[S-99]

Powerful nsa tools released

Hacker Demands $568 Million in Bitcoin to Leak All Tools and Data

Not just this, the hackers, calling themselves "The Shadow Brokers," are also asking for 1 Million Bitcoins (around $568 Million) in an auction to release the 'best' cyber weapons and more files.

Also Read: Links Found between NSA, Regin Spy tool and QWERTY Keylogger

Widely believed to be part of the NSA, Equation Group was described as "a threat actor that surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades," according to a report published by security firm Kaspersky in 2015.

Equation Group was also linked to the previous infamous Regin and Stuxnet attacks, allegedly the United States sponsored hacks, though the link was never absolutely proven.

Two days back, The Shadow Brokers released some files, which it claimed came from the Equation Group, on Github (deleted) and Tumblr.

Exploits for American & Chinese Firewalls Leaked:

The files mostly contained installation scripts, configurations for command-and-control (C&C) servers, and exploits allegedly designed to target routers and firewalls from American manufacturers including, Cisco, Juniper, and Fortinet.

According to the leaked files, Chinese company 'Topsec' was also an Equation Group target.

The leak mentioned names of some of the hacking tools that correlate with names used in the documents leaked by whistleblower Edward Snowden, like "BANANAGLEE" and "EPICBANANA."

    "We follow Equation Group traffic," says the Shadow Broker. "We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files."

It is yet not confirmed whether the leaked documents are legitimate or not, but some security experts agree that it likely is.

A guy with more information and tested some of this stuff here.

Cached page of shadowbrokers breaking the news.

Finally, the download.

The main target is cisco, juniper, etc. routers and firewalls. Security through obscurity and backdoors in everything is again a bad thing.

[Dragon]

Well, if it's true, then someone's gonna have somebody's head for this... At least I hope so. I'm willing to accept a degree of government surveillance, but only on condition that nobody else gets that data. If NSA can be beaten at their own game like this (and especially if the perpetrators get away with it), then what's the point of keeping them around?

Also, I don't know if it's just me, but the syntax of that message from "The Shadow Brokers" reminds me of how people from Slavic countries speak English if they're not proficient at it... In other words, those hackers sound a lot like Russians. Obviously, this wouldn't bode well to the US.

[zookeeper]

Also, I don't know if it's just me, but the syntax of that message from "The Shadow Brokers" reminds me of how people from Slavic countries speak English if they're not proficient at it... In other words, those hackers sound a lot like Russians. Obviously, this wouldn't bode well to the US.

I have a hard time imagining a scenario where someone who can pull of that kind of thing 1) hasn't picked up better english than that along the way and wants to reveal that kind of information about themselves, or 2) has bad english but doesn't know how to not reveal it, or 3) is oblivious to the fact that their english is bad.

You can't make any conclusions from the language used.

[Dragon]

Trust me, if they actually are Russians, then there's a good chance they just didn't care. It's not an uncommon attitude, from what I've seen. They know their English is not perfect, but it gets the message across, so it doesn't matter. It's a bit similar with people from Ukraine, at least with the ones I've met. This is probably because of the alphabet difference. People from Poland have a lot of exposure to English internet (and thus easily picked up correct grammar), but Russians have significantly less because they mostly spend time on sites that are in the Cyrillic alphabet in first place (and thus, for most part, in Russian to begin with). Because of that, they tend to end up keeping the odd syntax in English. So no, not unlikely at all.

And no, that doesn't stop them from being amazing programmers, scientists or engineers. I worked with a few Russians on KSP mods and they tend to speak pretty much like that, despite making some of the best plugins and rocket models out there.

[Buff Skeleton]

"Hacker Demands $568 Million in Bitcoin"

 

[zookeeper]

Trust me, if they actually are Russians, then there's a good chance they just didn't care. It's not an uncommon attitude, from what I've seen.

Sure, I know. But you still can't make that kind of conclusion from the obvious clichéd nature of the text. For every reason to assume someone's X there's also a reason why they might want you to think they're X.

[S-99]

This whole thing could also just be a stunt like the north korea supposedly hacking sony for the big email dump and movie leak, that really didn't seem like north korea at all.

