Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Latest Shadow Brokers exploit dump poses little threat

Lucian Constantin | April 11, 2017
The leak reveals old exploits but also exposes supposed NSA targets, implants, and techniques.

The leaked data and tools show that the NSA is targeting telecommunications infrastructure and core GSM networks, x0rz said via Twitter. There are scripts to manipulate GSM data like Call Detail Records (CDRs) and billing information, exploits targeting old versions of Solaris -- a common OS in core networks -- and target notes about big GSM operators, he said.

The NSA has known for awhile that these files have been leaked and has had enough time to clean up its tracks. However, the information in the Shadow Brokers archive can still be damaging to its present and future operations, because the agency's targets will now know they've been compromised and will launch security reviews and will strengthen their systems.

It's worth keeping in mind that while none of the exploits in the archive has zero-day status now, some of them likely targeted unpatched vulnerabilities years ago when the NSA was using them.

At that time, the NSA TAO team had a tremendous infiltration capability, Zaitsev said. "We should not underestimate them."

The Shadow Brokers leaked a first batch of Equation group exploits in August. Some of those exploits turned out to be legitimate and affected hardware firewalls from multiple vendors.

That initial leak was intended to convince people to bid in an auction for the full archive that the group claimed to have. The group failed to attract any significant offers -- it wanted 10,000 bitcoins worth around US$12 million -- so later it released more information including lists of IP addresses targeted by the Equation and a directory listing showing exploit codenames.

Eventually, the Shadow Brokers called it quits in January and shut down their online accounts, which is why the group's return on Saturday and its decision to provide the password to the encrypted archive was surprising.

The group's return was accompanied by an open letter to U.S. President Donald Trump written in apparently broken English, a technique that some experts believe is intentional to hide the fact that the group's members are native English speakers.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.