8 July 2017

HACKING GROUP “SHADOW BROKERS” THREATENS TO UNMASK FORMER NSA HACKER; BUT, THIS THREAT MAY WELL BE PART OF A SOPHISTICATED RUSSIAN INFORMATION OPERATIONS CAMPAIGN DESIGNED TO FURTHER WEAKEN U.S. INTELLIGENCE COLLECTION RELATIONSHIPS AND CAPABILITIES


Hacking Group “Shadow Brokers” Threatens To Unmask Former NSA Hacker; But, This Threat May Well Be Part Of A Sophisticated Russian Information Operations Campaign Designed To Further Weaken U.S. Intelligence Collection Relationships And Capabilities

The hacking group behind the leaks of NSA hacking tools online – known as the ‘Shadow Brokers’ – is now threatening to publicly reveal the identity of the former NSA employee whom presumably provided the group with the purloined NSA offensive cyber weapons. The July 2, 2017 edition of the Dark Web News, had an article by ‘Richard,’ notes that “prior to the execution of two lethal NSA cyber weapons in the form of ransomware, the Shadow Brokers hacking outfit had been struggling to be taken seriously.” But, “after [the] WannaCry, and Petya, or NotPetya, everyone is clamoring for a piece of the remaining exploits being offered by this hacking outfit.”

Richard writes that “they [Shadow Brokers] have now stopped selling individual exploit dumps;” and are, “instead opting to release new ones only to those who subscribe to their monthly program.” In light of all the notoriety the group received in the aftermath of the recent cyber pandemic outbreaks noted above, Shadow Brokers “raised their monthly membership fee to $64,400, by creating a VIP membership service for people who would like to communicate with the hacking group on matters pertaining to the leaked NSA exploits.” Richard adds that to join this new VIP module, a one-time initiation fee of $128,800, which is in addition to the monthly subscription fee.

“But what appears to have caught everyone’s attention is what appears to be the unraveling drama between the hacking group and an unnamed former NSA hacker they refer to as “doctor,” Richard wrote. “In a recent post,” he added, “the group threatened to expose the true identity of a former Equation Group hacker, after they allegedly posted “ugly tweets” that were directed at the hacking group. Shadow Brokers apparently didn’t take kindly to these comments and recently began including cryptic clues about their alleged former NSA source. “In a poorly authored post,” last month, Shadow Brokers “intimated that the hacker [and their source of the purloined NSA hacking tools], was not only a former member of the elite NSA hacking unit — the Equation Group — but, that this former NSA employee had also [recently] set up residence in Hawaii; and, was currently the co-founder of a [cyber] security company with plenty of venture capital,” Richard wrote. “The threat was passed on in the guise of a special invitation message to join their group, citing “doctors” ugly tweets as the reason behind this [digitally] masked altercation.”

Shadow Brokers “specifically stated that if [the] “doctor” failed to subscribe to their data dump in July, they will release data from the [former] NSA hacker’s exploits in China; and, unveil the [his/her] real name and identity,” as well as the name of the [cyber] security firm they co-founded.,” Richard wrote.

Meanwhile, the Shadow Brokers is set to begin its first monthly subscription release of hacking tools and exploits this month/July, as their monthly subscription service is set to officially launch as early as this week.

Apparently, if the above is true, there is no honor among cyber thieves as well. The well-respected and regarded cyber security guru, Bruce Schneier, ‘penned’ a May 23, 2017 article for the publication, The Atlantic, “Who Are The Shadow Brokers,” detailing what is, and isn’t known about this shadowy digital outfit. In his article, Mr. Schneier wrote that “in 2013, a mysterious group of hackers, calling itself the ‘Shadow Brokers,’ stole a few disks of NSA secrets; and,. since the summer of 2016, they’ve been dumping these secrets on the Internet;” resulting in a major “embarrassment for the NSA, as well as damaging our intelligence gathering capabilities.” In essence, the Shadow Brokers “have put sophisticated cyber weapons in the hands of anyone who wants them,” he added.

In his article, Mr. Schneier speculates that the most likely identity of the Shadow Brokers is not a former NSA employee, but rather, a nation-state, with China and Russia the most likely suspects — though he is not convinced that China nor Russia are behind these leaks. I refer you to his Atlantic article, or an article I posted to this blog, on his thoughts, as well as my own. Mr. Schneier goes on to suggest that recently arrested NSA contractor Hal Martin, and/or, a second NSA leaker are the more likely suspects.

Given Vladimir Putin’s disdain for America; and, his campaign to damage the U.S./NATO relationship, and his interference with the 2016 presidential election here in the U.S., as well as other anti-U.S. activities, I would have to disagree with Mr. Schneier and believe that Russia is a prime, if not the prime suspect. And, the cryptic leaks by the Shadow Brokers that their ‘NSA source,’ is a former employee of the agency; and, is currently living in Hawaii — and running a cyber security company he/she co-founded — is just too convenient. With those clues, it wouldn’t take U.S. investigators to narrow down just who this person/s is/are. Instead, it is more likely that this is part of a Russian intelligence disinformation and information operations campaign, aimed at further undermining U.S. intelligence relationships with its foreign intelligence liaison partners — and thus — undermining and weakening U.S. intelligence collection activities. These clues may well be designed to send the FBI and other U.S. investigators on a wild goose chase that leads to a digital wilderness of mirrors and digital dead-ends. The other potential culprits that Mr. Schneier overlooked, are cyber patriots, who are continuing the ‘crusade’ initiated by U.S. fugitive Edward Snowden; or, a cyber militia, who remains angry about the U.S. mega-data collection program exposed by Snowden, and they are following in his digital footsteps. But, my money would still be on Vladimir Putin. And, did Edward Snowden, wittingly, or unwittingly, enable or aid the Shadow Brokers in this digital ‘crusade’? V/R, RCP, fortunascorner.com

No comments: