Within the lengthy historical past of hacking, there have been quite a few information breaches that, years and even many years later, stay unsolved. Numerous hackers and hacking teams behind them have by no means been unmasked.
However prolific hacking teams do get caught. That is true whether or not they’re cybercriminals corresponding to LAPSUS$, a infamous extortion gang that compromised firms corresponding to Microsoft and Nvidia and which have had a number of members arrested, or subtle authorities hacking teams from Russia and China, whose members have been named, indicted, and positioned on most-wanted lists.
Nonetheless, a few of the most fascinating circumstances in cybersecurity historical past stay huge open — no culprits, no solutions, and in some circumstances, not even a transparent motive. We determined to revisit a number of of them in a sequence of articles, beginning with one of many strangest episodes within the historical past of intelligence leaks.
The primary installment facilities on the Shadow Brokers — an enigmatic group that surfaced on-line, dumped a trove of hacking instruments believed to belong to the NSA, after which vanished.
In the summertime of 2016, within the midst of the Russian hacks associated to the U.S. presidential elections, the group appeared on Twitter. They linked to a Pastebin post and @-mentioned a number of information shops — a wierd, ineffective technique that meant most of these shops doubtless by no means noticed the tweets.
But when anybody had clicked on the hyperlink, they’d have seen a doc titled “Equation Group Cyber Weapons Public sale — Invitation” — a reference to the shadowy hacking operation extensively believed to be run by the NSA.
“!!! Consideration authorities sponsors of cyber warfare and people who revenue from it !!!! How a lot you pay for enemies’ cyber weapons?” the hackers wrote, claiming to have hacked the Equation Group.
The doc included hyperlinks to obtain some hacking instruments, in addition to a hyperlink to obtain an encrypted file that consumers might decrypt by making a bid. “Public sale recordsdata higher than Stuxnet,” they wrote, referring to the well-known malware used towards Iranian nuclear amenities in a U.S.-Israeli cyberattack in 2007. They requested for at the very least 1 million Bitcoin.
The leak shortly attracted press protection. As soon as safety researchers analyzed the instruments, they realized these had been exceptionally subtle cyberweapons, very doubtless stolen from the NSA — a suspicion bolstered by the truth that some shared names with applications revealed by NSA whistleblower Edward Snowden.
The public sale was doubtless a ruse, because the group ultimately dumped most of the instruments publicly months later. A lot in regards to the Shadow Brokers made little sense. Their damaged English was virtually comical, as in the event that they had been both making an attempt too laborious or intentionally signaling the artifice. Regardless of clearly looking for consideration — and getting loads of press protection — the group solely spoke to a journalist as soon as, giving a brief interview to 404 Media’s Joseph Cox, then a reporter at VICE Motherboard.
Ten years later, we all know actually nothing about who was behind the Shadow Brokers persona. Cox and I interviewed former NSA staffers on the time, who mentioned an NSA insider or former insider could possibly be concerned. However no person has ever been arrested and charged — extraordinary, given this was arguably one of the worst leaks of U.S. intelligence hacking instruments ever.
One potential suspect was Harold T. Martin III, an NSA contractor arrested for stealing categorised info from the company. However the concept has an issue: Whereas Martin was in custody, the Shadow Brokers remained lively on-line. He has by no means been formally charged in reference to the leaks. Probably the most extensively credited concept is that the Shadow Brokers had been created by a Russian authorities spy group as a propaganda instrument.
The impression was large. Among the many instruments launched, the Shadow Brokers revealed EternalBlue — a household of zero-day vulnerabilities focusing on Home windows that allowed hackers to interrupt into computer systems on a hacked community, quickly broaden their entry, and deploy self-propagating worms. (Zero-day vulnerabilities are flaws unknown to the software program maker, that means no patch but exists.) North Korean hackers used EternalBlue to unleash the WannaCry ransomware worm. Russian hackers later constructed it into NotPetya, which spiraled past its preliminary Ukrainian targets and prompted an estimated $10 billion in damages globally. For companies, the lesson was stark: Vulnerabilities hoarded by intelligence businesses don’t keep secret ceaselessly — and once they leak, the personal sector pays the value.
The trove remains to be yielding discoveries. Among the many leaked instruments was one containing a listing of challenge names — together with one known as Fast16, flagged solely with the label “NOTHING TO SEE HERE — CARRY ON.” Last month, researchers introduced that they had positioned and examined it, discovering malware relationship to 2005, designed to tamper with software program allegedly utilized by Iranian nuclear scientists.
Once you buy by hyperlinks in our articles, we may earn a small commission. This doesn’t have an effect on our editorial independence.
