Hackers find little demand for their stolen NSA hacking tools

The ShadowBrokers' auction for the hacking tools has so far generated little interest

The hackers who are auctioning off cyberweapons allegedly stolen from the National Security Agency are growing annoyed and want cash.

The ShadowBrokers' sale of the stolen tools has so far generated little interest, and over the weekend, the hackers complained in a message posted online, using broken English.

"TheShadowBrokers is not being interested in fame. TheShadowBrokers is selling to be making money," the hackers said.

As of Monday, their auction only had one substantial bid at 1.5 bitcoins, or US $918. Many of the other bids were valued at less than $1. 

The hackers originally dumped a sample of the stolen hacking tools back in mid-August, and independent security experts later found the tools to actually work. The tools include exploits designed to compromise firewall and router products from Cisco, Juniper Networks, and Fortinet and are probably worth a fortune.

The hackers claim they have more cyber weapons to sell. However, they've taken the unusual step of offering them up through an open online auction relying on bitcoin.

Although anyone can participate, the hackers haven't said when they'll accept the final bid. The hackers also hoped to receive 1 million bitcoins, or $611 million, in exchange for leaking all they stole for free to the public.

The unusual conditions have led some security researchers to suspect the auction is a publicity stunt. But the ShadowBrokers claim in their latest posting that the auction is real, despite "sounding crazy."

"Expert peoples is saying Equation Group Firewall Tool Kit worth $1 million," the group said. "TheShadowBrokers is wanting that $1 million."

They made the auction public to draw in the most bidders and never expected a bid of 1 million bitcoins, they added.

"Anticipate end (to the auction) when reasonable sum raised and bidding stops," the hackers added.

Although the ShadowBrokers are offering no guarantees, they did claim they have many more hacking tools that can target other platforms such as Windows, Linux, and mobile devices.

The tools up for auction will target one of these platforms and include ways to hack a system remotely and remain a persistent threat, they said. 

"Value estimated in millions of euros/dollars," the group added.

It's unclear if the tools are really from the NSA. But the hackers claim to have stolen them from the Equation Group, an elite cyberespionage team suspected to work for the U.S. government.

The hackers are hoping that victims and adversaries of the Equation Group will eventually bid on the auction. But the ShadowBrokers appear to be growing impatient. Their posting was also riddled with expletives.  

"TheShadowBrokers is wanting quick end too so be making [expletive] bids," the hackers said.

Join the CSO newsletter!

Error: Please check your email address.

More about CiscoFortinetJuniperLinuxNational Security AgencyNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Kan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts