‘Auction’ of NSA Tools Sends Security Companies Scrambling

The leak of what purports to be a National Security Agency hacking tool kit has set the information security world atwitter -- and sent major companies rushing to update their defenses.

Experts across the world are still examining what amount to electronic lock picks. Here's what they've found so far.

What's in the Release?

The tool kit consists of a suite of malicious software intended to tamper with firewalls, the electronic defenses protecting computer networks. The rogue programs appear to date back to 2013 and have whimsical names like EXTRABACON or POLARSNEEZE. Three of them -- JETPLOW, FEEDTROUGH and BANANAGLEE -- have previously appeared in an NSA compendium of top secret cyber surveillance tools.

The auctioneers claim the tools were stolen from the Equation Group, the name given to a powerful collective of hackers exposed by antivirus firm Kaspersky Lab in 2015. Others have linked the Equation Group to the NSA's hacking arm, although such claims are extraordinarily hard to settle with any certainty.

The leaked tools "share a strong connection" with the Equation Group, Kaspersky said in a blog post late Tuesday. The Moscow-based company said the two used "functionally identical" encryption techniques.

The leaked tools also appear to be powerful, according to a running analysis maintained by Richmond, Virginia-headquartered Risk Based Security. The group said several of the vulnerabilities targeted by the malware -- including one affecting Cisco firewalls -- were previously unknown, a sign of a sophisticated actor.

Security and networking companies scrambled to investigate the flaws exposed by the auction. Cisco Systems, Inc. issued an urgent update to its software late Wednesday. Fortinet, Inc., a Sunnyvale, California-based security company, also said it was investigating.

Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, California, said that the news was terrible for the NSA no matter the circumstances behind the leak because...

Comments are closed.