News reports of hacking and ransomware are a daily occurrence.

Moreover, this is just the tip of the iceberg. In other words, daily website hacking is not reported in the media, and many private companies do not report ransomware attacks.

Furthermore, many of the SAS hacking safeguards are failing to thwart hosting server intrusions. For example, malware prevention services like SiteLock and Sucuri are seeing a 75% increase in successful web hosting intrusions.

To better understand why this is happening, we need to examine a critical data leak that occurred in 2013.

Enter Edward Joseph Snowden

On May 20, 2013, Snowden flew to Hong Kong, where he was staying when the initial articles based on the leaked documents were published, beginning with The Guardian on June 5. Greenwald later said that Snowden disclosed between 9,000 and 10,000 documents.

Edward Joseph Snowden (born June 21, 1983) is a former computer intelligence consultant who leaked highly classified information from the National Security Agency (NSA) in 2013 when he was an employee and subcontractor for the Central Intelligence Agency (CIA).

Shadow Brokers published the file.s

The Shadow Brokers (TSB) hacker group first appeared in the summer of 2016. They published several leaks containing hacking tools, including several zero-day exploits, from the Equation Group, which is widely suspected to be a branch of the National Security Agency (NSA) of the United States.

Chinese Hackers APT31 use the tools.

In 2021, the security firm Check Point revealed that it had discovered evidence that a Chinese group known as APT31, also known as Zirconium or Lazarus, had somehow gained access to and used a Windows-hacking tool known as EpMe created by the Equation Group.

The consequences of NSA hacking tools having been revealed online

Some of the most powerful espionage tools created by the Agency’s elite group of hackers have been revealed, a development that could pose severe concerns for the spy agency’s operations and the security of government and corporate computers for years. A cache of hacking tools, with code names such as Epicbanana, Buzzdirection, and Egregiousblunder, appeared mysteriously online over the weekend, setting the security world abuzz with speculation about whether the material was legitimate.

According to a former NSA employee who worked in the agency’s hacking division, the file appeared to be real, part of a program known as Tailored Access Operations (TAO). “They’re the keys to the kingdom,” said one former TAO employee, who spoke on the condition of anonymity to discuss sensitive internal operations. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks, both here and abroad.”

Said a second former TA who hacked it: “From what I saw, there was no doubt in my mind that it was legitimate.”

Website hacking or taking control of firewalls to control a network

The file contained 300 megabytes of information, including several exploits — tools for taking control of firewalls to manage a network — and several implants that could, for instance, exfiltrate or modify information.

The exploits are not run-of-the-mill tools to target everyday individuals. They are expensive software used to take over firewalls, such as Cisco and Fo”tinet, that are used “in the largest and most critical commercial, educational and government agen”ies around the world,” said Blake Darche, another former TAO operator and now head of security research at Area 1 Security.

The software apparently dates back to 2013 and appears to have been taken then, experts said, citing file creation dates” W. Whatther things. ?What’s clear is that these are highly sophisticated and au”hentic hacking tools,” said Oren Falkowitz, chief executive of Area 1 Security and another former TAO employee. Several exploits were pieces of computer code t “at took “dvantage of “zero-day” or previously unknown flaws or vulnerabilities in firewalls, which appear to be unfixed to this day, said one of the former hackers.

The disclosure of the file means that at least one other country’s spy agency —possibly another country’s spy agency—has had access to the same hacking tools used by the NSA and could deploy them against organizations using vulnerable routers and firewalls. It might also see what the NSA is targeting and spying on. Now that the tools are public, as long as the flaws remain unpatched, other hackers can also take advantage of them.

Also see Open Source HTML versus CMS Websites

(Originally posted here: https://www.washingtonpost.com/world/national-security/powerful-nsa-hacking-tools-have-been-revealed-online/2016/08/16/bce4f974-63c7-11e6-96c0-37533479f3f5_story.html)