The hacking group behind one of the most controversial data breaches this year has released the password to a large cache of encrypted files that they had previously dumped online.
The hacking outfit termed this latest leak of alleged NSA exploits as their “form of protest” which, alongside a long political rant on Medium called Don’t Forget Your Base that was directed at US president Donald Trump.
In August 2016, the Shadow Brokers had made the headlines after dumping a number of NSA hacking tools online.
A year later, they followed it up with the release of a large cache of encrypted files that allegedly contained more of the NSA’s hacking exploits in an auction where they asked for 1 million Bitcoin ($1.2 billion) in exchange for the password.
The auction was unsuccessful. Months later, the hacking outfit decided to call off the auction altogether and instead began selling the hacking tools individually on ZeroNet, an underground website.
The website availed screenshots of the individual hacking tools which were neatly categorized into classes such as “Trojans”, “Implants”, and “Exploits”.
The cost of each hacking tool was between 1 Bitcoin ($1,197) and 100 Bitcoins ($119,722).
In bulk, the total cache of exploits could be purchased for 1,000 Bitcoins ($1,197,220).
Now, the password for the encrypted cache of NSA hacking tools was made public in their politically inspired blog post on Medium, thereby enabling anyone to unlock the crucial exploits which were posted at the auction.
The Shadow Brokers have evolved from a sophisticated hacking outfit to a politically charged group since their first emergence.
Their latest dump confirms that their actions are politically motivated, if the accompanying post is any indication.
Part of the hacking group’s protest was based on recent political events including the controversial missile strike against a Syrian military base and the recent Goldman Sachs saga.
The hacking group openly berates the President for his actions since he stepped in office, threateningly informing him that they were “losing faith in him”.
The aptly titled blog post largely accused President Trump of abandoning the people responsible for his success in the elections, or his “base”.
Security Researcher “x0rz” Confirms Password
A security researcher only known by the pseudonym x0rz on Twitter has successfully decrypted the files and uploaded them on Github.
The uploaded archives show that the cache of hacking tools contains a TOAST framework that was used by the NSA’s Tailored Access Operations team to clean up logged UNIX wtmp events, the Electric slide tool, a remote zero-day exploit from the Oracle-owned Solaris called rpc.cmsd, and evidence linking the NSA to the unauthorized hacking of a popular Pakistani mobile operator company called Mobilink.
Matthew Hickey, another security researcher, focused on two of the leaked hacking exploits: EBBISLAND and EXTREMEPARR, a pair of hacking tools designed specifically for targeting Solaris systems.
The co-founder of Hacker House confirmed that the tools could be used to escalate user privileges to the extent of gaining root access remotely when using the same network.
Further analysis showed that the two hacking exploits could be used on Solaris versions 6 through to 10, though some experts believe that it is also capable of working on the latest Solaris build – version 11.
More information is bound to surface as more security researchers delve into the cache of hacking tools now that the password is available.
As of now, speculations that the hacking outfit could be holding an arsenal of other hacking tools from the NSA are rife.
However, some believe that the hacking group has played its last hand by releasing all the data it had stolen from the US intelligence organization.