This is a fantastic read for anyone who has followed the saga of the NSA and The Shadow Brokers. Mr. Krebs is doing a tremendous job running these leads to ground.
This is a nice recap of where the NSA vs. ShadowBrokers stands at the moment. I do find it mildly intriguing how damaged the NSA finds itself amidst this constant trickle feed of compromised data and formerly secret exploits. One telling line in the article references the NSA (and I am paraphrasing) as one of the premier world wide agencies for breaking into computer systems and yet they could not protect their own house.
I do have to agree with Bruce Schneier and others who point to a whistleblower or other insider theory on the breach. ShadowBrokers wants the NSA to suffer, both functionally and in terms of reputation.
Given the recent Equifax breach and this leak by ShadowBrokers, the cyber bad guys now have a huge list of new targets and a new tool to use against them.
Here is some new and even scarier motivation to get your patching up to date. The bad guys are only getting started in their efforts to leverage these exploits.
There have been several posts about this discovery and arrest at the NSA. Another insider has stolen classified information. Many people continue to ask the question – How can this happen at the NSA? What about all of their security? What about all of the efforts required to obtain and maintain a security clearance? The answer to these questions is simple and found in the article. A motivated insider with proper access is extremely difficult to defend against.
The questions I would ask everyone within earshot – Is your security and background checking process as strong or stronger than the NSA? If not, then why are you not incredibly concerned about insider threats?
Is anyone honestly surprised by this revelation? Let us not forget the photographs provided back during the Prism discussions of NSA employees opening Cisco hardware boxes, altering firmware and repackaging devices. Regardless one which side of the Snowden debate you find yourself, I think we can all agree that vulnerabilities and backdoors create weaknesses in products and services, despite the best or worst intentions of the people who placed them there.
This is interesting speculation by Snowden on the NSA hack, especially given Russia’s role in keeping him away from the hands of US officials.