Group claims to hack NSA linked hackers

16 Aug 2016

In what, according to security experts, is either a one-of-a-kind breach or an elaborate hoax, an anonymous group has published, sophisticated software tools belonging to an elite team of hackers linked to the US National Security Agency.

In a recently published blog post, the group, which goes by the name Shadow Brokers, claimed the leaked set of exploits were obtained after members hacked the Equation Group, but the post has since been removed from Tumblr.

According to Kaspersky Lab researchers, Equation Group was one of the world's most advanced hacking groups, with ties to both the Stuxnet and Flame espionage malware platforms. The compressed data accompanying the Shadow Broker post was somewhat bigger than 256 MB and purported to claim a series of hacking tools dating back to 2010.

While it is not immediately possible for outsiders to prove that the posted data - mostly batch scripts and poorly coded python scripts - belonged to Equation Group, the data did originate from some advanced hacking group.

In a bizarre twist, the hackers have also demanded 1 million bitcoin (around $568 million) in an auction to release more files.

''Attention government sponsors of cyber warfare and those who profit from it!!!!'' the hackers wrote in a manifesto posted on Pastebin, on GitHub, and on a dedicated Tumblr. ''How much you pay for enemies cyber weapons? [...] We find cyber weapons made by creators of stuxnet, duqu, flame.''

While Kaspersky was silent on the NSA angle, its researchers offered extensive evidence pointing to the US spy agency, including a long series of code names used by the Equation Group and found in top secret NSA documents released by Edward Snowden.

The dumped files mostly contained installation scripts, configurations for command and control servers, and exploits targeted to specific routers and firewalls.