SH20TAATSB18    Study    Archive    Feed    About    Error ?

Introduction

The Shadow Brokers’ actions took place in a specific context and I think it is necessary to replace this one to try to obtain a more complete and relevant photography.

Climate

At this time, the USA is in the middle of a pre-election period, an important election since it is the presidential election contested by H. Clinton and D. Trump.

Concerning the American agencies with evocative trigrams (CIA, FBI, NSA, NRO, NGA, DIA, DEA, etc.) they are plunged into a delicate situation having to deal with the after Snowden (case of disclosure to the public of the surveillance and the hand-holding of the American secret services) and struggle to recover from it. The blow having been very hard, going as far as to play in certain antechambers of the questioning of strategic agreements with old partners / allies. The USA’s foreign policy towards Russia is very austere and mistrust is in order, if not omnipresent under the Obama Administration. Abroad, US surveillance has become inappropriate, the countries under surveillance will go so far as to publicly demand report and explanations to the USA about the illegal surveillance program.

A new Threat actor: The Shadow Brokers

On 2016-08-13, a message signed theshadowbrokers appears on several internet platforms. In this message are included several links to an encrypted archive and the password of the latter. Inside this archive are tools belonging to a division of the NSA specializing in computer intrusions, The Equation Group. It is also mentioned in this same message the auctioning of other tools of The Equation Group via a Bitcoin cryptocurrency. After that, several months after, they leaked a backdoor named “ODDJOB”, a set of exploitation, scripts and programs against Windows Operating System (Two of the more interesting things inside the archive were an NSA intrusion tool Metasploit-like, dubbed “Fuzzbunch”; the Eternalxxx exploits, publicly used after the leak in well-knowed attacks WannaCry, NotPetya) & a set of PDF documents showing the U.S. intrusion in one of the Middle East and Latin America banking network, SWIFT.