Hacking group offers ‘stolen NSA cyber-weapons’ in bitcoin auction

© Benoit Tessier
A hacking collective calling itself ‘Shadow Brokers’ claims to have hacked an NSA affiliate and obtained a set of US government spying and surveillance tools – which it is now willing to auction off for at least half a billion dollars in Bitcoin.

Over the weekend the so-called Shadow Brokers collective released “samples” of the files the group said belonged to the Equation Group, which is believed to be a National Security Agency's (NSA) affiliate.

The Equation Group, a collection of hackers, has previously been accused by the Kaspersky Lab of using techniques and tools very similar to those of the NSA. In 2015 Kaspersky Lab called the group “a threat actor that surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades.”

While the authenticity of the files that were released on August 13 on Github is yet to be confirmed, the Shadow Brokers promised to release the “best files” to the top bidder in a Bitcoin auction. The collective seeks to raise 1,000,000 bitcoins, worth roughly $560 million.

“We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons,” the hacker collective wrote in a post on Tumblr that has since been taken down. “We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.”

The files released for free over the weekend, to which Github has since disabled access, appear to be from late 2013, after the famous Edward Snowden revelations. The first set included a number of tools, which according to various experts are might indeed be capable of hacking network gear such as routers and firewalls made by Cisco, Juniper, and Fortinet.

Top secret files previously leaked by Edward Snowden disclosed some of the methods and tools used by the NSA to spy on their targets. Some code words in the latest leak, which included “BANANAGLEE and JETPLOW”, match the words in the Snowden documents, Foreign Policy reported.

After Github moved to censor the released source codes, WikiLeaks announced that it “had already obtained the archive of NSA cyber weapons released earlier today and will release our own pristine copy in due course.”

The latest cyber threat to US national secrets comes in the footsteps of a series of disclosures of emails and documents belonging to the Democratic Party. While cybersecurity experts and the Democrats have accused Russia of hacking into the Democratic National Committee, a hacker calling himself Guccifer 2.0 has surfaced to claim responsibility for the recent hacks that shook the US political elite.

While the NSA is yet to comment on the latest leak, experts agree dthat the new set of files should be taken seriously.

“It’s at minimum very interesting; at maximum, hugely damaging,” CEO of the security firm Immunity Dave Aitel and a former NSA research scientist told FP . “It’ll blow some operations if those haven’t already been blown.”

“I think it’s hard to say at this stage whether the files are genuine, but they are an elaborate hoax if not, by someone who has spent a lot of time going through Snowden documents to sprinkle codenames into the files,” a security researcher, calling himself Pwn All The Things told Business Insider.

Dmitri Alperovitch, CTO of security firm CrowdStrike in a series of tweets, said that the latest leak will further jeopardize the US elections.

“No doubt that further leaks will continue and contribute to the chaos of this already way too weird election. I think there is plenty of reasons to be concerned that the election itself would be manipulated,” Alperovitch tweeted. “The claim from a credible hacking source of such manipulation could be enough to cast shadow on the legitimacy of elected president.”

"The data appears to be relatively old; some of the programs have already been known for years," and are unlikely "to cause any significant operational damage," researcher Claudio Guarnieri told Reuters. Meanwhile, Matt Suiche, founder of UAE-based security startup Comae Technologies, concluded the tools looked like they "could be used."