According to Symantec’s report, “How Buckeye obtained Equation Group tools at least a year prior to the Shadow Brokers leak remains unknown.”
Per Symantec report, the Buckeye group had been active since at least 2009, when it began mounting a string of espionage attacks, mainly against organizations based in the U.S. The report further states that the Buckeye group disappeared during the mid-2017. Also, three alleged members of the group were indicted in the U.S. in November 2017. However, the Bemstour exploit tool and the DoublePulsar variant used by Buckeye continued to be used until at least September 2018, but with different malware.
In 2011, the N.S.A. used sophisticated malware, Stuxnet, to destroy Iran’s nuclear centrifuges. They later saw that the same code proliferated around the world, doing damage to random targets, including American business giants like Chevron.
According to The New York Times, “Details of secret American cybersecurity programs were disclosed to journalists by Edward J. Snowden, a former N.S.A. contractor now living in exile in Moscow. A collection of C.I.A. cyber weapons, allegedly leaked by an insider, was posted on WikiLeaks.” To this, Eric Chien, a security director at Symantec said, “We’ve learned that you cannot guarantee your tools will not get leaked and used against you and your allies.”
“This is the first time we’ve seen a case — that people have long referenced in theory — of a group recovering unknown vulnerabilities and exploits used against them, and then using these exploits to attack others,” Mr. Chien said.
The New York Times post mentions, “The Chinese appear not to have turned the weapons back against the United States, for two possible reasons, Symantec researchers said. They might assume Americans have developed defenses against their own weapons, and they might not want to reveal to the United States that they had stolen American tools.”
Two NSA employees told The New York Times that post the Shadow Brokers’ leak of the most highly coveted hacking tools in 2016 and 2017, the NSA turn over its arsenal of software vulnerabilities to Microsoft for patching and also shut down some of the N.S.A.’s most sensitive counterterrorism operations.
“The N.S.A.’s tools were picked up by North Korean and Russian hackers and used for attacks that crippled the British health care system, shut down operations at the shipping corporation Maersk and cut short critical supplies of a vaccine manufactured by Merck. In Ukraine, the Russian attacks paralyzed critical Ukrainian services, including the airport, Postal Service, gas stations and A.T.M.s.”, The New York Times reported.
Michael Daniel, the president of the Cyber Threat Alliance, previously a cybersecurity coordinator for the Obama administration, said, “None of the decisions that go into the process are risk-free. That’s just not the nature of how these things work. But this clearly reinforces the need to have a thoughtful process that involves lots of different equities and is updated frequently.”
Chein said, in the future, American officials will need to factor in the real likelihood that their own tools will boomerang back on American targets or allies.
A lot of security reports and experts feel there are certain loopholes to this report and that the report lacked backing by some intelligent sources.
https://twitter.com/RidT/status/1125747510625091585
https://twitter.com/ericgeller/status/1125551150567129089
https://twitter.com/jfersec/status/1125746228195622912
https://twitter.com/GossiTheDog/status/1125754423245004800
https://twitter.com/RidT/status/1125746008577724416
To know more about this news in detail, head over to Symantec’s complete report.
DockerHub database breach exposes 190K customer data including tokens for GitHub and Bitbucket repositories
PostgreSQL security: a quick look at authentication best practices [Tutorial]
Facebook accepts exposing millions of user passwords in a plain text to its employees after security researcher publishes findings