Skip to content
Naked Security Naked Security

Did “The Shadow Brokers” hack NSA cyberweapons worth $500M?

If the total funds in the online auction hit BTC 1,000,000, then everyone gets everything for free!

A self-styled hacking group going by The Shadow Brokers have started a tongue-in-cheek media campaign claiming that they’ve penetrated the NSA (or someone like that), and made off with “cyberweapons” that they imply are worth more than $500 million.

Their briefing document is entitled “Equation Group Cyber Weapons Auction – Invitation,” and it claims that they’ve found “cyber weapons made by creators of stuxnet, duqu, flame,” and are ready to sell them on the open market.

They’ve dumped a few files as a taster, but the files not yet released are billed as “better than stuxnet.”

The whole thing is written in a curious style, as though native speakers of English had gone out their way to create a document that reads in a carefully and consistently stilted way, fusing a sort of fake and vaguely insulting pidgin with the faintly annoying diction of Yoda out of Star Wars:

We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what “Equation Group” can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? “Do you feel in charge?” Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?

And this is an auction like no other:

  • The winning bid buys the stash of cyberweapons. The Shadow Brokers keep the money.
  • All losing bids are forfeited. The Shadow Brokers keep the money.
  • If the total bids reach BTC1,000,000, everyone gets all the cyberweapons for free. The Shadow Brokers keep the money.
  • The auction ends when Shadow Brokers feel like it. The Shadow Brokers keep the money.
  • The items for sale in the auction are secret, so you have no idea what you are “bidding” for.

With disarming accuracy, the auction document’s FAQ says:

Q: Why I trust you? A: No trust, risk. You like reward, you take risk, maybe win, maybe not, no guarantees. There could be hack, steal, jail, dead, or war tomorrow. You worry more, protect self from other bidders, trolls, and haters.

When we wrote this [2016-08-16T15:00Z], the Bitcoin address that the crooks have given for sending bids was showing a few confirmed transactions, including one for BTC 1.5 (about $850), with a total transaction value of around BTC 1.6.

(You don’t have to bid a bigger amount than any previous transaction to “win”, just to have paid on a larger amount in total than anyone else.)

Watching that address for a short while revealed few bursts of transactions claiming to have been paid in from bitcoins seized in the Silk Road bust, each for 1/1000th of a Bitcoin.

As you can imagine, those transactions were never confirmed and soon fell off the list.

Truth, as they say, really is stranger than fiction, but in this case we just don’t know how far that “truth” goes.

What’s your take? Hack or fake?

Let us know in the comments… (You may remain anonymous.)


18 Comments

It really sounds like a game, the auction will end when they determine it? So if the auction never ends then they do not have to provide anything? But meanwhile, they take all of the Bitcoins since they are forfeited. I call BS on the situation.

I wonder if this includes the program for their super spy computer, and the backdoors into CO equipment used for sniffing all internet traffic.

The NSA website was offline for almost a day Monday into Tuesday for an internal review, i am one of the people that believes that the internet can not really be made secure, it was designed to be redundant, not secure. If the NSA was hacked, that lends credence to my opinion, though I am open to proof that it can be made a secure medium. If you have data, or systems, that you could not afford to have hacked, don’t connect them to the internet. I begin every computer security class I teach with a slide with this quote from Robert Morris, “The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it.”

I admit that an air gap is not all that perfect, just ask the Iranians, but I have a friend who works for a regional bank, he’s their Excel (formerly Lotus) expert. He needed to take a copy of a workbook to a presentation, when he plugged in his flash drive, his computer locked up and he received a call from IT asking him what he was doing.

What i found interesting in their message is that the missing words seem to be easily identified…also their correct use of the word THEIR seems to be a mistake. Most people that can’t write english will almost always never use THEIR,THEY’RE or THERE correctly… here is the message with correct grammer:

“We want TO make sure THAT THE Wealthy Elite recognizes the danger OF cyber weapons, this message, AND our auction, poses to their wealth and control. Let us spell out for YOU Elites. Your wealth and control depends on electronic data. You see what THE “Equation Group” can do. You see what THE cryptolockers and stuxnet can do. You see THE free files we give (YOU) for free. You see THE attacks on banks and SWIFT in THE news. Maybe there is AN Equation Group version of cryptolocker AND stuxnet for banks and THE financial systems? If (THE) Equation Group loses control of cyber weapons, who else WILL lose or find cyber weapons? If electronic data goES bye-bye where DOES THAT leave THE Wealthy Elites? Maybe with THE dumb cattle? “Do you feel in charge?” Wealthy Elites, IF you send bitcoins, I IF you bid in THE auction, maybe IT WILL BE A big advantage for you?

Just my thoughts….

The word “data” is actually the plural form of datum; therefore, “if electronic data go” is correct grammar. (PS grammar, not grammer)

In contemporary English, “data” has become a singular noun in its own right, distinct from “datum” (an individual reading).

In fact, I would argue that using “data” as if it were a plural now looks somewhere between quaint and anachronistic, a bit like writing a computer programme or catching an omnibus.

For the plural of datum I would probably write “datums” (to remove any ambiguity) or write “data points” (to avoid the hassle).

Hey I got an email from them the other day, informed me that some African prince had died and left me his estate…..all they needed was my bank numbers.

They should try the ol’ “Last Chance to Send in Your Bitcoin” ruse. Much simpler and they’ll probably make just as much.

But why make it the *last* chance? This is even simpler: “Send in Your Bitcoin” :-)

to resolve this debate, I hacked into the hackers’ hack-haul. I don’t want to completely spoil this, but here’s a hint:

Greetings Professor Falken. How. About. A . Nice. Game. Of. Chess?

Are 1 million hackers on Earth present? Why not pay 5$ to Crowfunding Company for Very Great Performance Tools. With NSA Tools it will be simple to make Big Money and Big Deals

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?