
Equation Group Cyber Weapons Auction - moyix
https://theshadowbrokers.tumblr.com/
======
danielvf
The structure of this auction is amazing!

1\. All bids are paid up front, and you never get your money back, even if you
aren't the highest bidder. So if people bid $50, $70, and $100, they collect
$220.

2\. No one can verify what is actualy up for sale before the auction.

3\. There is no way for the world to know that they actualy delivered the
goods after the auction.

4\. There is no way for the highest bidder to know that they will actually
receive the goods.

5\. There is nothing stopping the auctioneers from bidding. This not only
raises the price, but they still get to keep every bidders money even if the
high bid is their own.

Everything about this auction is lined up to incentivize a scam.

~~~
dadver
>Everything about this auction is lined up to incentivize a scam.

Yes, however the contents of the free sample seems very real. Without having
dug into the binaries it's hard to tell, but it's hard to imagine someone
wrote this to scam 1 million BTC out of the net.

~~~
softawre
With 1 million BTC on the line, you have a hard time imagining that someone
would do this?

People do work for a lot less..

~~~
JosephRedfern
That's 6.3% of _all_ Bitcoin currently in circulation. A crazy amount.

~~~
tedmiston
1,000,000 Bitcoin == 563,770,000.00 USD

[https://www.google.com/search?q=1000000+btc+in+usd](https://www.google.com/search?q=1000000+btc+in+usd)

~~~
acveilleux
Sort of... When trading that large a fraction of the whole pool of BTC, the
trade itself would drastically alter the value of a BTC. To the point that I'd
be surprised if someone could openly acquire that large number of BTCs before
being priced out of the market.

The block chain makes it worse because everyone can see the progress of the
buyer and there's no market maker with anywhere near this level of liquidity.

~~~
oswald
A private transaction of BTC wouldn't effect the market value of BTC. It is
correct to say 1M BTC = 565M USD; the market price of BTC/USD is only effected
when the BTC is sold on an exchange.

~~~
EthanHeilman
Almost no single entity has that much BTC (as of 2016 only ~15 million
Bitcoins exist), to acquire it someone would have to aggregate the Bitcoins
from many other entities by via buys on a Bitcoin exchange. This would cause a
massive spike in the price of Bitcoin.

Interesting to note: there has been no new Bitcoin block for the last 1 hour
23 minutes. This happens from time to time, but it is a little suspicious.

See [https://blockchain.info/](https://blockchain.info/)

~~~
pests
They don't except it all from a single entity.

------
nadaviv
To prove this is real, they should've:

\- Split the leak into multiple chunks, each encrypted with a different key,
and each readable/usable on its own

\- Announce, ahead of time, that a random chunk will be revealed, based on the
hash of block #N on the Bitcoin network

\- On block #N, reveal chunk number _block_N_hash % num_chunks_.

Basically, reveal a provably random chunk in a way that cannot be controlled
by the auctioneers, which would ensure that all the chunks are (most likely)
real.

~~~
nadaviv
Also, if they really want to make this as trust-free as possible, they could
use ZKCP [0][1] to make the payment stage and the reveal stage atomic - the
moment the payment is taken by the auctioneers, the decryption key is revealed
(using hash-locked transactions and zero knowledge proofs).

This, however, won't work with their penny auction style bids.

[0]
[https://en.bitcoin.it/wiki/Zero_Knowledge_Contingent_Payment](https://en.bitcoin.it/wiki/Zero_Knowledge_Contingent_Payment)

[1] [https://bitcoincore.org/en/2016/02/26/zero-knowledge-
conting...](https://bitcoincore.org/en/2016/02/26/zero-knowledge-contingent-
payments-announcement/)

~~~
EthanHeilman
They could even use the blockchain as a source of randomness to choose which
chunks of the encrypted file they reveal for free.

~~~
nadaviv
That's exactly what my parent comment suggested :-)

~~~
EthanHeilman
Opps didn't see that. =)

Using hashes like you are suggesting you wouldn't even need ZK proofs. There
is a simple trick you could do with the keys such that you post a single 128
value which is checkable with a tree of OP_HASH and OP_DUPs and would, with
very high probability, reveal all the keys.

As pointed out below the problem with this scheme is that you could hash the
same files with a little randomness added and make it look like you have more
data to sell than you do. I think with some GC-based ZK proofs you could show
this isn't true and each file is legitimately different (for example
demonstrating randomly selected bit relationships or word frequencies).

