SPY/SPY = CARNAGE

 In ITC's Threat of the Week

On August the 13th a slightly cryptic, entertaining and highly interesting announcement was posted on Pastebin.

The publishers (the nattily named ‘A GUEST’) claimed to have hacked a significant stash of the ‘Cyber Weapons’ arsenal of one, or a number of, nation states named ‘The Equation Group’ by Kaspersky labs on account of the highly sophisticated encryption algorithms used in known attacks on countries like Iran, Russia, Pakistan, Afghanistan (get the picture?) using devious malware such as the infamous Stuxnet.

There is little doubt that these attacks originate from the NSA, perhaps with a little help from her friends. So what the paste is saying is that they have hacked the NSA and are willing to sell the tools discovered to the highest bidder. Have a read of the post here. It is very entertaining.

In order to establish their bona fides, the hackers published some of the ransacked materiel free of charge. At first speculation was rife about the credibility of the announcement however the harder the data has been reviewed, the more terrifyingly real it seems to be. In fact it is pretty much confirmed, someone (guess who?) has successfully hacked the NSA. No mean feat.

Kaspersky has confirmed that the code in the leaked malware is consistent with the equation group’s techniques previously discovered and Edward Snowden (no less) who of course is a Russian resident, has come out suggesting that this ‘may’ be the work of the Russian spooks as a retaliation for themselves being blamed by pretty much everyone for hacking the Democratic National Committee and Democratic Congressional Campaign Committee.

In the last few days Cisco and Fortinet have released patches directly linked to the hacked malware. ITC will update our customers about these and the forthcoming avalanche of security updates as necessary. Very unhappy days.

It is widely believed that the published hack is the tip of the iceberg and that the hackers may have details and proof of attacks that have been launched by The Equation Group from the compromised server or servers. In other words – keep playing the blame game and we will significantly up the ante and cause a world (literally) of pain.

We think that this game has a long way to go and can only hope that vendors get on top of fixing the 300 or so exploits as quickly and efficiently as possible.

If you would like to discuss global politics, we aren’t the people to call. If, however you want to discuss issues of infrastructure, data or application security, contact us at: 020 7517 3900 or email enquiries@itcsecure.com.

Author: Kevin Whelan

Recent Posts

Leave a Comment