ShadowBrokers Data Dump Leaks Compromised Servers Used By NSA For Hacking Operations

The servers are claimed to have been used by NSA-sponsored Equation Group as staging areas for covert hacking activity

Hacker collective ShadowBrokers have dumped online a list of vulnerable Sun Solaris and Linux servers that were used by the allegedly NSA-linked Equation Group cyber criminal gang.

While the list contains data on old servers dating from 2010 to 2000, they were claimed to reveal IP addresses linked to the Equation Group, which allegedly used the servers to stage covert cyber attacks for the NSA.

What may sound like a form of cyberpunk conspiracy theory was given some gravitas from Kaspersky Lab which said a previous data dump carried out by ShadowBrokers that revealed hacking tools and exploits said to have been used by the NSA, shared a strong connection with the research it has done on the Equation Group.

“This is being equation group pitchimpair (redirector) keys, many missions into your network is/was coming from these ip addresses,” The ShadowBrokers group wrote in a Medium post, chock full of political rhetoric in broken English rather than revealing surprising government hacking programs.

Data dumping

confidential dataMany of the IP addresses correspond to servers in Iran, Russia, China, Pakistan, India, Japan, South Korea, Bosnia and elsewhere, rather than in the US.

But security researcher Mustafa Al-Bassam and former member of the LulzSec hacker collective, noted that servers could have been used as staging areas for NSA covert hacks and worryingly for Britain he pointed out that the NSA appears to hack breached servers used by British company Cold when it was in the managed hosting game. A Colt spokesman told TechWeekEurope that those servers were part of a  web hosting platform based in Paris and have since been decommissioned. Yet this led to some speculation from Al-Bassam. 

“So the NSA hacked a British ISP (Colt) to use them as a guinea pig for covering their tracks,” he said on Twitter. However, this information merely indicated that the NSA may have been using the UK-based servers as a vector for cyber operations against other nations rather than a covert operation against the UK.

Al-Bassam also pointed out that most of the servers are likely out of action or have been re-configured to render the exploits ineffective.

The data dump by ShadowBrokers in all appears to be less significant than its previous attempt to auction pilfered hacking tools, as the server information does not reveal any source code, merely metadata and variations in server configurations.

However, the dump Is likely to cause bad public relations for the NSA, particularly when it continuously comes under fire for the likes of Edward Snowden for its snooping activities. But there is a likelihood that the NSA could simply brush off such concerns given direct links to any hacking activity are difficulty to prove outright.

Are you a security pro? Try our quiz!