Tuesday, August 16, 2016

"NSA and the No Good, Very Bad Monday"


a group is hosting an auction for code from the “Equation Group,” which is more commonly known as the NSA. The auctioneer’s pitch is simple, brutal, and to the point:

How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.
This released included two encrypted files, and the password to one was provided as proof while the other remains encrypted. The attackers claim that they will provide the password to the second file to the winner of a Bitcoin auction.

The public auction part is nonsense. Despite prevailing misconceptions on cryptocurrency, Bitcoin’s innate traceability means that no one could really expect to launder even $1M out of a high profile Bitcoin wallet like this one without risking detection, let alone the $500M being requested for a full public release. The auction is the equivalent of a criminal asking to be paid in new, marked, sequential bills. Because the actors here are certainly not amateurs, the auction is presumably a bit of "Doctor Evil" theater—the only bids will be $20 investments from Twitter jokesters.
The fact that any of this was found is a black eye for the NSA. While Snowden rightly notes that the agency is not made of magic, leaving an entire staging server up, even in the benighted summer of 2013, is a foolish and reckless move. Now that these files are public state actors can easily pin a certain type of attack on the NSA. “This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server,” wrote Snowden. Further, it shows that the NSA is sloppy, something that anyone with a passing knowledge of government IT would understand.