Hackers Attack NSA, Take Advantage of Linux Flaw and Post House Democrats’ Personal Details

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Shadow Brokers vs. NSA

Did the National Security Agency get hacked?

That’s the big question of the week, which people started asking Aug. 13 when a group calling itself the Shadow Brokers kicked off a bitcoin auction for what it called were cyber weapons from the NSA-linked Equation Group.

As security experts dig through the data dump that accompanied the auction, they’re finding ties to NSA and its Tailored Access Operations Unit. The exploits show a high-level of sophistication and target Fortinet, Cisco, Juniper, TopSec and other network security systems. Some of the code names for hacking techniques that appear in documents leaked by Edward Snowden also pop up.

“Circumstantial evidence and conventional wisdom indicates Russian responsibility,” wrote Snowden on Twitter. He’s not the only one: James Lewis, a computer expert with the Center for Strategic and International Studies, told The New York Times the incident was “probably some Russian mind game.”

Though NSA has yet to comment publicly, WikiLeaks weighed in, tweeting it has copies of NSA’s cyber weapons and plans to release a “pristine copy in due course.”

Linux Flaw Exposes 1.4 Billion Android Devices to Spying

A huge number of Android users are vulnerable to a flaw that allows attackers to intercept communications and—if unencrypted—inject malicious code or content, according to a mobile security company.

“We can estimate then that all Android versions running the Linux Kernel 3.6 (approximately Android 4.4 KitKat) to the latest are vulnerable to this attack or 79.9 percent of the Android ecosystem,” says a Lookout blog post.

The recently discovered Linux flaw lets hackers anywhere online to detect when two parties are communicating over a transmission control protocol connection, such as web mail, news feeds or direct messages. At the Usenix Security Symposium, researchers demonstrated how they could shut down connections and, in the case of a legit but unencrypted USA Today web page, insert JavaScript to collect usernames and passwords.

Until a patch is issued, the Lookout blog suggests encrypting traffic, using HTTPS with transport layer security and using a virtual private network.

Hacker Publishes House Democrats’ Personal Cell Numbers, Emails

A hacker reportedly connected to Russian intelligence groups posted the personal cellphone numbers and emails of most of the Democrats in the House of Representatives Aug. 12.

Guccifer 2.0 posted the information as part of a document dump, which the hacker said was stolen from the Democratic Congressional Campaign Committee. The dump also included information about House races, DCCC event memos and committee passwords, according to Politico.

“All of you may have heard about the DCCC hack,” Guccifer 2.0 wrote in a blog post. “As you see I wasn’t wasting my time! It was even easier than in the case of the [Democratic National Committee] breach.”

Guccifer 2.0 claims to be Romanian, but other evidence links the hacker to Russian state-sponsored actors, including the group FANCY BEAR, also known as APT28.