"Such difficult work requires collaboration and, in my opinion, Twitter provides it very well," Maksym Zaitsev, a security researcher who analysed different parts of the dump, told me in a Twitter message. Zaitsev works in a small company specialising in penetration testing and research and development. This time, he applied those skills on a unicorn-cache of never before seen exploits.To keep up with the torrent of information posted by hackers, academics, and hobbyists, I adapted a Python script to scan new tweets for the tools' names. Tweets containing words such as ELIGIBLEBOMBSHELL, EXTRABACON, and BOOKISHMUTE flooded my screen. Many of those just mocked the NSA for having its tools exposed, but others came from researchers who had managed to get a tool to work, or discovered a new aspect of an exploit.The #ShadowBrokers #EquationGroup BIOS implants are terrifying. I count 7 distinct flash/BIOS chips: pic.twitter.com/NsGh2kEUVf
— Brendan Dolan-Gavitt (@moyix) August 17, 2016
Perhaps this collaborative work could have been carried out in a slightly more closed setting—an IRC channel, for example. But Twitter provided a more open platform, where anyone was free to join in, discuss, and experiment."Email is an asynchronous communication, it can be delayed, you don't always know it, you don't always trust. IRC is synchronous, although it's not always accessible, not everyone's there and you can't be sure of a person," Zaitsev said.And although not perfect, "Twitter has all the advantages, whereas almost no significant inconveniences. I found it way more effective than all other [means] of communication," he said.I'm going to tweet about interesting things I've found in the new NSA/Equation Group dump in this thread.
— Mustafa Al-Bassam (@musalbas) August 15, 2016
One high point in the Twitter collaboration was the confirmation of an attack codenamed BENIGNCERTAIN. After analysing the code, Al-Bassam suspected it could extract keys from Cisco firewalls. He didn't have the hardware to test out the exploit himself, so called out to the community for help. Sure enough, Brian Waters, another security researcher, dug up his old Cisco PIX appliance and showed that the attack could work out VPN passwords."The most important work when it comes to improving computer security is often not done by information security companies"
"In this case, others had already done a bunch of reverse engineering work; I just happened to be the only one with actual hardware," Waters told me.Kevin Beaumont, another researcher who dived into the NSA dump, said, "My motivation was technical, I just wanted to understand how the exploits worked so I could better protect my employer." He also thought the vendor response had not been good enough.Indeed, the discoveries around BENIGNCERTAIN arguably pushed Cisco to publicly respond to the issue."Cisco by their own admission only responded after news sites reported on my research, so they may never have responded to it otherwise," Al-Bassam said. Beaumont pointed out something similar happened with Fortinet, another company that makes firewall products.Does anyone have a Cisco PIX firewall with a VPN configured for me to test on?
— Mustafa Al-Bassam (@musalbas) August 18, 2016
This isn't the first time researchers have pooled their efforts together onto Twitter: something similar happened when Italian surveillance company HackingTeam was exposed in 2015, although that dump was mostly concerned with emails and documents."The most important work when it comes to improving computer security is often not done by information security companies who are paid to look after the interests of their corporate clients, but hobbyists and academics doing research that is in the interest of wider society," Al-Bassam added.That, and "It's just fascinating to analyse NSA exploits that are supposedly created by their most elite hacker unit."It absolutely blows my mind that a handful of people on Twitter had to drive the research on #BENIGNCERTAIN, push for vendor acknowledgement
— Kevin Beaumont (@GossiTheDog) August 20, 2016