Slashdot Mirror

← Back to Stories (view on slashdot.org)

Newly Uncovered Site Suggests NSA Exploits For Direct Sale (vice.com)

Posted by BeauHD on from the buy-one-get-one dept.

An anonymous reader quotes a report from Motherboard: The Shadow Brokers -- a hacker or group of hackers that stole computer exploits from the National Security Agency -- has been quiet for some time. After their auction and crowd-funded approach for selling the exploits met a lukewarm reception, the group seemingly stopped posting new messages in October. But a newly uncovered website, which includes a file apparently signed with The Shadow Brokers' cryptographic key, suggests the group is trying to sell hacking tools directly to buyers one by one, and a cache of files appears to include more information on specific exploits. On Wednesday, someone calling themselves Boceffus Cleetus published a Medium post called "Are the Shadow Brokers selling NSA tools on ZeroNet?" Cleetus, who has an American flag with swastikas as their profile picture, also tweeted the post from a Twitter account created this month. The site includes a long list of supposed items for sale, with names like ENVOYTOMATO, EGGBASKET, and YELLOWSPIRIT. Each is sorted into a type, such as "implant," "trojan," and "exploit," and comes with a price tag between 1 and 100 bitcoins ($780 -- $78,000). Customers can purchase the whole lot for 1000 bitcoins ($780,000). The site also lets visitors download a selection of screenshots and files related to each item. Along with those is a file signed with a PGP key with an identical fingerprint to that linked to the original Shadow Brokers dump of exploits from August. This newly uncovered file was apparently signed on 1 September; a different date to any of The Shadow Brokers' previously signed messages.

14 of 33 comments (clear)

  1. Wow by dcmn8 · · Score: 1

    Things could get pretty exciting soon.

    1. Re:Wow by BlueStrat · · Score: 3, Interesting

      Shut up moron, this affects FAR MORE PEOPLE than the tiny sliver of intelligencia who are responsible for crafting or using it.

      Yes, yes it does, and in very, very bad ways on multiple levels. It affects every US citizens' civil rights. It gives carte blanche to domestic surveillance which invariably will lead to authoritarianism & a police-state which we already see the beginnings of with things like 'parallel construction'. It weakens security for everyone on the internet and makes them vulnerable to bad actors, both criminal and State-sponsored. It threatens the national economy and foreign trade where we already see it affecting exports of US IT hardware.

      The rank & file, especially by this point, know full-well the kind of authoritarian, criminal, and *dangerous* people they work for. If they continue to 'just do what they're told' they will be just as guilty as the German prison camp guards of WW2. They have a choice. Walk away. "The only thing necessary for the triumph of evil is for good men to do nothing." - Edmund Burke

      So YOU shut up. The ends do not justify the means. I think that many of those in US intelligence have stared too long into the Abyss, and it has stared too long back into them. They are rapidly becoming what they originally started out to combat. They need to have their toys taken away and kicked out of the sandbox.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    2. Re:Wow by AHuxley · · Score: 1

      What happened?
      1. For the first time in a few decades a NSA staging server was left open?
      A gov/mil worker made an error? A contractor made a mistake? The buddy system failed and two contractors together did not spot the error?
      That happened for the first time in decades of the NSA having total mastery of the internet and not been tracked in real time.
      2. Another friendly nation finally educated some of its own staff to near NSA skill levels and they found a live in use staging server and had a look, for the first time ever?
      All other nations have been really under skilled/had no funds for so many years and this is the first time they have ever seen the NSA live on the net.
      3. The NSA and GCHQ expected their skills to hold against all nations and all internet users for ever. No staging server had ever been discovered and the risk was so low a front company server would ever be randomly discovered.
      4. Some EU/NATO staff gave their own gov/mil a copy. A third part nation's "trusted" staff used US tools in a NSA related operation and a copy just made it out.
      Thanks to politics, cult, faith, lack of funds the code got used and noticed by few other nations mil, gov... special police units ... and what was once secure is now a copy of a copy thats been discovered in the wild.
      Some other nation was so desperate and used what they had "copied" from the US and made some huge mistakes due to been rushed or a trap the NSA adds to any bespoke altered export grade code it shares with its friends.

