Polina is an undergraduate student at Belarusian State Economic University (BSEU) where she is studying at the faculty of International Business Communication for a degree specializing in Intercultural Communication. In her spare time she enjoys drawing, music and travelling.
Over a weekend ago, a collective of anonymous hackers released malware they say owned by the Equation Group, a hacking team that is believed to be the National Security Agency’s affiliate.
An group of hackers, named “The Shadow Brokers”, have announced they hacked the Equation Group, a team of cyberspies that is tied to the NSA, and stole the files allegedly belonging to the group. The hackers are now demanding one million of bitcoins, or more than $560 million, in exchange for stolen files.
The Shadow Brokers said they revealed only 40% of the NSA Cyber-Weapons and the remaining 60% will be released to the winning bidders.
“!!! Attention government sponsors of cyber warfare and those who profit from it !!!!
How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame,” the hackers posted.
The stolen files contain the Equation Group’s hacking tools, including configurations for control servers and installation scripts.
Many experts believe the Equation Group is linked to the US government. In 2015, researchers from the security company Kaspersky Lab claimed that Equation Group is the “most sophisticated computer attack group in the world”. They also provided evidence showing the group is related to the spy agency.
According to the researchers, the codenames used by Equation Group were also discovered in the NSA documents earlier revealed by Edward Snowden. The names of some tools, such as “EPICBANANA” and “BANANAGLEE”, were also found in Snowden’s leaks. As Kaspersky Lab noted, the victims of the Equation Group match those of Stuxnet, a group that is allegedly a joint operation between the US and Israel targeting Iran’s nuclear program.
Although it is unknown if the released NSA Cyber-Weapons are legitimate, some security experts believe the data is real. Claudio Guarnieri, a technologist at the Amnesty International, told Wired the attack seems credible.
“It looks very much as if the NSA attacked someone, and that someone managed to source the of the attacks, and counter-hacked them,” he said. Guarnieri is an independent researcher at the University of Toronto’s Citizen Lab who has investigated other state-sponsored hacking operations before. “The content is credible enough and properly reflects what we know of some of the program names in there,” he added.
The Shadow Brokers asked bidders to send bitcoins to their digital wallet address and added there will be only one winner, so those who don’t win won’t get their money back. “Sorry lose bidding war lose bitcoin and files. Lose Lose. Bid to win!” they wrote in a message.
The hackers noted that if they get one million bitcoins they will publicly dump all of the NSA Cyber-Weapons. “If our auction raises 1,000,000 (million) btc total, then we dump more Equation Group files, same quality, unencrypted, for free, to everyone,” the message reads.