The hacking group which goes by the name of The Shadow Brokers, who had previously released NSA hacking tools, has today released more. The announcement has been published on Medium, and signed by the same PGP key used for other announcements by the group.
Security researcher known as Hacker Fantastic posted an analysis claiming the dump contains 306 domains and 352 IP addresses relating to 49 countries including addresses from Russia, China, India, Sweden, and many others.
The release comes as NSA contractor Hal Martin who, according to The Washington Post, is a prime suspect in The Shadow Brokers case is detained for allegedly stealing large amounts of classified documents from the NSA.
Alan Woodward, professor of cyber-security at Surrey University told SCMagazineUK.com: “The data itself doesn't contain that much: a list of systems with IP addresses, some data on the OS used (notably a lot if Solaris) and some ancillary info such as whether the kernel has been enabled to store keys. The systems are not typically publicly accessible so if the data is true it suggests someone was inside these networks. The systems are located all over the world and include a variety of organisations - nothing stands out. It might be that these systems were not the holders of valuable data but were compromised to act as platforms for launching further attacks. The data seems to be quite old: several years.
Nothing in what we see here sheds any light on who might have been behind compromising these systems, assuming they were actually compromised. There is no way of telling of the systems listed were actually compromised as most will have been updated, security fixes applied and so on.
Many commentators start from the position that this was the NSA. I find nothing in this new data to confirm that. It could equally have been another country's intelligence agencies. The whole purpose behind using compromised systems to mount attacks is to plant false flags. It's standard tradecraft and is precisely why attribution is difficult.
In short, I don't see that this has moved anything on in terms of who was behind these comprises, or even if the compromises are real.”