The Shadow Brokers: They Caught a Break?

dawnalderson
Jul 28, 2017 · 5 min read

In this piece, my aim is to present an accessible account less the technological detail/language, wherever possible, because reach is why I post on medium.

It has been almost a year since the Shadow Brokers (TSB) first appeared, in fact it was August 13th 2016. For a comprehensive timeline see Matt Suiche’s work here . On August 19th 2016, I suggested TSB were setting out as a start-up business; though the business plan was not clear at the time, this evolved during the months that followed. In the following sections, I set out to consider the aim, focus and purpose of the TSB actions to date.

The Aim of the Shadow Brokers & their Business

It appears there are two strands underpinning the aim of TSB business. First, there is a want to let the World know TSB business can access NSA tools and implement such tools to cause chaos in the public domain. Second, is about reach and scale for disruption. The aim is not about making a financial gain, in the first instance. In aiming to disrupt and openly point the blame at the NSA, suggests the absolute foundation of this work/business is to awaken the NSA about its impact on the World; and in modelling such an impact, TSB aim to show the utter shambolic state of affairs that has been a supposed government agency working below par.

The Focus of the Shadow Brokers & their Business

Tied in with the aim, the focus of the work is about revealing the breadth of what it is the NSA has done (hold onto that for a moment=has done, past tense), manifest in the selection of information released openly as well as that for sale; and as evident in Matt Suiche’s blackhat slides: a recognisable pattern of exploits exist. Among these exploits is an undeniable focus of TSB releases, which refer to attack behaviours related to operating systems (OS). This is how the OS works, in general.

Two specific OSes are the focus in TSB work, to date: Windows and Linux/Solaris. Essentially, the focus is on revealing dents in such a legacy system, as for example, when we saw the manifestation of an exploit that impacted for a public-global attack on XP/WIN7 and so on. It is also worth mentioning Linux kernel root-kits exist to attack and major vulnerabilities have been shown for Windows applications able to run on top of Linux; a good example of kit for that is Wine here. Notably, it was on the 15th of May 2017, according to Matt Suiche’s slides TSB:

First announcement of a monthly-based subscriptions subtitled “Wine of the Month Club”, where TSB claims to have:

  • Files more recent than the exploits and tools
  • latest files are 2013 timestamped so far.
  • New targets
  • Web Browsers, Routers or even Windows 10 exploits.
  • More operational notes on SWIFT providers and Central Banks.
  • Compromised network data
  • Russian, Chinese, Iranian and North Korean nukes and missile programs.

Not only are we now able to confirm TSB focus is on Windows/Windows applications for Linux/other OSes-possibly, but we see TSB are telling us they will endeavour to branch out. Let’s stick with OSes for the moment.

Windows 10 exploits are a worry, given a chunk of what has been released to date suggests TSB have been releasing old stuff! The implication is that they are still able to extract new exploits/code/tools-if indeed Win 10 can be attacked. Why? I propose, TSB focus on revealing OS exploits is to suggest NSA are still hard at work creating tools to attack/infiltrate OSes. You may ask why just the OS? Well, we know it isn’t just the OS given the bullet-pointed list above; but that list does not specifically state libraries. The dll (library) for Windows is a large body of work for another agent, namely the CIA (see Vault7). So, we have NSA who focus on the OS and the CIA who focus on exploits for dll, among others.

The Purpose of the Shadow Brokers and their Business

The purpose of TSB, is a clever one. What they have done/are doing is modelling many high end techniques and it is not about showing off; rather, it is about educating those willing to learn. And, if they make cash along the way that is a bonus-but most definitely not central to their work. TSB model the exact opposite behaviours and techniques to those they expose. They work deeply with encryption, use blockchain and bitcoin. They even use a social media and blockchain hybrid known as steemit to communicate their messages to the public. I want to finish on one technique/methodology I also think they use, but I cannot be sure; however, if we are to seriously consider the fact that OSes are pretty much like a colander these days and associated libs tinkered with to the hilt then an alternative build is needed.

A computer can be used without an OS, but can only run one program. I suggest this is what TSB use as well as their own servers and back-end state of the art databases-might even use BAAS (Back end as a service-or variations of that). It seems this might be the way forward for all, in seeing systems/applications and so on not as an interconnected one system for all, but a referral back to separate systems within our institutions and organisations. I say this having experienced in universities both combined systems and separate systems for learning, teaching and assessment. If you have it all in one place and there is a DDOS, this is not great!

To conclude, the message is simple: it is time to depart from legacy systems, it is time to give some thought to the common operating systems that have become common features across the globe-without question; and it is time to consider embracing new technologies such as alternative ways of thinking about an operating system and its functionality/capabilities as well as what is on offer with the blockchain revolution. Referring back to the title of this paper: Did the Shadow Brokers catch a break? They certainly did!

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade