By Amy Castor for BTCManager (posted 8/16/2016)
It could be true. We don’t know for sure yet, but it looks like a mysterious group by the name of “Shadow Brokers” may have hacked the Equation Group, a sophisticated cyber attack group with possible links to NSA. In an odd twist, the hackers are asking for 1 million bitcoins to release the data.
Shadow Brokers, which operates the Twitter account @theshadowbrokers, posted its manifesto on Pastebin, Github, and Tumblr. The original posts were deleted, but an archive is available. In a strange sort of broken English with lots of exclamation points, the hackers wrote:
“We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!!”
Equation Group is one of the most advanced hacking groups in the world, according to Moscow-based security firm Kaspersky Lab, which exposed Equation Group last year. The firm reports Equation Group has infected some 500 victims in more than 30 countries since 2001.
Kaspersky Lab fell short of saying Equation Group was connected with the NSA, but provided extensive evidence in an exhaustive report published last year.
As proof of their heist, Shadow Brokers shared samples of Equations Group’s surveillance tools, mostly binary builds, installation scripts, and configurations for command and control servers.
The rest of the bounty is up for ransom. The hackers are auctioning the files off to the highest bidder. Low bidders will not get any refunds, but if total bids reach 1M bitcoins ($568M), the hackers say they will make more files public. Presumably, the lion’s share of the heist will go to the highest bidder.
The hackers won’t say what’s in the files they allegedly took. They are keeping that hush-hush and claim Equation Group is clueless to what’s been taken. “We want Equation Group to bid so we keep secret. You bid against Equation Group, win and find out or bid pump price up, piss them off, everyone wins,” the hackers wrote.
There is no set date for the auction to end. It ends when the hackers feel it should end. In the meantime, they encourage everyone to keep tossing money in the pot.
Is the hack real? Some experts are saying that it is. But Kaspersky Lab analyst Aleks Gostev posted on Twitter that nothing in the leaked files appears to be from Equation Group.
There is no clear motive for the attack. But at the end of their manifesto, the hackers include a long-winded rant about the “wealthy elite.” The group writes: “We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data.”
As of this writing, the bitcoin wallet for the auction has received around 0.12 bitcoin, amounting to $68. At that rate, the hackers may be holding their breath for a long time.