Information Security News
Shadow Brokers, the mysterious group that gained international renown when it published hundreds of advanced hacking tools belonging to the National Security Agency, says it's going dark. But before it does, it's lobbing a Molotov cocktail that's sure to further inflame the US intelligence community.
In a farewell message posted Thursday morning, group members said they were deleting their accounts and making an exit after their offers to release their entire cache of NSA hacking tools in exchange for a whopping 10,000 bitcoins (currently valued at more than $8.2 million) were rebuffed. While they said they would still make good on the offer should the sum be transferred into their electronic wallet, they said there would be no more communications.
"Despite theories, it always being about bitcoins for TheShadowBrokers," Thursday's post, which wasn't available as this article was going live, stated. "Free dumps and bullshit political talk was being for marketing attention. There being no bitcoins in free dumps and giveaways. You are being disappointed? Nobody is being more disappointed than TheShadowBrokers."
Adobe rolled out a set of patches for Acrobat, Adobe Reader, and Flash on Patch Tuesday this week, and the update had an unwelcome surprise in store for Chrome users. After updating their systems, they found that Chrome was prompting them to enable an extension from Adobe.
The extension does a couple of things; it provides a quick way to convert a Web page into a PDF if you have a full, paid version of Acrobat, and it lets you choose to open PDFs in Adobe Reader rather than using Chrome's built-in PDF support. This is occasionally useful for using PDF features that the browser-based support doesn't offer. The extension has existed for some years. The new, more aggressive distribution is new, however. The plugin seeks permission to do three things; "read and change all data on the websites you visit," "manage your downloads," and "communicate with cooperating native applications." The level of access required appears to be consistent with the plugin's stated purpose: as it can make a PDF of any page, it needs to have access to any page, and Chrome does not distinguish between extensions that read from pages and those that modify them.
The extension also collects basic information and sends this to Adobe. This tracking appears to be on by default, though it can be disabled through the extension's options page. Adobe states that this information is anonymous and does not include URL data.
On Thursday, Vice Motherboard reported that an unnamed source provided the site with 900GB of data hacked from Cellebrite, the well-known mobile phone data extraction company.
Among other products, Cellebrite's UFED system offers "in-depth physical, file system, password, and logical extractions of evidentiary data," and is often the go-to product for law enforcement to pull data from seized phones and other devices.
In a statement, Cellebrite called this hack "illegal" and noted that "the company is not aware of any specific increased risk to customers as a result of this incident; however, my.Cellebrite account holders are advised to change their passwords as a precaution."