hits...

 

 

Shallow body of water separated from a larger one by a narrow landform This article is about the geographical feature. For other uses, see Lagoon (disambiguation). Balos coastal lagoon of northwestern Crete. The shallow lagoon is separated from the Mediterranean Sea by narrow shoals connecting to a small, rocky mountain. Garabogazköl lagoon in Turkmenistan Venetian Lagoon A lagoon is a shallow body of water separated from a larger body of water by a narrow landform, such as reefs, barrier is...

 

 

此條目可能包含不适用或被曲解的引用资料,部分内容的准确性无法被证實。 (2023年1月5日)请协助校核其中的错误以改善这篇条目。详情请参见条目的讨论页。 各国相关 主題列表 索引 国内生产总值 石油储量 国防预算 武装部队(军事) 官方语言 人口統計 人口密度 生育率 出生率 死亡率 自杀率 谋杀率 失业率 储蓄率 识字率 出口额 进口额 煤产量 发电量 监禁率 死刑 国债 ...

Cet armorial peut être amélioré car il comporte les défauts suivants : il comporte peu ou pas de sources. certaines figures sont encore dans un format bitmap et doivent être vectorisées. Vous pouvez partager vos connaissances en l’améliorant (comment ?) selon les recommandations du Projet Blasons. Cette page donne les armoiries (figures et blasonnements) des communes de Vaucluse. (Pour le blasonnement du blason départemental, voir ici). Sur les autres projets Wikimedia...

 

 

Artikel ini memberikan informasi dasar tentang topik kesehatan. Informasi dalam artikel ini hanya boleh digunakan untuk penjelasan ilmiah; bukan untuk diagnosis diri dan tidak dapat menggantikan diagnosis medis. Wikipedia tidak memberikan konsultasi medis. Jika Anda perlu bantuan atau hendak berobat, berkonsultasilah dengan tenaga kesehatan profesional. PsikologiGreek letter 'psi' Garis besar Sejarah Cabang Dasar ilmu Abnormal Eksperimental Evolusi Kepribadian Kognitif Matematika Neuropsikolo...

 

 

NatalyaNatalya di bulan April 2016Nama lahirNatalie Katherine Neidhart[1]Lahir27 Mei 1982 (umur 41)[1]Calgary, Alberta, Kanada[1][2]Tempat tinggalTampa, Florida, Amerika Serikat[3]PasanganTyson Kidd ​(m. 2013)​KeluargaHartKarier gulat profesionalNama ringNatalie Neidhart[1]Natalya[1][4]Natalya Neidhart[5][6][1]Nattie Neidhart[1]Tinggi5 ft 5 in (1,65 ...

يفتقر محتوى هذه المقالة إلى الاستشهاد بمصادر. فضلاً، ساهم في تطوير هذه المقالة من خلال إضافة مصادر موثوق بها. أي معلومات غير موثقة يمكن التشكيك بها وإزالتها. (مايو 2020) جائحة فيروس كورونا في سراوق المكان سراوق  الوفيات 3   الحالات المؤكدة 63   تعديل مصدري - تعديل   تم ت�...

 

 

Artikel ini perlu diterjemahkan dari bahasa Inggris ke bahasa Indonesia. Artikel ini ditulis atau diterjemahkan secara buruk dari Wikipedia bahasa Inggris. Jika halaman ini ditujukan untuk komunitas bahasa Inggris, halaman itu harus dikontribusikan ke Wikipedia bahasa Inggris. Lihat daftar bahasa Wikipedia. Artikel yang tidak diterjemahkan dapat dihapus secara cepat sesuai kriteria A2. Jika Anda ingin memeriksa artikel ini, Anda boleh menggunakan mesin penerjemah. Namun ingat, mohon tidak men...

 

 

State Legislative Assembly Constituency in Tamil Nadu For other uses, see Polur (disambiguation). PolurConstituency No. 66 for the Tamil Nadu Legislative AssemblyConstituency detailsCountryIndiaRegionSouth IndiaStateTamil NaduDistrictTiruvannamalaiLS constituencyAraniTotal electors2,43,833[1]Member of Legislative Assembly16th Tamil Nadu Legislative AssemblyIncumbent S. S. Agri Krishnamurthy Party  AIADMKElected year2021 Polur is a state assembly constituency in Tiruvannamala...

Isotope of plutonium This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: Plutonium-241 – news · newspapers · books · scholar · JSTOR (November 2021) (Learn how and when to remove this message) Plutonium-241, 241PuGeneralSymbol241PuNamesplutonium-241, 241Pu, Pu-241Protons (Z)94Neutrons (N)147Nuclide dataNatu...

