Skip to Content

Hackers Claim to Be Selling Secret U.S. Spy Software

A group called the Shadow Brokers appears to be in possession of NSA code, though it’s unclear exactly how powerful it is.
August 16, 2016

A hacker group claims to be selling U.S. government cyber spying tools in an online auction, and experts suggest the software belongs to the National Security Agency.

The previously unknown hacking collective, which calls itself the Shadow Brokers, claims to have stolen code from the computer espionage team known as the Equation Group—a secretive organization identified last year by Russian security firm Kaspersky. At the time, Reuters claimed that the Equation Group was the work of the U.S. National Security Agency.

The Shadow Brokers have released sample code from its alleged hack on the website Pastebin to prove its legitimacy to potential buyers. The collective claims that the software it has published can be used to break into firewall software from companies like Cisco Systems and Juniper Networks. A security expert speaking to Reuters says the code that has been made public “appears to be relatively old.” But several security experts have told the Wall Street Journal that it does at least appear to be genuine, and one claims that it looks “like a tool kit from the NSA.”

NSA headquarters in Fort Meade, Maryland.

Edward Snowden has also published a series of tweets suggesting that he also believes these pieces of software originate from the government organization. He speculates that the hack may have been made possible if NSA employees left code on staging servers following an operation, leaving it available for a third party that was monitoring its operations to discover. That’s a slightly more nuanced description than the account published in broken English by the hackers themselves:

We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.

According to Snowden, it wouldn’t be the first time the NSA has been hacked in this way. “The hack of an NSA malware staging server is not unprecedented, but the publication of the take is,” he explained on Twitter. “Circumstantial evidence and conventional wisdom indicates Russian responsibility. This leak is likely a warning that someone can prove U.S. responsibility for any attacks that originated from this malware server. That could have significant foreign policy consequences.”

Despite Snowden’s assertion about Russian involvement, it still remains unclear who is behind this particular operation. It’s also unknown how up-to-date or powerful the rest of the code obtained by the Shadow Brokers actually is. Perhaps unsurprisingly, the hackers reckon that the software being auctioned off is of higher quality than the code the group freely published, claiming that the tools it’s selling are “better than Stuxnet.”

The highest bidder will get to find out. Or for the princely sum of one million bitcoins (about $568 million), the Shadow Brokers say, they will publish the code publicly so the entire world can see it. The true cost, however, may yet prove to fall on the NSA.

(Read more: Wall Street Journal, Paste Bin)

Keep Reading

Most Popular

A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?

Robot vacuum companies say your images are safe, but a sprawling global supply chain for data from our devices creates risk.

A startup says it’s begun releasing particles into the atmosphere, in an effort to tweak the climate

Make Sunsets is already attempting to earn revenue for geoengineering, a move likely to provoke widespread criticism.

10 Breakthrough Technologies 2023

Every year, we pick the 10 technologies that matter the most right now. We look for advances that will have a big impact on our lives and break down why they matter.

These exclusive satellite images show that Saudi Arabia’s sci-fi megacity is well underway

Weirdly, any recent work on The Line doesn’t show up on Google Maps. But we got the images anyway.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.