A group calling itself The Shadow Brokers over the weekend published hacking tools allegedly belonging to the Equation Group, another hacking group reportedly linked to the NSA, and they plan to auction off those tools for a starting bid of 1 million bitcoin (nearly $570 million).
"Attention government sponsors of cyberwarfare and those who profit from it," The Shadow Brokers wrote in a manifesto posted to Pastebin. In broken English, the statement asks readers how much they would pay for their enemies' cyber weapons or other state-sponsored tool sets.
They claim to have found cyber weapons made by the creators of Stuxnet, Duqu, and Flame, three strains of malware that have been connected to the US government.
The announcement from The Shadow Brokers was also published on GitHub and Tumblr, but both entries were quickly deleted.
As security firm Kaspersky reported last year, Equation Group is a mysterious and sophisticated malware distributor that is perhaps associated with the US National Security Agency (NSA).
Named after its penchant for encryption algorithms, Equation Group targeted more than 30 countries—including Iran, Russia, Pakistan, Afghanistan, India, and China—with a focus on those in government, nuclear research, military, and nanotechnology, as well as companies developing cryptographic technologies.
The hackers' malware can reprogram hard drive firmware, and has, in the past, been found on devices from Seagate, Western Digital, and Samsung. The exploit, carried out via physical interceptions like infected USB drives and CD-ROMs, is undetectable and cannot be removed.
According to Kaspersky, Equation Group dates back to 2001, but could have been active as early as 1996.
The Shadow Brokers alledge to have breached the Equation Group and stolen its hacking tools. On Sunday, they tweeted a link to what they say are the documents—with names like "BANANAGLEE," "BANANASURPER," and "EPICBANANA."
It remains unclear whether the data has indeed been stolen. Either way, it caught Edward Snowden's attention. The former NSA contractor, who leaked NSA documents to the press and is currently living in exile in Russia, today tweeted a series of comments on the hack. While the breach of an NSA malware staging server is not unprecedented, he writes, "the publication of the take is."
6) What's new? NSA malware staging servers getting hacked by a rival is not new. A rival publicly demonstrating they have done so is. — Edward Snowden (@Snowden) August 16, 2016
9) This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server. — Edward Snowden (@Snowden) August 16, 2016
13) TL;DR: This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast. — Edward Snowden (@Snowden) August 16, 2016
Shadow Brokers promised more Equation Group files—"same quality, unencrypted, for free, to everyone"—if its ongoing auction raises 1 million bitcoin.
"We want to make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control," the hackers wrote. "Your wealth and control depends on electronic data. You see what 'Equation Group' can do. … If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? … Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?"
The NSA did not immediately respond to PCMag's request for comment.