Arsgera - Fotolia
The auction of NSA cyberweapons didn't go as planned, but the Shadow Brokers are still hoping for a big payday by ditching the auction format in favor of a more direct crowdfunding scheme.
The Shadow Brokers have a cache of cyberweapons and exploits from the advanced persistent threat group known as the Equation Group, which was said to be tied to the National Security Agency (NSA). Per the rules of the original auction, the highest bidder would receive the files, and the Shadow Brokers promised to release more files if the total bidding reached 1 million bitcoin. However, the auction went badly, with bids totaling just 1.76 bitcoin and a high bid of 0.08 bitcoin.
"We prefer [to] sell in bulk to [a] more responsible party. One more likely to disclose than hurt peoples [sic]," the Shadow Brokers wrote before ending the auction. "Maybe a government, security company, [or] wealth[y] individual [will] step up, do [the right] thing, get seen doing it. If not, we assume no one [is] interested and we start selling on the underground. Lots of transparency and disclosure there. This [is] how much they care about people's personal data, financial info and security, 1.5 [bitcoin]."
With the new conditions of sale, the Shadow Brokers have a much more modest goal of 10,000 bitcoin. And if that goal is met, they will publicly post the password to the dump of NSA cyberweapons. The Equation Group files have been verified with a limited release of the data, and the Shadow Brokers claimed to have more unreleased files; the Shadow Brokers group has claimed it released only 60% of its alleged cache of cyberweapons.
"You seeing 'Firewalls' toolkit, includes remote exploits, privilege escalations, persistence mechanisms, [remote-access Trojans], LPs [listening posts] and post-exploit collection utilities. Complete package for [someone] to run own operations. The Shadow Brokers is having more Equation Group toolkits for other platforms, [such as] Windows, Unix/Linux, routers, databases, mobile, [and] telecom. Newer revisions, too," the Shadow Brokers wrote. "The auction file is [a] toolkit for one of [the] other platforms. [It] includes remote exploits, local exploits/privilege escalations, persistence mechanisms, RATs, LPs, [and] post-exploit collection utilities. Value estimated in millions of euros/dollars."
The Shadow Brokers initially released 300 Mb of files, which experts said were genuine and included exploits for Cisco and Juniper product vulnerabilities.
Learn more about the leaked Cisco vulnerability found in the Shadow Brokers dump.