11. Conclusion: The Impact of Cybersecurity “‘Begin at the beginning,’ the King said gravely, ‘and go on till you come to the end: then stop.’” - Alice’s Adventures in Wonderland by Lewis Carroll In the summer of 2016 a hacker group calling themselves The Shadow Brokers appeared out of nowhere on the Internet peddling what they claimed were super-secret hacking tools stolen from the NSA. They released a few of the tools to prove that they had the goods and promised to sell the rest to the highest bidder. Eventually, they just released all the tools on the Internet, giving everybody free access to them. Amidst this treasure trove of cyber weapons were several powerful zero-days, including the EternalBlue exploit that was later used in the NotPetya and WannaCry attacks of 2017—two of the most damaging cyber attacks in history till that time. The tools were definitely for real and probably belonged to the Equation Group, the APT many believe is actually the NSA’s Tailored Access Operations (TAO). Soon after this The Shadow Brokers went dark and were never heard from again. Who were The Shadow Brokers and how did they obtain these hacking tools? It is not known for sure who they are, but they are almost certainly a nation state APT. The prime suspects are China, North Korea, and Russia, three of the United States’ major cyber adversaries. The Chinese have undertaken massive data collection operations against the United States, including the theft of millions of highly sensitive personnel records from the United States Office of Personnel Management data breach in 2015. They have also targeted private industry IP and have profited enormously through their cyber espionage activities, saving themselves billions in research and development costs. The North Koreans have also been a significant threat in cyberspace, with their activities tending to center around financing their government through cyber crime. They have stolen cryptocurrency from crypto exchanges, siphoned funds from the international banking system, and installed ransomware on critical infrastructure systems. But many believe The Shadow Brokers are the Russians and that the theft may even have been enabled by Chapter 11
RkJQdWJsaXNoZXIy MTM4ODY=