It has been over 48 hours since powerful hacking tools allegedly stolen from NSA-linked elite cybersecurity unit Equation Group were put up for sale online by cybercriminals going by the name Shadow Group. However, it appears there are very few people actually interested in purchasing the cache of hacking tools and code names, which so far has racked up its highest bid of a mere 1.5 bitcoins ($865).
Shadow Brokers said the data on sale includes a "full state-sponsored toolset" of "cyberweapons", which they are prepared to sell off to the highest bidder. However, there appears to be limited response and the hackers have so far only raked in a total of $937.15 — a paltry amount, when compared to the Shadow Group's demand of 1m bitcoins ($576m).
"Super-duper interesting" cyberweapons
Former NSA personnel working in the agency's hacking division Tailored Access Operations (TAO) and Kaspersky security researchers have confirmed that the leaked data is legitimate, with one unnamed former TAO agent describing them as the "keys to the kingdom".
Another TAO agent backed up these claims of the cache of data being legitimate, adding that there may be even more dangerous cyberweapons out there. "The stuff they have there is super-duper interesting, but it is by far not the most interesting stuff in the tool set," he said. "If you had the rest of it, you'd be leading off with that, because you'd be commanding a much higher rate."
Despite that, however, there appears to be limited interest from buyers. The highest bid at 1.5 bitcoins trumps another bid for just .04 bitcoins.
Security researcher Nicholas Weaver at the University of California, Berkeley, called the auction "a joke," Weaver said. "It's designed to distract. It's total nonsense." He added that "bitcoin is so traceable that a Doctor Evil scheme of laundering $1 million, let alone $500 million, is frankly lunacy."
Cybersecurity firm F-Secure's chief research officer Mikko Hypponen also echoed Weaver's opinions on the Auction. "This is one weird auction. It was very shady to begin with," he said. Hypponen also claimed that it is still too early to determine if more legitimate bids will be made for the cache of data in the future. There is also the possibility of other bids having been made via backchannels, in efforts to avoid detection from law enforcement agencies.
Hypponen also said that the auction may be a diversionary tactic or a publicity stunt to ensure that the Shadow Brokers remain in the media spotlight. "They're trying to gain maximum exposure," he said. "An auction keeps people talking."
According to security firm Symantec, Shadow Brokers has released a 256mb compressed archive that includes around 4,000 files. The hacker group provided a bitcoin address for auctioning the data, instructing interested buyers to send bitcoins to it. The group also specified that losing bids would not be refunded, instead "consolation prizes" would be granted to losing bidders.
Since reports of the hack broke out, some of Shadow Brokers listings on Github, Tumblr and others have been removed. The hacker group has also remained dubiously silent. Additionally, US government's law enforcement agencies, including the FBI and the NSA are yet to make any statements regarding the hack.