BLOG PAGES

Saturday, April 15, 2017

The Most Dangerous Time in Cyberspace Ever



I have been updating my WikiLeaks Vault 7  post (new dump on 14 April 2017: HIVE) as Assange and his team release more leaks on the CIA. Those addenda overlap with Good Friday's separate discussion of the Shadow Brokers' NSA hack, which I originally discussed in my post, Visits from the Dark-Haired Girl.

On 14 April 2017, the Shadow Brokers released some of their hacked NSA material onto the Internet and announced it on their Steemit blog with their usual meta-English pidgin rambling:
"KEK...last week theshadowbrokers be trying to help peoples. This week theshadowbrokers be thinking fuck peoples. Any other peoples be having same problem? So this week is being about money. TheShadowBrokers showing you cards theshadowbrokers wanting you to be seeing. Sometime peoples not being target audience. Follow the links for new dumps. Windows. Swift. Oddjob. Oh you thought that was it? Some of you peoples is needing reading comprehension.


Password = Reeeeeeeeeeeeeee

theshadowbrokers not wanting going there. Is being too bad nobody deciding to be paying theshadowbrokers for just to shutup and going away. TheShadowBrokers rather being getting drunk with McAfee on desert island with hot babes. Maybe if all suviving WWIII theshadowbrokers be seeing you next week. Who knows what we having next time?"

Zero Hedge summarized the Good Friday release:
"[T]hey've already been unzipped and hosted on GitHub by security researchers. A list of all the files contained in the dump is available here, and it reveals the presence of 23 new hacking tools named such as ODDJOB, JEEPFLEA, EASYBEE, EDUCATEDSCHOLAR, ENGLISHMANSDENTIST, ESKIMOROLL, ECLIPSEDWING, EMPHASISMINE, EMERALDTHREAD, ETERNALROMANCE, ETERNALSYNERGY, ETERNALBLUE , EWOKFRENZY, EXPLODINGCAN, ERRATICGOPHER, ESTEEMAUDIT, DOUBLEPULSAR, MOFCONFIG, FUZZBUNCH, and others."








The Shadow Brokers hacked and released the NSA-built exploits to control Windows machines. Windows Central is qualifying that here today, with uninspiring language:
"You'll see headlines all over the internet warning you to shut down your Windows PC or disconnect from the internet right now. But don't panic. Make no mistake, this is a really serious issue that Microsoft has to address. We don't want you to think you can just ignore it, because as you can see a good many PCs are vulnerable. The biggest thing to know is that if you're using Windows 10 and have installed the latest updates as of Tuesday, April 11, you won't be affected by these specific hacks. Other exploits may exist that can do some nasty things, so you should use common sense when using the internet or are installing software. But you know that, or should."
The NSA knew about this hack, but neglected to inform Microsoft, meaning that Microsoft evidently discovered the vulnerability when everyone else did - Good Friday. You can see an amateur, but amusing, Youtube rumination on the nightmare situation, here.


Oh, and the NSA also developed the ability hack the world's financial system's bank transfers network, SWIFT. The fact that the US government decided to do this is as alarming as the fact that the nefarious tool is now available to all. Thanks to the NSA and the Shadow Brokers' hacks of the NSA, these anti-Windows and anti-SWIFT tools are now released into the wild for anyone to use. From Matt Suiche:
"ShadowBrokers: The NSA compromised the SWIFT Network 
This is by far, the most interesting release from Shadow Brokers as it does not only contain tools.

The last time a nation-state used multiple [zero]days to target another country’s critical infrastructure was when Stuxnet was launched targeting Iran’s nuclear enrichment program. NSAs modus operandi is to gain total access and hack, using multiple [zero]days, an entire infrastructure of the intended target. In this case, if Shadow Brokers claims are indeed verified, it seems that the NSA sought to totally capture the backbone of international financial system to have a God’s eye into a SWIFT Service Bureau — and potentially the entire SWIFT network. This would fit within standard procedure as a covert entity entrusted with covert actions that may or may not be legal in a technical sense. If the US had a specific target in the region’s financial system, NSA penetration offers redundancy and other options than merely relying upon good faith compliance procedures, standard diplomatic requests, or collaborating with SWIFT Service Bureau.

First, here are few points to re-explain what SWIFT and SWIFT Service Bureau are.

What is the SWIFT ?

The SWIFT organisation hardhearted in Belgium which provides a network that allows financial institutions in 200+ countries to send and receive information about financial transactions to each other. Most of SWIFT members are banks, and trading institutions.

The SWIFT network does not actually transfer funds, but instead it sends payment orders between institutions’ accounts, using SWIFT codes. SWIFT Code also known as Bank Identifier Code (BIC), are used by the SWIFT Network for those transaction and look like XXXXYYZZ (e.g. BARCGB22 for Barclays Bank in Great Britain). 
What is a SWIFT Service Bureau ?

Accredited SWIFT service bu­reau offers a cost-effective solution for access to the complete range of SWIFT services by eliminating the need for in-house SWIFT expertise and operational support. Think of them of the equivalent of the Cloud providers for Banks. There are 74 certified bureau in the World.

ShadowBrokers’ new release

Few hours ago, (14 April [2017] Release) ShadowBrokers just released a new archive divided in three different categories: 
  • swift
IMHO, the most interesting archive as it contains the evidences of the largest infection of a SWIFT Service Bureau to date. 
  • windows
A series of windows tools, and reusable remote exploits for Windows included out of support Windows version and fuzzbunch the 'NSA-metasploit'.
  • oddjob
  • tools
This release includes logs, excel files, and even for the first time PowerPoint of TOP SECRET documents. This is a first from Shadow Brokers, this would mean ShadowBrokers has definitely more than only tools. 
SWIFT
IMHO, this is the most interesting archive. There are two programs mentioned:
  • JEEPFLEA_MARKET
  • JEEPFLEA_POWDER
This is the second significant SWIFT hack revealed in less than 2 years, the first one being the 2016 Bangladesh Bank heist allegedly executed by the North Korean government."


See my earlier posts on Stuxnet, the Shadow Brokers, Kekkism, and Vault 7:

ADDENDUM (7 September 2017):



No comments:

Post a Comment