A hacker collective known as the Shadow Brokers are holding a Bitcoin auction to ransom off a collection of malware files stolen from the US National Security Agency.
The hackers say they will give the malicious files to the highest bidder, whoever they may be.
According to experts, the samples released, so potential buyers can verify the files authenticity, could very well be genuine.
According to various news sources, including the Guardian, the Shadow Broker hackers may not have hacked the NSA itself, but rather a US government sponsored elite hacking unit with close ties.
The ‘Equation group’ is said to be managed indirectly by the NSA itself, and frequently uses state sponsored ‘cyber weapons.’ As part of their auction blurb, the Shadow Brokers claims it is offering high profile malware created by the makers of Stuxnet, Flame, and Duqu.
Auction ends whenever we feel like it
The Shadow Brokers have posted no end date for the auction, and will only send the alleged stolen files and the corresponding decryption instructions when “we feel it is time to end”.
Unlike most auctions, all bidders for the malicious software have to pay up front, and crucially, their bids will not be refunded even if someone bids more, a move calculated to ensure that bidders will come to the party with their best offer
However, the highest bidder is not necessarily guaranteed to end up with the files in any case. Should Shadow Brokers receive total cumulative bids of over a million Bitcoins, roughly $500 million, the hackers say they may release the code for free. As the group say in their FAQ section of their auction:
“No trust, risk. You like reward, you take risk, maybe win, maybe not, no guarantees.”
I’ll let the guys at Wired, who seem to have hit the mark closer than anyone else with this story, have the final words today:
“Any hackers capable of compromising the Equation Group or another NSA hacker team would likely have to be extremely sophisticated…Anyone capable of finding NSA hackers’ infrastructure, not to mention penetrating it, would likely have to possess government-level resources and talent.”