Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Security United States

Hackers Claim To Be Selling NSA Cyberweapons In Online Auction (dailydot.com) 88

Reader blottsie writes: A group of hackers identifying themselves as theShadow Brokers claims to have hacked the NSA's Equation Group, a team of American hackers that have been described as both "omnipotent" and "the most advanced" threat cyberspace has ever seen. On the Shadow Brokers' website, the group has shared a sample of data that some cybersecurity experts say lends credibility to the breach. The the hackers' asking price for what they claim is a cache of NSA-built cyberweapons. Motherboard's take on this is here.
This discussion has been archived. No new comments can be posted.

Hackers Claim To Be Selling NSA Cyberweapons In Online Auction

Comments Filter:
  • by poofmeisterp ( 650750 ) on Monday August 15, 2016 @01:44PM (#52706179) Journal

    Honeypot (if it's a real).

    • by eyenot ( 102141 )

      yeah, my first thought was "this is a great way to attempt to catch some potentially very malicious people".

      but then i thought, "it would be great if this code got into the hands of the security crowd".

    • Honeypot (if it's real).

      Well, I was thinking, if it is real, the highest bidder will be the NSF itself. So the FBI and CIA could chase them down.

  • by Anonymous Coward

    The NSA has had rootkits in it for years. It's funny how arrogant they think they are :)

  • I hope.... (Score:5, Insightful)

    by TheCarp ( 96830 ) <sjc@nOSpam.carpanet.net> on Monday August 15, 2016 @01:56PM (#52706251) Homepage

    Whoever wins the auction releases every single bit of it to the public with no redaction whatsoever.

    There should be a collective public bid available, I would pledge a couple of btc to the public bid if there was a credible one. I would consider it penance for the taxes I paid to create the originals.

  • Let's Face It (Score:5, Insightful)

    by Anonymous Coward on Monday August 15, 2016 @02:40PM (#52706543)

    It doesn't matter if Equation Group is part of the NSA, or if these tools come from Equation Group, or whatever. Just so long as these are real hacking tools used by any state agency, from any country, this puts the final nail in the coffin. Not that most of us needed that final nail.

    The coffin being, "oh just create an encryption/security back door so that legitimate law enforcement can access it. You don't support child molesters and terrorists do you?"

    Everybody. Gets. Hacked.

    Secrets. Don't. Stay. Secret.

    Yeah, the people who owned/created this screwed up. The point is, everyone screws up, given enough time and enough people involved.

    • Yeah, the people who owned/created this screwed up. The point is, everyone screws up, given enough time and enough people involved.

      Yes. And the correlation of a leak/screw-up increases exponentially with number of people who know the secret... Or alternatively, as time goes by.

    • by gtall ( 79522 )

      Awww shit, there goes all the conspiracy theories I've been working on. Obama probably is an alien and not a Muslim, WTC was an outside job ...by...by...the Saudi Royal Twats, Putin has a soul.

  • riiiiiight (Score:2, Insightful)

    by Anonymous Coward

    Good chance it's the Hacking Team software that has a built in backdoor which was sold to 3rd world dictators... except ya know the new and improved version with a different backdoor. Since they were exposed they haven't been able to peddle their wares anymore so they're getting desperate for a sale. Any hacker smart enough to want those programs is smart enough to stay the hell away from those programs. Dangle the worm and see who bites? You posted this on the wrong site mates if you want that action.

    • "No US hacker would be retarded enough to attempt to hack the NSA."

      The NSA is not God. Its just a collection of people. People who make mistakes. Granted, its is likely a collection of people with above average intelligence. That could be their weakness though. When someone thinks they are smarter than everyone else they tend to get lazy. Look at all the James Bond villains. They create all kinds of ingenious methods to kill him when a double tap to the head would do the trick. He always escapes and foils t

      • by Anonymous Coward

        james bond villains do not represent actual targets

        the NSA is a bunch of very smart people backed up with billions of dollars of support infrastructure and some shockingly brutal legal precedence

        it would be like playing bull-fighter with a bunch of semi-trucks, amusing at first, but always ending up as hamburger in the tread of their tires

      • by Sir Holo ( 531007 ) on Monday August 15, 2016 @03:59PM (#52707061)

        "No US hacker would be retarded enough to attempt to hack the NSA."

        The NSA is not God. Its just a collection of people. People who make mistakes.

        With 360,000,000 people as the population, you would be surprised at what kind of stupidity you can find.

