‘Shadow Brokers’ Moves Bitcoin Gained from NSA Tools Auction

Journalist:
May 30, 2017

For all its bravado in stealing National Security Agency (NSA) hacking tools in August 2016 and auctioning them for sale, the hacking group behind the heist has apparently closed up shop without getting anywhere near the $1 million in bitcoin it originally asked for.

The group, Shadow Brokers, has moved the $24,000 (10 BTC) it has collected to a separate bitcoin address. Observers can watch the movements in real time and try to figure out where the bitcoins are going. Here is address: https://blockchain.info/address/19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK

This follows the group’s April dumping of another NSA heist for free, even though the group could have made out better by first selling the exploits.

Initial Asking: $1 Million

The Shadow Brokers initially asked for 1 million BTC ($568 million at the time) to return files after having dumped some of the files.

The group claimed to have hacked an organization called Equation Group, whose level of sophistication has led some researchers to believe it is NSA related. The Shadow Brokers publicized the dump and tweeted a link to their manifesto against government sponsors of cyber warfare.

It’s not as if no one has noticed the group. The WannaCry ransomware that recently targeted computers worldwide piggybacked on The Shadow Brokers exploits.

WannaCry Mimicked Shadow Brokers

This month’s global cyberattack led by the WannaCry ransomware sees it infect a machine by encrypting its files and, using a remote command execution vulnerability through SMB, distributes it to other Windows machines on the same network. The developers of WannaCry used CIA tools exposed by Shadow Brokers.

It is uncertain who is now moving the Shadow Brokers’ bitcoin and where the bitcoins are going. It is assumed the Shadow Brokers are moving the funds, but it is not a certainty if the private key that controls the address has changed hands, assuming the Shadow Brokers opened this address in the first place.

Also read: Hacking group claims it dumped NSA-linked files, demands one million BTC

Where’s The Money Going?

A review of the blockchain indicates the coin in the auction address is moving through several addresses in progressively smaller denominations. This suggests the coins are moving through a “mixer,” a service that sends coins through a series of addresses so they cannot be traced to the original address. The trail is available here.

A party identifying itself as The Shadow Brokers authored a couple of rants on Medium last year, expressing annoyance at the lack of interest in ponying up bitcoins to release all the stolen files. One rant criticized hackers, foreign intelligence services and anyone else who hasn’t bid on the files.

The organization and contents of the files has led some to conclude they were left behind accidentally on a server once used as a staging area by the Equation Group, the NSA-linked hacking entity, according to Motherboard.

Featured image from Shutterstock.

Last modified (UTC): May 30, 2017 15:56

Lester Coleman

Lester Coleman is a media relations consultant for the payments and automated retailing industries.