I spoke russian for a while, i know a little bit how it goes for a language that doesn't have very many articles and has sentences structures that to us has words out of order. If i say "ya tebya lubyu" (i love you), roughly translated means "i you love". I'll be honest, beautiful sounding language, but it's like cave man talk in a rough translation. I really don't know how russians spoke before modernity came to their speech a few hundred years ago.

The way that person wrote the whole thing is consistent with the way that it is written all over the cached page. What i mean is that this person doesn't change the way they speak their broken english at all on the page. And it really does seem cliched. I give it props for being consistent.

It's very stereotypical for how russians speak english in american movies. Russians and ukrainians in real life don't sound like rehashed movie cliches (lots of russians and ukrainians in alaska, the lower 48 has illegal mexicans, up there we have illegal russians).

EDIT:
I got a chime in on this portion too. Ending with a "we fought the man and won this time" statement. This seems randomly tossed in there and meant to do nothing else than turn the cranks of conspiracy theorists. It oozes nothing but juicy buzz words and terminology for them, they could've mentioned chemtrails and it would have sounded the same.

Closing Remarks
- ————————————————–

!!! Attention Wealthy Elites !!!

We have final message for “Wealthy Elites”. We know what is wealthy but what is Elites? Elites is making laws protect self and friends, lie and **** other peoples. Elites is breaking laws, regular peoples go to jail, life ruin, family ruin, but not Elites. Elites is breaking laws, many peoples know Elites guilty, Elites call top friends at law enforcement and government agencies, offer bribes, make promise future handjobs, (but no blowjobs). Elites top friends announce, no law broken, no crime commit. Reporters (not call journalist) make living say write only nice things about Elites, convince dumb cattle, is just politics, everything is awesome, check out our ads and our prostitutes. Then Elites runs for president. Why run for president when already control country like dictatorship? What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what “Equation Group” can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? “Do you feel in charge?” Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?

[Dragon]

OK, I didn't see their site before. That tidbit you quoted at first does seem like something a Russian with medicore grasp of English could say. The rest of it, well... Now I'm not really sure that it's real. It's rather hard to believe that someone bright enough to hack NSA would write something like that. However, I can very much see someone wanting to get rich quick and saying he's hacked NSA, hoping that someone will fall for it.

That said, Russians (and people from former Soviet Block in general) are somewhat prone to conspiracy theories (hard to blame them, Soviet Union was, for most of the time, one big heap of actual conspiracies). A whole lot of people I know in Poland would agree with the general sentiment. The idea that "Elites" and the wealthy are responsible for every woe of a common man is still very popular here (remember, we've got this idea hammered into our heads for most of the previous century). People (especially the poor) love hearing about how they're not at fault for their poverty, but politicians, businessmen and other "Elites". I'm not sure how it looks in Russia, but given the rampant corruption and oligarchy, it's quite likely many Russians would agree with that, too.

And yes, directly translating Russian to English is a bit funny. Try Google Translate for added hilarity. I don't know about Russian, but Polish (a related language, but which also has a lot more to do with Latin) was actually more complex in the old days. Then again, Polish was also a lot more like Latin a few hundred years ago, while Russian was always thoroughly Slavic.

[S-99]

Thanks for taking a look at the cached site. Really, none of it sounded normal to me at all, what really is the sucker punch for not being normal are the closing remarks. To be more convincing, there shouldn't have been any. All i keep thinking is nothing but artificial problem. Most hacker publishings focus on how the hack was discovered, exploited, further exploited, and usually pointing fingers for lazy coding or intention of security through obscurity (not ranting).

I will share this, based on the scope of the us government spying on everyone abroad it can (locally doesn't matter for now for this), i can see how the closing remarks would make sense. But, even still, the buzz words are all too obvious and over used, and the way they are used are to re-inforce this feeling of being cattle (if we were really cattle, maybe we ought to check for stickers on our mailboxes outside our houses to check if we were deemed stupid enough to live, or smart enough to be guillotined; oh right, those stickers are for magazine and newspaper subscriptions for the people that deliver them).

You make a great point that conspiracy's are very real, at least the ones that are real at least (i get more into the non-real shortly). Soviet russia is a good example for bunches. As far as america goes i will post the obvious, overthrowing castro was one, and a real obvious one is the attempt at making gun ownership so unpopular that it is banned. Then again, i'm sure if we talk to some iranians, they might tell you that jewish holocaust in ww2 was just a conspiracy theory.