------
heartsucker
Ha. I was targeted by this auction specifically. The odd thing is whoever is
behind this went through the trouble of posting it to the SecureDrop instance
behind BerlinLeaks.

[https://heartsucker.com/blog/children-at-
play](https://heartsucker.com/blog/children-at-play)

~~~
kolme
Whoever wrote this possibly "made" all the mistakes on purpose, not to be
fingerprinted by its writing style (it's a common technique).

I wonder if software already exists for this, like, purposely filling a text
with random mistakes so that the identity of the writer is safe.

~~~
heartsucker
> The message we got was full of both types of errors, and it was either
> written by someone who wasn't a native English speaker, or it was cleverly
> crafted to sound so.

Yes, I acknowledged this but for a different reason.

------
philippnagel
Wikipedia link for the lazy folks like me that didn't know the Equation Group:
[https://en.wikipedia.org/wiki/Equation_Group](https://en.wikipedia.org/wiki/Equation_Group)

~~~
tedmiston
> The malware used in their operations, dubbed EquationDrug and GrayFish, is
> found to be capable of reprogramming hard disk drive firmware.

Wow. We really are f----d all the way down the stack.

~~~
Bartweiss
The row hammer attack convinced me of that. It feels like nothing is hardened
at the very low levels that get hit by truly dedicated attacks.

([https://en.wikipedia.org/wiki/Row_hammer#Implications](https://en.wikipedia.org/wiki/Row_hammer#Implications))

~~~
sbarre
Geez, I'd never heard of this.. I just spent an hour reading up on it..
There's even a Javascript implementation (because of course there is)...

~~~
Bartweiss
It blew my mind when I first encountered it.

The basic idea - flip bits a lot until things crash - wasn't totally shocking.
But learning that Project Zero had put up working _privilege escalation_
attacks off something so bizarre? That's just too far.

At least Van Eck phreaking is still hard to use in practice...

------
moyix
I took one of the binaries from the free sample and started playing with
running it (!) in a VM:

[https://asciinema.org/a/72dry36qqo8o97kma1gs4e6jj](https://asciinema.org/a/72dry36qqo8o97kma1gs4e6jj)

------
binarymax
Github just killed it. I managed to read it but refreshed and it was gone.
Anyone have a grab and want to post the text?

