The hackers collectively known as the ShadowBrokers made a big splash when they claimed to be auctioning off cyber-weapons allegedly stolen from the National Security Agency. But it turns out that their big “get” is generating only lukewarm response from Dark Web denizens.
The black hats claimed responsibility in August for stealing files containing exploits and other cyber-offense tools from an NSA-linked spy group called the Equation Group—opening up an auction for them via a Tumblr page. The ShadowBrokers at the time released 40% of the breach as a free dump, and the remaining 60% will go to the highest bidder.
The claims as to the code’s provenance appear to be partially verified: Claudio Guarnieri, a researcher at the University of Toronto’s Citizen Lab, said that among the data is 300 megabytes of code that match up with NSA exploits from a catalog leaked by Edward Snowden in 2013. And Snowden himself weighed in, saying that he thought Russia was behind the situation.
But no one seems to be buying the claims—literally. As of yesterday, the auction had several bids for less than a dollar each, and only had one substantial bid at 1.5 bitcoins, or $918.
This has the ShadowBrokers irked.
"TheShadowBrokers is not being interested in fame. TheShadowBrokers is selling to be making money," the hackers said in a plaintive-sounding note posted on the auction page. "Expert peoples is saying Equation Group Firewall Tool Kit worth $1 million. TheShadowBrokers is wanting that $1 million."
They added, "Anticipate end (to the auction) when reasonable sum raised and bidding stops. Value estimated in millions of euros/dollars. TheShadowBrokers is wanting quick end too so be making [expletive] bids.”
The note acknowledges that people may not think the files are real, and also contains a helpful Q&A explaining who the group is auctioning the cache the way that it is.
Q: Why not selling on underground?
A: Oh you right, theShadowBrokers is getting out phone book of reputable underground cyber arms dealers and make text and voicemail. You making sound so easy. Why theShadowBrokers not thinking of this?
The lack of interest could have to do with fears over authenticity, or the fact that the group is asking for payment up front and have already said "no refunds." But the toolkit, ShadowBrokers claims, contains a treasure trove of remote exploits, privilege escalations, persistence mechanisms, RATs, LPs and post-exploit collection utilities—and “complete package for to run own operations.” Anyone? Anyone?
Photo © Robsonphoto