Shadow Brokers Slam NSA-MICROSOFT FOR WANNACRY OUTBREAKBy: Yoichi Shimatsu
Continuing the probe into the Wanna Decryptor outbreak, during which that worm paralyzed nearly a quarter million computers worldwide, this second article retraces the hijacking of the EternalBlue exploit (which is vulnerable to WannCry) from the NSA’s vault of cyber-weapons by the team called the Shadow Breakers, who issued repeated warnings about the flaw in older Microsoft systems
In a recent post, the Shadow Breakers explain that they had issued monthly warnings about the EternalBlue problem starting in February, giving Microsoft sufficient time to create a temporary fix, or “patch”. Despite being informed that the EternalBlue fault inside the Server Message Block (SMB) had been further expanded by the NSA, the software giant withheld the defensive patch from public release for months. Microsoft did not issue a patch or even a warning for XP and older systems until the WannaCry contagion was well underway, resulting in a shutdown of services at 40 hospitals of the British National Health Service (NHS).
As I pointed out in an article posted a couple of days after the WannaCry outbreak, the Five Eyes intelligence agencies and the Japanese cyber-warfare group were most likely involved in that heinous worldwide attack against innocent civilians, though the attack was falsely blamed on North Korea. The message from Shadow Breakers affirms our analysis, eliminating any doubt that the elite NSA “Equation” cyber-warfare team deliberately ordered Microsoft to withhold the patch for older systems.
Outlaws though they may be, the Shadow Brokers are neither gangland extortionists nor online terrorists, but instead are vigilantes opposed to the pathological criminal alliance of an NSA-CIA-Treasury intelligence nexus and supposedly “independent” computer-security corporations of Silicon Valley.
In the wake of last week’s global cyber-attack, these guardians of the online galaxy issued a statement admitting that they stole the EternalBlue vulnerability along with other cyber-weapons from the NSA storehouse but did not further develop or release the WannaCry version involved in last week’s global attacks.
The Shadow Brokers, in that message, revealed that they had hijacked 75 percent of the NSA cyber-weapons, and are gradually releasing these viruses to expose the worldwide penetration of computer networks by US intelligence agencies. Their revelation shows that the NSA is not primarily a protector of computer security for the public but is primarily an offensive military operation focused on hacking and attacking computer systems worldwide, we’ve all just seen.
Misleading Trails of Bread Crumbs
Before taking a closer look at the disturbing claims from that shadowy crew, I’d like to follow-up on the fake-news accusations against the North Koreans as alleged perpetrators of last week’s computer-worm epidemic. The falsity of that media accusation is confirmed by Shadow Brokers, which stole the EternalBlue vulnerability developed by the NSA that was the key to the attack
According to the Shadow Brokers, “The oracle is telling theshadowbrokers North Korea is being responsible for the global cyber attack Wanna Cry. Nukes and cyber attacks, America has to go to war, no other choices! (Sarcasm). No new Zero Days}.”
In their odd manner of communication, the Shadow Brokers express their contempt for the fake-news blame game that, it says, originated with a false accusation against North Korea by Oracle Corporation, which is dogged by a history of unethical practices along with a major contract with the intelligence community arranged by the (John) Ashcroft Group lobbying firm.
“No new Zero Days” refers to the fact that Microsoft had already created a patch due to advance warning from the NSA’s Equation team following the Shadow Broker’s early warning (but apparently to maintain secrecy about its connections with the NSA, Microsoft failed to warn users with XP and older systems).
As early as February and again in March, The Shadow Brokers say they posted screenshot diagrams of the EternalBlue exploit and Microsoft responded by creating a patch but failed to release it for older systems (See below for the text of the Shadow Brokers’ claim.) In programmer parlance, the term “30 days” refers to the average maximum time required to develop and issue a protective patch to users.
The failure of Microsoft to issue a remedy for EternalBlue to a client important as the UK National Health Service (NHS) indicates secret collusion between the NSA and its Five Eyes western spy partners and the Japanese cyber-warfare division in allowing, and perhaps abetting, the global Wanna Decryptor attack to scare the public into conceding to demands from western governments for bigger military budgets.
