ShadowBrokers threaten to release more NSA tools

Shutterstock image (by Sergey Nivens): Security concept, lock on a digital screen. 

The mysterious organization behind the theft of alleged NSA hacking tools is frustrated that no one has stepped up to buy back the data from them -- some of which was recently used to launch the WannaCry ransomware attack -- and is threatening to continue releasing NSA tools through a subscription service.

The ShadowBrokers appeared in August 2016 and attempted to auction a trove of hacking data they claim was stolen from the NSA's Equation Group. No one purchased the stolen tools, and so the ShadowBrokers began leaking details in an effort to convince people they had what they claimed.

In April, the ShadowBrokers dumped Microsoft exploits that led to the development of the WannaCry ransomware that has infected hundreds of thousands of computers around the world.

Some security researchers say there are indications that WannaCry could have been developed by the Lazarus Group, an alleged North Korean hacking organization, but others have cautioned it is too soon to tell who was behind the attacks.

In a May 16, blog post written in broken English peppered with internet slang, the ShadowBrokers claim they acted responsibly by leaking the NSA tools a month after Microsoft issued a patch for the vulnerability exploited by WannaCry.

"Do thepeoples be preferring theshadowbrokers dump windows in January or August? No warning, no time to patch? this is being theshadowbrokers version of alternative facts," states the blog post.

The post goes on to criticize, often in crude terms, the NSA, other nation states and large tech companies for not purchasing the stolen data and making the group "go dark permanently."

As a result, the group is threatening to launch a new subscription service in June.

Future data dumps could include browser, router and mobile phone exploits and tools; malware that could compromise newer operating systems; compromised network data from more SWIFT providers and central banks; and even information about Russian, Chinese, Iranian or North Korean nuclear and missile programs.

Previous releases have included tools and exploits that are a few years old for which patches already exist, but countless devices and systems around the world have not been updated.

The ShadowBrokers also revealed more of their motivation in the post. They said they are not interested in selling the stolen tools to cybercriminals and this is all about battling "a worthy opponent" in state-sponsored spy agencies, particularly the NSA.

And, the group also claimed in the post that the Equation Group, an advanced persistent threat group identified by cybersecurity researchers as a NSA hacking operation, has spies in large tech firms and is paying them not to patch vulnerabilities until there is public discovery.

The NSA did not respond to a request for comment about the blog post.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


    sensor network (agsandrew/

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.