Hard Facts Scarce in Purported Theft of Hacking Tools From NSA Server

By Wayne Rash  |  Posted 2016-08-16 Print this article Print
Equation Server Hack

But even if your CFO isn’t asking for details, it’s important to know if the information revealed about those alleged leaks is real. Right now, nobody really knows. The leak uses code word references that sound real.

The files contained in the public directory look real, and it’s likely that some of them are in fact bonafide software flaw exploits. But then, this could also be the result of some careful collections of suspicious code, placed in such a way to help Shadow Brokers make some easy money.

I asked the current experts on the Equation Group what they thought. "Kaspersky Lab doesn't have any information on this at this time,” a spokesperson said in an email, “but our research team is investigating it."

That research is already yielding some preliminary results. Examples include common encryption methods and some common binary information. “Comparing the older, known Equation RC6 code and the code used in most of the binaries from the new leak we observe that they are functionally identical and share rare specific traits in their implementation,” Kaspersky Lab said in a new blog post analyzing the Shadow Brokers data.

“This code similarity makes us believe with a high degree of confidence that the tools from the Shadow Brokers leak are related to the malware from the Equation group.”

The details are available, of course, to anyone who wants to put up the money demanded by the Shadow Brokers. All you need to do is come up with a million Bitcoins. But before you grab your checkbook, it’s worth noting that a number of researchers have said that the data that’s currently public seems to be at least three years old.

Even if everything is real, the Equation Group will have certainly improved their methods and updated their code by the time you’re likely to see it. It’s likely that the current state of the Equation Group’s technology will likely have advanced beyond what’s available now. Is it worth an estimated $450 Million, the amount Bloomberg estimates is the value of a million Bitcoins?

Maybe for a government that needs to jump-start its cyber warfare team, but it’s hard to see who else might need this data for such a price.

For everybody else, this is more entertainment than actual threat. After all, if Shadow Brokers had been able to use the malware tools, they would have done so already. For now, any threat from this information is theoretical at best. But we'll likely be entertained by continuing speculation and hand-wringing.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel