Shadow Brokers Try To Give NSA Halloween Scare With Leak Of Hacked Servers

The Shadow Brokers have returned and are trying to spook the U.S. government this Halloween. The hackers, who’d previously claimed to have leaked a portion of the National Security Agency’s digital arsenal, today published files that experts believe show which foreign servers were compromised by the NSA to expand its espionage operations.

FORBES looked at the data, seeing servers that appeared to belong to the Chinese government. There were nine .gov sites were on the target list, five in China. There was an apparent penchant for Asian machines in general. A large proportion – as many as 32 – of the 306 domain names listed were run by educational institutes in China and Taiwan. Just a handful were based in Russia.

Security experts noted many of the servers ran Solaris, a Unix-based operating system now owned by Oracle. The timestamps on the servers dated from between 2000 and 2010, making the leaked data old. Many should now be clean of infection, but Matthew Hickey, director of Hacker House, checked the listed servers and found some were still running old, possibly-vulnerable systems. “Some are now updated but a few are still the same platform which indicates its probably not fake,” he told FORBES.