The Shadow Brokers – Cyber Fear Game-Changers

Presented at Black Hat USA 2017, July 27, 2017, 9 a.m. (25 minutes)

Who are The Shadow Brokers? I have no clue. Nobody really does. The Shadow Brokers are one of most controversial characters of this Cyber-Era. The mysterious group emerged mid-summer 2016 when they started to anonymously, publicly drop tools and operational notes that allegedly belonged to the NSA Tailored Access Operations unit. This group referred to itself as The Shadow Brokers and quickly became the NSA's worst nightmare since Edward Snowden.

Previous whistle blowers released documents redacted of sensitive nature, such as authors. But with The Shadow Brokers, what emerged was a different level of dangerous and more aggressive leaks that didn't only release highly sensitive tools, but also revealed a wide range of modus operandi that included agents' names and the full disclosure of the NSA's complex (and many argue irresponsible) attack against the backbone of the Middle East's financial institutions. For now, The Shadow Brokers are happy to have the general public guessing their identity and true origins. Is it an intelligence organization running a highly complex set of misdirection and penetration? Is it a second Snowden with access to the NSA's most sensitive cyber weapons? We may never know. What is certain, is that the emergence of The Shadow Brokers is a game-changer and presents a massively embarrassing (and dangerous) breach for the NSA, the world's most advanced signal intelligence agency and best resourced government backed hacking organization. This embarrassment became a muse for the most destructive and fast-spreading ransomware (WannaCry) in History, shutting down hospitals and companies across the Globe.

In this talk, I’ll detail the leaks The Shadow Brokers have conducted and examine the short and long term impact these leaks present. I’ll also perform a deep dive in some of the most intrusive tools designed by the most sophisticated nation state intelligence agency. Additionally, attendees will learn what changed pre-The Shadow Brokers and during-The Shadow Brokers regarding geopolitical interests using cyber fear as a service.

Presenters:

• Matt Suiche - Founder, Comae Technologies
  Matt Suiche is the founder of the United Arab Emirates based cyber-security start-up Comae Technologies and cyber-security conference OPCDE. Prior to founding Comae, he was the co-founder & Chief Scientist of the application virtualization start-up CloudVolumes which was acquired by VMware in 2014. His also previous employers include the Netherlands Forensics Institute and Airbus.   Matt is best known as the founder of MoonSols for his work in the memory forensics and computer security fields. His most notable research contributions include Windows hibernation file analysis and Mac OS X physical memory analysis. Since 2009 Matt was recognized as a Microsoft Most Valuable Professional in Enterprise Security for his work in discovering multiple security flaws in multiple Microsoft Windows kernel components.   Matt has also been a frequent speaker at various computer security conferences such as Black Hat Briefings, Microsoft Blue Hat Hacker Conference, Hackito Ergo Sum, Europol High Tech Crime Experts Meeting, CanSecWest, PacSec, Hack In The Box, SyScan and Shakacon.

Links:

• https://www.blackhat.com/us-17/briefings/schedule/#the-shadow-brokers--cyber-fear-game-changers-8124
• https://www.youtube.com/watch?v=NqHx70NTQls

Similar Presentations:

• DerbyCon 9.0 Finish Line (2019) / Shadow IT in the Cloud
• BSidesLV 2015 / What Lurks in the Shadow
• Black Hat Asia 2018 / Shadow-Box v2: The Practical and Omnipotent Sandbox for ARM