Shadow Brokers may be selling NSA cyber tools on new underground site

The Shadow Brokers hacker group, believed to be behind the high-profile cyber theft of NSA cyber tools, now appears to have put up the stolen cyber weapons for direct sale on an underground site, according to a report. A newly uncovered site reportedly contains a file with the cryptographic signature of the Shadow Brokers, indicating that the hacker group has abandoned its auction and is now moving to directly sell the NSA hacking tools.

According to a report by Motherboard, an individual going by pseudonym Boceffus Cleetus wrote on Medium an article titled "Are the Shadow Brokers selling tools on ZeroNet?" The site reportedly contains a list items, supposedly for sale, with titles such as "ENVOYTOMATO, EGGBASKET, and YELLOWSPIRIT".

Each of the items are categorised into tool types such as "exploits", "trojans" and "implant", each of which are priced between 1 and 100 bitcoins ($780—$78,000). Customers can, however, buy the whole lot of exploits for 1,000 bitcoins ($780,000).

The site also reportedly allows visitors to download screenshots and select files connected to the items. The items listed on the site include a file, which was signed with PGP key similar to that connected to the Shadow Brokers' previous dump.

A message on the site reads: "If you like, you email TheShadowBrokers with name of Warez [the item] you want make purchase. TheShadowBrokers emailing you back bitcoin address. You make payment. TheShadowBrokers emailing you link + decryption password. Files as always being signed."

The FBI's investigation into the cyber weapons leak revealed that a former NSA employee's "mistake" during an active investigation may have resulted in the leak. In October, however, the anonymous hacker group leaked a second batch of NSA data before cancelling its auction for failing to garner interest in the sale.