Slashdot Mirror

← Back to Stories (view on slashdot.org)

Newly Uncovered Site Suggests NSA Exploits For Direct Sale (vice.com)

Posted by BeauHD on from the buy-one-get-one dept.

An anonymous reader quotes a report from Motherboard: The Shadow Brokers -- a hacker or group of hackers that stole computer exploits from the National Security Agency -- has been quiet for some time. After their auction and crowd-funded approach for selling the exploits met a lukewarm reception, the group seemingly stopped posting new messages in October. But a newly uncovered website, which includes a file apparently signed with The Shadow Brokers' cryptographic key, suggests the group is trying to sell hacking tools directly to buyers one by one, and a cache of files appears to include more information on specific exploits. On Wednesday, someone calling themselves Boceffus Cleetus published a Medium post called "Are the Shadow Brokers selling NSA tools on ZeroNet?" Cleetus, who has an American flag with swastikas as their profile picture, also tweeted the post from a Twitter account created this month. The site includes a long list of supposed items for sale, with names like ENVOYTOMATO, EGGBASKET, and YELLOWSPIRIT. Each is sorted into a type, such as "implant," "trojan," and "exploit," and comes with a price tag between 1 and 100 bitcoins ($780 -- $78,000). Customers can purchase the whole lot for 1000 bitcoins ($780,000). The site also lets visitors download a selection of screenshots and files related to each item. Along with those is a file signed with a PGP key with an identical fingerprint to that linked to the original Shadow Brokers dump of exploits from August. This newly uncovered file was apparently signed on 1 September; a different date to any of The Shadow Brokers' previously signed messages.

33 comments

  1. Wow by dcmn8 · · Score: 1

    Things could get pretty exciting soon.

    1. Re:Wow by Anonymous Coward · · Score: 0

      Things could get pretty exciting soon.

      One hell of a way to label chaos.

    2. Re:Wow by BlueStrat · · Score: 0

      Things could get pretty exciting soon.

      I hope things get extremely 'interesting', in the Chinese-curse way, for those at the upper levels of power in the US intelligence services who happily make everyone less-safe so they can play Big Brother. Live by the hack/exploit, die by the hack/exploit.

      Karma's a bitch, ain't it boys?

      Just wait until the *next* breach!

      Or has it already happened? ;)

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    3. Re:Wow by Anonymous Coward · · Score: 0

      Shut up moron, this affects FAR MORE PEOPLE than the tiny sliver of intelligencia who are responsible for crafting or using it.

    4. Re:Wow by BlueStrat · · Score: 3, Interesting

      Shut up moron, this affects FAR MORE PEOPLE than the tiny sliver of intelligencia who are responsible for crafting or using it.

      Yes, yes it does, and in very, very bad ways on multiple levels. It affects every US citizens' civil rights. It gives carte blanche to domestic surveillance which invariably will lead to authoritarianism & a police-state which we already see the beginnings of with things like 'parallel construction'. It weakens security for everyone on the internet and makes them vulnerable to bad actors, both criminal and State-sponsored. It threatens the national economy and foreign trade where we already see it affecting exports of US IT hardware.

      The rank & file, especially by this point, know full-well the kind of authoritarian, criminal, and *dangerous* people they work for. If they continue to 'just do what they're told' they will be just as guilty as the German prison camp guards of WW2. They have a choice. Walk away. "The only thing necessary for the triumph of evil is for good men to do nothing." - Edmund Burke

      So YOU shut up. The ends do not justify the means. I think that many of those in US intelligence have stared too long into the Abyss, and it has stared too long back into them. They are rapidly becoming what they originally started out to combat. They need to have their toys taken away and kicked out of the sandbox.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    5. Re:Wow by Anonymous Coward · · Score: 0

      I hope things get extremely 'interesting', in the Chinese-curse way, for those at the upper levels of power in the US intelligence services who happily make everyone less-safe so they can play Big Brother. Live by the hack/exploit, die by the hack/exploit.

      Karma's a bitch, ain't it boys?

      It won't. They'll get away with it and will direct all the anger towards The Shadow Brokers.

