Wednesday, March 7, 2018

Leaked Files Show How NSA Tracks Other Countries’ Hackers



WHEN THE MYSTERIOUS entity known as “Shadow Brokers” released a tranche of stolen NSA hacking tools to the internet a year ago, most experts who studied the material honed in on the most potent tools, so-called “zero-day” exploits that could be used to install malware and take over machines. But a group of Hungarian security researchers spotted something else in the data, a collection of scripts and scanning tools the NSA uses to detect other nation-state hackers on the machines it infects.

It turns out those scripts and tools are just as interesting as the exploits. They show that in 2013 — the year the NSA tools were believed to have been stolen by Shadow Brokers — the agency was tracking at least 45 different nation-state operations, known in the security community as Advanced Persistent Threats, or APTs. Some of these appear to be operations known by the broader security community — but some may be threat actors and operations currently unknown to researchers.

The scripts and scanning tools dumped by Shadow Brokers and studied by the Hungarians were created by an NSA team known as Territorial Dispute, or TeDi. Intelligence sources told The Intercept the NSA established the team after hackers, believed to be from China, stole designs for the military’s Joint Strike Fighter plane, along with other sensitive data, from U.S. defense contractors in 2007; the team was supposed to detect and counter sophisticated nation-state attackers more quickly, when they first began to emerge online.

https://theintercept.com/2018/03/06/leaked-files-show-how-nsa-tracks-other-countries-hackers/

No comments:

Post a Comment