The Shadow Brokers crew has dumped online a list of servers apparently compromised by NSA hackers.
The list contains historic targets of the NSA-linked Equation Group. The date stamps suggest the systems were compromised around 2001 and 2003, and they appear to be used as bases from which US snoops could carry out surveillance or other attacks.
It demonstrates why attribution is difficult in cyber-security – just because an assault comes from systems in a particular nation doesn't mean that nation is orchestrating the attack. Systems can be hacked and commandeered from the other side of the world.
Mail providers, universities and targets in China make up the bulk of the Equation Group roster. Each were targets of INTONATION and PITCHIMPAIR, codenames for cyber-spy hacking programmes.
New Shadow Brokers dump contains list of servers compromised by the NSA to use as exploit staging servers. pic.twitter.com/rVNjWCvgoG— Mustafa Al-Bassam (@musalbas) October 31, 2016
Documents leaked by whistleblower Edward Snowden provide strong evidence that previous dumps by the Shadows Brokers feature malware and exploits that originated at the NSA, as previously reported. The latest Shadow Brokers dump was signed using the same key as the initial dump of NSA exploits, which the Shadow Brokers unsuccessfully tried to auction off.
A message accompanying the latest dump somewhat incoherently calls for attempts to disrupt the forthcoming US presidential election.
This poorly argued rabble-rousing has been met with some derision. Security experts have questioned the value of the leaked target list, at least outside the realm of cyber-espionage historians. "The list of servers is nine years old. [Many] likely no longer exist or [are] reinstalled," said security researcher Kevin Beaumont, in an update on Twitter. ®