        Oh, BTW, I have all of the NSA's secret sploits, both past and current. They are for sale. Drop a few hundred bucks and they're yours – all contained on a single 3.5" floppy disk. I ran the leak through the ZIP encoder 30 times – that is why the file is so small.

        This isn't some mamby-pamby bitcoin auction, but a listing on ebay. (I believe in equal access for everyone.) Come bid on the auction. There is no "Buy it Now" price (ebay sets those limits low). There is only an open auction with a reserve price of $0.99. So, if it's countries bidding against countries, whatev's, I couldn't care less.

        Oh, and BTW, I am hiding behind five proxies, so there is no way to find me...

        • "With 360,000,000 people as the population, you would be surprised at what kind of stupidity you can find."

          Nah, no trouble at all imagining what level of stupidity you could find. To an exceptional hacker, the NSA I would imagine, would be quite like the accomplished jewel thief stealing the Crown Jewels. An ultimate target if you will.
          A certain type of mindset will happily go down in flames for the glory of it, irregardless of the consequences.

          BTW, your NSA goodies are outdated, I have this afternoons copi
  • The the hackers' asking price for what they claim is a cache of NSA-built cyberweapons.

    "The the"? And it appears to be a sentence fragment.

  • The events of this breach should become the new exhibit A for every time a backdoor for the US government is discussed in any software. After all if the NSA can't keep their special toys in house, how long do you think a valuable backdoor will remain under wraps?

  • by Anonymous Coward
    I find it interesting to see that the "free" release they provided indicates dated material. Compiled with 2.0 - 2.6.9 era systems. Additionally it appears that the exploits are rather old as well, as the HW profiles they're targeting are reasonably old. This may be on purpose on the part of the hackers. Here be a complete list of the free files if anyone is interested. http://pastebin.com/SYcwqGmS [pastebin.com]
  • by Anonymous Coward

    a team of American hackers

    I read that first as "team America hackers."

  • "Another Kaspersky Lab researcher noted [twitter.com] on Twitter that there is “nothing” in the dumped files that links them to the Equation Group"

  • by jandrese ( 485 ) <kensama@vt.edu> on Monday August 15, 2016 @03:22PM (#52706781) Homepage Journal
    If you were trying to scam people this is exactly how you would structure an "auction".

    Lets look at the details:
    1. The money you bid is kept by the seller, regardless of who wins.
    2. Impossible to verify the product's authenticity before the sale.
    3. There is no public notification that the winner received the goods.
    4. The auctioneers can make their own bids.
    5. There is no end date. The seller stops the auction at their discretion

    Someone would have to be especially trusting or maybe desperate to bid on this. There are ways to set up trusted zero knowledge transfers, but these guys instead act like we should trust them just because they're anonymous.
  • Didn't Snowden just post "It's time" and follow that with what looks like a decryption key?
    The files in this leak were last updated in 2013, when Snowden left the country.
    I'm going to go out on a limb and guess that this is legit and it is more information Snowden took from the NSA.

  • If anyone's curious, I've dropped the decrypted contents of the "free sample" up on GitHub: https://github.com/nneonneo/eq... [github.com]. Hopefully this makes analyzing the collection a bit easier. The code's pretty old - 2010-2013 according to timestamps - but it does look like real exploit/implant code from a distance.

    • by Anonymous Coward

      If they are legit you're going to get your front door kicked in.

  • The the hackers' asking price for what they claim is a cache of NSA-built cyberweapons.

    Oh, to be am editor at Slashdot and have no expectation that you'll actually read what you are posting or require it to make any sense.

  • all the links are dead ends
  • ...One Dollar!

  • All I can say is tumblr's 404 pages are some of the most WTF things I have seen
  • by sabbede ( 2678435 ) on Tuesday August 16, 2016 @06:56AM (#52710923)
    If they can hack the NSA's best, then the NSA needs them on staff before someone else hires them.
    • by Wolfrider ( 856 )

      --They musta sent the spike back to Boris and hacked the Gibson! Quick Johnny, disconnect Jones before they loopback on a hardline and reverse-hack his tank!

      / amidoinitrite ?

      • Damnit, I had almost forgotten about that awful movie. Couldn't even have Molly/Sally!

        Plus Henry Rollins was in it, and as much as I like him, his presence on a cast is a clear indicator that a movie stinks.

This is clearly another case of too many mad scientists, and not enough hunchbacks.

Working...