When an anonymous group calling itself Shadow Brokers put up for auction a collection of data it said it stole from the NSA, the group wrote that it would make the information public if it received the truly absurd “Dr. Evil” sum of one million bitcoins—at current exchange rates, about $576 million. So far, however, it’s achieved a more modest payday: $937.15.

Over twenty-four hours have passed since the Shadow Brokers publicized its auction of a collection of encrypted information it claimed to have obtained from hacking the Equation Group, an elite team of hackers linked last year to the NSA. Shadow Brokers offered the data, which it claims includes a “full state-sponsored toolset” of “cyberweapons,” to the highest bitcoin bidder, with the promise that if the total bids reached a million bitcoins, it would publish the entire dataset.

But buyers aren’t exactly clamoring to outbid one another for the secrets. So far, only one significant bid has been made, offering 1.5 bitcoins, or about $865 dollars, based on the publicly visible transactions in bitcoin’s accounting ledger known as the blockchain. The next highest bid for the cache is .04 bitcoins, or $23.

The lack of bids doesn’t come as much of a surprise, says Mikko Hypponen, chief research officer at the security firm F-Secure, given how bizarrely the terms of sale were defined. The Shadow Brokers expected bidders to pay in advance with the understanding that only the highest bidder would receive the decryption key to access the data, and all others would forfeit their bids. “This is one weird auction,” says Hypponen. “It was very shady to begin with.”

But the absurd auction system contrasts with the security community’s growing consensus that the stolen data is real, and may indeed have come from a counter-hack of an NSA hacking team. A set of sample data released by Shadow Brokers yesterday included real—if perhaps somewhat outdated—code for hacking network appliances sold by Cisco, Juniper, Fortigate and TopSec. Some of the data matched a catalogue of hacking tools leaked by Edward Snowden in 2013. “The content is credible enough and properly reflects what we know of some of the program names in there,” Citizen Lab malware analyst Claudio Guarnieri told WIRED yesterday.

Snowden himself weighed in on Twitter early Tuesday, surmising that the hack was likely a real compromise of a staging server, one of the command-and-control computers NSA hackers set up outside the NSA’s own network as part of an espionage operation. “NSA malware staging servers getting hacked by a rival is not new,” the former NSA analyst wrote. “A rival publicly demonstrating they have done so is.”

In fact, Snowden and others point out that the bitcoin bidding may not be the real intention of the Shadow Brokers operation. Berkeley computer science researcher Nicholas Weaver said yesterday that any serious auctioneer of hypersensitive stolen data would use bitcoin’s escrow features to allow bidders to make bids and then retract them if they don’t have the highest bid. Snowden argued that the real point of the hack, which may well have been the work of another group of state-sponsored hackers, wasn’t cryptocurrency profit so much as sending a message. And that message, he speculated, might be related to the fact that US policymakers are considering sanctions against Russia for its alleged hack of the Democratic National Committee. “This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server,” he wrote. “That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies….Particularly if any of those operations targeted elections.”

F-Secure’s Hypponen says it’s too early to know if more real bids will be made in the Shadow Brokers’ auction. Other bids may have been made in secret backchannels, too. And Hypponen contends the auction may be nothing more than a publicity stunt meant to maintain the Shadow Brokers’ time in the spotlight. “They’re trying to gain maximum exposure,” he says. “An auction keeps people talking.”

View the original here: 

No One Wants to Buy Those Stolen NSA-Linked ‘Cyberweapons’