My point as well as yours is that conspiracy's are very real, but also highly suspect when something claims to be real but doing nothing more than manipulating you by causing fear from semi realisms for manipulation. Case in point with chemtrails, a lot of footage and photography taken out of perspective (usually a lot of plains dumping liquids on wildfires) to reinforce a lie, another good one is footage of the flat earth (anything round looks flat if you zoom in; ****, that's our perspective on earth right now). Bad conspiracy's have gaping holes, and will say anything to get you to believe them, and even offer very intriguing evidence for their cause (i will say the evidence is often very intriguing, but again, just more deception). The closing remarks say nothing of any worth to most people (just those who want to eat it up), and instead open up this grand picture of the elites and how we are cattle. A great way of detecting evil is by looking for the contradictions.

All that cached page does, regardless of what was purposefully or not leaked, is reinforce the ideal that this is manufactured.

[karajorma]

"Hacker Demands $568 Million in Bitcoin"

 

Anyone else picturing Dr Evil making demands of the UN?

[LaineyBugsDaddy]

Don't know about that, but it sounds like these guys played the Mass Effect games too much. I mean seriously? "Shadow Brokers"? A little obvious there.

[Dragon]

All that cached page does, regardless of what was purposefully or not leaked, is reinforce the ideal that this is manufactured.

I don't know. It doesn't sound natural, but at this level of English proficiency I wouldn't expect it to. Really, on one hand, it's hard to believe, but on the other, it's kind of hard not to believe. The thing is, I can imagine someone thinking something like that, then trying to express it in (poor) English, resulting in what we've got. On the other hand, someone who could think something like that would be unlikely to be smart enough to hack into friggin' NSA.

However, the biggest disconnect I can think of is that they're trying to sell access to the hacking tools... while they could use them to rob the very elites they're ranting about. If they've really got what they claim to have, what's there to stop them from using it themselves? An ideological hacker (that they purport to be) would release all the tools for free, in order to let them be used for the cause. Someone who cares about money would, on the other hand, be better advised to hack into some corporation's databanks and sell that. I bet one could make a lot more than a billion bitcoins that way.

Given everything, I can think of two scenarios where this would be real:
1. The actual hackers don't speak a word of English and the only person on their team who does is a bit of a lout.
2. NSA made such an epic blunder that a bunch of complete dolts got their hands on the tools through luck (or constant monitoring, as they imply) and some basic hacking ability.

Both sound unlikely, but not impossible. If I was a member of the US government, they'd get a visit from a DEVGRU team regardless. I'd put my money on it being a scam if I had to, but I wouldn't rule out the possibility of NSA being that incompetent, either.

[S-99]

What supposedly happened was that the nsa was hacked into and these tools are the plunder. These were not tools developed by the hackers, so they wont be given away freely. Hacked or manufactured crisis, the tools are still the plunder.

Again, i'm focussing too much on those closing remarks...highly suspicious of those, that's where the big lick of manufactured comes to me from.

As far as my government goes, no one will be getting a visit from devgru team any time soon. My government is stupid, they believe that backdoors in everything is smart, also the office of personnel management thought that deliberately not upgrading security was smart too (no one in prison).

My point is that the NSA is a bunch of dolts for encouraging and providing backdoors that people are finding all the time. You think they would learn that security through obscurity after how many times a backdoor gets detected, and even traced back to them, that it should be a practice stopped. But, instead they continue, and we got smarter people not working for any government finding these things; the nsa does not have the best and brightest.

For why $568 million in bitcoin? You've got to think about what's been going on in the world with who's collecting data. Windows 10, android, ios, your isp, email provider, social media, etc. are all watching everything that everyone does. I don't doubt for a second that my government has relations with att, microsoft, google, and apple, etc. It begs the question if the tools that were plundered are valued at such a high price, then taking a look around the world, you've got to wonder if they damn well almost let you into anything.

EDIT: These nsa tools might be sought after, but i don't think quite so sought after for $568 million.

[Dragon]

What supposedly happened was that the nsa was hacked into and these tools are the plunder. These were not tools developed by the hackers, so they wont be given away freely. Hacked or manufactured crisis, the tools are still the plunder.

