Want to know how NSA snoops on you? Here are some tools it uses

Here are some of the NSA snooping tools leaked by Shadow Broke

In what could be the hack of this decade, a hacking group called Shadow Brokers claims to have hacked NSA and has access to some of the most scariest hacking and snooping tools.

Shadow Brokers are willing to sell this tools to the highest bidder according to various news reports. As of now, Shadow Brokers say they dumped 60 percent of all the stolen files, and started an auction, promising to give the winner access to the other 40 percent.

The veracity and authenticity of the NSA hacking tools has been confirmed by multiple sources. Security researchers from Kaspersky have confirmed the leaked data is similar to what they have seen from past Equation Group malware. Another investigative website, The Intercept, with the help of Snowden documents, has tied the leaked malware with actual NSA cyber-weapons.

At the time of writing this articles, most of the URLs where Shadow Brokers dumped details about their operation (GitHub, Tumblr, PasteBin) have been taken down.

NSA snooping tools

Softpedia has compiled a list of NSA hacking and snooping tools which uses for surveillance and hacking. Softpedia says that they “used different analysis provided by Risk Based Security, Mustafa Al-Bassam, Matt Suiche, RST Forums, and other researchers”

Here is a table of NSA snooping tools compiled by NSA

Name Type Description
1212/DEHEX Tool Tool for converting hex strings to IP addresses and ports
BANANABALLOT Implant BIOS implant
BANANAGLEE Implant Firewall implant that does not persist across reboots. Works on Cisco ASA and PIX.
BANANALIAR Tool Connects to an (currently) unknown implant
BANNANADAIQUIRI Implant Uknown, has associations with SCREAMINGPILLOW.
BARGLEE Implant Unconfirmed Juniper NetScreen 5.x firewall implant
BARICE Tool Shell for deploying BARGLEE
BARPUNCH Implant BANANAGLEE and BARGLEE module
BBALL Implant BANANAGLEE module
BBALLOT Implant BANANAGLEE module
BBANJO Implant BANANAGLEE module
BCANDY Implant BANANAGLEE module
BEECHPONY Implant Firewall implant (BANANAGLEE predecessor)
BENIGNCERTAIN Tool Tool for extracking VPN keys from Cisco PIX firewalls.
BFLEA Implant BANANAGLEE module
BILLOCEAN Tool Extracts seral numbers from Fortinet Fortigate firewalls (possible others).
BLATSTING Implant Firewall implant for deploying EGREGIOUSBLUNDER and ELIGIBLEBACHELOR
BMASSACRE Implant BANANAGLEE and BARGLEE module
BNSLOG Implant BANANAGLEE and BARGLEE module
BOOKISHMUTE Exploit Exploit against unknown firewall
BPATROL Implant BANANAGLEE module
BPICKER Implant BANANAGLEE module
BPIE Implant BANANAGLEE and BARGLEE module
BUSURPER Implant BANANAGLEE module
BUZZDIRECTION Implant Unconfirmed Fortinet Fortigate firewall implant
CLUCKLINE Implant BANANAGLEE module
CONTAINMENTGRID Exploit Ready-made payload that can be delivered via the ELIGIBLEBOMBSHELL exploit. Affects TOPSEC firewalls running TOS 3.3.005.066.1.
DURABLENAPKIN Tool Tool for packet injection on LAN connections
EGREGIOUSBLUNDER Exploit RCE for Fortinet FortiGate firewalls. Affected models: 60, 60M, 80C, 200A, 300A, 400A, 500A, 620B, 800, 5000, 1000A, 3600, and 3600A
ELIGIBLEBACHELOR Exploit Exploit on TOPSEC firewalls running TOS operating system versions 3.2.100.010, 3.3.001.050, 3.3.002.021 and 3.3.002.030.
ELIGIBLEBOMBSHELL Exploit RCE for TOPSEC firewalls affecting versions 3.2.100.010.1_pbc_17_iv_3 to 3.3.005.066.1
ELIGIBLECANDIDATE Exploit RCE for TOPSEC fierewalls affecting versions 3.3.005.057.1 to 3.3.010.024.1
ELIGIBLECONTESTANT Exploit RCE for TOPSEC fierewalls affecting versions 3.3.005.057.1 to 3.3.010.024.1. Must be run only after ELIGIBLECANDIDATE
EPICBANANA Exploit Privilege escalation on Cisco ASA (versions 711, 712, 721, 722, 723, 724, 80432, 804, 805, 822, 823, 824, 825, 831, 832) and Cisco PIX (versions 711, 712, 721, 722, 723, 724, 804)
ESCALATEPLOWMAN Exploit Privilege escalation on WatchGuard products. Company says this won’t work on newer devices.
EXTRABACON Exploit RCE on Cisco ASA versions 802, 803, 804, 805, 821, 822, 823, 824, 825, 831, 832, 841, 842, 843, 844 (CVE-2016-6366)
FALSEMOREL Exploit Cisco exploit that extracts the “enable” password if Telnet is active on the device.
FEEDTROUGH Implant Persistent implant on Juniper NetScreen firewalls for deploying BANANAGLEE and ZESTYLEAK.
FLOCKFORWARD Exploit Ready-made payload that can be delivered via the ELIGIBLEBOMBSHELL exploit. Affects TOPSEC firewalls running TOS 3.3.005.066.1.
FOSHO Tool Python library for crafting HTTP requests used in exploits
GOTHAMKNIGHT Exploit Ready-made payload that can be delivered via the ELIGIBLEBOMBSHELL exploit. Affects TOPSEC firewalls running TOS 3.2.100.010.8_pbc_27.
HIDDENTEMPLE Exploit Ready-made payload that can be delivered via the ELIGIBLEBOMBSHELL exploit. Affects TOPSEC firewalls running TOS 3.2.8840.1.
JETPLOW Implant Cisco ASA and PIX implant used to insert BANANAGLEE in the device’s firmware
JIFFYRAUL Implant BANANAGLEE module for Cisco PIX
NOPEN Tool Post-exploitation shell (client used by the attacker, server installed on targeted device)
PANDAROCK Tool For connecting to POLARPAWS implants
POLARPAWS Implant Firewall implant for unknown vendor
POLARSNEEZE Implant Firewall implant for unknown vendor
SCREAMINGPLOW Implant Cisco ASA and PIX implant used to insert BANANAGLEE in the device’s firmware
SECONDDATE Tool Packet injection on WiFi and LAN networks. Used with BANANAGLEE and BARGLEE
TEFLONDOOR Tool Self-destructing post-exploitation shell
TURBOPANDA Tool Tool for connecting to previosuly-leaked HALLUXWATER implant.
WOBBLYLLAMA Exploit Ready-made payload that can be delivered via the ELIGIBLEBOMBSHELL exploit. Affects TOPSEC firewalls running TOS 3.3.002.030.8_003.
XTRACTPLEASING Tool Converts data to PCAP files
ZESTYLEAK Implant Juniper NetScreen firewall implant

If you want to view the files published by Shadow Brokers, please visit Softpedia article here.

LEAVE A REPLY

Please enter your comment!
Please enter your name here