The seeds of the massive cyber attack that disrupted hospitals across England and affected almost 100 countries including India on Friday were sown by a mysterious hacking group “Shadow Brokers” in April when it leaked a hacking tool called “Eternal Blue” developed by the US National Security Agency (NSA).
Interestingly, the same tool is believed to have been used by another anonymous hacking group to gain remote access to computers, that brought parts of the NHS to a standstill.
“It’s likely that regular online criminals simply used the information that the ‘Shadow Brokers’ put on the internet and thought ‘how can we monetise this’,” telegraph.co.uk quoted Graham Cluley, a computer security expert, as saying on Saturday.
The report quoted a statement from “Shadow Brokers”, issued to a specialist technology website in December, as saying: “The ‘Shadow Brokers’ is not being irresponsible criminals. The ‘Shadow Brokers’ is opportunists. The ‘Shadow Brokers’ is giving ‘responsible parties’ opportunity to making things right.”
“Eternal Blue” was developed by NSA as a weapon to gain access to computers used by terrorists and enemy states around ther world.
“Shadow Brokers” in April claimed to have stolen this hacking tool and dumped it online.
The hacking group first appeared in August last year when it leaked a list of NSA hacking tools.
There were apprehensions that the leak came from an an insider gone rogue but the later reports suggested that the elite hacking group was tied to the Russian government and was responsible for leaking sensitive data from NSA many times.
The US has never accepted that the tools leaked by “Shadow Brokers” belonged to the NSA or any other US-based intelligence agency but according to a New York Times report on Friday, former intelligence officials have said that the tools appeared to come from the NSA’s “Tailored Access Operations” unit, which infiltrates foreign computer networks.
The strange relation between “Shadow Brokers” and NSA has surfaced sporadically since last year when the group came to light.
“Shadow Brokers” also released a cache of information detailing how the NSA accessed private and public networks of some countries.
In India, a section of computers of Andhra Pradesh’s police departments were also affected during the global cyber attack on Friday. Computers in 18 police units in Chittoor, Krishna, Guntur, Visakhatpatnam and Srikakulam districts were affected.
The hacker group had previously released data, suggesting the US agency may have been monitoring hundreds of IP addresses in Pakistan.
The group had initially wanted to auction its data cache in exchange for Bitcoin but as no buyer turned up, they released the data online.
Earlier this year, the group published a set of documents that indicated that NSA penetrated the Society for Worldwide Interbank Financial Telecommunication (SWIFT) banking network in the Middle East.
The hacking group published the leaks in April that targeted a variety of Windows servers and Windows operating systems, including Windows 7 and Windows 8.
But “Shadow Brokers” did not provide a coherent explanation of why they chose to publish the Microsoft and SWIFT vulnerabilities.
The document dump — which is mostly lines of computer code — amounted to an emergency for Microsoft because the hacks consisted of a variety of “zero-day exploits” that could serve to infiltrate Windows machines for purposes of espionage, vandalism, or document theft.
The same group in April addressed the US President in a blog post, alleging that it was a US missile attack on a Syrian air base that led to a chemical leak, resulting in the death of more than 80 people.