Documents from the Edward Snowden archive prove that the malware and exploits dumped on the public internet on Monday originated from the NSa.
among the files leaked by whistleblower Snowden in 2013 is a draft NSa manual on how to redirect people’s web browsers using a man-in-the-middle tool called SECONDDaTE. This piece of software meddles with connections in real-time so targets quietly download malware from NSa-controlled servers.
That archive contained 14 files – including one called SecondDate-3021.exe – that feature the aforementioned ID code from the NSa manual. That top-secret document only came to light today, via The Intercept, five days after the Shadow Brokers uploaded their cyber-haul.
The confirmation of the veracity of the Shadow Broker archive is bad news for the NSa, but is potentially catastrophic for the rest of us.
Given the size of the archive, and the range of computer security vulnerability exploits it contains, malware authors and hackers are going to be rushing to use the information to crack systems around the world. any vendor who has kit mentioned in the archive should get patching.
“So the risk is twofold: first, that the person or persons who stole this information might have used them against us,” said Green.
“If this is indeed Russia, then one assumes that they probably have their own exploits, but there’s no need to give them any more. and now that the exploits have been released, we run the risk that ordinary criminals will use them against corporate targets.”
Some companies, such as Cisco, have already begun the patching process but that’s just the tip of the iceberg. In addition to router hacks and other exploits, the archive has files for decrypting Cisco PIX VPN traffic, and implanting malware in PC motherboard firmware in ways that would make it almost impossible to detect or delete.
With the newly published Snowden documents showing that the archive is real, there’ll be no excuse for vendors that fail to examine it and patch accordingly. ®