We will write a custom Assessment on Cyber Security: Shadow Brokers Hacker Group specifically for you
301 certified writers online
What Has Happened and What Was Stolen
- A concealed group of hackers stole several disks containing secret data belonging to the National Security Agency (NSA) in 2013 (Schneier 2017);
- In 2016, they announced an auction to sell off the data they had obtained illegally;
- The group demanded one million bitcoins for the data;
- When they failed to receive what they wanted, they started publishing files (Haridy 2017);
- The intelligence-gathering capacity of the NSA was undermined;
- Simultaneously, sophisticated cyberweapons became available for anyone who would like to obtain them;
- The group allowed the developers of the WannaCry ransomware to use the tools they required for infecting large numbers of computers;
- Shadow Brokers damaged several major mail servers (Linux) and operating systems (Microsoft Windows, Cisco routers) rather seriously;
- The group menaced to let out more secret data from the NSA on a monthly basis.
- Such actions made it possible for the governments of other countries and cybercriminals to develop hacking tools against the US (Schneier 2017);
- In May 2017, a blog post was published by Shadow Brokers, in which they announced a strange subscription model that suggested a monthly “haul of data” for the subscribed members;
- For the data, the group wanted to be paid in Zcash, the cryptocurrency that was launched in October 2016;
- The reason behind such a choice of currency is considered to be related not to the reliability of Zcash but to the desire of Shadow Brokers to point out the connection of the US government to its development (Harify 2017).
Threats to Public Infrastructure
- In case the network infrastructure is damaged, criminal groups can obtain control of the infrastructure;
- Such control enables malicious groups to compromise different types of devices;
- Stolen data and redirected or altered traffic leads to serious problems in many systems all over the country;
- Possible outcomes of hacker attacks are data theft, denial-of-service, and unauthorised data modification;
- Since Shadow Brokers have constant access to network devices, they can make new attacks even after they have been forced out from the hosts they exploited earlier (United States Computer Emergency Readiness Team [US-CERT] 2016);
- The group puts under threat not only the individual users but whole corporations and even the government;
- The country’s security is damaged seriously;
- Shadow Brokers’ activity may also lead to massive losses due to blocking the work of some network services (Schneier 2017).
Possible Controls of Future Leaks
The US-CERT (2016) offers several solutions to controlling information leaks in the future:
- Networks and functions should be segmented in order to restrict the intruders’ access to the internal framework;
- When a network is insufficiently segmented, malicious groups can extend their influence on secret data;
- Sensitive information should be physically separated;
- Placing routers between networks will help to create additional boundaries and filter users’ traffic;
- In the design of network segments, the principles of least privilege should be applied;
- Unnecessary lateral communications should be limited;
- The system becomes more vulnerable if unfiltered communications between workstations are allowed;
- It is recommended to harden network devices;
- To protect routers, there should be access lists that will enable remote control and surveillance;
- Configurations should be backed up and stored offline;
- It is possible to protect sensitive files with encryption in case they need to be sent electronically;
- Physical access to routers should be limited;
- Security configurations should be tested against security requirements from time to time;
- Access to infrastructure devices should be limited.
Haridy, R 2017, ‘Shadow Brokers hacking group reveals bizarre data dump subscription plan‘, New Atlas. Web.
Schneier, B 2017, ‘Who are the Shadow Brokers?‘, The Atlantic. Web.
United States Computer Emergency Readiness Team 2016, Alert (TA16-250A): the increasing threat to network infrastructure devices and recommended mitigations. Web.