A hacking group called Shadow Brokers is holding a bitcoin auction in what they claim is intrusive software developed by the Equation Group, an alleged branch of the National Security Agency.
Billing the malware as “cyber weapons”, the group released samples of the code to incite interest. The highest bidder will get the whole collection of code, and Shadow Brokers claim they might release the code for free if it receives more than one million bitcoins (£438 million) in bids. The group, in general, gives no guarantees, even to the winner, that they’ll keep their promises. Additionally, they won’t grant refunds to any losing bidders. The auction has no known end date.
But are the actual NSA codes?
Security experts have looked at the sample code, the data released so far seems to be old, as it includes programs that were already known for quite some time already. This means they are unlikely to cause significant damage, but could still be used. Some others claim the leak is fake.
The haul includes many things, ranging from exploits to malware that affects various widely-used firewalls, such as those from Juniper, TopSec, Cisco and Fortinet.
Cyber security expert, Dr. Steven Murdoch from the University College London, notes that if the code indeed contains techniques used by the NSA, “it would allow forensics experts to attribute attacks to the NSA, both disrupting ongoing operations and causing great embarrassment.”
There is very little known about Shadow Brokers.
They distribute their files through Mega, GitHub, and Tumblr, and most curiously, used an email address that belongs to the German security provider Tutanota to make GitHub uploads.
Tutanota’s founder, Matthias Pfau, notes that they can be forced by a German judge to hand over the encrypted data of its users, something that has happened a few times in the past. Tutanota hasn’t been approached by law enforcement about this leak, yet.
Snowden’s opinion: Russia is a suspect
Former NSA contractor Edward Snowden, known for leaking massive amounts of information and exposing the mass surveillance system employed by the USA and their allies, thinks that the timing of the leak is suspicious.
Many of the leaked files are dated 2013, the hackers have had the data for three years, yet it’s just now that they’re releasing it. Releasing the data mere months after various American sources, such as the US intelligence service and US security companies attributed the Democratic National Committee hack to Russia makes the country a prime suspect, or so Snowden thinks, at any rate.
“This is more diplomacy than intelligence, related to the escalation around the DNC hack,” believes Snowden, as stated in a series of tweets.
He also warned that the leak could prove the US “for any attacks that originated from this malware server”, that the Russians are behind the incident.
Snowden also noted that while an attack on NSA servers is not new, the fact it’s been made public surely is.