An undisclosed group of hackers operating under the alias of “The Shadow Brokers,” has hacked another hacking group known as “Equation Group,” which many security experts and firms believe is connected to the NSA.
The Shadow Brokers have set a price tag of 1 million Bitcoin for the compromised data, which is currently worth US$572 million. The Equation Group, which was unravelled by reputable cybersecurity firm Kaspersky Labs in 2015, is an alleged hacking organization under the NSA which handles confidential data related to its cybersecurity systems and cyber weapons.
WikiLeaks and Snowden on leaked data
The documents and files owned by the Equation Group include routers, firewalls, cyber weapons, and configuration disclosed in the documents released by Edward Snowden and WikiLeaks which further validates the identity of the Equation group.
WikiLeaks even announced their plans to release a collection of “cyber weapons” purportedly used by the National Security Agency.
Nicholas Weaver, a senior networking and security researcher at Berkeley’s International Computer Science Institution, said:
“This archive appears to contain a large fraction of the NSA’s implant framework for firewalls, including what appears to be several versions of different implants, server side utility scripts, and eight apparent exploits for a variety of targets.”
Edward Snowden, former CIA employee and computer professional suggests that the leaked information can be served as critical evidence that any attacks originated from the unravelled malware is directly connected to the U.S. and its agencies.
It is legitimate
Security researchers Grugq and Cladudio Gaurnieri believe that the leaked data is legitimate, because of the legitimacy and similarity between the data disclosed by Snowden and the released documents from The Shadow Brokers.
“If this is a hoax, the perpetrators put a huge amount of effort in,” “The proof files look pretty legit, and they are exactly the sorts of exploits you would expect a group that targets communications infrastructure to deploy and use.”
Some still deny that the data is from the NSA, because of large files directory (302 megabytes) and difference in file types. Weaver further stated that the Snowden cache showed PowerPoint slides and share data, not detailed exploits.
“Besides NSA, the only plausible candidate for ownership is GCHQ—and the implications of stealing Top Secret data from GCHQ and modifying it to frame the NSA would themselves be startling.”
While it is difficult to conclude the legitimacy of the hacked data, the bitcoin address which the Shadow Brokers are using to receive payment for the auction of compromised data still hasn’t received the payment.
Cointelegraph will continue to update the story as new information emerges.