‘New Shadowbrokers publication contains extensive NSA hacking tools’

Spread the love

Security researcher ‘The Grugq’ has analyzed a new publication from the Shadowbrokers. They previously published working NSA exploits for various firewalls. According to the researcher, the new publication contains an extensive collection of tools.

The Grugq writes that the data contains multiple hacking tools, in addition to exploits and implants. According to the researcher, the first publication of the Shadowbrokers was a specialized collection of tools to bypass firewalls. However, the current publication contains a wide variety of extensive tools, which means that it is possible that it concerns so-called ‘high side’ data. That is data stored on secret and protected NSA systems.

The tools come with a lot of documentation and target a large number of systems. There are hundreds of pre-compiled implants, which are suitable for various operating systems. The security company Hacker House notes in its own analysis that a remarkably large proportion of published exploits target Solaris systems. One of the tools, called ‘Ebbisland’, would be suitable to penetrate any Solaris server with accessible rpc services. However, according to The Grugq, the tools are all quite old.

Nevertheless, the publication would be a ‘stump in the stomach’ for the NSA. The researcher estimates that the data did not leave the NSA’s network through an error, because it is too extensive for that. No employee would be so negligent as to accidentally release such tools.

The data is offered for sale by the Shadowbrokers on a site on the decentralized ZeroNet. Previously, the data was for sale through an auction, but the Shadowbrokers had no success with that. The individual data, including the exploits, are now directly for sale for amounts between 1 and 100 bitcoins, converted between 758 and 75,800 euros. The entire collection is for sale for 1000 bitcoin.

The Shadowbrokers published a number of files in August without asking for payment. It later turned out that the database contained working exploits for firewalls from Cisco and Fortinet, among others.

You might also like