Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
In the long history of hacking, there have been many data breaches that remain unresolved years or even decades later. The countless hackers and hacking groups behind them have yet to be revealed.
But prolific hacking groups are being caught. This is true whether they are cybercriminals like LAPSUS$, a notorious extortion ring that has hacked companies including… Microsoft and Nvidiamany of whose members have been arrested, or sophisticated government hacking groups from Russia and China, whose members have been named, indicted and placed on most wanted lists.
Yet some of the most fascinating cases in cybersecurity history remain wide open — no perpetrators, no answers, and in some cases, not even a clear motive. We decided to return to many of them in a series of articles, starting with one of the strangest episodes in the history of intelligence leaks.
The first installment focuses on the Shadow Brokers – a mysterious group that appeared on the Internet, dropped off a set of hacking tools believed to belong to the NSA, and then disappeared.
In the summer of 2016, in the midst of Russian hacks related to the US presidential elections, the group Featured on Twitter. They linked a Share Pastbin @-several news outlets mentioned it – a bizarre and ineffective strategy that means most of those outlets likely never saw the tweets at all.
But if anyone had clicked on the link, they would have seen a document titled “Invitation to Equation Group Cyber Arms Auction” — a reference to the mysterious hacking operation widely believed to be run by the National Security Agency.
“!!! Pay attention to the governments sponsoring cyber warfare and those who benefit from it!!!! How much do you pay for the enemies’ cyber weapons?” The hackers wrote in claiming to have hacked the Equation Group.
The document included links to download some hacking tools, as well as a link to download an encrypted file that interested buyers could decrypt by making an offer. “Auction files are better than Stuxnet,” they wrote, referring to the famous malware used against Iranian nuclear facilities in a US-Israeli cyberattack in 2007. They asked for no less than One million bitcoins.
The leak quickly attracted press coverage. Once security researchers analyzed the tools, they realized they were exceptionally sophisticated cyberweapons, very likely stolen from the NSA — a suspicion reinforced by the fact that some shared names with the software revealed by NSA whistleblower Edward Snowden.
The auction was likely a hoax, as the group eventually tossed many of the instruments publicly months later. A lot of things about shadow brokers didn’t make sense. Their broken English was almost comical, as if they were trying too hard or deliberately signaling the trick. Despite clearly seeking attention — and getting a lot of press coverage — the group only spoke to a journalist once, and gave an answer. Short interview To Joseph Cox of 404 Media, then a VICE Motherboard correspondent.
Ten years later, we know nothing about who was behind the Shadow Brokers. Cox and me He interviewed former NSA employees At the time, he said an NSA insider or former insider may have been involved. But no one was ever arrested and charged — which is exceptional, given that this was one of the worst leaks of US intelligence hacking tools ever.
One possible suspect was Harold T. Martin III, an NSA contractor who had been arrested for stealing classified information from the agency. But the theory has a problem: While Martin was detained, shadow brokers remained active online. No formal charges were brought against him in connection with the leaks. The most widely accepted theory is that shadow brokers were created by a Russian government spy group as a propaganda tool.
The impact was enormous. Among the tools released, Shadow Brokers has been published Eternal blue – A set of zero-day vulnerabilities targeting the Windows operating system that allowed hackers to break into computers on a compromised network, rapidly expand their reach, and spread self-propagating worms. (Zero-day vulnerabilities (They are flaws unknown to the software maker, which means there is no patch yet.) North Korean hackers used EternalBlue to unleash WannaCry ransomware. Russian hackers later integrated it Not PetyaWhich exceeded its initial targets in Ukraine and caused damage estimated at $10 billion globally. For companies, the lesson was stark: vulnerabilities stored by intelligence agencies don’t stay secret forever — and when they leak, the private sector pays the price.
The treasure is still yielding discoveries. Among the leaked tools, there was one that contained a list of project names – including one called Fast16, only tagged with the title “Nothing to see here – continue.” last monthResearchers announced that they had located and scanned it, and found malware dating back to 2005, designed to manipulate software allegedly used by Iranian nuclear scientists.
When you make a purchase through the links in our articles, We may earn a small commission. This does not affect our editorial independence.
