NSA website goes down as hackers auction stolen ‘cyber weapons’

If you try to visit the NSA’s website right now, you’re in for a big disappointment.

Because someone or something has made nsa.gov inaccessible to the outside world, and the United States’ National Security Agency has been struggling to get its website back online since Monday evening.

As Politico reports, the NSA website was first found to be inaccessible just before 11pm EST on Monday and didn’t come back until 5pm the following day.

I’m sorry to report that as I write this, at 5:40pm on Wednesday things are still not looking too good.

NSA down

Now, there might be any number of down-to-earth reasons why a website is inaccessible. Quite often it can be a goof up by a website’s administrator, who may have misconfigured the server, installed new code without properly checking its consequences, or made a right royal mess of the site’s DNS settings.

But somehow I think we can discount those sorts of explanations on this occasion.

Because the NSA website went dark just hours after a group of hackers calling themselves “The Shadow Brokers” claimed to have stolen “cyber weapons” from an elite hacking group linked to the NSA.

The malicious hacking tools were claimed to come from the highly sophisticated Equation hacking gang, which has previously been rumoured to have links to the NSA.

In a highly unusual move, the Shadow Brokers announced that they would be running an auction, offering the stolen hacking code – which they claimed to be “better than Stuxnet” – to whoever was prepared to stump up the most cash:

Equation Group Cyber Weapons Auction – Invitation

!!! Attention government sponsors of cyber warfare and those who profit from it !!!!

How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.

In an attempt to give its claims more credibility, the Shadow Brokers dumped approximately 250MB of the files as a free “taster”.

Leaked files

As former hacker LulzSec hacker Mustafa Al-Bassam describes on his blog, the released files appear to contain exploit code for hacking firewalls.

Sure enough, it has been confirmed that at least some of the Shadow Brokers’ vulnerabilities are real.

Cisco is one of the firewall vendors impacted by the exploits, and has issued a security advisory raising customers’ awareness of the EXTRABACON and EPICBANANA vulnerabilities.

So, who are the Shadow Brokers? Could it be, as many are assuming, a hacking gang backed by the Russians? Or might it be a rogue NSA insider who has leaked the data?

The truth is, we simply do not know at this time – and until more information comes out it almost seems pointless speculating.

But what we can say is that so far the Shadow Brokers’ attempts to auction its haul of supposed NSA hacking tools has been a monumental flop. The group said it wanted a 1 million bitcoin (equivalent to an eye-watering $568 million) for the stolen code, but so far the highest bid it has received is less than $1000.

Every day we hear about organisations being hacked because of sloppy security, often stemming from human failure. As Edward Snowden proved, even high security establishments like the NSA can suffer major data breaches.

It’s not implausible that sensitive NSA hacking tools have fallen into the wrong hands – but right now, we just don’t know what has happened for certain.

Similarly, we don’t know if the NSA website’s downtime is related to the antics of the Shadow Brokers’ gang, an entirely separate DDoS attack or something more down to earth. But it certainly is a startling coincidence that the website should be proving to be so temperamental at a time like this.

Author Graham Cluley, We Live Security

Follow us

Copyright © 2016 ESET, All Rights Reserved.