      --
      Domestic spying is now "Benign Information Gathering"
    3. Re:Wow by dcmn8 · · Score: 1

      Good description. Remember the 'Promise' software that leaked years ago?

  2. No one cares by Anonymous Coward · · Score: 1

    Who gives a shit about this seriously? It's just maneuvering from state sponsored hacking teams. It's all bullshit to peddle their trojan horse software. No one is going to touch that shit so stop reporting about a group that is attempting to distribute software laced with nasty backdoors (confirmed). This has all the same hallmarks as the French Hacking Team who was selling their backdoor laced surveillance programs to 3rd world drug lords.

  3. FBI and NSA by Archfeld · · Score: 1

    Sounds like the FBI and the NSA are having a garage sale in order to raise funds for the next 4 years while they still can. Trump is going to have them operating on Fisher Price computers.

    https://www.bedbathandbeyond.c...

    --
    errr....umm...*whooosh* *whoosh* Is this thing on ?
    1. Re:FBI and NSA by bmo · · Score: 1

      >suitable for kids ages 6 to 36 (3 years) months old

      At two years, a throw-away used laptop or cheap Chinese tablet is better. Especially when they already know how to find Pingu on Youtube.

      --
      BMO

      P.S. It still blows my mind that kids these days will never know a time before the existence of a computer in the home, let alone one you can put in your pocket that happens to make phone calls as an adjunct function.

    2. Re:FBI and NSA by paddy12345 · · Score: 1

      and also struck publish. Then you can go deep right into the code if you want! It must be kept in mind that Wix is no more Flash but HTML5. I've been reviewing Wix for the previous pair weeks as well as it's actually solid. It could be among the favorite site home builders I've examined, particularly for individuals who desire more control over the style of their website.

      --
      If you have received this message without having requested it, it is because someone attempted to use your username or
  4. NSA should be forced to warn potential victims by Bearhouse · · Score: 2

    Since they found and developed these exploits, but could not keep them secret, they should be forced to at least warn those potentially impacted, oe better yet provide defences.

    Bet they're not, tho'

    1. Re:NSA should be forced to warn potential victims by quax · · Score: 1

      Why would you ever think that?

      "Cleetus, who has an American flag with swastikas as their profile picture ..."

      They seem real nice.

  5. Government secrecy degrades democracy. by Futurepower(R) · · Score: 1

    Interesting:

    "The rank & file [of the NSA], especially by this point, know full-well the kind of authoritarian, criminal, and *dangerous* people they work for. If they continue to 'just do what they're told' they will be just as guilty as the German prison camp guards of WW2. They have a choice. Walk away."

    News stories about the NSA have always communicated an underlying assumption that the NSA is well-managed. But any secret agency can avoid discovery of bad management.

    There are many secret and semi-secret agencies in the U.S. government. Each of them degrades the quality of government. We can't contribute unless we understand.

    The U.S. military, for example, keeps most of its management secret. This story is an example: U.S. Army fudged its accounts by trillions of dollars, auditor finds.

    Bad management does not benefit the NSA or the military. Bad management hurts everyone.

  6. Re:Election rigging Putin's job got a lot easier by Highdude702 · · Score: 1

    You're a special kind of moron spewing shit you have no proof of.

  7. Re:No thanks by gnick · · Score: 2

    Is anyone making the case that this is ethical?

    --
    He's getting rather old, but he's a good mouse.
  8. sell to foreign governments? by Khashishi · · Score: 1

    Who would buy these? I can't imagine most petty criminals would attach much value to this sort of nebulous thing. There would be no guarantees you would find some lucrative use for it, if it even is authentic.
    On the other hand, I imagine the Chinese government could afford to drop a few bitcoin just to try it out.