The code appears to be that used by the NSA to carry out spy operations
A previously unknown hacking group said on Monday it plans to sell computer surveillance weapons stolen from a group linked to the US government through an online auction.
While the auction, staged by a group calling itself Shadow Brokers, appeared suspect, researchers said a sample of the attack code released by the group seemed to be legitimate.
Shadow Brokers, whose name comes from a video game called Mass Effect, over the weekend published two sets of code on the GitHub repository, one public and the other encrypted.
The public code included a number of tools that could be used to break through firewall tools including those from Cisco, Juniper and Fortinet, with their names – such as “Egregious Blunder”, “Eligible Bachelor” and “Banana Glee” – matching those mentioned in a leaked catalogue of exploits used by the US government’s National Security Agency (NSA) to conduct surveillance operations.
The exploits, which appear to date from 2013, seem to be working code, according to computer security experts.
“This appears to be legitimate code,” said Matt Suiche, founder of United Arab Emirates-based computer security start-up Comae Technologies, in an advisory. “They are actual exploits and not only references.”
In a Monday blog post on Tumblr the group claimed the tools were developed by the Equation Group, which researchers say was behind the Stuxnet worm used to sabotage Iran’s nuclear programme, and which has been linked to the NSA.
The incident comes at a time of political turmoil in the US ahead of presidential elections in November, which are mentioned in Shadow Brokers’ post, and industry observers said the release of the attack code and the auction appear to be mainly intended to cause disruption and to embarrass the US’ security services.
In its post, written in disjointed English, the Shadow Brokers adopted the tone of pranksters and promised to release more code for free if they receive the Bitcoin equivalent of at least $550 million (£423m).
The group said bidders should send Bitcoin funds in advance and would not receive the funds back if they lost.
“We give you some Equation Group files free, you see… You enjoy!!! You break many things… But not all, we are auction the best files,” Shadow Brokers said in a statement accompanying the files.
The hackers claimed to have infiltrated Equation Group, but the tools may have been obtained by other means, such as a poor deployment that allowed them to be captured, Suiche said.
The code release follows one month on from the release of emails from the leadership of the US’ Democratic Party.
The Democratic National Committee’s network appears to have been thoroughly infiltrated and was under surveillance by a nation-state, probably Russia, for about a year, with emails, chat sessions and other data apparently having been collected during that period, according to computer security firm CrowdStrike.
Are you a security pro? Try our quiz!