The Shadow Brokers, a previously unknown hacker group, has announced that it has stolen a trove of ready-to-use cyber weapons from The Equation Group (previously), an advanced cyberweapons dealer believed to be operating on behalf of, or within, the NSA.
The Shadow Brokers have already dumped a selection of weaponized exploits along with an open letter offering to sell more of the same in exchange for one million bitcoin ($568m). Security researchers who've looked at the samples say they appear to be very advanced, ready-to-use exploits, and appear to be related to previously leaked NSA exploits, though nothing directly links them to The Equation Group.
"If this is a hoax, the perpetrators put a huge amount of effort in," the security researcher known as The Grugq told Motherboard. "The proof files look pretty legit, and they are exactly the sorts of exploits you would expect a group that targets communications infrastructure to deploy and use."
Claudio Guarnieri, an independent security researcher who's investigated other hacking operations by the Western intelligence agencies, told me that the files might be from a hacked NSA server used in an operation. He also cautioned that this is a preliminary analysis and that more analysis is needed.
The most recent file is dated June 2013, though the hackers could have tampered with the dates. Dmitri Alperovitch, the co-founder of security firm CrowdStrike, theorized that "the leakers were probably sitting on this information for years, waiting for the most opportune time to release."
Matt Tait, another security researcher and former British intelligence officer, tweeted that the data could come from "an old counter-hack."
Hackers Say They Hacked NSA-Linked Group, Want 1 Million Bitcoins to Share More