Newly Uncovered Site Suggests NSA Exploits For Direct Sale

An anonymous reader quotes a report from Motherboard: The Shadow Brokers -- a hacker or group of hackers that stole computer exploits from the National Security Agency -- has been quiet for some time. After their auction and crowd-funded approach for selling the exploits met a lukewarm reception, the group seemingly stopped posting new messages in October. But a newly uncovered website, which includes a file apparently signed with The Shadow Brokers' cryptographic key, suggests the group is trying to sell hacking tools directly to buyers one by one, and a cache of files appears to include more information on specific exploits. On Wednesday, someone calling themselves Boceffus Cleetus published a Medium post called "Are the Shadow Brokers selling NSA tools on ZeroNet?" Cleetus, who has an American flag with swastikas as their profile picture, also tweeted the post from a Twitter account created this month. The site includes a long list of supposed items for sale, with names like ENVOYTOMATO, EGGBASKET, and YELLOWSPIRIT. Each is sorted into a type, such as "implant," "trojan," and "exploit," and comes with a price tag between 1 and 100 bitcoins ($780 -- $78,000). Customers can purchase the whole lot for 1000 bitcoins ($780,000). The site also lets visitors download a selection of screenshots and files related to each item. Along with those is a file signed with a PGP key with an identical fingerprint to that linked to the original Shadow Brokers dump of exploits from August. This newly uncovered file was apparently signed on 1 September; a different date to any of The Shadow Brokers' previously signed messages.

Re:Wow

[BlueStrat]

Shut up moron, this affects FAR MORE PEOPLE than the tiny sliver of intelligencia who are responsible for crafting or using it.

Yes, yes it does, and in very, very bad ways on multiple levels. It affects every US citizens' civil rights. It gives carte blanche to domestic surveillance which invariably will lead to authoritarianism & a police-state which we already see the beginnings of with things like 'parallel construction'. It weakens security for everyone on the internet and makes them vulnerable to bad actors, both criminal and State-sponsored. It threatens the national economy and foreign trade where we already see it affecting exports of US IT hardware.

The rank & file, especially by this point, know full-well the kind of authoritarian, criminal, and *dangerous* people they work for. If they continue to 'just do what they're told' they will be just as guilty as the German prison camp guards of WW2. They have a choice. Walk away. "The only thing necessary for the triumph of evil is for good men to do nothing." - Edmund Burke

So YOU shut up. The ends do not justify the means. I think that many of those in US intelligence have stared too long into the Abyss, and it has stared too long back into them. They are rapidly becoming what they originally started out to combat. They need to have their toys taken away and kicked out of the sandbox.

Strat

NSA should be forced to warn potential victims

[Bearhouse]

Since they found and developed these exploits, but could not keep them secret, they should be forced to at least warn those potentially impacted, oe better yet provide defences.

Bet they're not, tho'

Re:No thanks

[gnick]

Is anyone making the case that this is ethical?