Information Security News
A group called the Shadow Brokers made headlines this month by leaking a hacking tool belonging to the NSA's Tailored Access Operations (TAO) team. Now this week, several informed sources suggest an inside source may have been involved.
The leaked software—which can exploit weaknesses in a number of network hardware platforms and other devices—apparently may have come with the help of an NSA insider, according to the analysis of several information security experts, reports citing former NSA employees, and one journalist who had access to the files leaked by Edward Snowden. While the hacking tools were said not to have come from the Snowden documents cache, they may in fact be associated with another leaker who provided information to Jacob Appelbaum and Wikileaks, James Bamford suggests in a commentary published Monday by Reuters.
Details of the hacking tools also match with a training manual for NSA cyberespionage operations included in the Snowden document trove, released last week by The Intercept. Some of the tools also match with entries in the TAO's ANT catalog—an NSA internal wishbook for hardware and software exploits. That document was published in part by Der Spiegel in collaboration with Appelbaum back in December of 2013.
Two kits favored by red teams and penetration testers have been updated recently, namely hashcat and SpiderFoot. Hashcat and SpiderFoot together read like a Robert Redford/Paul Newman movie title (yes, Im that old). :-) Thanks to handler Rob Vandenbrink for the hashcat call out.
Hashcat v3.10: The worlds fastest password cracker, and the worlds first and only in-kernel rule engine
SpiderFoot 2.7.0: An open source intelligence automation tool to automate the process of gathering intelligence about a given target: IP address, domain name, hostname or network subnet. SpiderFoot can be used offensively, i.e. as part of a black-box penetration test to gather information about the target or defensively to identify what information your organisation is freely providing for attackers to use against you.