    6. Re:Wow by AHuxley · · Score: 1

      What happened?
      1. For the first time in a few decades a NSA staging server was left open?
      A gov/mil worker made an error? A contractor made a mistake? The buddy system failed and two contractors together did not spot the error?
      That happened for the first time in decades of the NSA having total mastery of the internet and not been tracked in real time.
      2. Another friendly nation finally educated some of its own staff to near NSA skill levels and they found a live in use staging server and had a look, for the first time ever?
      All other nations have been really under skilled/had no funds for so many years and this is the first time they have ever seen the NSA live on the net.
      3. The NSA and GCHQ expected their skills to hold against all nations and all internet users for ever. No staging server had ever been discovered and the risk was so low a front company server would ever be randomly discovered.
      4. Some EU/NATO staff gave their own gov/mil a copy. A third part nation's "trusted" staff used US tools in a NSA related operation and a copy just made it out.
      Thanks to politics, cult, faith, lack of funds the code got used and noticed by few other nations mil, gov... special police units ... and what was once secure is now a copy of a copy thats been discovered in the wild.
      Some other nation was so desperate and used what they had "copied" from the US and made some huge mistakes due to been rushed or a trap the NSA adds to any bespoke altered export grade code it shares with its friends.

      --
      Domestic spying is now "Benign Information Gathering"
    7. Re:Wow by dcmn8 · · Score: 1

      Good description. Remember the 'Promise' software that leaked years ago?

  2. No thanks by Anonymous Coward · · Score: 0

    The only way this is ethical is if they release every exploit, and source code if they have it, on the internet for free.

    1. Re:No thanks by gnick · · Score: 2

      Is anyone making the case that this is ethical?

      --
      He's getting rather old, but he's a good mouse.
  3. No one cares by Anonymous Coward · · Score: 1

    Who gives a shit about this seriously? It's just maneuvering from state sponsored hacking teams. It's all bullshit to peddle their trojan horse software. No one is going to touch that shit so stop reporting about a group that is attempting to distribute software laced with nasty backdoors (confirmed). This has all the same hallmarks as the French Hacking Team who was selling their backdoor laced surveillance programs to 3rd world drug lords.

    1. Re:No one cares by Anonymous Coward · · Score: 0

      Who gives a shit about this seriously? It's just maneuvering from state sponsored hacking teams. It's all bullshit to peddle their trojan horse software. No one is going to touch that shit so stop reporting about a group that is attempting to distribute software laced with nasty backdoors (confirmed). This has all the same hallmarks as the French Hacking Team who was selling their backdoor laced surveillance programs to 3rd world drug lords.

      Thanks for your input, Adm. Rogers!

  4. FBI and NSA by Archfeld · · Score: 1

    Sounds like the FBI and the NSA are having a garage sale in order to raise funds for the next 4 years while they still can. Trump is going to have them operating on Fisher Price computers.

    https://www.bedbathandbeyond.c...

    --
    errr....umm...*whooosh* *whoosh* Is this thing on ?
    1. Re:FBI and NSA by bmo · · Score: 1

      >suitable for kids ages 6 to 36 (3 years) months old

      At two years, a throw-away used laptop or cheap Chinese tablet is better. Especially when they already know how to find Pingu on Youtube.

      --
      BMO

      P.S. It still blows my mind that kids these days will never know a time before the existence of a computer in the home, let alone one you can put in your pocket that happens to make phone calls as an adjunct function.

    2. Re:FBI and NSA by Anonymous Coward · · Score: 0

      P.S. It still blows my mind that kids these days will never know a time before the existence of a computer in the home, let alone one you can put in your pocket that happens to make phone calls as an adjunct function./quote.

      And automobiles. And antibiotics. And the trans-Atlantic trade. And airplanes. And...well, you get the point.

    3. Re:FBI and NSA by Anonymous Coward · · Score: 0, Insightful

      Trump will give the FBI whatever they want, the Comey Crew got him elected after all. As for the NSA it's hard to say yet. Maybe he'll put Ivan in charge.

    4. Re:FBI and NSA by Anonymous Coward · · Score: 0

      Hahahahahahahaha. Trump is going to give them whatever they want. He is their biggest supporter.

    5. Re:FBI and NSA by Anonymous Coward · · Score: 0

      They have a ready made KGB right there. Domestic surveillance permitted, check. Democratic and legal controls removed, check.

      Checklist done. Turn key to start tyranny.

      And all of them will follow orders, or be demoted and reorganized to more compliant people. Because terrorist sympathisers in the GOP might be plotting to undermine Trump. So they'll follow their orders, even if they end up spying on Americans for the FSB, because that is what men in uniform do. Blindly undermine their own countries for the benefit of the man higher up the tree.

    6. Re:FBI and NSA by pritiarrora · · Score: 0

      LampNetworks provide a steady approximately day LIGHT (Linux, Apache, MySQL, PHP) platform for a dependable and also effective organizing setting.

      --
      BlueHost is one reliable as well as trustworthy firm supplying quite powerful, yet cost-effective, web hosting packages.
    7. Re:FBI and NSA by paddy12345 · · Score: 1

      and also struck publish. Then you can go deep right into the code if you want! It must be kept in mind that Wix is no more Flash but HTML5. I've been reviewing Wix for the previous pair weeks as well as it's actually solid. It could be among the favorite site home builders I've examined, particularly for individuals who desire more control over the style of their website.

      --
      If you have received this message without having requested it, it is because someone attempted to use your username or
  5. Buyer beware by Anonymous Coward · · Score: 0

    Best case scenario: You send bitcoins, they rip you off, and you never get anything back.
    Worst case scenario: They send you the files and you are immediately arrested and sent to jail without bail.

    Bitcoin is not anonymous, neither is email. The reason these guys haven't been caught yet is due to them covering their tracks and not making a lot of mistakes. Some moron on the internet with a few bitcoins to spare is not going to be so lucky.

  6. Honeypot? by Anonymous Coward · · Score: 0

    I dunno, something about this seems fishIGNORE ME EVERYTHING IS FINE

  7. Got the balls to do that with Russian exploits? by Anonymous Coward · · Score: 0

    How about if you got your hands on North Korean or Chinese secrets?

    Think you'd live long after posting them for sale on the internet?

  8. Election rigging Putin's job got a lot easier by Anonymous Coward · · Score: 0

    If you thought it was easy for Putin to hack the US election and install his puppet, think how much easier it will be NEXT election when Trump gives him access to all that lovely NSA and CIA data.

    Who needs to hack emails, when you can use the feed direct from the countries own spy agency! And who thinks for a second that Trump get help from Russia when they put him in power in the first place and he provided disinformation and cover for their hack.

    1. Re:Election rigging Putin's job got a lot easier by Highdude702 · · Score: 1

      You're a special kind of moron spewing shit you have no proof of.

  9. NSA should be forced to warn potential victims by Bearhouse · · Score: 2

    Since they found and developed these exploits, but could not keep them secret, they should be forced to at least warn those potentially impacted, oe better yet provide defences.

    Bet they're not, tho'

    1. Re:NSA should be forced to warn potential victims by quax · · Score: 1

      Why would you ever think that?

      "Cleetus, who has an American flag with swastikas as their profile picture ..."

      They seem real nice.

  10. Government secrecy degrades democracy. by Futurepower(R) · · Score: 1

    Interesting:

    "The rank & file [of the NSA], especially by this point, know full-well the kind of authoritarian, criminal, and *dangerous* people they work for. If they continue to 'just do what they're told' they will be just as guilty as the German prison camp guards of WW2. They have a choice. Walk away."

    News stories about the NSA have always communicated an underlying assumption that the NSA is well-managed. But any secret agency can avoid discovery of bad management.

    There are many secret and semi-secret agencies in the U.S. government. Each of them degrades the quality of government. We can't contribute unless we understand.

    The U.S. military, for example, keeps most of its management secret. This story is an example: U.S. Army fudged its accounts by trillions of dollars, auditor finds.

    Bad management does not benefit the NSA or the military. Bad management hurts everyone.

  11. sell to foreign governments? by Khashishi · · Score: 1

    Who would buy these? I can't imagine most petty criminals would attach much value to this sort of nebulous thing. There would be no guarantees you would find some lucrative use for it, if it even is authentic.
    On the other hand, I imagine the Chinese government could afford to drop a few bitcoin just to try it out.