Skip to Content

Hackers Claim to Be Selling Secret U.S. Spy Software

A group called the Shadow Brokers appears to be in possession of NSA code, though it’s unclear exactly how powerful it is.
August 16, 2016

A hacker group claims to be selling U.S. government cyber spying tools in an online auction, and experts suggest the software belongs to the National Security Agency.

The previously unknown hacking collective, which calls itself the Shadow Brokers, claims to have stolen code from the computer espionage team known as the Equation Group—a secretive organization identified last year by Russian security firm Kaspersky. At the time, Reuters claimed that the Equation Group was the work of the U.S. National Security Agency.

The Shadow Brokers have released sample code from its alleged hack on the website Pastebin to prove its legitimacy to potential buyers. The collective claims that the software it has published can be used to break into firewall software from companies like Cisco Systems and Juniper Networks. A security expert speaking to Reuters says the code that has been made public “appears to be relatively old.” But several security experts have told the Wall Street Journal that it does at least appear to be genuine, and one claims that it looks “like a tool kit from the NSA.”

NSA headquarters in Fort Meade, Maryland.

Edward Snowden has also published a series of tweets suggesting that he also believes these pieces of software originate from the government organization. He speculates that the hack may have been made possible if NSA employees left code on staging servers following an operation, leaving it available for a third party that was monitoring its operations to discover. That’s a slightly more nuanced description than the account published in broken English by the hackers themselves:

We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.

According to Snowden, it wouldn’t be the first time the NSA has been hacked in this way. “The hack of an NSA malware staging server is not unprecedented, but the publication of the take is,” he explained on Twitter. “Circumstantial evidence and conventional wisdom indicates Russian responsibility. This leak is likely a warning that someone can prove U.S. responsibility for any attacks that originated from this malware server. That could have significant foreign policy consequences.”

Despite Snowden’s assertion about Russian involvement, it still remains unclear who is behind this particular operation. It’s also unknown how up-to-date or powerful the rest of the code obtained by the Shadow Brokers actually is. Perhaps unsurprisingly, the hackers reckon that the software being auctioned off is of higher quality than the code the group freely published, claiming that the tools it’s selling are “better than Stuxnet.”

The highest bidder will get to find out. Or for the princely sum of one million bitcoins (about $568 million), the Shadow Brokers say, they will publish the code publicly so the entire world can see it. The true cost, however, may yet prove to fall on the NSA.

(Read more: Wall Street Journal, Paste Bin)

Keep Reading

Most Popular

Scientists are finding signals of long covid in blood. They could lead to new treatments.

Faults in a certain part of the immune system might be at the root of some long covid cases, new research suggests.

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.