Cyber Fear As a Service

image

Today, we presented our presentation about TheShadowBrokers at BlackHat in Las Vegas, even though TSB expressed in a tweet (now deleted), they would rather have seen the presentation at DEF CON.

Materials

Download our Slides here and Whitepaper here presented at BlackHat USA 2017.

You can find all our posts on the subject at https://blog.comae.io/theshadowbrokers

Abstract

Who are/is TheShadowBrokers? We have no clue. Nobody really does. The Shadow Brokers are one of most controversial characters of this Cyber-Era. The mysterious group emerged mid-summer 2016 when they started to anonymously, publicly drop tools and operational notes that allegedly belonged to the NSA Tailored Access Operations unit. This group referred to itself as The Shadow Brokers and quickly became the NSA’s worst nightmare since Edward Snowden.

Previous whistle blowers released documents redacted of sensitive nature, such as authors. But with The Shadow Brokers, what emerged was a different level of dangerous and more aggressive leaks that didn’t only release highly sensitive tools, but also revealed a wide range of modus operandi that included agents’ names and the full disclosure of the NSA’s complex (and many argue irresponsible) attack against the backbone of the Middle East’s financial institutions. For now, The Shadow Brokers are happy to have the general public guessing their identity and true origins. Is it an intelligence organization running a highly complex set of misdirection and penetration? Is it a second Snowden with access to the NSA’s most sensitive cyber weapons? We may never know. What is certain, is that the emergence of The Shadow Brokers is a game-changer and presents a massively embarrassing (and dangerous) breach for the NSA, the world’s most advanced signal intelligence agency and best resourced government backed hacking organization. This embarrassment became a muse for the most destructive and fast-spreading ransomware (WannaCry) in History, shutting down hospitals and companies across the Globe. Followed one month later by NotPetya, another highly destructive malware disguised as a ransomware which spread primarily in Ukraine.

Timelines

image

TheShadowBrokers Activity Timeline

image

TSB — Wine of the Month Club Timeline