In case you missed our coverage this week in ThreatWatch, Nextgov’s
Did the National Security Agency get hacked?
That’s the big question of the week, which people started asking Aug. 13 when a group calling itself the Shadow Brokers kicked off a bitcoin auction for what it called were cyber weapons from the NSA-linked Equation Group.
As security experts dig through the data dump that accompanied the auction, they’re finding ties to NSA and its Tailored Access Operations Unit. The exploits show a high-level of sophistication and target Fortinet, Cisco, Juniper, TopSec and other network security systems. Some of the code names for hacking techniques that appear in documents leaked by Edward Snowden also pop up.
“Circumstantial evidence and conventional wisdom indicates Russian responsibility,” wrote Snowden on Twitter. He’s not the only one: James Lewis, a computer expert with the Center for Strategic and International Studies, told The New York Times the incident was “probably some Russian mind game.”
Though NSA has yet to comment publicly, WikiLeaks weighed in, tweeting it has copies of NSA’s cyber weapons and plans to release a “pristine copy in due course.”
A huge number of Android users are vulnerable to a flaw that allows attackers to intercept communications and—if unencrypted—inject malicious code or content, according to a mobile security company.
“We can estimate then that all Android versions running the Linux Kernel 3.6 (approximately Android 4.4 KitKat) to the latest are vulnerable to this attack or 79.9 percent of the Android ecosystem,” says a Lookout blog post.
Until a patch is issued, the Lookout blog suggests encrypting traffic, using HTTPS with transport layer security and using a virtual private network.
A hacker reportedly connected to Russian intelligence groups posted the personal cellphone numbers and emails of most of the Democrats in the House of Representatives Aug. 12.
Guccifer 2.0 posted the information as part of a document dump, which the hacker said was stolen from the Democratic Congressional Campaign Committee. The dump also included information about House races, DCCC event memos and committee passwords, according to Politico.
“All of you may have heard about the DCCC hack,” Guccifer 2.0 wrote in a blog post. “As you see I wasn’t wasting my time! It was even easier than in the case of the [Democratic National Committee] breach.”
Guccifer 2.0 claims to be Romanian, but other evidence links the hacker to Russian state-sponsored actors, including the group FANCY BEAR, also known as APT28.