There was some big news last month, and it had nothing to do with the US presidential election or the Olympics. Because of this, it largely went unnoticed by major media channels, but it’s something we should all be aware of. On August 13, a file was uploaded to Pastebin, a site that allows users to anonymously post text files for others to read/receive, by a previously unknown group calling itself the Shadow Brokers. This file was an announcement of an auction of programs and tools used by the Equation Group.
The truth is we don’t know. They’re simply called the Equation Group by security researchers who note their seeming affinity for complex mathematical equations in their encryption mechanisms. Hacking groups aren’t exactly new, but the skills and resources members of the Equation Group seem to have exceed the boundaries of typical groups. Several of their operations appear to have involved more traditional spycraft skills, such as intercepting packages in the US mail and exploiting previously unknown vulnerabilities in Windows. Because of the obvious technical, physical, and financial resources of the group, it’s largely assumed that they have some ties (direct or indirect) with the US National Security Agency.
Again, we don’t know, but speculation is running towards a group affiliated with the Russian Government.
The Shadow Brokers claim to have acquired a copy of the tools used by the Equation Group for their hacking endeavors as late as 2013. Kaspersky Labs has verified the sample file provided by the Shadow Brokers, and it appears to be legitimate.
While the tools have no doubt advanced in the last three years, possessing copies of those tools would allow people to do several things:
Defend themselves against the use of these tools. By analyzing the attacks used, it would be possible to prepare one’s systems and keep them secure from exploitation by the Equation Group.
Determine whether recent intrusions were the work of these tools or not. Most hacking tools leave behind some traces of themselves and how they work to compromise a system. By examining the tools themselves, security researchers will begin to know what those particular digital fingerprints look like. Once that’s known, it’s relatively easy to determine if a particular system is compromised by that tool. This means that hacks can be traced to these tools, to the Equation Group, and, by speculation, to the NSA.
Use the tools themselves. By using the same methods to exploit systems, the auction winners will not only gain a first-class suite of hacking tools, but they’ll also gain the ability to make it look as though the Equation Group is the one performing the intrusion.
Directly, it doesn’t. We’re simply too small of targets to be attractive to the sorts of hackers who are going to bid on or use these tools. These are the sorts of moves that affect the policies and efforts of nation states, and we’re not even on that radar, really.
But it does highlight the arms race that we’re already in, whether we realize it or not. While we’re not likely to encounter Equation Group–level attacks in the near future, the proliferation of tools throughout the hacking community means that new and greater attack vectors will continue to emerge, and churches are targets as much as any small- or medium-size business. (Imagine the havoc that could be wreaked if a nefarious party gained access to information such as your church membership database or giving records—identity theft, bank fraud, phishing attacks …)
So what can you do? Well, there’s really no substitute for a robust set of network-security policies and procedures, but there are a few simple things you can do out of the gate:
Keep your software updated. Do NOT click “snooze” on that Windows Update for six months. When security updates are released, they’re often already months behind the curve, so installing them as soon as possible is essential. This means getting rid of any out-of-support software. (I’m looking at you, Windows XP!)
Run antivirus and antimalware programs. This is so obvious as to not bear saying, but you really should have both running. (If there’s interest, I’ll see about unpacking some of the options in a future article. Let me know in the comments!)
Use strong passwords. I’ll be writing more on this in the near future, but if you’re one of those people (like so many) who reuse the same password for multiple systems, consider changing them. All of them. If one system gets compromised, then they’re all vulnerable. (Oh, and throw away your password Post-it notes.)
Practice smart email. Don’t click on links without knowing a bit about what’s going on and how to determine if a link is legitimate or not.
The threats will continue to evolve, but as a baseline for getting started in ensuring your data (and your people’s data) is safe, these few steps will move you in the right direction.
For more information on how to protect your church from cyber-criminals, check out our ebook titled "Protecting Your Church against Ransomware."