Hackers claim to have stolen cyberweapons from NSA, demand 1 million Bitcoin in exchange
A hacking group called The Shadow Brokers claims to have acquired hacking tools from a group linked to the US National Security Agency (NSA), and is now asking for 1 million Bitcoin (about $568 million) in an auction in exchange for the information.
The Shadow Brokers tweeted a manifesto on Saturday, along with screenshots of the file folders it claims to have obtained, to a number of media outlets. The files are allegedly from Equation Group, a codename for a government hacking group widely believed to be the NSA.
“Attention government sponsors of cyber warfare and those who profit from it !!!!” the manifesto stated. “How much you pay for enemies cyber weapons?…We find cyber weapons made by creators of stuxnet, duqu, flame…We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons.”
Security firm Kaspersky Group reported on Equation Group in 2015, and followed its multiple computer network exploitation operations dating back to 2001. The firm did not specifically link the group to the NSA, but provided detailed evidence that strongly implicates the US agency.
Kaspersky also found that the Equation Group used similar technology as the group behind Stuxnet, a malicious computer worm widely believed to be a jointly built American-Israeli cyber weapon used to sabotage Iran’s nuclear program. Kaspersky researchers stated that evidence indicates “the Equation Group and the Stuxnet developers are either the same or working closely together.”
“It’s really hard to say if this is legitimate or not, but the evidence they produced is pretty impressive,” said Avivah Litan, security analyst at Gartner. “Whether it was a real hack against our government or just an actor provoking our government is not clear. But that is almost a secondary point—the main point is there are definitely attacks and counter-attacks going on, and this is smoke from the fire.”
The Shadow Brokers released a sample of the stolen data, which contained installation scripts and configurations for command and control services. The names of some of the tools correspond with names used in documents released by Edward Snowden in 2013.
If the group does have the information, it’s a bit strange that they would be posting about it in a loud, boastful way, Litan said.
“A lot of times when people start posting things like this, it’s more like bravado, and they are not serious hackers,” Litan added. “But they could be affiliated with serious hackers, which we would need to worry about.”
At the time of this writing, the Bitcoin wallet opened by the hacking group had received only 1.62 Bitcoin.
It remains to be seen if the hack is legitimate, and what the motives behind it could be. But, given the recent hack on the 2016 Democratic National Convention, it wouldn’t be surprising if hackers had accessed more government files, Litan said. “You don’t want your intellectual property falling into the enemy’s hands, but you have to expect it and stay innovative,” she added.