One year ago, a group called “Shadow Brokers” broke the Internet with a tranche of stolen NSA hacking tools. It was an exciting discovery for specialists to examine and to find out more about the secret activities NSA commences. There have been more than a few curious cases revealed from the stolen data, but a discovery by Hungarian security researchers is one of the most interesting ones so far.
NSA tracks nation-state hackers
The Hungarian specialists dug deep into the tranche and found a collection of unusual scripts and scanning tools. It was determined that the tools were used to detect and track hackers from other countries. NSA had established a Territorial Dispute (or TeDi) group, stolen designs for the military’s Joint Strike Fighter plane, together with tons of other confidential information from United States defense contractors. The purpose of the group was to prevent hackers from commencing cyber attacks.
With all of these spying tools, NSA managed to hack into machines from various types of countries, probably the ones that are the most interesting and might possess some exclusive information. When NSA accesses devices in such countries, they are also interested in another thing: finding out whether other spying tools are present.
If NSA hacks machines in Russia or Iran, they try their best to operate under the radar. If other countries are using spying tools on the machines that the NSA hacked, the situation for NSA becomes more complicated. If the other hackers are amateurs, they could expose themselves with their reckless spying, and in the process, they would also expose NSA and their spying tools.
More analysis of stolen tranche is encouraged
Fearing that their operations might be compromised, NSA created the Territorial Dispute group. They used digital signatures to find APT actors that would belong to other hacking groups. In addition to this, NSA hackers have showed special interest in some of the hacking groups from all over the world.
Hungarian researchers have discovered that NSA tracked the activity of “Dark Hotel” group very attentively. Surprisingly, the tracking was done in 2011: before the Dark Hotel group was detected by the security community. This just shows that NSA knows more than they are revealing, and they are constantly tracking new hacking groups and possibly preventing them from emerging.
Even though a lot of information about NSA was revealed thanks to the stolen tranche, there is still a lot to review. Researchers that have been intensively working on the tranche hope that their discoveries will encourage other security groups to do the same.
Source: theintercept.com.