\--EDIT-- From heartsuckers thread, the README text is also here:
[https://heartsucker.com/static/docs/shadow-broker-
message.tx...](https://heartsucker.com/static/docs/shadow-broker-message.txt)

~~~
NickSharp
\-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

From:

bitmessage = BM-NBvAHfp5Y6wBykgbirVLndZtEFCYGht8 i2p-bote =
o1uHOkOcMoFEa7O7dbEilzfMvWzo7bDu~td3x9gYz4b4t5OriJ7U6GUWr5GZoWxQ9f2TrIY5RzhpIMVP6hTLXZ

﻿Equation Group Cyber Weapons Auction - Invitation \-
------------------------------------------------

!!! Attention government sponsors of cyber warfare and those who profit from
it !!!!

How much you pay for enemies cyber weapons? Not malware you find in networks.
Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made
by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow
Equation Group traffic. We find Equation Group source range. We hack Equation
Group. We find many many Equation Group cyber weapons. You see pictures. We
give you some Equation Group files free, you see. This is good proof no? You
enjoy!!! You break many things. You find many intrusions. You write many
words. But not all, we are auction the best files.

Picture Urls \- ------------
[http://imgur.com/a/sYpyn](http://imgur.com/a/sYpyn)
[https://theshadowbrokers.tumblr.com/](https://theshadowbrokers.tumblr.com/)
[https://github.com/theshadowbrokers/EQGRP-
AUCTION](https://github.com/theshadowbrokers/EQGRP-AUCTION)

File Urls \- ----------

magnet:?xt=urn:btih:40a5f1514514fb67943f137f7fde0a7b5e991f76&tr=[http://diftracker.i2p/announce.php](http://diftracker.i2p/announce.php)

[https://mega.nz/#!zEAU1AQL!oWJ63n-D6lCuCQ4AY0Cv_405hX8kn7MEs...](https://mega.nz/#!zEAU1AQL!oWJ63n-D6lCuCQ4AY0Cv_405hX8kn7MEsa1iLH5UjKU)
[https://app.box.com/s/amgkpu1d9ttijyeyw2m4lso3egb4sola](https://app.box.com/s/amgkpu1d9ttijyeyw2m4lso3egb4sola)
[https://www.dropbox.com/s/g8kvfl4xtj2vr24/EQGRP-Auction-
File...](https://www.dropbox.com/s/g8kvfl4xtj2vr24/EQGRP-Auction-Files.zip)
[https://ln.sync.com/dl/5bd1916d0#eet5ufvg-
tjijei4j-vtadjk6b-...](https://ln.sync.com/dl/5bd1916d0#eet5ufvg-
tjijei4j-vtadjk6b-imyg2qkd)
[https://yadi.sk/d/QY6smCgTtoNz6](https://yadi.sk/d/QY6smCgTtoNz6)

Free Files (Proof) \- ------------------ eqgrp-free-file.tar.xz.gpg

sha256sum = b5961eee7cb3eca209b92436ed7bdd74e025bf615b90c408829156d128c7a169

gpg --decrypt --output eqgrp-free-file.tar.xz eqgrp-free-file.tar.xz.gpg

Password = theequationgroup

Auction Files \- ------------- eqgrp_auction_file.tar.xz.asc

sha256sum = af1dabd8eceec79409742cc9d9a20b9651058bbb8d2ce60a0edcfa568d91dbea

Password = ????

Auction Instructions \- -------------------- We auction best files to highest
bidder. Auction files better than stuxnet. Auction files better than free
files we already give you. The party which sends most bitcoins to address:
19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK before bidding stops is winner, we tell how
to decrypt. Very important!!! When you send bitcoin you add additional output
to transaction. You add OP_Return output. In Op_Return output you put your
(bidder) contact info. We suggest use bitmessage or I2P-bote email address. No
other information will be disclosed by us publicly. Do not believe unsigned
messages. We will contact winner with decryption instructions. Winner can do
with files as they please, we not release files to public.

FAQ \- --- Q: Why I want auction files, why send bitcoin? A: If you like free
files (proof), you send bitcoin. If you want know your networks hacked, you
send bitcoin. If you want hack networks as like equation group, you send
bitcoin. If you want reverse, write many words, make big name for self, get
many customers, you send bitcoin. If want to know what we take, you send
bitcoin.

Q: What is in auction files? A: Is secret. Equation Group not know what lost.
We want Equation Group to bid so we keep secret. You bid against Equation
Group, win and find out or bid pump price up, piss them off, everyone wins.

Q: What if bid and no win, get bitcoins back? A: Sorry lose bidding war lose
bitcoin and files. Lose Lose. Bid to win! But maybe not total loss. Instead to
losers we give consolation prize. If our auction raises 1,000,000 (million)
btc total, then we dump more Equation Group files, same quality, unencrypted,
for free, to everyone.

Q: When does auction end? A: Unknown. When we feel is time to end. Keep
bidding until we announce winner.

Q: Why I trust you? A: No trust, risk. You like reward, you take risk, maybe
win, maybe not, no guarantees. There could be hack, steal, jail, dead, or war
tomorrow. You worry more, protect self from other bidders, trolls, and haters.

Closing Remarks \- --------------------------------------------------

!!! Attention Wealthy Elites !!!

We have final message for "Wealthy Elites". We know what is wealthy but what
is Elites? Elites is making laws protect self and friends, lie and fuck other
peoples. Elites is breaking laws, regular peoples go to jail, life ruin,
family ruin, but not Elites. Elites is breaking laws, many peoples know Elites
guilty, Elites call top friends at law enforcement and government agencies,
offer bribes, make promise future handjobs, (but no blowjobs). Elites top
friends announce, no law broken, no crime commit. Reporters (not call
journalist) make living say write only nice things about Elites, convince dumb
cattle, is just politics, everything is awesome, check out our ads and our
prostitutes. Then Elites runs for president. Why run for president when
already control country like dictatorship? What this have do with fun Cyber
Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber
weapons, this message, our auction, poses to their wealth and control. Let us
spell out for Elites. Your wealth and control depends on electronic data. You
see what "Equation Group" can do. You see what cryptolockers and stuxnet can
do. You see free files we give for free. You see attacks on banks and SWIFT in
news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks
and financial systems? If Equation Group lose control of cyber weapons, who
else lose or find cyber weapons? If electronic data go bye bye where leave
Wealthy Elites? Maybe with dumb cattle? "Do you feel in charge?" Wealthy
Elites, you send bitcoins, you bid in auction, maybe big advantage for you?

bitmessage = BM-NBvAHfp5Y6wBykgbirVLndZtEFCYGht8 i2p-bote =
o1uHOkOcMoFEa7O7dbEilzfMvWzo7bDu~td3x9gYz4b4t5OriJ7U6GUWr5GZoWxQ9f2TrIY5RzhpIMVP6hTLXZ

END MESSAGE

\-----BEGIN PGP SIGNATURE----- Version: GnuPG v2

iQIcBAEBCAAGBQJXrr2sAAoJEAQSTyzLXAwbVzwP/jR5sQcS8VzH2jmuRjbE6RLV
P3RkY6RWyyTyCtTiyTXK4RtWQoz8CfEjnXdIaR3BIZG4u827iI2fbQMVlWu0jMn4
NYN1I/neBoDaagApRgGQqYXip3IdHsqJennOAxRqr0ZoOgJ3IVtiZK8/6vtEnXRK
03IJvKu0zOVROuP0a9OPX0jko2g3Rl2tvo1ljkU1bqLKHs6xb1VzmdoqlAOYR1Bv
4Kb/Gbr6uc5fG84sM8FzSdiyJgS3U21SqfUENyFLyyP05iCyKCybFMne1JckFre8
gI/nUhdRHJaETYorY49PTQvdBaD30aT1I7efyAAM9uxsF97Au/UEvk0hkzh0YfoR
/m+htNKlaP/oclL5GhJEq2O4wWb1KJuyrHU3FZYdUWRA4SlELBb0oR64cw/8kDo+
6WftSANdlolgQLMbng2/ORGTeXHQ033mX6Op93o2oZUuNNhHvR1PnhWPUA2vMcIs
ndo6YuYV2TZR/4GVNiJYQhTcWVNZ7a10FuvWk7yyHkTKXRVHG43G5Rzzm9ZxMUcL
DMAExiPnrehGYTcxrrOP28RB+Mw7Is5YwRpc/h0mwDYGijjUzXGLXPWKFLa8ksxR
zdaUnAjJzhVwR4IVGmGlU687Ox0FayJz9LAhst5eiittciY0iooz8YLee8hrxD7C
XqUIpr4n+QKMYs4AfWd+ =5yni \-----END PGP SIGNATURE-----

------
corndoge
Isn't this obviously a hoax? The screenshots are not at all what I would
expect -- python files? shell scripts? in the face of esoteric pieces of C
software like stuxnet?

Add on the fact that the author of the readme is clearly writing in an
exaggerated Russian / East European accent, with such wild claims and mystery
surrounding the terms of the auction...I would suspect joke or alternate
reality game more quickly than a hack of Equation Group.

~~~
qyv
> Add on the fact that the author of the readme is clearly writing in an
> exaggerated Russian / East European accent, with such wild claims and
> mystery surrounding the terms of the auction...I would suspect joke or
> alternate reality game more quickly than a hack of Equation Group.

Without any spelling mistakes.

------
daxorid
It seems that "open" and "transparent" GitHub has already ceded control of
their business to Federal oversight, in deleting the repo:

[https://github.com/theshadowbrokers/EQGRP-
AUCTION](https://github.com/theshadowbrokers/EQGRP-AUCTION)

They are apparently still ignorant of the Streisand Effect

~~~
kharms
No reason to think so. If you know your platform is being used to commit a
crime and you don't act to stop it, you are culpable as an accessory. I github
shut it down themselves well before any government agency got involved.

------
VMG
For those who want to watch from home:
[https://blockr.io/address/info/19BY2XCgbDe6WtTVbTyzM9eR3LYr6...](https://blockr.io/address/info/19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK)

(Nothing has happened yet, I expect small spam transactions to come in any
minute)

------
krenoten
The preview contains old working exploits. They should release some post-
snowden compilable source if they want a little more legitimacy. Python files
the russian government picked off a compromised server a few years ago are not
interesting. Code shared by snowden with someone who had bad opsec is
interesting but not as interesting as what they claim this is.

~~~
linkregister
I didn't catch any reporting about any malware code that Snowden retrieved,
can you link me to those new stories?

I remember an config file regarding the XKeyscore tool, but nothing else.

------
dadver
If this is legit, a hack/leak of Equation Group files might just be the
coolest hack in history.

------
dutchbrit
Mirror of the 'free files' for those interested:
[https://github.com/samgranger/EQGRP](https://github.com/samgranger/EQGRP)

------
tlb
Remember that money causes work. When you give people money in return for
doing some type of work, people will do more of it.

So if you buy organic food, people will grow more organic food. If you buy
oil, people will pump more oil. If you buy ivory, people will kill elephants
for their tusks.

If you put money into this, people will do more of it.

------
s_q_b
This reeks of misdirection.

Nobody could be both smart enough to hack Equation Group and dumb enough to
think that they could just cash out through bitcoin and walk away.

~~~
sbarre
Smart people screw up all the time..

If they're real, that's probably how these files got out there in the first
place.

If you got your hands on something like this, you probably think you're pretty
smart, and you'd probably try to come up with some smart way to make some
money off this, and this is the plan you'd come up with...

See my first sentence...

~~~
s_q_b
Anyone who did even cursory research on Bitcoin would know that it's trivially
traceable when redeemed.

~~~
milesokeefe
Are you suggesting that BTC can't be laundered?

~~~
s_q_b
It can be, for example with tumblers, CoinJoin implementations, or conversion
to cash at a willing financial institution. However, none of those avenues are
reliable for someone facing a sophisticated global adversary.

------
valine
If this is real and has anything that can link the files to the NSA, it has
the potential to be a major humiliation for the US.

~~~
1propionyl
I suspect that's the real plan here. Use the auction to stir up attention and
blackmail any state actors implicated by these files into hushing the whole
thing.

Hence the open ended termination.

~~~
Bartweiss
Alternatively, use the auction to stir up attention and low bids, even though
there's nothing here.

Then imply a state actor won (via a large self-bid) or disrupted the auction.
Hence the penny-auction structure, where they can walk away and keep
preliminary bids.

------
ajdlinux
Interesting discussions happening on Twitter, eg
[https://twitter.com/thegrugq](https://twitter.com/thegrugq). Looks like this
could be at least somewhat legit.

~~~
moyix
Some other twitter accounts to watch:

[https://twitter.com/pwnallthethings](https://twitter.com/pwnallthethings)

[https://twitter.com/msuiche](https://twitter.com/msuiche)

------
hardlianotion
Sounds important. What does it all mean?

~~~
moyix
Equation Group is the name given by AV vendors to a group of attacks thought
to be carried out by NSA. This is, apparently, a dump of internal files
(mostly exploits and command & control scripts) that someone got ahold of.
They're now apparently trying to auction them off.

If it's a fake, it's a very good one – the code words match up to things we've
seen in the Snowden leaks, e.g. Jetplow
([https://www.schneier.com/blog/archives/2014/01/jetplow_nsa_e...](https://www.schneier.com/blog/archives/2014/01/jetplow_nsa_exp.html)).
Matthieu Suiche has a good initial writeup here:

[https://medium.com/@msuiche/shadow-brokers-nsa-exploits-
of-t...](https://medium.com/@msuiche/shadow-brokers-nsa-exploits-of-the-
week-3f7e17bdc216#.rgumjax2o)

~~~
dopamean
It should be noted that it is only suspected that the Equation Group is
related to the NSA. I only bring this up not because I don't think it is but
rather to emphasize that it has not been proven yet.

~~~
AnkhMorporkian
If this leak is real, it points to one of two things. Either it isn't the NSA
and is a company or some quasi-governmental group - owing to the fact that any
of this shit the NSA makes would be on JWICS terminals and absolutely not
accessible to the internet, or it means there's a leak from the NSA that
dumped these files and has decided to sell them. I'd lean more towards the
former.

~~~
moyix
The command and control ("listening posts" in intelligence community parlance)
for even NSA implants has to be on the public internet so the victims can
phone home. This stuff could be from one of those servers.

~~~
stordoff
Is that necessarily true for NSA et al.? I don't see why the target couldn't
just send the data towards an arbitrary destination, and that data be
collected by NSA via a passive tap. Commands could be sent using a QUANTUM-
style technique (packet injection with spoofed origin)

------
nneonneo
If anyone's curious, I've put up the entire contents of the "free sample" up
on GitHub: [https://github.com/nneonneo/eqgrp-free-
file](https://github.com/nneonneo/eqgrp-free-file). I'm hoping this speeds
public analysis of the contents. So far, browsing through it all, it looks
like code from 2010-2013 (so, not current by any means), but the exploits and
implants look quite real.

