Shadow Brokers return with a password and message for Trump

Every few months, the person or group calling itself Shadow Brokers surfaces with a new claim of dumped NSA hacking tools, leaving us to wonder if they are in the business of satire. Its statements are rambling and often hard to verify, and they are, as Naked Security’s Paul Ducklin once put it, “pseudo-semi-literate”.

Still, in an age where entities like WikiLeaks regularly spill sensitive information on government hacking capabilities, it’s difficult to ignore the likes of Shadow Brokers altogether. With that, there’s another claim from the group to report on:

Shadow Brokers resurfaced Saturday and posted the password to an encrypted file cache believed to be components of a toolkit tied to the National Security Agency’s alleged Equation Group hacking campaign.

In its new message, the group cites frustration with US President Donald Trump as motivation for its latest activities:

TheShadowBrokers voted for you. TheShadowBrokers supports you. TheShadowBrokers is losing faith in you. Mr. Trump helping theshadowbrokers, helping you. Is appearing you are abandoning “your base”, “the movement”, and the peoples who getting you elected.

After a very long list of reasons Trump has disappointed them, the group said, “Be considering this our form of protest” before releasing the password.

With the password, it appears anyone can unlock the data dump from last year. (Motherboard confirmed that the password did decrypt the original auction file).

In August 2016, Shadow Brokers claimed that it penetrated the NSA and made off with “cyberweapons” worth more than $500m. They dumped a few files for sampling, with the claim that the files they were keeping back to sell were “better than Stuxnet“.

It then set up an auction to sell off the alleged cyberweapons, the structure of which Naked Security deemed as “absurd” at the time because:

  • The winning bid would buy the stash of cyberweapons and Shadow Brokers would keep the money;
  • All losing bids would be forfeited and Shadow Brokers would keep the money;
  • If the total bids reached BTC 1,000,000, everyone would receive all the cyberweapons for free and Shadow Brokers would keep the money; and so on.

We also noted that one million bitcoins was close to $600m back in August 2016.

So what will that password unlock? Apparently not the entire archive of Equation Group tools. Ars Technica said:

The archive, which the Shadow Brokers previously attempted to auction off, contains just over 300MB of files. It does not appear to contain the entire archive of Equation Group tools. Many of the tools apparently date back to the 1990s, targeting platforms like the Digital Equipment Corp., Alpha, Sun Solaris 2, the defunct Chinese Red Flag Linux, and other older Linux distributions. Other tools are apparently focused on telecom targets, including tools for getting into GSM cellular networks and breaking DES encryption.

It’s worth noting that the group’s auction was unsuccessful, and was ultimately called off in January.