Site icon Sophos News

Did “The Shadow Brokers” hack NSA cyberweapons worth $500M?

A self-styled hacking group going by The Shadow Brokers have started a tongue-in-cheek media campaign claiming that they’ve penetrated the NSA (or someone like that), and made off with “cyberweapons” that they imply are worth more than $500 million.

Their briefing document is entitled “Equation Group Cyber Weapons Auction – Invitation,” and it claims that they’ve found “cyber weapons made by creators of stuxnet, duqu, flame,” and are ready to sell them on the open market.

They’ve dumped a few files as a taster, but the files not yet released are billed as “better than stuxnet.”

The whole thing is written in a curious style, as though native speakers of English had gone out their way to create a document that reads in a carefully and consistently stilted way, fusing a sort of fake and vaguely insulting pidgin with the faintly annoying diction of Yoda out of Star Wars:

We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what “Equation Group” can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? “Do you feel in charge?” Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?

And this is an auction like no other:

With disarming accuracy, the auction document’s FAQ says:

Q: Why I trust you? A: No trust, risk. You like reward, you take risk, maybe win, maybe not, no guarantees. There could be hack, steal, jail, dead, or war tomorrow. You worry more, protect self from other bidders, trolls, and haters.

When we wrote this [2016-08-16T15:00Z], the Bitcoin address that the crooks have given for sending bids was showing a few confirmed transactions, including one for BTC 1.5 (about $850), with a total transaction value of around BTC 1.6.

(You don’t have to bid a bigger amount than any previous transaction to “win”, just to have paid on a larger amount in total than anyone else.)

Watching that address for a short while revealed few bursts of transactions claiming to have been paid in from bitcoins seized in the Silk Road bust, each for 1/1000th of a Bitcoin.

As you can imagine, those transactions were never confirmed and soon fell off the list.

Truth, as they say, really is stranger than fiction, but in this case we just don’t know how far that “truth” goes.

What’s your take? Hack or fake?

Let us know in the comments… (You may remain anonymous.)


Exit mobile version