Comment by Moosdijk
5 years ago
>Its basically known as a fact they have loads of these exploits sitting in their toolbox ready to use when they have a enticing enough target.
Do you have a source for this?
5 years ago
>Its basically known as a fact they have loads of these exploits sitting in their toolbox ready to use when they have a enticing enough target.
Do you have a source for this?
Google "NSA TAO" -- Tailored Access Operations. AIUI, among other things they're responsible for developing, discovering, and weaponizing exploits used to access high value targets -- sometimes through fun techniques like "Quantum Insert", a sort of faster-man-in-the-middle attack. The wealth of exploits released in the equation group hack should put all doubts to rest.
Spot on. I expect this was a designed-in feature, but if I could prove it, I wouldn't be able to do so without going to jail.
From public sources:
https://www.spiegel.de/international/world/catalog-reveals-n...
There's a market for exploits that pays pretty well. Someone is throwing millions of dollars at them, and from what we can glean from investigations, leaks and whistle blowers, it's states that are buying them. One company in that space made world-wide news[1] by selling to governments.
[1] https://en.wikipedia.org/wiki/Hacking_Team
>[1] https://en.wikipedia.org/wiki/Hacking_Team
Also a good idea to DDG Phineas Phisher. You should turn up an interesting read on pastebin iirc.
Edit: found it on exploit-db
[0] https://www.exploit-db.com/papers/41915
First time I've seen "DDG", well done.
5 replies →
The whole NSA leaks thing proved it. They had a tool built for exploiting windows boxes which was leaked and converted in to the ransomware WannaCry which spread globally a few years ago.
The NSO Group, the Israeli team behind the Pegasus iOS spyware, have been accused of selling it to the UAE government.
https://www.haaretz.com/middle-east-news/.premium-with-israe...
Interview with a nation state hacker for TAO at NSA.
https://podcasts.apple.com/us/podcast/darknet-diaries/id1296...
I believe they described their toolbox as metasploit on steroids. Some other episodes of darknet diaries also interview former and current government hackers.
Official website with full transcript + some nice pixel art: https://darknetdiaries.com/episode/10/
Who do you think the customers of ZDI, Zerodium, Azimuth and others are?
https://en.wikipedia.org/wiki/EternalBlue