Tokyo’s Links with Israeli Cyber-Command and the NSA
Complicating the WannaCry whodunnit is the apparent involvement of a pair of rogue nation-state players who often work in tandem and are closely linked with the NSA Equation team: the cyber-warfare groups of the Israeli Defense Force (IDF) and of Japan. The prioritization of cyber-warfare reflects the devious and paranoiac personalities of their respective leders Benjamin Netanyahu and Shinzo Abe.
The notorious cyber-attack on Sony Pictures Entertainment in November 2014, falsely blamed on Pyongyang, also bore Japanese and Israeli fingerprints. It was a hybrid “Jewpanese” operation. On the Japanese side, the penetration of the Sony network was done with a genuine corporate digital signature (which did not appear to have been hijacked), indicating an inside job. The data-wiping malware deployed against Sony was Trojan Destover, based on its Shamoon predecessor used to attack Saudi Aramco oil giant in 2012, thus the Jewish state element.
Earlier, DarkSeoul, a variant with striking similarities to Destover and Shamoon, due to their common use of EldoS RawDisk tools to overwrite code, was deployed from a China IP address in 2013 to attack South Korean television stations and banks in 2013. At the time, the start of Shinzo Abe’s second term as prime minister, Tokyo was embroiled in conflicts with South Korea over the wartime comfort women issue and a territorial dispute over Tokdo/Takeshima island.
The Diaoyu/Senkaku islands dispute was also heating up, so the trails of fake bread crumbs were pointed toward China as well as North Korea, falsely named as the culprits behind the Sony attack.
The actual bread crumbs in these attacks, from Destover to Dark Seoul and WannaCry, lead toward the Hansel and Gretel of this grim tale: Japan and Israel, partners in cybercrime and false-flag attacks, both closely connected with the NSA. For more than six decades, there has been close cooperation between the NSA and the Japanese military-run Directorate of SIGINT (signals intelligence).
According to Edward Snowden’s Intercept, the joint electronic espionage center was run out of Hardy Barracks in Tokyo’s Roppongi district, a center of prostitution catering to Westerners, and then was relocated to Misawa Air Force Base in northeast Honshu under the code name LADYLOVE. The NSA’s Asia-Pacific logistics center to construct listening posts, using gigantic golf ball-shaped antennae, is located at the USAF Yokota Air Base on the Kanto Plain outside Tokyo.
Despite their extensive cooperation in electronic eavesdropping and computer-cracking intrusions across Asia, the Japanese and American spooks also spy on each other constantly, due to mutual distrust, especially on domestic political matters. Several Japanese prime ministers have been forced to resign due to sensitive data the NSA and CIA turned over to the US Embassy in Tokyo.
In the opposite direction, a deep-cover espionage operation against the USA has been directly by Shinzo Abe since the 1980s. His covert team, a small version of the Equation group, was trained by a talented expert from Tokyo University. This team routinely uses Pyongyang and Beijing as the “fall guys” for Japanese attacks against foreign computer networks. It’s known to be a dirty game, yet the mainstream media never bothers to question these false-flag stories.
Cyber-State Takeover of the Military-Industrial Complex
In line with the oxymoron “military intelligence”, cyber-security is a fraud foisted on taxpayers and pliant politicians, who might naively believe that intelligence agencies are there to protect our computers. To the contrary, the spies are paid to snoop on you, the tax-paying citizen, not to protect you. The world’s biggest producers of hacking software are the NSA, CIA and the Treasury Department/Federal Reserve/Wall Street complex. Hacked data is crucial for extortion, blackmail and scandal-mongering, in the pursuit of global dominance. Big Brother is watching you, and that is no joking matter.
Beginning during World War II in obscure back offices staffed by mathematics professors aiming to crack the machine-based German Enigma code, encryption and cybernetics burgeoned in the Cold War with the advent of computer science followed by the introduction of the internet, supercomputers and PCs. Since the Clinton administration in the 1980s (even as far back as the Jimmy Carter and Ronald Reagan years), intelligence gathering became increasingly dominated by online espionage, especially the hacking of telecommunications and data networks to monitor the banking sector.
Globalization (or, more precisely, de-territorialization) of financial flows and foreign exchange shifted geostrategic thinking away from battle tanks on the ground to cyber-warfare over electronic networks.
