Suspected NSA tool hackers dump more cyberweapons in farewell

The Shadow Brokers dumped the hacking tools online after attempting to sell a large cache for bitcoin

The hacking group that stole cyberweapons suspected to be from the U.S. National Security Agency is signing off -- but not before releasing another arsenal of tools that appear designed to spy on Windows systems.

On Thursday, the Shadow Brokers dumped them online after an attempt to sell these and other supposedly Windows and Unix hacking tools for bitcoin.

The Shadow Brokers made news back in August when they dumped hacking tools for routers and firewall products that they claimed came from the Equation Group, a top cyberespionage team that some suspect works for the NSA.

Those tools contained several previously unknown and valuable exploits, lending credibility to the hacking group's claims, according to security researchers.  

The Shadow Brokers' latest dump includes 61 files, many of which have never been seen by security firms before, said Jake Williams, founder of Rendition InfoSec, a security provider.

He’s been examining the tools, and said it’ll take time to verify their capabilities. His initial view is that they’re designed for detection evasion.  

For instance, one of the tools is built to edit Windows event logs. Potentially, a hacker could use the tool to selectively delete notifications and alerts in the event logs, preventing the victim from realizing they’ve been breached, he said.

“If you simply remove a record or two, then even an organization that is following the best security practices, presumably, wouldn’t notice the change,” he said.

On Thursday, the Shadow Brokers said they released the Windows hacking tools for free because a Kaspersky Lab’s antivirus product could already flag them as harmful.

The clandestine group previously tried to auction off a whole set of hacking tools for 1 million bitcoins or what was at the time US$584 million. But after several months, that auction only managed to generate 10 bitcoins.

“Despite theories, it always being about bitcoins for TheShadowBrokers,” the group said in broken English in their supposed final message.

However, Williams believes the Shadow Brokers are likely spies working for the Russian government. This latest dump was a message to the U.S, he said.

Williams points to the timing. In recent weeks, U.S. intelligence agencies have been claiming the Kremlin tried to influence the U.S. election. Based on those findings, President Barack Obama has already ordered sanctions against Russia and vowed covert action.

“If they are Russian, this is a shot across the bow,” Williams said.

It’s unclear how the Shadow Brokers managed to steal the hacking tools. But they claim to have many more in reserve. The group has said their arsenal of supposed Linux and Windows-based hacking tools is still up for sale at 10,000 bitcoins.

On Thursday, Microsoft said it's investigating this latest batch of hacking tools that have been released. 

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?