Hackers say they’ve breached a hacking group known as the Equation Group, which is widely speculated to be an offshoot of the National Security Agency. The hackers have provided some files including what could be parts of the agency’s surveillance tools, but are demanding millions of dollars in bitcoins for the rest.
Here’s part of a message the hackers, going by the name “The Shadow Brokers” posted:
!!! Attention government sponsors of cyber warfare and those who profit from it !!!!
How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.
Kapersky Lab, who blew the lid off Equation Group last year, didn’t explicitly say it was the work of the NSA, but the group’s connections to other high profile hacks and the use of similar codenames that were included in documents leaked by NSA whistleblower Edward Snowden raise serious suspicions.
It’s not clear if the breach is real, who posted it, or why, but some security researchers think the breach may be more than just a hoax. Claudio Guarnieri, who works as a technologist for Amnesty International, says the hack seems credible.
This #EquationGroup free dump seems mostly binary builds, installation scripts, and general configuration for a C&C. Seems credible.
— Nex Claudio (@botherder) August 15, 2016
The hackers say they’ve only released 40% of the breach, and will release the remaining 60% to the highest bidders. The hackers seem to imply that the file contains the sophisticated hacking tools used by the NSA’s spies. The hackers seem pretty thirsty for bitcoin based on an FAQ they posted with their dump.
Q: Why I want auction files, why send bitcoin? A: If you like free files (proof), you send bitcoin. If you want know your networks hacked, you send bitcoin. If you want hack networks as like equation group, you send bitcoin. If you want reverse, write many words, make big name for self, get many customers, you send bitcoin. If want to know what we take, you send bitcoin.
Q: What if bid and no win, get bitcoins back? A: Sorry lose bidding war lose bitcoin and files. Lose Lose. Bid to win! But maybe not total loss. Instead to losers we give consolation prize. If our auction raises 1,000,000 (million) btc total, then we dump more Equation Group files, same quality, unencrypted, for free, to everyone.
Q: Why I trust you? A: No trust, risk. You like reward, you take risk, maybe win, maybe not, no guarantees. There could be hack, steal, jail, dead, or war tomorrow. You worry more, protect self from other bidders, trolls, and haters.
The NSA and The Shadow Brokers did not return a request for comment.