As revenues from sales of computers, smartphones, software and user fees outstripped manufactured goods by the 1980s, the postwar military-industrial complex and the subordinate political structure (the former republic) were taken over and remodeled into an emerging Cyber-State, an extensive bureaucratic apparatus that can track and eavesdrop on any individual at any hour, thanks to the Internet and social media.
The “best defense is a strong offense” attitude that pervades the Pentagon’s biological weapons lab at Fort Detrick, MD, also prevails over the cyber-security hub at Fort Meade, MD, headquaters of the US Cyber Command, established by President Barack Obama in 2010.
The Director of the NSA (there have been only three chiefs since the Clinton years: USAF Gen. Michael Hayden; Army Gen. Keith Alexander; and Admiral Mike Rogers) is an autonomous tsar overseeing an obscure organization of more than 30,000 employees and probably an equal number of contractors and likely many more. Network-security experts are the new apparatchiks, the code-writing bureaucracy of the Cyber-State operating in unspeakable languages as distant and foreign as Latin to the illiterate majority of tax-burdened serfs.
Mutiny on the Bounty
As with all imperial enterprises, this ever-heavier juggernaut generates friction and dissonance, which are expressed in calls for reform and even disbandment. The dissenters are those individuals who regard abandoned republican virtues as sacrosanct and therefore deem the Cyber-State to be profane, amoral, indecent, corrupt and ultimately repressive. Thus emerged those Davids against the Goliath–Wayne Madsen, Julian Assange, Edward Snowden and now, most radical of all thus far, the Shadow Brokers.
The Shadow Brokers emerged in August 2016, at the end of a brutal summer when it seemed that candidate Hillary Clinton was the chosen shoo-in for the presidency after stealing the nomination by suppressing DNC leaks, a clean-up operation that required the murder of Seth Rich and others in the know. The message was loud and clear: Disturbances from the ranks will be met with full force. If there was ever a signal to grab the cyber-weapons and run, the time came for desperate deeds to save democracy from destruction.
The blame for lax security at Fort Meade, enabling the theft of 75 percent of its cyber arsenal, was dumped on NSA Director Admiral Mike Rogers, a hands-on boss, himself an expert in cryptography. Defense Secretary Ashton Carter and Director of National Intelligence James Clapper Jr. urged President Obama to ax him with a harsh reprimand. His firing was delayed by an in-house investigation.
After the shock election result, there was an unprecedented meeting between a serving NSA director with a president-elect. Donald Trump assured Rogers of his support. For the Democrat spooks, however, the NSA cyber-tools for espionage, blackmail and mayhem were the “crown jewels” of the Obama reign, the means to intimidate every member of Congress, foreign leaders, bankers and mere citizens into bowing before the absolutist American god-king.
In this light, there is likely a secret or perhaps unspoken understanding between the post-Obama Pentagon and the Shadow Brokers to gradually release the NSA cyber-weapons so that their toeholds inside computers can be destroyed over time by Microsoft and Oracle. (If you were a Shadow Brokers team member, you also might be unhappy that the incriminating evidence against the cyber-snoops is going to be crushed under Bill Gate’s boot heel.)
The frustrated venting by the Shadow Brokers is probably tolerated by the White House as a warning against official tolerance and encouragement of such abuses against privacy rights and constitutional protections. We can only hope that Trump and succeeding presidents impose new restraints and ethical rules on the intelligence apparatus to prevent mass surveillance by Big Brother. But, without a feisty public campaign against the spy establishment, no president can dare to challenge the power of the intelligence agencies.
The shifty alliances between and inside intelligence agencies are as treacherous as the political intrigues in the Star Wars epic. Now, for sci-fi trivia fans, there’s a DuQu in this tale (pronounced like Jedi renegade Count Duku), which is an NSA-IDF (Israel Defense Force) malware tagged with a -DQ, that exploits the TruType font of Microsoft, which enables injection of the Stuxnet virus into Siemens control systems for utilities including anuclear power plants. While the Iranian nuclear program was crippled, Stuxnet also shut down the computers at Fukushima No.1, stopping the water pumps and thereby prompting the meltdowns in March 2011. It was the revenge of the Sith.
Chess as Played by Cryptographers
Like the movie character Anonymous, the Shadow Brokers hide their identity behind a mask, in their case the face of an immigrant from South Asia or Eastern Europe, by scripting their rant in a mix of Hinglish (Hindu English) and Slavic grammar. “Real work is being for dirty foreign H1B workforce, happily working for less than stupid lazy American workers.”
