ContentsIntroduction 2Discussion 2Problem Identification 2Occurrence 3Solutions 4Conclusion 5References 5
IntroductionThe discussion is about a complete group of the hackers where the discussion is about the toolswhich have been used for the hacking by the team of Shadow Brokers. They are considered someof the major tools for the functioning which were used by NSA (National Security Agency). Thediscussion on the tools highlights about NSA, which is exposed by some people of the group,who are involved in the crime. The group is primarily known as Shadow Brokers (Threat Actor).The report highlights on the different factors where the problems need to be discussed which arecaused by the group and the major reason of their occurrence as well. The discussion will also beon the different mitigation factors to handle the attacks which are possible in future.DiscussionThe hackers have been active from 2016 (chronology of the incident). They have been involvedin different exploitation of resources which are generally from the leakage of information thatassociates to the National security Agency (NSA) (Motives). The exploitation includes thetargeting of firewall of the business and the anti-virus or the products which are related to theMicrosoft Corporation. The team of hackers are informed with main hack which is called as theEquation group that has been associated to the operational National Security Agency (NSA).Problem IdentificationIn August 2016, the hackers have claimed to have stolen the cyber weapon from other hackingteam which is known as Equation group (Caulfield et al., 2017). The cyber weapons were usedby NSA and it involved the accessing of the files which were a secret storage stored with NSA.The group also led to the hacking ad then there were software accounting files to 1 GB ofinformation which was collected over the long period of time. It includes how NSA is able tohandle the selling of codes and other relevant information to people. They are doing it forearning money, through online auctioning method. The auction was then supposed to be for theuse of cryptocurrencies. Hence, the auction was seen to be an unsuccessful one.It was seen that on April 2017, there were different activities where the hackers were included inthe dumping of data (Sanger, 2016). This directly accounted for the 300 Mb of data. The hackingteam members have announced that they had published some of the tools for hacking and the
resources from CIA which was mainly for spy on the different transactions that were done bypeople. This directly led to the group claiming about the problems related to the vulnerabilityissues of the Windows, which were installed in Swiss bank. Hence, the software was then usedby the people and the different banks, which led to the major issue and a grave threat to thedifferent banks in the world.Event occurrence activitiesConsidering the possibilities of the hacks, there were bugs in system, where the issue was mainlyarisen due to the government mishandling. There were troubles on the targets as they weregetting closer to the system. The presence of the malfunctioning led to the exploitation of thesystem, as the people were able to access it and conduct different operations (Motives). Therewere questions on the security about the agencies, involved. The issue was further discussed withFBI for giving the light on the discussions for the requirements and how the enforcement of lawcould be handled in agencies (Shane et al., 2017). The documentation was seen to be released,and the codes which were seen relevant to it. This was mainly done to facilitate the use in all thedevices. The use of the same would not need any greater programming experts for running andimplementation. It was seen that the first document led to the disruption of the functioning ofCisco and the other developing websites. To check on the authenticity of some of the stolendocuments, NSA reported that the data was stolen due to the malware attack which wasconsidered to be of a virtual print of NSA. This included 16 digits of identification code.according to Kaspersky, there were similarities in documents which led to the authenticity of thesources that were found for the same (Technical Means).Considering the problems, it was seen that there were documents which were released byShadow brokers who were showing some of the operations of NSA to handle the network of thebank transfers for the areas like Middle East (Brewer, 2016). This was named as SWIFT. Thehacking also revealed that the operations of NSA needs to be handled. This directly led to theproblems in the operations as there were suspicions of the bank which were seen to be mainlyprominent. If authenticity is talked about, there were some stolen documents and the companieswere getting involved with their data getting exploited. There were issues about how the clientshad to handle the problems of the transferring of money through banks as the hackers weretaking a complete track of the issues and the details of the people. Microsoft did not allow the
security patches to be released to the companies, and were only giving to them, who could affordit. This led to major issues, as many websites had to lose their data.SolutionsAs per the analysis, there were different speculations which were made by the companies toovercome the problems which were faced due to the occurrence of attack by Shadow Brokers.The organization should work on solution-based protocols for minimizing the risk of attack. Butit was noted that Microsoft started working on the patches for addressing the problems, and thevulnerability, even before the message came from the hackers of Shadow Brokers. Though, therewere patches in the system, it required weeks before making it publicly available from NSA.The theory included the discussion which was not clear for the parties as they were not claimingabout the information disclosure but there were reasons for the application of patched to thesystem, so that there is a mitigation of risks (Broadhurst et al., 2017).There were Vulnerabilities Equity process which was seen to be created under the influenced ofObama and now that tend to continue by Trump. It was made mainly for minimizing thevulnerability of security and the threats for agencies of the government.Some of the major recommendations could be that NSA should be banned from stockpiling thevulnerabilities. The NSA tools lead to the exploration of software vulnerabilities in theWindows. Hence, NSA need to work on finding the security holes in operating systems withdevising the software to take advantage of it. The stockpiling of the vulnerabilities would beeffective as the companies won’t be having the patches of vulnerability.The companies should issue the security patches for the people and for not only the customerswho are paying. The patches should be available to everyone for free, so that the attacks likeWannaCry attack should get a wakeup call from the government, to change their behavior ofattacking.Apart from this, IT staff should face the consequences over the attacks that could have beenprevented. The secured patches were made available before the attacks so that the companies canprotect their software. The basic thing of IT staff was to look for the company security whichwas one of the ways to make sure that the patches have been applied, as they are issued. The
embracing of the automatic updates could be one of the effective methods. One needs to focus onthe featuring of updates that contain no security features that should be allowed to be put off.Hence, they should be applied automatically, although the users should have the liability tochoose them at the time of installing the software.ConclusionConsidering the case of cyber terrorism, Shadow Brokers have been working on the several zero-day exploits. They have been targeting the different firewalls and the antivirus software withMicrosoft products. It has become a major duty of the companies to fight back and remove theproblems. The best way that the government can do so is through cutting down on piracy. As perthe analysis, there is a possibility to prevent the attacks, if they are handled in a proper manner,and the security patches are provided to the companies for free. This will not only limit theexistence of the hackers but also give a way to improve and make the security strong.ReferencesBoatman, K. (2015). Beware the Rise of Ransomware.Boylan, R. J. (2015) The shadow government: its identification and analysis.’. New Dawn, (42),21.Brewer, R. (2016). Ransomware attacks: detection, prevention and cure. NetworkSecurity, 2016(9), 5-9.Broadhurst, R., Woodford-Smith, H., Maxim, D., Sabol, B., Orlando, S., Chapman-Schmidt, B.,& Alazab, M. (2017). Cyber Terrorism: Research Review: Research Report of theAustralian National University Cybercrime Observatory for the Korean Institute ofCriminology.Caulfield, T., Ioannidis, C., & Pym, D. (2017). The US Vulnerabilities Equities Process: AnEconomic Perspective.Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., & Kirda, E. (2015, July). Cutting thegordian knot: A look under the hood of ransomware attacks. In International Conference
on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 3-24).Springer, Cham.Sanger, D. (2016). Shadow brokers leak raises alarming question: Was the NSA hacked. NewYork Times. Retrieved August, 27, 2016.Shane, S., Mazzetti, M., & Rosenberg, M. (2017). WikiLeaks releases trove of alleged CIAhacking documents. The New York Times, Mar.