This article is more than 1 year old
ShadowBrokers put US$6m price tag on new hoard of NSA hacks
Auction failed, now false-flag filchers want 10k bitcoin or the code gets it
A group thought linked to a Russian hacking outfit has moved to cash in on its cache of likely NSA exploit tooling, by offering it in exchange for 10,000 Bitcoins.
The group known as "ShadowBrokers" wrote that they will release a password to a public encrypted cache of alleged NSA tools and exploits.
It is the second cache released in conjunction with cleartext and since-confirmed NSA tools and code dump released earlier this year which revealed dangerous zero day exploits in top end but years-old versions of enterprise security kit.
Security analysts have confirmed the validity of the dumps with some including NSA leaker Edward Snowden suggesting the data is stolen from a hacked command and control server used by his former US Government employer in network exploitation attacks.
The cache now offered under the 10,000 (US$6,403,800) Bitcoin fundraiser was first offered for sale under a failed silent auction, and it is almost guaranteed the latest effort will also flunk.
About 60 per cent of the total cache was released for free, including then zero day exploits against Cisco and Juniper firewalls, with the remainder locked up until payment is received.
Here's an excerpt from ShadowBrokers' latest missive:
"TheShadowBrokers is being bored with auction so no more auction. Auction off. Auction finish. Auction done. No winners. So who is wanting password? TheShadowBrokers is publicly posting the password when receive 10,000 btc (ten thousand bitcoins). Same bitcoin address, same file, password is crowdfunding. Sharing risk. Sharing reward. Everyone winning."
ShadowBrokers is an interesting group that experts agree is likely a nation state actor given its advanced exploit capabilities.
Its writers appear to be faking their lack of English writing skills with one linguist pointing to inconsistent and seemingly deliberate spelling and grammatical errors suggesting it is a false flag operation. ®