Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

NSA Used Simple Tools to Detect Other State Actors on Hacked Devices
security week ^ | 3/7/2018 | Eduard Kovacs

Posted on 03/07/2018 5:17:25 PM PST by bitt

An analysis of leaked tools believed to have been developed by the U.S. National Security Agency (NSA) provides a glimpse into the methods used by the organization to detect the presence of other state-sponsored actors on hacked devices, and it could help the cybersecurity community discover previously unknown threats.

Over the past few years, a mysterious hacker group calling itself Shadow Brokers has been leaking tools allegedly created and used by the Equation Group, a threat actor widely believed to be linked to the NSA. The Shadow Brokers have been trying to sell Equation Group tools and exploits, but without much success. They say their main goal has been to make money, but many doubt their claims.

One of the sets of files leaked by the hackers last year, named “Lost in Translation,” includes a series of modules dubbed “Territorial Dispute.” Researchers at the Laboratory of Cryptography and System Security (CrySyS Lab) of the Budapest University of Technology and Economics in Hungary, who have been involved in the analysis of Duqu and other advanced persistent threats (APTs), have conducted an investigation and they determined that the Territorial Dispute tools are designed to detect the presence of other state-sponsored groups.

According to CrySyS, the tools are relatively simple; they search the targeted device for specific files, Windows registry entries, and other indicators of compromise (IoCs) associated with known APTs.

(Excerpt) Read more at securityweek.com ...


TOPICS: Crime/Corruption; Extended News; Government; Politics/Elections
KEYWORDS: hacking; nsa

1 posted on 03/07/2018 5:17:26 PM PST by bitt
[ Post Reply | Private Reply | View Replies]

To: bitt

It’s pretty much a 100% certainty that NSA was monitoring Hillary’s server.


2 posted on 03/07/2018 6:02:05 PM PST by rdcbn
[ Post Reply | Private Reply | To 1 | View Replies]

To: bitt

Sophisticated enough to know whether it was the CIA faking a Russian hack or Russia really hacking?


3 posted on 03/07/2018 6:18:41 PM PST by RetiredTexasVet (Start using cash and checks or the elite class and bankers will make "cashless" the norm.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdcbn

Duqu......Dooku......Palpatine’s revenge chat captured on FBI desktop.


4 posted on 03/07/2018 6:21:56 PM PST by txhurl (The Final Thunderdome: Two Americas enter, One America leaves.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: rdcbn
It’s pretty much a 100% certainty that NSA was monitoring Hillary’s server.

They probably installed it for her.

5 posted on 03/07/2018 7:11:41 PM PST by UCANSEE2 (Lost my tagline on Flight MH370. Sorry for the inconvenience.)
[ Post Reply | Private Reply | To 2 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson