Slashdot Mirror
No One's Bidding on The Shadow Brokers' Stolen NSA Hacking Tools (vice.com)
That group auctioning the NSA's hacking tools is "very upset" no one's bidding on them. An anonymous Slashdot reader quotes Motherboard:
"TheShadowBrokers" authored another bizarre rant expressing their annoyance at the seeming lack of interest in ponying up bitcoins to release their full set of stolen files. "Peoples is having interest in free files ... But people is no interest in #EQGRP_Auction," the mysterious hacker group complained in a ranting post on Medium, which seems to be purposely written in Borat-style broken English. "TheShadowBrokers is thinking this is information communication problem."
The message also blindly lashes out at hackers, foreign intelligence services, and basically anyone else who hasn't bid on the files... At the time of this writing, TheShadowBrokers have only received bids for a total of 1.76 bitcoins -- or about $1,082 -- far below the group's asking price of $1 million.
At least five transactions came from a prankster who was trying to Rickroll the group with bitcoin addresses containing the words "Never Gonna Give You Up."
The message also blindly lashes out at hackers, foreign intelligence services, and basically anyone else who hasn't bid on the files... At the time of this writing, TheShadowBrokers have only received bids for a total of 1.76 bitcoins -- or about $1,082 -- far below the group's asking price of $1 million.
At least five transactions came from a prankster who was trying to Rickroll the group with bitcoin addresses containing the words "Never Gonna Give You Up."
FBI upset that no one is going for the honey-pot.
Seven puppies were harmed during the making of this post.
This is great, I hope this happens more often. Maybe these shitbags will stop bothering to mine/phish/malware/etc. for identities and data once they find out they don't have the wealth of Croesus on their hands and no one wants to pay for it.
-- You are in a maze of little, twisty passages, all different... --
FBI upset that no one is going for the honey-pot.
To be fair, it may be the NSA is upset that nobody is going for the honey-pot.
Surely the auction is either a honey-pot or very closely watched. It would be a bad investment for most people to try buying it under such circumstances, and may even result in criminal prosecution.
Real lawyers write in C++
I'm not familiar with bitcoin address generation. Can someone estimate the amount of computing power required to come up with those wallet addresses? Is this just a quick script that takes a minute at most or something like a hash collusion?
Cwm, fjord-bank glyphs vext quiz
They're not asking for $1 million -- they are asking for 1 million BTC. 1 million BTC is roughly $600 million. It's also ~1/15th of all bitcoins in existence. Trying to acquire that many bitcoins on the open market would send the price to Jupiter. It would be way, way, way over $600 million when all was said and done. My guess is that the Shadow Brokers know this well, and have something other than bitcoin remuneration in mind as an endgame.
Something is worth what someone is willing to pay. That's all.
For something like this, if one group stole it, then another group can also steal it and not pay a dime. You can't sell something if your buyer can obtain it for free. Why would they pay? Makes no sense.
Anyway, I would not want anything to do with this stuff. Somebody ELSE can find out if it's a honey pot and somebody ELSE can stick their finger up the NSA's butt hole and make them mad. Making the NSA mad at you is not a game.
Sig for hire.
...don't forget the pinky.
Everyone likes heros, no one likes criminals.
- If you free & release these files into the general public, you are a - and my - hero.
- If you extort these files for a fee, you are just a criminal.
It is simple as that.
And the "non-interested" people seem not to be dumb:
No refunds .. paying for something that you most likely won't get. Hahahahahahahha .. and they call it crowd funding .. ok crowdfunding sounds like that, but if a crowd funds something the funding crowd gets a piece.
Or nobody gets a piece and is ripped off.
Not here. Two get a piece (Winner & Shadowbrokers) and the others are ripped-off.
This would be the only good choice a real hero would take:
Put it up on many many many many many many OCHs and Freenet. And post the link & get the fame for fighting evil.
Why would anyone "bid" when the "bid" amount is unconditionally given to the auctioneer for all participants in the auction?! This is especially bad given that there is no assurance that the auctioneers will actually hand over the goods to anyone. Also, the auctioneers could hand over the goods to multiple parties, perhaps offering the goods for sale elsewhere. And the auctioneers themselves can make use of the technology. And, depending on the nature of the tools, the auctioneers might even have the ability to monitor or exploit whatever the "winner" of the auction does with the tools (e.g., collect data from whatever streams the winner creates, or even infiltrate the users of the tools (i.e., a backdoor to the backdoor)).
If the goods were put in to some kind of escrow, outside the control of the auctioneers, and it were conducted as a true auction (i.e., only one winner, and only the winner pays any money), and delivery to the one winner were assured, AND the anonymity of bidders could be reasonably assured, only then would bidding not be entirely ridiculous. It would help also if some independent party could at least inspect fragments of the goods to estimate the likely quality and capabilities of the overall package.
Of course, these guys are criminals, but their "auction terms" are so obviously preposterous, even for nation-states with ludicrous financial resources (who could throw $1 million at this auction as a long shot gamble), that their surprise at the lack of interest is itself shocking.
Let's play pretend for a moment and say that this ain't a honeypot.
First, the "samples" released were crappy. Really crappy. A few router security holes, few of them unknown in the relevant circles. Nobody who could pay for that would.
Then there's the fact that you're fully dependent on the word of criminals. First, that they deliver in the first place, and second, that they only deliver to you. That's two things nobody in their right mind would put his money on.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I often wonder the same with some code we produce here...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
But this isn't buying some random items stolen from someone you don't know. This is personal, sentimental loot from Vito Corleone-- and Vito knows it's missing and up for sale.
Would you buy under those circumstances?
they are already valueless because once stolen/leaked the exploits immediately become common knowledge so will be defended against.
Presuming the NSA has at least half a braincell, you can bet they will have already totally defused the situation by telling all the appropriate manufacturers about any/all loopholes all the stolen tools exploited.