Hacker group Shadow Brokers auctions off NSA malware
The NSA has (or had...) a collection of malware in its cyber arsenal. It has been stolen by hackers. It is now available to buy.
A group of hackers going by the name of Shadow Brokers claims to have stolen a range of hacking and malware tools from Equation Group's servers -- Equation Group is itself closely linked with the NSA. The group is offering the tools for auction and will sell them to the highest bidder. If bidding reaches one million Bitcoins, however, the group says it will make the tools publicly available to all.
In a post on Pastebin, Shadow Brokers offers up the tools described as being "made by creators of Stuxnet, Duqu, Flame". The group did have an account on Tumblr but this has now vanished in the wake of the attention turned on it.
The veracity of Shadow Brokers claims seems to stand up to the scrutiny of experts who have seen samples of the code. Wikileaks also tweeted that it already had access to the same materials:
We had already obtained the archive of NSA cyber weapons released earlier today and will release our own pristine copy in due course.
— WikiLeaks (@wikileaks) August 16, 2016
Speaking to the BBC, security expert Dr Steven Murdoch said:
It is extraordinary that a government based (or at least government supported) group would get comprehensively hacked, but there is evidence indicating that this may have actually happened.
Now that the vulnerabilities that the group were exploiting have been disclosed, they will be fixed and new ones will have to be discovered, at significant expense.
However, if indeed these techniques were used by the NSA, they will be very worried that there is now enough information leaked that would allow forensics experts to attribute hacking attacks to the NSA, both disrupting ongoing operations and causing embarrassment.
The political and ideological motives of Shadow Brokers is not known, but at the moment all indications point to this being the real deal -- it has been suggested that the elaborate and detailed nature of the information coming from the group is such that it is unlikely to be a hoax.