Skip to content
Naked Security Naked Security

Shadow Brokers are back with ‘stolen NSA cyberweapons’, now 99.9% off

The faux-bad-English hackers wanted BTC 1,000,000, then slashed the price to BTC 10, yours as a job lot for just BTC 1000.

Remember Shadow Brokers?

That’s the self-styled, pseudo-semi-literate but surely satirical hacker group that claimed in August 2016 to have penetrated the NSA, or some other organisation of that sort, and made off with “cyberweapons” worth more than $500 million.

They dumped a few files as tasters, with the claim that the files they were keeping back to sell were “better than Stuxnet.”

That’s a bold claim, given that Stuxnet was the airgap-jumping USB virus that was allegedly written to sneak right into the heart of Iran’s uranium enrichment programme.

A lot of reports took the Shadow Brokers claims very seriously, but we were more sceptical.

We noted the absurd structure of the “auction” by which they proposed to sell off these alleged cyberweapons:

  • The winning bid buys the stash of cyberweapons. The Shadow Brokers keep the money.
  • All losing bids are forfeited. The Shadow Brokers keep the money.
  • If the total bids reach BTC 1,000,000, everyone gets all the cyberweapons for free. The Shadow Brokers keep the money.
  • The auction ends when Shadow Brokers feel like it. The Shadow Brokers keep the money.
  • The items for sale in the auction are secret, so you have no idea what you are “bidding” for.

One million bitcoins, by the way, was close to $600 million back in August 2016, or nearly $800 million today.

We also noted the rather carefully constructed faux-bad-English in the documents, such as this part justifying the last auction condition listed above:

Q: Why I trust you? A: No trust, risk. You like reward, you take risk, maybe win, maybe not, no guarantees. There could be hack, steal, jail, dead, or war tomorrow. You worry more, protect self from other bidders, trolls, and haters.

As we wrote back in August:

The whole thing is written in a curious style, as though native speakers of English had gone out their way to create a document that reads in a carefully and consistently stilted way, fusing a sort of fake and vaguely insulting pidgin with the faintly annoying diction of Yoda out of Star Wars.

The auctioneers didn’t meet with much success, allegedly dropping their price to an all-in fee of just BTC 10,000 (still several million dollars) by October 2016.

Now, according to boutique UK security consultancy Hacker House (they sometimes write that H/H, and apparently also as HH-1 to be funky, but we’ll stick to Hacker House), the Shadow Brokers have decided to sell off their alleged cracked tools piecemeal at Bitcoin prices from BTC 1 to BTC 100.

Hacker House has taken a guess at what they think each allegedly stolen product is supposed to do.

If they’re right, Shadow Brokers are asking anything from $800 for a “log cleaning tool” for FreeBSD 4.0 on MIPS, to $80,000 for a selection of “common tools and attacks” aimed at SunOS 4 and FreeBSD 2. (The last SunOS release was way back in 1994, in case you are wondering why you haven’t heard of it lately.)

If you’re feeling lucky, you can buy the whole job lot for BTC 1000, which is just under $800,000 today.

Quite a discount from the BTC 10,000 of two months ago, or the BTC 1,000,000 of two months before that.

We’d hold off for the New Year sales if we were you.


Yoda’s diction is only “faintly annoying”? How kind. I’d like to hear what your thoughts are on Jar Jar Binks.

Merry Christmas!


I think you’re over-analyzing here. This is exactly how Boris Badenov, a Russian spy in the ’60s cartoon series ‘Rocky the Flying Squirrel and Bullwinkle the Moose’ talked. Seems Shadow Brokers have sense of humor, no?


A little less collection of citizens metadata for the server shack with humongous coolant water needs in the Utah desert and a little more focus on their own cyber security and national security towards our actual enemies, nation states and middle eastern bad guy organizations would probably do the trick. How about defending the Constitution again, instead of undermining and circumventing it? At least that’s what everybody in the rest of our military tries to do!


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!