An anonymous hacking group calling themselves the [Shadow Brokers](https://twitter.com/shadowbrokerss) are holding an auction they are calling “the Equation Group Cyber Weapons Auction.” The winner gets hacking and exploit tools allegedly stolen from the US National Security Agency (NSA).
An anonymous hacking group calling themselves the Shadow Brokers are selling hacker tools in what they are calling “the Equation Group Cyber Weapons Auction.” The winner gets hacking and exploit tools allegedly stolen from the US National Security Agency (NSA). As a demonstration of their product, the group released 40% of the large cache of files.
“The proof files look pretty legit, and they are exactly the sorts of exploits you would expect a group that targets communications infrastructure to deploy and use,” said a security researcher known as ‘The Grugq’ to Motherboard. “If this is a hoax, the perpetrators put a huge amount of effort in.”
Amnesty International’s technologist, Claudio Guarnieri, told Wired the hack seems credible. Guarnieri is a researcher at the University of Toronto’s Citizen Lab specializing in state-sponsored malware analysis: “It looks very much as if the NSA attacked someone, and that someone managed to source the origin of the attacks, and counter-hacked them.”
“The content is credible enough and properly reflects what we know of some of the program names in there.”
— – Claudio Guarnieri
The remaining files – 60 percent – are bundled and wrapped in extremely strong encryption. The winner of a bitcoin ‘auction’ gets the key. However, all bids will be kept by the Shadow Group.
The hackers made it clear that no one is getting their losing bids back, and if enough bidders send them coins in this manner, they’ll have effectively crowdfunded a public dump of all NSA hacked files.
The bitcoin address for bids only had five transactions at the time of writing, and the largest is only worth $22 USD.
“If our auction raises 1,000,000 (million) btc total, then we dump more Equation Group files, same quality, unencrypted, for free, to everyone.”
— – Shadow Brokers
Pulling together a million bitcoins, even with many different bidders, is a herculean task. There are currently only 15.8 million bitcoins in existence, with many of those locked up by Satoshi Nakamoto and other early adopters.
The Winklevoss Twins, famous for owning one percent of all bitcoins just two years ago, own something in the neighborhood of 108,000 BTC.
Daily trading volume at the world’s busiest bitcoin exchange, OKCoin, typically stay underneath one million coins per day, half being sold and half being bought.
“How much you pay for enemies cyber weapons? … We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons.”
— – The Shadow Brokers
The Shadow Brokers claim that they hacked an important hacking team known as the Equation Group, described as “probably the most sophisticated computer attack group in the world” by Kaspersky labs researchers.
"The discovery of the Equation Group is significant because this omnipotent cyber espionage entity managed to stay under the radar for almost 15 years, if not more," said Costin Raiu, director of Kaspersky Lab’s global research and analysis team. "Their incredible skills and high tech abilities, such as infecting hard drive firmware on a dozen different brands, are unique across all the actors we have seen and second to none.”
The files in question appear to have been created no later than 2013, and have the same names documented by the whistleblower Edward Snowden, such as “BANANAGLEE” and “EPICBANANA.”
Snowden is a former Central Intelligence Agency employee, and former contractor for the United States government, who copied and leaked classified information from the National Security Agency (NSA) in 2013.
His disclosures revealed numerous global surveillance programs, many run by the NSA and the Five Eyes Intelligence Alliance with the cooperation of telecommunication companies and European governments.
“Even if you’re not doing anything wrong, you are being watched and recorded.”
— – Edward Snowden
The tools revealed by Snowden are some of the most powerful malware scripts and kits known to researchers, and typically gain control of commercial routers and firewalls, including those made by CISCO and Juniper networks, according to Wikileaks.
Founded by its publisher Julian Assange in 2006, WikiLeaks specializes in the analysis and publication of large datasets of censored or otherwise restricted official materials involving war, spying and corruption. It has so far published more than 10 million documents and associated analyses.
The site claims to have the the archive of NSA cyber weapons, ”and will release our own pristine copy in due course.”