Confirmed: hacking tool leak came from “omnipotent” NSA-tied group

The leak over the weekend of advanced hacking tools contains digital signatures that are almost identical to those in software used by the state-sponsored Equation Group, according to a just-published report from security firm Kaspersky Lab.

"While we cannot surmise the attacker's identity or motivation nor where or how this pilfered trove came to be, we can state that several hundred tools from the leak share a strong connection with our previous findings from the Equation group," Kaspersky researchers wrote in a blog post published Tuesday afternoon.

The finding is significant because it lends credibility to claims made by a mysterious group calling itself ShadowBrokers. When members of the previously unknown group claimed in a blog post that they hacked Equation Group and obtained never-before-seen exploits and implants it used, outsiders were understandably skeptical. The publication of state-sponsored hacking tools is an extremely rare if not unprecedented event that is sure to catch the attention of leaders all over the world.

Read 4 remaining paragraphs | Comments

Group claims to hack NSA-tied hackers, posts exploits as proof

(credit: Shadow Brokers)

In what security experts say is either a one-of-a-kind breach or an elaborate hoax, an anonymous group has published what it claims are sophisticated software tools belonging to an elite team of hackers tied to the US National Security Agency.

In a recently published blog post, the group calling itself Shadow Brokers claims the leaked set of exploits were obtained after members hacked Equation Group (the post has since been removed from Tumblr). Last year, Kaspersky Lab researchers described Equation Group as one of the world's most advanced hacking groups, with ties to both the Stuxnet and Flame espionage malware platforms. The compressed data accompanying the Shadow Broker post is slightly bigger than 256 megabytes and purports to contain a series of hacking tools dating back to 2010. While it wasn't immediately possible for outsiders to prove the posted data—mostly batch scripts and poorly coded python scripts—belonged to Equation Group, there was little doubt the data have origins with some advanced hacking group.

Not fully fake

"These files are not fully fake for sure," Bencsáth Boldizsár, a researcher with Hungary-based CrySyS who is widely credited with discovering Flame, told Ars in an e-mail. "Most likely they are part of the NSA toolset, judging just by the volume and peeps into the samples. At first glance it is sound that these are important attack related files, and yes, the first guess would be Equation Group."

Read 6 remaining paragraphs | Comments