April 10, 2017
A leaked arsenal of hacking tools allegedly belonging to the National Security Agency (NSA) shows the US spy agency infiltrated the servers of a major Pakistani cellular service provider.
The data dump, publicly released by the ShadowBrokers hacking group earlier this week, includes alleged digital weapons and notes shared by NSA operators about their access inside the servers of a Pakistani mobile network.
Notes contained in the massive dump of encrypted data, which is still being analysed by network security researchers, include details of how NSA used the exploits to infiltrate cellular operators in Pakistan.
One snippet from the leak, several terabytes in size, includes at least 14 lines mentioning different servers operated by a major Pakistani cellular network.
The snippet, analysed by a security researcher who goes by the name X0rz, appears to show NSA operators sharing a step-by-step technical guide on how to hack into the servers.
"Try one of the following…old way, may not work on new machines," says one section of the snippet.
Another section appears to show methods to retrieve call logs of users of the Pakistani cellular service.
"If searching for LACs and cell id's, use the format in the documentation…if searching for phone numbers, use the normal format," it says.
Hundreds of NSA cyber weapons variants publicly released including code showing hacking of Pakistan mobile system https://t.co/bL833ktQpm
— WikiLeaks (@wikileaks) April 8, 2017
In a tweet, Wikileaks claimed the leaked "NSA cyber weapons variants" include "code showing hacking of Pakistan mobile system".
The data dump was publicly released earlier this week by the ShadowBrokers hacking group after it failed to auction the arsenal of hacking tools.
In a lengthy anonymous blog post, the group claimed it was releasing the files as a "form of protest" after losing faith in the leadership of US President Donald Trump.
ShadowBrokers had announced the auction for the alleged NSA cyber weapons in August last year.
The authenticity of the code being NSA software was later confirmed by documents provided by whistleblower and former National Security Agency contractor Edward Snowden to the Intercept.
The exploits are "part of a powerful constellation of tools used to covertly infect computers worldwide", said the Intercept, whose editors include journalists that worked with Snowden to publicise his notorious 2013 NSA leak revealing the extent of government snooping on private data.
It is unclear when the tools were used or how many Pakistani cellular networks were infiltrated, as security researchers are still analysing the massive trove of leaked data over terabytes in size.
The Shadowbrokers release is the latest in a string of leaks from hackers and whistleblowers raising questions over a mass electronic surveillance, espionage, and infection program run by the United States.
Last year, documents released by Snowden confirmed that US agencies hacked into targets in the Pakistan's National Telecommunications Corporation (NTC) to spy on the country's political and military leadership.
In the leak of top-secret documents, Snowden released a classified draft NSA manual on how to implant the SECONDDATE malware – malicious code used to monitor or control someone else's computer.
The draft NSA manual contained instructions telling NSA operators to use a specific string of characters associated with the SECONDDATE malware program.
The documents revealed at least "two documented cases of SECONDDATE being used to successfully infect computers overseas" including "successful attacks against computer systems in…Pakistan."
A report by The Intercept claimed NSA hackers used the malicious program to breach targets in Pakistan’s NTC VIP Division, which contained documents pertaining to "the backbone of Pakistan’s Green Line communications network" used by the "civilian and military leadership".
Last month, Wikileaks released its largest ever publication of confidential documents on the US Central Intelligence Agency.
The release purported to show that the CIA had lost control of a majority of its cyber weapons arsenal – including malware, viruses, trojans, and associated documentation – which it allegedly used to hack into US and European company products, including commonly used electronic devices and software such as Apple's iPhone, Google's Android, Microsoft's Windows, and even Samsung TVs.