A new online group called the Shadow Brokers are claiming to have infiltrated the hacking unit which is affiliated with the National Security Agency. The group also claims to have stolen state cyber weapons from the elite hacking unit and is now auctioning the weapons to the highest bidder on the Internet.
The malware which the group stole, is said to belong to the Equation Group, a group that many believe is controlled by the NSA. The Shadow Brokers hacking group only released a few of the files they stole to verify their claims, and most security researchers believe the files are legitimate. The group announced the leak on various social media networks such as Twitter, Github, Pastebin and Tumblr.
In a statement, the group said that they were auctioning files which are better than Stuxnet, clearly referring to the digital weapon that many believe is funded by both the Israel and US governments. The Stuxnet program is believed to have sabotaged the nuclear program in Iran. The group is also asking for a massive 1 million Bitcoins for them to actually release the best files they have.
Shadow Brokers only released files and pictures of documents which were already released by whistleblower Edward Snowden as proof. The file names corresponded to those that Snowden released with some names such as “BANANAGLEE”, “JETPLOW”, and “EPICBANANA” standing out.
Security researcher, Bencsáth Boldizsár, famously known for discovering the Flame malware, said that the files were not fake for sure. He said that by the look of it, the files are part of what the NSA uses, especially considering the volume and the peeps into the samples. The files also look like vital attack related files and they are clearly from Equation Group.
Kaspersky Lab, the company that exposed the Equation Group and its cyber espionage schemes back in 2015 wrote in a blog post that the files in the leak and those that they found last year showed a strong correlation. The group said that they had seen more than 300 files which were in the Shadow Brokers cache that they had only seen in the Equation Group malware before. The company said there was a minimal chance that any of these files had been engineered or faked.
The news is clearly not good for the NSA, but many analysts say that it does not indicate that the NSA has been hacked directly. Most researchers believe that if the Shadow Brokers group had access to the NSA’s network, they would not have broken their cover through a leak.
The Shadow Brokers group is new and researchers speculate that the group might be from Russia. Matt Suiche said that the hack could have been masterminded by the Russian-governed which would want America to be stuck with Donald Trump as their president rather than Hillary Clinton.
Snowden has also come out with a theory of his own suggesting that the hack is Russian-backed and that their main intention is to show the NSA cyber warfare activities taking place.