NSA Hacked, Vulnerabilities Exposed

NSA Hacked, Vulnerabilities Exposed

  • Aug 18, 2016

Over the weekend, a large data dump by a group calling itself the “Shadow Brokers” claimed to have stolen from the Equation Group, a hacking team that is believed to be associated with the National Security Agency.

The mysterious group posted a to their website, revealing some of the files they obtained and promising other, “better” files available to the highest bidder. The released files seem obtain top-secret computer code that the Equation Group has used to break into the networks of foreign governments and other espionage targets.

The code released was designed to break through network firewalls and get inside the computer systems of competitors like Russia, China and Iran. In turn, the NSA can place “implants” in the system, which allows them to lurk around unseen for years. This implant can help to monitor network traffic or even enable a debilitating computer attack.

The hack is a particularly bad one, as if the code is authentic, the Shadow Brokers have revealed that America’s top operatives have been hacked and their methods exposed.

Firewall markers Cisco and Fortinet have now confirmed the vulnerabilities included in the dump affected their products, a disclosure that lends credence to the theory that the Equation Group is indeed a NSA operation.

Cisco said in a security advisory that two vulnerabilities in the Shadow Brokers’ data could be used to breach its Adaptive Security Appliance software used in its firewalls.

“An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system,” Cisco’s statement said.

Fortinet also said that some of its products released prior to August 2012 contained a vulnerability that would allow an attacker to take execution control over a firewall.

Meanwhile, the Shadow Brokers also claim that their exploits will work on firewalls from Juniper Networks and TopSec, but neither company has publicly acknowledged the leak. The Shadow Brokers say they have additional yet-to-be-released exploits and are offering the data for sale in a Bitcoin auction. The group is asking for 1 million bitcoins (around $568 million at current rates), but the auction has yet to receive any significant bids.

Featured

  • From Surveillance to Intelligence

    Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now

  • Cost: Reactive vs. Proactive Security

    Security breaches often happen despite the availability of tools to prevent them. To combat this problem, the industry is shifting from reactive correction to proactive protection. This article will examine why so many security leaders have realized they must “lead before the breach” – not after. Read Now

  • Achieving Clear Audio

    In today’s ever-changing world of security and risk management, effective communication via an intercom and door entry communication system is a critical communication tool to keep a facility’s staff, visitors and vendors safe. Read Now

  • Beyond Apps: Access Control for Today’s Residents

    The modern resident lives in an app-saturated world. From banking to grocery delivery, fitness tracking to ridesharing, nearly every service demands another download. But when it comes to accessing the place you live, most people do not want to clutter their phone with yet another app, especially if its only purpose is to open a door. Read Now

  • Survey: 48 Percent of Worshippers Feel Less Safe Attending In-Person Services

    Almost half (48%) of those who attend religious services say they feel less safe attending in-person due to rising acts of violence at places of worship. In fact, 39% report these safety concerns have led them to change how often they attend in-person services, according to new research from Verkada conducted online by The Harris Poll among 1,123 U.S. adults who attend a religious service or event at least once a month. Read Now

Most   Popular

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities