Hello, 0x00ers! Today is a very scary day. The day that somewhat solid proof exists that the NSA are directly using offensive security tactics to increase their control. This kind of tactic is not unknown by the NSA in the past, for example, Stuxnet.
The leaks contain references to "352 IP addresses belong to at least 49 countries. As many as 32 domains of the total were run by educational institutes in China and Taiwan." - The Hacker News
These are hosts that the NSA have compromised using Equation Group Tools previously unknown to the public. They are all codenamed: Dewdrop, Incision, Orangutan, Jackladder, Reticulum, Patchicillin, Sidetrack and Stoicsurgeon.
"Each compromised servers were reportedly targets of INTONATION and PITCHIMPAIR, code-names given for cyber-spy hacking programs."
The files they published was encrypted using the public key as the last dumps, and was encrypted using the passphrase: "payus". Inside the leaks is a file named "message5.txt.asc", here is the contents of that file for your reading pleasure:
-----BEGIN PGP SIGNED MESSAGE-----
TheShadowBrokers is having special trick or treat for Amerikanskis tonight. But first questions.
Why is DirtyGrandpa threating CIA cyberwar with Russia? Why not threating with NSA or CyberCommand? CIA is cyber B-Team, yes? Where is cyber A-Team? Maybe threating is not being for external propaganda? Maybe is being for internal propaganda? Oldest control trick in book, yes? Waving flag, blaming problems on external sources, not taking responsibility for failures. But neverminding, hacking DNC is way way most important than EquationGroup losing capabilities. Amerikanskis is not knowing USSA cyber capabilities is being screwed? Where is being "free press"? Is ABC, NBC, CBS, FOX negligent in duties of informing Amerikanskis? Guessing “Free Press” is not being "Free as in free beer" or "Free as in free of government influence?
Let us be speaking regarding corruption. If Peoples#1 is having $1.00 and Peoples#2 is having $1000.00 which peoples is having more money? Which peoples is having more spending power? Voter$1 is giving $1 to politician and Voter$1000 is giving $1000 to politician, which voters is having more political power? Is both voters having equal political power? “one person, one vote”? Politicians, lobbyist, media, even SCOTUS (supreme court) is saying this is being true, money is not corrupting. In binary world, maybe. But world is not being binary, is it? What about peoples#3, VoterUndecided? VoterUndecided is giving no moneys and no votes. Politician is needing money for campaign to buy advertising, positive media stories, advisors, pollsters, operatives to be making VoterUndecided vote for politician. Political fundrasing, now which voter is having more political power? VoterUndecided votes for politician and politician wins. Re-election is coming. Government budget decision is required. Voter$1 is wanting politician to be spending taxes on education for making children into great thinkers, leaders, scientists. Voter$1000 is shareholder of defense & intelligence company is wanting politician spending taxes on spying and war to be making benefit self, for great profit. Political favors, now, which voter is having more political power? Did theshadowbrokers lose Amerikanskis? Amerikanskis is still thinking “one person, one vote”? Money isn't corrupting elections, politics, govenments?
USSA elections is coming! 60% of Amerikansky never voting. Best scenario is meaning half of remaining red or blue fanatics or 20% of the most fanatical is picking USSA government? A great power. A free country. A good-doer. TheShadowBrokers is having suggestion. On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016. If peoples is not being hackers, then #disruptelection2016, #disruptcorruption2016. Maybe peoples not be going to work, be finding local polling places and protesting, blocking , disrupting , smashing equipment, tearing up ballots? The wealthy elites is being weakest during elections and transition of power. Is being why USSA is targeting elections in foreign countries. Don't beleiving? Remembering Iran elections? Rembering stuxnet? Maybe is not Russia hacking election, maybe is being payback from Iran?
Ok peoples theshadowbrokers is promising you a trick or treating, here it is
Password = payus
This is being equation group pitchimpair (redirector) keys, many missions into your networks is/was coming from these ip addresses. Is being unfortunate no peoples is already owning eqgrp_auction_file. Auction file is having tools for to making connect to these pitchimpairs. Maybe tools no more installed? Maybe is being cleaned up? To peoples is being owner of pitchimpair computers, don't be looking for files, rootkit will self destruct. Be making cold forensic image. @GCHQ @Belgacom TheShadowBrokers is making special effort not to using foul language, bigotry, or making any funny. Be seeing if NBC, ABC, CBS, FOX is making stories about now? Maybe political hacks is being more important?
How bad do you want it to get? When you are ready to make the bleeding stop, payus, so we can move onto the next game. The game where you try to catch us cashing out! Swag us out!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
These hackers certainly want to play games. They are talking about disrupting the 2016 US election, and due to their past work; therefore is proof that they have skills and resources that might make them capable of doing so.
In this file you can see they are still awaiting a payment for their last attack, apparently, nobody has attempted to purchase the encryption keys for their last dump. Perhaps out of fear. They speak later in the message about the "next game", "so we can move onto the next game. The game where you try to catch us cashing out! Swag us out!"; of course they are referring to the time when they receive their payment, everybody will be watching to see where the money goes.
I found most of the infomation for this article at Hacker News
Links to the leaks:
I hope this was all very insightful! Have a snappy day