 

 

Conference League1990-1991GM Vauxhall Conference 1990-1991 Competizione Conference League Sport Calcio Edizione 12ª Luogo  Inghilterra Galles Partecipanti 22 Formula girone all'italiana Risultati Vincitore Barnet(1º titolo) Promozioni Barnet Retrocessioni Fisher AthleticSutton United Cronologia della competizione 1989-1990 1991-1992 Manuale La Conference League 1990-1991, conosciuta anche con il nome di GM Vauxhall Conference per motivi di sponsorizzazione, è stata la 12ª edizi...

 

 

Untuk kegunaan lain, lihat Jayabaya (disambiguasi). Kereta api JayabayaKereta api Jayabaya telah berangkat dari Stasiun Pasar SenenInformasi umumJenis layananKereta api antarkotaStatusBeroperasiDaerah operasiDaerah Operasi I JakartaMulai beroperasi18 Oktober 2014; 9 tahun lalu (2014-10-18)Operator saat iniKereta Api IndonesiaLintas pelayananStasiun awalPasar SenenJumlah pemberhentian25Stasiun akhirMalangJarak tempuh817 kmWaktu tempuh rerata12 jam 59 menit[1]Frekuensi perjalananSa...

Artikel ini membutuhkan rujukan tambahan agar kualitasnya dapat dipastikan. Mohon bantu kami mengembangkan artikel ini dengan cara menambahkan rujukan ke sumber tepercaya. Pernyataan tak bersumber bisa saja dipertentangkan dan dihapus.Cari sumber: Musibah Hindenburg – berita · surat kabar · buku · cendekiawan · JSTOR LZ 129 HindenburgHindenburg ketika meledak.Ringkasan peristiwaTanggal6 Mei 1937RingkasanLedakan kapal udaraLokasiNaval Air Station Lakehu...

 

 

NGC 3826 La galaxie elliptique NGC 3826 Données d’observation(Époque J2000.0) Constellation Lion Ascension droite (α) 11h 42m 32,8s[1] Déclinaison (δ) 26° 29′ 20″ [1] Magnitude apparente (V) 13,4[2] 14,4 dans la Bande B[2] Brillance de surface 12,90 mag/am2[2] Dimensions apparentes (V) 0,9′ × 0,7′[2] Décalage vers le rouge 0,030321 ± 0,000010[1] Angle de position 65°[2] Localisation dans la constellation : Lion Astrométrie Vitesse ra...

 

 

Bilateral relationsBarbadian–German relations Barbados Germany Barbadian–German relations are foreign relations between Barbados and Germany. Barbados is represented in Germany through its embassy in Brussels, (Belgium) and Germany is represented in Barbados from its regional embassy for the Eastern Caribbean in Port of Spain, (Trinidad and Tobago)[1] and an Honorary Consul in Christ Church.[2] Barbados and Germany formally established diplomatic relations on 14 March 196...

Reconstitution d'une embarcation chono. Localisation des peuples amérindiens du Chili. Les Chonos sont un peuple amérindien nomade disparu qui habitait le sud du Chili entre l'île de Chiloé et la péninsule de Taitao. Ces chasseurs-cueilleurs organisés en petits groupes se déplaçaient dans des pirogues, les dalcas, en utilisant la voile et la rame. Ils vivaient de la chasse aux phoques, de la pêche ainsi que de la collecte des coquillages et des algues. Ils circulaient dans les canaux...

 

 

Excessive work An overworked woman Overwork, also known as excessive work or work overload, is an occupational condition characterized by working excessively, frequently at the expense of the worker's physical and mental health. It includes working beyond one's capacity, leading to fatigue, stress, and potential health complications. Definitions Compulsory, mandatory, or forced overtime is usually defined as hours worked in excess of forty hours per week that the employer makes compulsory wit...

 

 

عظم العضد الاسم العلميhumerus   تفاصيل يتكون من لقيمة العضد الإنسية،  ولقيمة العضد الوحشية،  وعنق العضد الجراحي،  وعنق العضد التشريحي،  وحديبة كبيرة للعضد،  وحديبة صغيرة للعضد،  وثلم بين حديبتي العضد،  ولقمة عظم العضد،  وجسم عظم العضد  نوع من عظم طويل...

This article includes a list of references, related reading, or external links, but its sources remain unclear because it lacks inline citations. Please help improve this article by introducing more precise citations. (July 2014) (Learn how and when to remove this message) Heinrich Bebel (1472 in Ingstetten (now part of Schelklingen) – 1518 Tübingen) was a German humanist. Biography He was an alumnus of Kraków and Basel universities, and from 1497 professor of poetry and rhetoric at the U...

 

 

Rules of my talk page: 1. The Dude does not abide people using his talk page and also refusing to talk to The Dude if specifically addressed, such as through a ping. If this persists, your edits will be removed as being intentionally unproductive towards the purpose of this talk page. DYK for Redmond Caves On December 5, 2009, Did you know? was updated with a fact from the article Redmond Caves, which you created or substantially expanded. You are welcome to check how many hits your article g...