Did someone crack Equation Group or are they scammers?
A group calling itself the Shadow Brokers has started an online auction for top-of-the-range tools it claims were stolen from the Equation Group, a digital attack squad linked to the NSA.
The Shadow Brokers posted up news of the auction saying (in broken English) that they had been monitoring the Equation Group’s servers, had stolen the advanced hacking tools, and will auction them off to the highest bidder.
The group said that if it gets Bitcoins worth $1m they will release the tools for free to everyone.
“We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data,” the group said [the link has since been taken down].
“You see what ‘Equation Group’ can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems?”
Claims about stuff like this for sale online are often fake, so to prove their case the team posted sample code, which it says is around 40 per cent of the total, online. Postings on Github and other download sites have since been taken down, but not before some people got copies.
A preliminary analysis shows the revealed list seems to be focusing on router flaws, some of them quite old.
Some files also share names with exploits listed in the NSA’s Tailored Access Operations hacking team’s catalogue for agents, revealed in 2013 by Edward Snowden.
Kaspersky, who first linked the Equation Group to the NSA, said it was analyzing the files but had no clue as to their veracity as yet.
But Timo Steffens, a member of the German CERT-Bund team, is taking a skeptical line, although he acknowledged that if this is a fake, the scammers had put in a lot of effort.
@RidT @pwnallthethings @0stracon Looks like a random collection of files, grouped under names that were gathered from Snowden documents.
— Timo Steffens (@Timo_Steffens) August 15, 2016
We’re going to have to wait for a full analysis before it can be determined if the file dump is, in fact, legitimate or if it’s just a well-organized attempt to try and scam the credulous.
Certainly the auction is well off the $1m in Bitcoins target – so far the highest bid is 0.03733067 coins, or about $21. ®
Sponsored: Global DDoS threat landscape report