Remember those stolen 'NSA exploits' leaked online by the Shadow Brokers? The Chinese had them a year before Months before top-tier hacking tools, likely built by the NSA, were leaked to the public by a group calling itself the Shadow Brokers, the exploit code was apparently being used by Chinese state hackers to infiltrate systems. This is according to Symantec, whose researchers this week said that an operation known as Buckeye was …
"While Symantec could not say exactly how China had been able to get its hands on the NSA attack tools"
Someone installed "Norton Security" on a computer, then discovered that it actually works against productivity and uninstalled it and thus was exposed long enough for someone else to hack into said computer?
"Norton Security: because we know that every browser, application and website is a virus just waiting to happen, so we block everything."
"Norton Security: because we know that every browser, application and website is a virus just waiting to happen, so we block everything."
I stopped recommending Norton Security years ago when I found it was stupid enough to block itself from going online because the subscription had expired.
Stay calm, citizen! Once the government-mandated backdoors have been installed, these tools will no longer be needed. And there is, of course, absolutely no chance that a target will be able to discover how the backdoors work when they are used against them.
So at least two governments had it before it was public.
Who's to say it wasn't more widely shared than that? More governments, not to mention perhaps private-sector blackhats?
And do we have proof of its origin, or is it just assumed to be the US Government/Equation Group because that's where it leaked into the public domain from?
As we do not know the original author, who says the Chinese stole it from the Americans? It could have easily been the other way around. In fact, there are any number of scenarios, from either side reverse engineering it/binary modifying, through to an unknown 3rd party supplying it to any number of international agencies. All a load of hearsay and codswallop.
There is a wiki article/numerous security articles about a Swedish worm, that clearly says it was The Chinese. I do love the way the security industry loves to cast blame and aspersions with no real proof of anything and still go to print with it too, much to the delight of the MSM who can then demonise at will.
Or, as suggested above, a third party collecting compensation from multiple international sponsors? For budget preservation reasons it's likely government agencies would claim credit for the work, while arrogantly assuming they had everything under control. We already know from Vault 7 that they claimed to be able to fake the source of attacks (what the lawyers in any future case tried against certain GRU officers would raise as "reasonable doubt"). Is it that much of a stretch to think they wouldn't falsely claim authorship if it were in their interests?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
