In the intermittent splurge of social media culture, technological leaps in ease of access, it can be fair to say the internet, as a universe, is expanding. What began as links of codes use in transmittance of information emerged foundations to incredibly complex and extraordinary achievements in discovering what the internet is capable of. While many benefits have came with the innovations of online capacities, every advancement leads carries in itself the risk for exploitation, something that has increasingly riddled the web with malware, viruses, and hacking. Anyone with basic coding knowledge or even slight training in developing software can see how easy it can be to hack and exploit the various vulnerabilities that shower the internet, that you and I rely on for our everyday lifestyle. While many groups claim to be “vulnerabilities” like Anonymous or NSA sponsored groups like TAO (Tailored Access Operations), many groups choose to exploit and mine the internet, looting even the most secure government agencies and private security firms with consistent success. And on April 14th, 2017, a group known as Shadow Brokers, a group of hackers that swiftly took control of government-grade hacking technology and wreaked havoc across the globe, bringing to question the legitimacy of reliance on agencies like the NSA as well as posing the question, “Is the risk of leaking government tools worth the unwatched and unmarked efforts of the NSA?”
After all, who really is watching the watchmen?
The Shadow Brokers, a term in obvious reference to the fictional secret smugglers in the Mass Effect game series, first emerged onto the scene in summer 2016. Since then, there has been at least 5 documented leaks performed by the group, generally publishing leaked hacking tools used by the NSA’s Equation Group (believed to be the NSA’s offensive hacking wing) as well as TAO.
(Detailed mission layout of NSA’s primary hacking operation wing)
These leaks targeted enterprise firewalls via several zero-day exploits that allotted high grade Microsoft based security products, and released these with an open link to bidders in an auction-house style using cryptographic hacktivists payment methods. In layman’s terms, this group leaked some pretty bad-ass hacking software only allowed to government sponsored firms, just to be auctioned at a relatively modest price to any bidder willing to follow their convenient link, able to utilize the product after purchase any way they choose. These hacks have primarily targeted the NSA and their Windows based operating software, which only leaves the NSA to blame.
(Example of WannaCry screen in which the machine was held hostage to a occurrence ransom payment)
The most recent hack attempt by the group, under the codename of the cyber weapon term EternalBlue hit the internet on April 14th, about a month ago, spreading a Bit-coin, via the variant WannaCry, through Russia and Japan all the way to the UK, infecting over 200,000 machines and databases within the first two weeks of its release. This hack was the most detrimental, targeting not only the operating software in various government agencies (Russian Ministry of Interior for example) but also nuclear weapon systems in Iran, China, and North Korea, mobile devices across Europe, and hospital equipment, causing many to be turned away in ER’s across the globe for the brief period the hack hit.
The hack itself, while holding many systems hostage to a payment, was minimized by protective measures taken by both the NSA and Microsoft. The NSA refused to give details on the exact date on which they realized the potential ransom-ware for the hack, though forewarned Microsoft a month before the hack hit, as a patch was immediately released, minimizing the blast radius of bit-coin across the globe. The NSA poses a risk to national security, as this was all based on hacking software they created, they let be copied (whether internally or through foreign efforts), and allowed global exploitation.
When asked by reporters from the Washington Post, representatives from Microsoft chose not to comment on specifics on members of the NSA that notified the tech conglomerate of the impending hack or how the ransom-ware knew this ahead of time in the first place.
The identity or affiliation of this Shadow Brokers group remains anonymous (no pun intended), though several theories have been brought to debate. Many, including the likes of NSA whistleblower Edward Snowden, have professed the link between the group in obvious ties to Russian hacking groups, though some have stated it could have been an internal hack from Harold Martin III, though this suspicion as the primary suspect faded with the continued attacks during his detainment in October 2016.
Speculation behind motives were interpreted through subtle snippets stated by the group, such as their outspoken resistance to Trump’s decision to bomb Syrian Airfields as one of the primary motives in their fourth major hack, codenamed “Don’t Forget Your Base”. While this may seem as streamlined “hacktivist” rhetoric, this furthers the potential ties to Russia, as the airfield incorporated a lot of Russian technology as well as actively utilized by Russian military operations. The group still evades identification with known sources, as all of their hacked tools and malware leave no trace of origin, and their already famous style of sloppy, encrypted directions in their posts easily deter any potential connections to any identifiable organizations.
Regardless of potential affiliations, the main problem that lies ahead is the potential the group has to wreak even further havoc on national security, primarily problematic for the US Department of Defense. If Microsoft had not been notified in advance and created the patch, the entire operating system of our national government would have been left vulnerable to exposing classified information and secrets not safe for the general public’s knowledge. The group showboated, stating it controlled around 75% of the NSA’s hacking tool software, and converting their traditional auctioning of these products to a monthly subscription to launch in June, like a Dollar Shave Club, but for NSA cyber security software. While the Microsoft patch halted the spread of EternalBlue, the software still exists in the hands of the Shadow Brokers, who have already of future hacks to come, threatening to target international banks, web browsers, Windows 10 software updates, and missile programs in numerous countries.
This may raise a lot of questions, like what does the group have that the NSA also has/doesn’t have? Does the group have access to “zero-days” (potential locations of weak spots in security systems) that the NSA doesn’t have control over/ know about?
Regardless, the swift spread of NSA created cyber security resources cannot help but make one feel skeptical of the NSA’s ability to control this situation. The very same foundation to which these attacks were achieved are all based on software created and held onto by the NSA, with no major oversight on how well the NSA was safeguarding these programs. This recent attack shows the vulnerability of our national database security, though hope lies in the fact that if the NSA could do a better job of communicating with both the public as well as system partners (primarily Microsoft), this exposure can be minimized. The NSA and DoD both may need to look into bulking up their security defenses with major software firms to improve stability (like their recent collaboration with SELinux development), as well as cracking down on their software procedures. This essentially means you do not leave the knife on the table after the fight, but instead dispose of it. Every second a cyber attacking software developed by TAO is left in intermittent use, that’s another successful for groups like the Shadow Brokers to exploit and leak these tools for future profit and government turmoil. Security, after all, is a resource game, a give-and-take balancing act of the cost of defending vs. the cost of attacking our national security on the line.