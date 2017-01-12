Hacking the Election: special report
News

Suspected NSA tool hackers dump more cyberweapons in farewell

The Shadow Brokers dumped the hacking tools online after attempting to sell a large cache for bitcoin

|

U.S. Correspondent, IDG News Service |

NSA headquarters
Credit: National Security Agency
More like this

The hacking group that stole cyberweapons suspected to be from the U.S. National Security Agency is signing off -- but not before releasing another arsenal of tools that appear designed to spy on Windows systems.

On Thursday, the Shadow Brokers dumped them online after an attempt to sell these and other supposedly Windows and Unix hacking tools for bitcoin.

The Shadow Brokers made news back in August when they dumped hacking tools for routers and firewall products that they claimed came from the Equation Group, a top cyberespionage team that some suspect works for the NSA.

Those tools contained several previously unknown and valuable exploits, lending credibility to the hacking group's claims, according to security researchers.  

The Shadow Brokers' latest dump includes 61 files, many of which have never been seen by security firms before, said Jake Williams, founder of Rendition InfoSec, a security provider.

He’s been examining the tools, and said it’ll take time to verify their capabilities. His initial view is that they’re designed for detection evasion.  

For instance, one of the tools is built to edit Windows event logs. Potentially, a hacker could use the tool to selectively delete notifications and alerts in the event logs, preventing the victim from realizing they’ve been breached, he said.

“If you simply remove a record or two, then even an organization that is following the best security practices, presumably, wouldn’t notice the change,” he said.

On Thursday, the Shadow Brokers said they released the Windows hacking tools for free because a Kaspersky Lab’s antivirus product could already flag them as harmful.

The clandestine group previously tried to auction off a whole set of hacking tools for 1 million bitcoins or what was at the time US$584 million. But after several months, that auction only managed to generate 10 bitcoins.

“Despite theories, it always being about bitcoins for TheShadowBrokers,” the group said in broken English in their supposed final message.

However, Williams believes the Shadow Brokers are likely spies working for the Russian government. This latest dump was a message to the U.S, he said.

Williams points to the timing. In recent weeks, U.S. intelligence agencies have been claiming the Kremlin tried to influence the U.S. election. Based on those findings, President Barack Obama has already ordered sanctions against Russia and vowed covert action.

“If they are Russian, this is a shot across the bow,” Williams said.

It’s unclear how the Shadow Brokers managed to steal the hacking tools. But they claim to have many more in reserve. The group has said their arsenal of supposed Linux and Windows-based hacking tools is still up for sale at 10,000 bitcoins.

On Thursday, Microsoft said it's investigating this latest batch of hacking tools that have been released. 

To comment on this article and other CIO content, visit us on Facebook, LinkedIn or Twitter.
Related:

Michael Kan covers security for IDG News Service.

Download the CIO Nov/Dec 2016 Digital Magazine
You Might Like
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.
Popular On CIO.com
img 0827
IDG Contributor Network
Amazon Echo vs. Google Home: The choice is obvious

On the surface, it may seem like a difficult choice between Alexa and Google Home, but once you look at...

pcxpo1
Your guide to top tech conferences

CIO.com's sortable, searchable directory of technology conferences makes it easy to find events coming...

iphone7plus
Deep-dive review: The iPhone 7 Plus is the best iPhone yet

Apple has to out-execute itself (and its rivals) every year to coerce millions of users to upgrade and...

BrandPosts
Learn more
Resources
Featured Stories
agile devops
Agile project management: A beginner's guide

If you're new to project management or just want to know about agile methodology, the answers to these...

cyberthreat cyber threat ts
DHS pick urges coordination on cyberthreats

As the Trump transition team – including the president-elect himself -- warms to the intelligence...

Virtual assistant voice apps
Why Amazon is the king of the virtual assistants

Amazon surprised many analysts and competitors with its Alexa cloud-based voice assistant, and the...

layers of photos of diverse adults
Diversity reports delayed -- what's the hold up?

No news is probably bad news when Silicon Valley companies delay the release of their 2016 reports on...