A hacker group claims to be selling U.S. government cyber spying tools in an online auction, and experts suggest the software belongs to the National Security Agency.
The previously unknown hacking collective, which calls itself the Shadow Brokers, claims to have stolen code from the computer espionage team known as the Equation Group—a secretive organization identified last year by Russian security firm Kaspersky. At the time, Reuters claimed that the Equation Group was the work of the U.S. National Security Agency.
The Shadow Brokers have released sample code from its alleged hack on the website Pastebin to prove its legitimacy to potential buyers. The collective claims that the software it has published can be used to break into firewall software from companies like Cisco Systems and Juniper Networks. A security expert speaking to Reuters says the code that has been made public “appears to be relatively old.” But several security experts have told the Wall Street Journal that it does at least appear to be genuine, and one claims that it looks “like a tool kit from the NSA.”
Edward Snowden has also published a series of tweets suggesting that he also believes these pieces of software originate from the government organization. He speculates that the hack may have been made possible if NSA employees left code on staging servers following an operation, leaving it available for a third party that was monitoring its operations to discover. That’s a slightly more nuanced description than the account published in broken English by the hackers themselves:
We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.
According to Snowden, it wouldn’t be the first time the NSA has been hacked in this way. “The hack of an NSA malware staging server is not unprecedented, but the publication of the take is,” he explained on Twitter. “Circumstantial evidence and conventional wisdom indicates Russian responsibility. This leak is likely a warning that someone can prove U.S. responsibility for any attacks that originated from this malware server. That could have significant foreign policy consequences.”
Despite Snowden’s assertion about Russian involvement, it still remains unclear who is behind this particular operation. It’s also unknown how up-to-date or powerful the rest of the code obtained by the Shadow Brokers actually is. Perhaps unsurprisingly, the hackers reckon that the software being auctioned off is of higher quality than the code the group freely published, claiming that the tools it’s selling are “better than Stuxnet.”
The highest bidder will get to find out. Or for the princely sum of one million bitcoins (about $568 million), the Shadow Brokers say, they will publish the code publicly so the entire world can see it. The true cost, however, may yet prove to fall on the NSA.