Published on November 11th, 2016 📆 | 6333 Views ⚑
0MalwareMustDie is closed for protest against the NSA
The Legendary Blog of MalwareMustDie is closed for protest against NSA hacking trace of educational and public servers of harmless countries.
The Shadow Brokers, the hacker group that hacked NSA hackers, who have previously released NSA hacking tools for anyone to download, published more files containing the IP address of 49 countries that have been hacked by the US National Security Agency. Security experts on several media news are linking these nodes to the activity of Equation Group.
MalwareMustDie (MMD) group has started to focus the attention on the case, since Japan appeared to be the second most hacked country victims in the list, and was not listed as known target in the Equation Group (EQGRP) activities so far.
In the mean time, the result of the EQGRP hacking activity, based on malware used to infect Linux and Solaris platforms, has been reversed and published by CERT Antiy and with full details, except of the hashes that was not shared in their publishment.
Figure 1. The reverse of Linux and Solaris malware used by Equation Group
Researchers in the MalwareMustDie group has started to dig in the details and discovered that several accessible parts of the listed environments during the specific known period are having traces of unknown suspicious malicious codes and activities matched to the period and activity mentioned in several announced publicity. So far the group is currently avoiding public disclosure to what they found.
Following this investigation progress, a new awareness has raised giving the evidence that Universities/Schools, Internet Service Providers (ISP), Public Mail Service, Cable Television Network, a National NIC network, Entertainment network, Government Offices, and maybe more, has been in the risk of violated by the unauthorized access and malicious activity. Since the investigation was based on the list originated from the ShadowBrokerâs post, the allegedly pointed attacker countryâs spy entities are assumed responsible for the act.
Figure 2. Shadow Brokerâs list of infected nodes in Japan with PITCHIMPAIR & INNOVATION
According to the usage of the platform, this investigated sad eventâs fact may also in relation to what Der Spiegel has reported of the leaked NSA documentation in the past:
Figure 3. Der Spiegelâs published description of the hacking inquiries of NSA
The development of verdict that a friendly country was spotted to violate services of its allied countries, is a very sad pill to swallow, but the traces were there and that is the reality. Driving to the possibility of such level for mass offensive acts using hacking and malware activity would need the approval from the attackerâs operative authority and obviously the attackerâs government was also known and giving authorization for the act.
As the current conclusion of the investigation development, is started to be formed, consequentially, MalwareMustDie, as an entity against any usage of malicious software (malware) forms, that is known with their anti-malware research and analysis blog that since 4 long years produces research activity against malware, cybercrime and vandalism in Internet using malware, as a legitimate protest, was decided to close their analysis blog in blog.malwaremustdie.org, for an undefined period, leaving on their twitter profile the following statement:
Figure 4. The protest statement of MalwareMustDie against the NSA hacking
[adsense size='1']
âFor this reason, MMD blog is closed for an undefined period. USA related entities and researchersâ access to direct communication & research is prohibited under the same condition. Furthermoreâ, they continue, âwe stop using any of US services or products for our research.â
The title of the Blog is clear, and the position of MalwareMustDie itâs clear as well: using malware is any activity with any kind of purpose, is just not accepted. âWhat is BAD stays BAD, no matter who you are. And if we can not do things strictly right, we can never stop âwrongâ or âbadâ things in the internetâ. And itâs correct, because, really, malware must die.
Gloss