icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
17 Apr, 2017 17:26

Shadow Brokers leak links NSA to alleged US-Israeli Stuxnet malware that targeted Iran

Shadow Brokers leak links NSA to alleged US-Israeli Stuxnet malware that targeted Iran

Malicious computer malware that caused substantial damage to Iran’s nuclear program may be the work of the NSA, researchers burrowing into the latest leak from hacking group Shadow Brokers have discovered within the computer data.

A tool found in Friday’s leak matched one used by the notorious Stuxnet malware.

First detected in 2010, Stuxnet is believed to be the joint work of the US and Israel; a claim that Edward Snowden backed up in a 2013 interview but which has never been acknowledged by either government.

Designed to target industrial control systems used in infrastructure facilities, Stuxnet modifies data on controller software affecting their automated processes.

Computer code found in last week’s leak from Shadow Brokers, alleged to have been stolen from the NSA, was also found to match that used in Stuxnet.

Officials, who spoke under anonymity to The Washington Post, said in 2012 that the worm, developed under George W.Bush’s administration and continued under Barack Obama’s, was designed to damage Iran’s nuclear capabilities.

When it infected Iran’s nuclear facility in Natanz, it reportedly destroyed a fifth of their centrifuges after causing them to spin out of control, all the while relaying readings back to technicians at the plant that operations were normal.

"There is a strong connection between Stuxnet and the Shadow Brokers dump," Symantec researcher Liam O'Murchu told Motherboard. "But not enough to definitively prove a connection."

A definite link will be almost impossible to prove as Stuxnet’s script was later copied and used in an open-source hacking toolkit, allowing it to be replicated numerous times online.

However, O'Murchu said the script found in Friday’s leak was last compiled on September 9,  2010 - three months after Stuxnet was first identified and shortly before it was added to the hacking toolkit.

Also contained in the leak was ASCII art of a medal with the words “Won the gold medal!!!” above it. Stuxnet was reportedly given the codename “Olympic Games.”

Security architect Kevin Beaumont tweeted the results of an antivirus program check on the Shadow Brokers’ exploits leaked on Friday, which returned that it had detected Stuxnet.

The latest evidence against the NSA was contained in Friday’s leak from Shadow Brokers, which also detailed hacks aimed at Windows PCs and the SWIFT network, used to process payment orders.

READ MORE: What the hack? The leaks that shaped 2016