A group by the name of Shadow Brokers is auctioning computer exploits reportedly belonging to the Equation Group, an elite team of hackers linked to the NSA.
The Shadow Brokers teased social media with a small, encrypted sample of the dataset which presumably includes a “full state-sponsored toolset of cyber weapons.” The samples consist of code for hacking network appliances sold by Cisco, Juniper, Fortigate and TopSec, according to researchers who have analyzed the authenticity of the data.
Edward Snowden said the hack was likely a real compromise of a staging server, one of the command-and-control computers NSA hackers set up outside the NSA’s own network as part of an espionage operation.
“NSA malware staging servers getting hacked by a rival is not new,” the former NSA contractor wrote on Twitter. “A rival publicly demonstrating they have done so is.”
If the data is real, then why is nobody fighting to get their hands on it?
So far, hackers have failed to raise interest in their somewhat “shady” operation. Only one significant bid has been made, valued at 1.6 bitcoins (some $865 dollars), according to blockchain data.
However, the real point of the hack likely wasn’t to make profit, but to send a political message, Snowden said.
“This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server,” he wrote. “That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies….Particularly if any of those operations targeted elections.”
Other voices support the idea that the attack was orchestrated by the Russian government.
“No team of ‘hackers’ would want to piss off Equation Group this much,” Dave Aitel, a former NSA researcher, writes on his blog. “That’s the kind of cojones that only come from having a nation state protecting you.”
Regardless of who is behind the attack, Shadow Brokers got their share of publicity, a common objective among rising hacking groups.