After a never-before-seen group announced it was in possession of a trove of malware developed by the elite hacking arm of the National Security Agency early this week, professional security researchers began working to try and determine whether the code the group released was truly developed by the NSA. <\/p>\n
Working off of hints they found in the code, which was released by a group calling itself the Shadow Broker, researchers guessed it was authenticbut new documentation straight from the source appears to confirm the codes provenance. <\/p>\n
According to NSA documents obtained by Edward Snowden and reviewed by The Intercept, several elements in the released code line up with details in the agencys own manuals and materials. <\/p>\n
One manual, for example, instructs agents to use a specific 16-character string, ace02468bdf13579, to track a certain strain of government-developed malware as it makes its way through networks. That string shows up character-for-character in one of the leaked hacking tools, SECONDDATE. <\/p>\n
The tool allows the NSA to execute man-in-the-middle attacks, which intercept traffic on a network as its traveling from its origin to its destination. The agency used it to redirect users who think theyre browsing safe websites to NSA-run servers that infect their computers with malwareand then back to their destination before they know what happened. In a slide deck, the NSA used cnn.com as an example of the sort of site it could exploit to deliver its malicious code. <\/p>\n
The documents released by The Intercept reveal that SECONDDATE has been used to spy on systems in Pakistan and in Lebanon, where it gained access to data belonging to Hezbollah. <\/p>\n
Its still not clear how the tools leaked from the NSA. Snowden speculated on Twitter that the tools could have been found on a server it used to infect a target, but former NSA staffers interviewed by Motherboard said the leak could be the work of a rogue insider, claiming that some of the files in the leak would never had made it to an outside server. <\/p>\n
<\/p>\n
See the article here: After a never-before-seen group announced it was in possession of a trove of malware developed by the elite hacking arm of the National Security Agency early this week, professional security researchers began working to try and determine whether the code the group released was truly developed by the NSA. Working off of hints they found in the code, which was released by a group calling itself the Shadow Broker, researchers guessed it was authenticbut new documentation straight from the source appears to confirm the codes provenance. Continue reading
\nConfirmed: The NSA Got Hacked - The Atlantic<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"