If they were purely an ideological organization, then they would make more sense for them to either release them freely or to provide them to those who they think should have them (depending on how much a given group cares about collateral damage). My point was that if they need money, they could very well use the tools themselves and probably get much more than a million bitcoins. As you said, they can probably let you into almost anything. I'm pretty sure the hackers know that... so I'm asking, why not go ahead and start doing it?

As for the DEVGRU team, I didn't mean that they should visit the NSA (obviously, nobody in the government would think to blame them), but the hackers themselves, if they could be tracked down somehow. The idea of the government screwing up and then sending black ops assassins to cover it up (or at least fixing what was broken) is a bit cliche, but is, at this point, the only thing that could be done (and the whole thing, if real, would be a serious enough security risk that I'd consider such extreme measures). There's no use crying over spilled milk, but you should get a mop and get rid of it before it starts to stink.

If this was up to me, heads would roll at the NSA as well, but you know how it is. Politicians love changing things, unless those changes would affect anything ran by politicians themselves (or their relatives ). Then they'll fight tooth and nail to keep the status quo.

[jr2]

If this was up to me, heads would roll at the NSA as well, but you know how it is. Politicians love changing things, unless those changes would affect anything ran by politicians themselves (or their relativesdonors ). Then they'll fight tooth and nail to keep the status quo.

FTFY

[Phantom Hoover]

love it when libertarians complain about money in politics like they'd do anything to stop it

[qwadtep]

All that cached page does, regardless of what was purposefully or not leaked, is reinforce the ideal that this is manufactured.

I don't know. It doesn't sound natural, but at this level of English proficiency I wouldn't expect it to. Really, on one hand, it's hard to believe, but on the other, it's kind of hard not to believe. The thing is, I can imagine someone thinking something like that, then trying to express it in (poor) English, resulting in what we've got. On the other hand, someone who could think something like that would be unlikely to be smart enough to hack into friggin' NSA.

However, the biggest disconnect I can think of is that they're trying to sell access to the hacking tools... while they could use them to rob the very elites they're ranting about. If they've really got what they claim to have, what's there to stop them from using it themselves? An ideological hacker (that they purport to be) would release all the tools for free, in order to let them be used for the cause. Someone who cares about money would, on the other hand, be better advised to hack into some corporation's databanks and sell that. I bet one could make a lot more than a billion bitcoins that way.

Given everything, I can think of two scenarios where this would be real:
1. The actual hackers don't speak a word of English and the only person on their team who does is a bit of a lout.
2. NSA made such an epic blunder that a bunch of complete dolts got their hands on the tools through luck (or constant monitoring, as they imply) and some basic hacking ability.

Both sound unlikely, but not impossible. If I was a member of the US government, they'd get a visit from a DEVGRU team regardless. I'd put my money on it being a scam if I had to, but I wouldn't rule out the possibility of NSA being that incompetent, either.

3. It's a "we know what you did" message from a foreign government.

The actual theft was probably the result of incompetence but not Hillary Clinton email levels of incompetence. The tools were probably left on a staging server by accident and one of the various rivals that monitors said servers got in before anyone realized the mistake. The hackers then looked at the tools, figured out their intended targets and purposes, corroborated with other intelligence they've collected over the years, and came up with a picture of what shady cyber warfare stuff the US government has been up to. They they publicly release enough of it to be credible, but not enough to know the full extent.

This is potentially damning information. Especially if the targets were US allies. Especially if it involves things like elections.

So they release just enough samples to be credible, but not enough for the US government to know the full extent of the damage, under the guise of an independent hacker auction. And now American intelligence agencies have to scramble to figure out how badly compromised they are and what assets are at risk or no longer viable and what needs to be covered up and who needs to be flown home, and the policymakers have to fret over how this might affect US foreign relations for the next two or three decades.

Basically, it's elaborate blackmail.

The closing statement is barely coherent because it's been run through a script to prevent linguistic profiling.

[Dragon]

The closing statement is barely coherent because it's been run through a script to prevent linguistic profiling.

Now that's something I didn't think of before. I dismissed most "serious" explanations because of this statement and the downright silly way of phrasing it. If it can be the output of some anti-profiling script, then it could be serious after all.