Hackers claim they are offering weapons used by a group of digital spies linked to the National Security Agency (NSA) for bid in an online auction.
The hackers, which collectively go by the name “The Shadow Brokers,” announced the auction in a post on Pastebin, a GitHub repository, and a dedicated page on Tumblr. (The latter two have since been taken down.) They state they stole files from the Equation Group, a threat actor who is believed to have perpetrated various cyber espionage campaigns in the name of the NSA.
Written in broken English, their message reads as follows:
“How much you pay for enemies cyber weapons? We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free…But not all, we are auction the best files.”
True to their word, the Shadow Brokers released the password for one archive. Researchers say that sample included some interesting information, including 300 megabytes of code linked to actual NSA exploits.
Some security researchers such as The Grugg believe the files look legitimate. As they told Motherboard:
“If this is a hoax, the perpetrators put a huge amount of effort in. The proof files look pretty legit, and they are exactly the sorts of exploits you would expect a group that targets communications infrastructure to deploy and use.”
Others warned that the dump could be a host. The Shadow Brokers are asking BTC 1 million, or about USD 560 million, for access to the “best files.” It said it will be accepting bids in Bitcoin for an indefinite period of time, at which point it will announce the winner. Those who submit a bid and lose will not receive their Bitcoins back.
As of this writing, the Bitcoin wallet associated with the auction has received a total of BTC 0.12003067 BTC, or USD 68.40. That’s far below the hackers’ asking price, but if the Shadow Brokers are able to demonstrate the legitimacy of their files, bids would surely rack up in what would prove to be one of the most surprising hacks ever.