Shadows and equations
Recently offered for sale (by a collective going by the handle the Shadow Brokers) was a collection of high-powered hacking tools and exploits. To whet potential buyers’ appetites, a free sample of the material was released. The asking price for the rest was a cool US$1 million, to be paid in bitcoins. The auctioneers claimed, and subsequent analysis of the freebies corroborated, that the malware originated from the revered Equation Group, said to be a Tailored Access Operations (TAO) unit within the NSA.
The most interesting parts of the cache exploited vulnerabilities in enterprise-grade networking appliances. Cisco and Fortinet released emergency patches, suggesting that the dump included prized ‘zero-day’ exploits (those of which the manufacturer is not aware and no security patch exists). It’s hard to overstate the (predisclosure) value of these things to a well-qualified attacker – the junction boxes of the internet offer see all manner of interesting traffic and a few carefully rewritten routing rules could cause mayhem.