icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm

Hack of NSA ‘cyber weapons’ verified by Snowden docs – report

Hack of NSA ‘cyber weapons’ verified by Snowden docs – report
Newly liberated NSA files from whistleblower Edward Snowden remove any doubt that the “ShadowBrokers” hack on the NSA this week is real, according to a new report.

Following Snowden’s reactions on Twitter the day after an apparent hack on the National Security Agency, the publication that formed specifically around his 2013 NSA leaks revealed more documents never before seen in public view.

The Intercept’s report finds that the NSA malware uncovered by the “ShadowBrokers” hack on Monday “is covered with the NSA’s virtual fingerprints and clearly originates from the agency.”

While Snowden suspects a “rival” of the NSA is responsible, no one knows for sure. However, a Johns Hopkins University cryptographer, Matthew Green, told the Intercept the software “exploits” now out in the open present a two-fold risk. “First, that the person or persons who stole this information might have used them against us,” and secondly, “that ordinary criminals will use them against corporate targets.”

READ MORE: NSA malware menace: ‘If device is connected to internet, it can be broken into’

“If this is indeed Russia [behind the Shadowbrokers hack],” Green said, “then one assumes that they probably have their own exploits, but there’s no need to give them any more.”

“This is the equivalent of leaving lockpicking tools lying around a high school cafeteria,” Green added. “It’s worse, in fact, because many of these exploits are not available through any other means, so they’re just now coming to the attention of the firewall and router manufacturers that need to fix them, as well as the customers that are vulnerable.”

Among the “cyber weapons” seized and put up for auction by ShadowBrokers, is an array of systems and programs that clandestinely nestle into computers across the globe, according to the Intercept.

The centrally cited Snowden document that all but confirms the recent hack is real is an NSA top-secret manual on how to attack computers and their networks with malicious software. In the document obtained in 2013, but released only on Friday, instructions include a 16-character sequence NSA agents would use to track their malware, “ace02468bdf13579,” which also happens to be found repeatedly in the ShadowBrokers revelatory documents on the government surveillance program called SECONDDATE.

READ MORE: NSA website down for 1 day after hackers take out its affiliate – media

SECONDDATE was part of a “complex global system” that infected millions of computers worldwide, one government document estimated, according to the Intercept.

The infection actually came from an NSA web server, but SECONDDATE was integral in redirecting targeted web browsers there, and it did so by capturing web requests, a “man in the middle” style cyberattack.

The ShadowBrokers hack offers for the first time “a glimpse at how an elaborate system outlined in the Snowden documents looks when deployed in the real world,” the Intercept reported, adding that the newly released Snowden documents show how SECONDDATE was used to spy on Pakistan and a computer system in Lebanon.

Dear readers and commenters,

We have implemented a new engine for our comment section. We hope the transition goes smoothly for all of you. Unfortunately, the comments made before the change have been lost due to a technical problem. We are working on restoring them, and hoping to see you fill up the comment section with new ones. You should still be able to log in to comment using your social-media profiles, but if you signed up under an RT profile before, you are invited to create a new profile with the new commenting system.

Sorry for the inconvenience, and looking forward to your future comments,

RT Team.