Shadow Brokers are back with ‘stolen NSA cyberweapons’, now 99.9% off

Remember Shadow Brokers?

That’s the self-styled, pseudo-semi-literate but surely satirical hacker group that claimed in August 2016 to have penetrated the NSA, or some other organisation of that sort, and made off with “cyberweapons” worth more than $500 million.

They dumped a few files as tasters, with the claim that the files they were keeping back to sell were “better than Stuxnet.”

That’s a bold claim, given that Stuxnet was the airgap-jumping USB virus that was allegedly written to sneak right into the heart of Iran’s uranium enrichment programme.

A lot of reports took the Shadow Brokers claims very seriously, but we were more sceptical.

We noted the absurd structure of the “auction” by which they proposed to sell off these alleged cyberweapons:

  • The winning bid buys the stash of cyberweapons. The Shadow Brokers keep the money.
  • All losing bids are forfeited. The Shadow Brokers keep the money.
  • If the total bids reach BTC 1,000,000, everyone gets all the cyberweapons for free. The Shadow Brokers keep the money.
  • The auction ends when Shadow Brokers feel like it. The Shadow Brokers keep the money.
  • The items for sale in the auction are secret, so you have no idea what you are “bidding” for.

One million bitcoins, by the way, was close to $600 million back in August 2016, or nearly $800 million today.

We also noted the rather carefully constructed faux-bad-English in the documents, such as this part justifying the last auction condition listed above:

Q: Why I trust you? A: No trust, risk. You like reward, you take risk, maybe win, maybe not, no guarantees. There could be hack, steal, jail, dead, or war tomorrow. You worry more, protect self from other bidders, trolls, and haters.

As we wrote back in August:

The whole thing is written in a curious style, as though native speakers of English had gone out their way to create a document that reads in a carefully and consistently stilted way, fusing a sort of fake and vaguely insulting pidgin with the faintly annoying diction of Yoda out of Star Wars.

The auctioneers didn’t meet with much success, allegedly dropping their price to an all-in fee of just BTC 10,000 (still several million dollars) by October 2016.

Now, according to boutique UK security consultancy Hacker House (they sometimes write that H/H, and apparently also as HH-1 to be funky, but we’ll stick to Hacker House), the Shadow Brokers have decided to sell off their alleged cracked tools piecemeal at Bitcoin prices from BTC 1 to BTC 100.

Hacker House has taken a guess at what they think each allegedly stolen product is supposed to do.

If they’re right, Shadow Brokers are asking anything from $800 for a “log cleaning tool” for FreeBSD 4.0 on MIPS, to $80,000 for a selection of “common tools and attacks” aimed at SunOS 4 and FreeBSD 2. (The last SunOS release was way back in 1994, in case you are wondering why you haven’t heard of it lately.)

If you’re feeling lucky, you can buy the whole job lot for BTC 1000, which is just under $800,000 today.

Quite a discount from the BTC 10,000 of two months ago, or the BTC 1,000,000 of two months before that.

We’d hold off for the New Year sales if we were you.