As was the situation in imperial Rome, it is not only more economical but also advantageous to employ foreigners who are unfamiliar with the democratic traditions of the former republic that once was the United States. South Asian “democracy”, after all, is the world’s largest exercise in mass bribery at election time, and Eastern Europe is the field of dreams for color revolutions. Too much knowledge is a not a good personal trait in a society of slaves, when illusions can serve their purpose without harmful consequences for an illegitimate ruling class.
Thus, even after Hillary’s loss, the team of insiders and contractors that hijacked most of the NSA arsenal still holds a grudge against the NSA elite known by the informal term “Equation”, whose members at Fort Meade enjoy the prestige of a Jedi Order. “TheShadowBrokers is taking pride in picking adversary equal to or better than selves, a worthy opponent. Is always being about theshadowbrokers vs theequationgroup.”
That sounds a lot like Garry Kasparov versus Bobby Fischer.Never mind the drone aerial force, corrupted Senators, doomed rogue spies in the dunes and other minor problems of the day, the more important issue is: Can novice Anakin Skywalker defeat grandmaster Obiwan Kenobi on a river of lava at a game of chess?
So what is an Anakin-style winning strategy? For its opening move, the Shadow Brokers held an online auction of the NSA cyber-weaponry. All the world’s major players, including Iran, were invited to bid, but not a single buyer put money on the wood. Obviously, how could anyone know whether this wasn’t a trap set by the CIA? Imagine the fake news headlines if Pyongyang had plonked down a millions dollars for OddJob, the lethal tool named after the Korean assassin who chauffered Auric Goldfinger’s Rolls Royce Phantom III in the Bond thriller.
The NSA created Oddjob for the unusual task of robbing the SWIFT interbank money-transfer system in the Middle East. Therefore, being the single bidder for all the money on deposit in the oil-rich Gulf States seemed just too good to be true. (To show how spymasters lack basic street-smarts, a cyber-spook operation just had to set up a phony front, for example, the Botswana Espionage and Assassin Sub-Team (BEAST) to place a low bid without the least risk of exposure, say 10 bucks for the keys to the Saudi National Bank.)
BTW, with a blink of the eye, here’s more trivia: Odd Job’s blade-rimmed bowler hat was modeled after the 19th-century newsboy-style Peeky Blinders’ caps, fitted with razors stitched into the brims. This popular conjecture about the gangster headgear in turn-of-century Birmingham, England, is possibly incorrect, since they may have concealed folded straight-razors in a tuck above an ear under their wide caps. Oh, and another significant point, Odd Job the Korean brute was played by ethnic Japanese pro wrestler James Sakata. Here again, fakery from the Japanese side blaming the Koreans.
Beware the Sell-outz in Silicon Valley
By December, the cowardice of the world’s spy agencies forced the Shadow Brokers into discrete private showroom sales, to protect the identity of would-be buyers: “But theequationgroup didn’t buy back lost warez. The Five Eyes, Russia, China, Iran, Korea, Japan, Israel, Saudi, the UN, NATO, no government or countries didn’t buy lost warez. Cisco, Juniper, Intel, Microsoft, Symantec, Google, Apple, FireEye, any other bullshit security companies didn’t buy lost warez. TheShadowBrokers was very very sad!” No sales at all, perhaps due to unfounded fears that the NSA software was the equivalent of a nuclear bomb for the buyer’s computer systems.
Then after the rebuff, for its next move, the Shadow Brokers released a series of NSA malware programs to prove the existence of ongoing secret collusion between the cyber-commanders of supposedly “enemy” countries along with collaboration by Silicon Valley with the military spooks. A harmful virus outbreak in an honest market would mean the arrival of a Zero Day, an uncontrolled pandemic due to the lack of an available patch. If, however, there are no Zero Days, then insider collusion with the NSA to make patches for threatened releases of viruses is the actual working norm. Team Equation was giving Microsoft and Oracle the keys to every piece of malware they invented, but only one at a time.
– ”In January theshadowbrokers is deciding to show screenshots of lost theequationgroup 2013 Windows Ops Disk. TheShadowBrokers is knowing if showing screenshots, then vulnerabilities is being reported by theequationgroup to Microsoft and is being patched. TheShadowBrokers is goes dark and is watching. No new Zero-Days.”
– “In February Microsoft is missing patch Tuesday. TheShadowBrokers is knowing, Microsoft is missing to be making patches for Eternal exploits. No new Zero-Days.” (Note: here is the first mention of EternalBlue, the target for the upcoming WannaCry worm, and a patch is not yet ready for newer Microsoft system.)
– “In March Microsoft is releasing patch for SMB vulnerabilities. TheShadowBrokers is knowing this is being for Eternal exploits. TheShadowBrokers is still waiting and not releasing. No new Zero-Days. Oracle is patching huge numbers of vulnerabilities.” (Although Microsoft produced a patch to protect newer systems but withheld production for older versions and did not warn those users, clearly indicating insider highjinks behind the WannaCry release in May.)
The inevitable conclusion is that Microsoft is an agent of the NSA and therefore nothing on a Windows system is safe from intrusion by the Equation spy team. It gets worse. Equation’s human intelligence (Humint) agents are in place at every major node and in the major computer security firms, meaning the entire world’s networks are monitored by Fort Meade, the eyes and ears of the Cyber-State. Full-spectrum dominance is a done deal.
“Despite what scumbag Microsoft Lawyer is wanting the peoples to be believing Microsoft is being BFF with theequationgroup. Microsoft and theequationgroup is having very very large enterprise contracts millions or billions of USD each year. TheEquationGroup is having spies inside Microsoft and other U.S. technology companies. Unwitting HUMINT. TheEquationGroup is having former employees working in high up security jobs at U.S. Technology companies. Witting HUMINT. Russian, China, Iran, Israel intelligence all doing same at global tech companies. TheShadowBrokers is thinking Google Project Zero is having some former TheEquationGroup member.”
So, thank you Shadow Brokers, for unveiling incontrovertible proof of the US Cybercommand’s boast: “USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.” The Cyber-Police and the Cyber-Criminals are one and the same, and you the average Joe must be their adversary since there are no governments or corporations willing to stand up against them.
Counter-Measures and Legal Action are urgently need
Next up, the Shadow Brokers is preparing to release “compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs.” This data dump will expose the ridiculous extent to which the US intelligence established is intertwined with so-called enemy states, proving that the Orwellian blocs supposedly in conflict with each other are actually in secret partnership.
In another statement, the Shadow Brokers disclosed that NSA spyware had been placed on servers in South Korea, Russia, Japan, China, Mexico, Taiwan, Spain, Venezuela and Thailand, among other countries. In other words, among the worst enemies are one’s allies. What possible cyber-threat could Thailand or Spain pose to US global power, other than their armies of online hookers? What is really happening is the takeover of smaller countries by an expanding global Cyber-State.
Even while it destroys the exploits vulnerable to its older cyber-weapons, the NSA is not curbing its intrusive spying worldwide. Privacy rights and proprietary protections must be enforced by governments or all of a nation’s intellectual property is easily stolen by Cyber-State hackers. Governments, institutions and individuals must not only step up protection of their networks but also should be shouting out loud and clear that NSA-CIA-Treasury hacking and hijacking is unacceptable under treaty law and bears heavy penalties imposed on trade agreements, diplomatic immunity and overseas operations of American corporations and banks.
Warrants for the arrest of NSA employees should be issued by other countries to help these criminals comprehend that they are not above the law and that their own privacy can also be restricted to the interior of a prison. If the Trump administration is serious about draining the Swamp, then it is high time to issue presidential pardons for Julian Assange, Edward Snowden and for whoever the Shadow Brokers might be, and set loose on Washington DC.
Whatever happy nonsense appears on social media, we are living in one of the darkest ages of history. Shut off the phone and ignore Facebook and Twitter. Look within. The force is strong inside you. OK, Padawan, it’s time to grow up and get out there to fight the bad guys.
Science writer Yoichi Shimatsu, Senior Advisor and Contributing Editor for The 4th Media, as an editor guiding two investigative journalism teams during the Tokyo subway gassing affair, deciphered a terrorist message threatening an attack by Aum Shinrikyo supporters working at a nuclear power plant just outside Tokyo, where its eastern neighborhoods was subsequently irradiated by a deliberate “accident”.