The Shadow Brokers are offering the NSA arsenal for direct sale

We have seen the notorious hacker group at the end of October, when the hackers leaked a fresh dump containing a list of servers that were hacked by the NSA-linked group known as Equation Group.

The file offered on the website contains a file signed with the cryptographic key of The Shadow Brokers, confirming the intent of the group in selling the entire NSA arsenal directly to buyers one by one.

Someone using the Boceffus Cleetus online moniker published a post on Medium titled “Are the Shadow Brokers selling NSA tools on ZeroNet?” announcing that the Shadow Brokers hackers are now offering for sale the “NSA tools individually.”

ZeroNet is a decentralized network of peer-to-peer users for hosting websites.

“ZeroNet uses bitcoin cryptography and the BitTorrent network.The BitTorrent website Play hosts a magnet link repository on ZeroNet, which links to copyrighted content. There is a Reddit community which offers support for ZeroNet.” states Wikipedia.

“Well howdy partners! I don’t wanna be getting arrested for passing on fake news and all. I rekon [sic] I ain’t no security professional but I am whutcha might call a ZeroNet enthusiast,” Cleetus writes. ZeroNet is a platform for hosting websites using blockchain and BitTorrent technology.

“Those dastardly ole shadow brokers have themselves a zite on ZeroNet. Yep and fars as I can tell they appears to be sellin NSA tools individually now,” added Cleetus.

The website includes a list of the products available for sale as explained by Joseph Cox from Motherboard.

The items are classified type, the list includes “exploits,” “Trojans,” and “implant-”

“The site includes a long list of supposed items for sale, with names like ENVOYTOMATO, EGGBASKET, and YELLOWSPIRIT. Each is sorted into a type, such as “implant,” “trojan,” and “exploit,” and comes with a price tag between 1 and 100 bitcoins ($780—$78,000). Customers can purchase the whole lot for 1000 bitcoins ($780,000).” states the post published on Motherboard.

“The site also lets visitors download a selection of screenshots and files related to each item. Along with those is a file signed with a PGP key with an identical fingerprint to that linked to the original Shadow Brokers dump of exploits from August. This newly uncovered file was apparently signed on 1 September; a different date to any of The Shadow Brokers’ previously signed messages.”

“If you like, you email TheShadowBrokers with name of Warez [the item] you want make purchase,” a message on the site reads. “TheShadowBrokers emailing you back bitcoin address. You make payment. TheShadowBrokers emailing you link + decryption password. Files as always being signed,” states the message on the website.

Pierluigi Paganini

(Security Affairs –  The Equation Group, ShadowBrokers)

[adrotate banner=”5″]

[adrotate banner=”13″]