------
mathattack
There's a lot of game theory that suggests it's not worth betting on this
because any bet will have a rational higher one.

~~~
Bartweiss
Yep - dollar auctions shouldn't _ever_ get bids if I remember. That's one hell
of a strange structure if you have a real product.

------
gnyman
The link is dead but vice motherboard has a good overview for I think and the
full text is posted further down also
[http://motherboard.vice.com/read/hackers-hack-nsa-linked-
equ...](http://motherboard.vice.com/read/hackers-hack-nsa-linked-equation-
group)

------
daveloyall
Speculation: Maybe the NSA isn't EQ Group. Maybe the NSA is the auctioneers.
"You want record straight? Bid!" The CIA has a long history of being self
funding, right? Does the NSA, too?

~~~
Leon
I agree, but I'd take it one step further. This could be CIA or NSA exposing
just enough information given already known public information on the equation
group.

At that point it would look completely legit, but could be used to track back
large amounts of Bitcoin. If the NSA knows through listening stations which
adversary groups are sending how much BTC then they'll be able to follow the
leads back significantly.

Combining technical knowledge of trades and BTC movement with CIA knowledge of
on-the-ground information may net them some fantastic information.

With the addition of getting a large about of BTC for future funding. That
would be a powerful move.

------
schallertd
Here's my theory. It's from the Snowden leaks and someone with access to it
tried to make some quick money out of it. Wikileaks just announced they are in
possesion of a full copy of the archive and will release it soon. The dates of
the files in the sample archive would perfectly fit in the timeframe of the
Snowden leaks and EPICBANANA could be related to CVE-2012-5717. Just
speculating. We'll see...

------
calimac
Here's a pastern of the original (now deleted) tumbler page with everything:

[http://pastebin.com/RqQW4r9n](http://pastebin.com/RqQW4r9n)

Also, here's link to free files github repo

[https://github.com/nneonneo/eqgrp-free-
file](https://github.com/nneonneo/eqgrp-free-file)

------
Shank
I wouldn't call this auction even remotely smart. Bitcoin is public and can be
tracked -- if the files are legit, this is a great way to end up on every
nation state watchlist in the world. Oh, you're bidding on these files? That's
a great signal to every government that you're a big target.

------
tedmiston
Does anyone expect GitHub to intervene as the (partial) host here? Does this
put them in a legal situation?

~~~
objclxt
> Does this put them in a legal situation?

Not really. GitHub aren't liable for the initial upload due to safe harbor
laws. If the dump is fake, then there's no problem for GitHub. Life goes on.

If the dump is real then potentially the owner could force GitHub to remove
it, but in doing so would have _proven the legitimacy of those files_ , which
is something you don't usually want to do.

GitHub may, of course, choose to suspend the account for their own reasons (I
don't know, for example, what their T&Cs are for running auctions via their
site, but it's probably not allowed).

~~~
sbuttgereit
There's a fair amount of legal question with what the repo creators are doing:
likely at least fraud and very possibly theft, conspiracy, etc. While GitHub
does have safe harbor protections, once they're alerted to their service being
used for illegal activity they do have to intervene. They can't knowingly
continue to host such material and maintain their safe harbor status.

------
calimac
[https://github.com/nneonneo/eqgrp-free-
file](https://github.com/nneonneo/eqgrp-free-file)

------
saganus
The repo was disabled by GitHub apparently

------
MatthiasP
Who would have thought that the FSB had such a sense of humour?

------
NN88
That this is happening in real time...wild.

------
hardlianotion
github link has been taken down.

~~~
dadver
Tumblr is still up:
[https://theshadowbrokers.tumblr.com](https://theshadowbrokers.tumblr.com)

~~~
schallertd
Seems to be down aswell - 'There's nothing here.'

------
double_blink
Just want to make this as clear as possible. Throwaway account, so I won't be
replying or ever using this ever again, but let me run through a few things.

* Whomever is running this auction knows everything that has been mentioned in these threads already, and they're probably a few steps ahead of us all. There are multiple indicators that they know what they're doing from a technical standpoint and that it's very likely that these 'weapons' indeed do what they claim. * On the other hand, there's a lot of reason to believe that these could potentially be faked, since the whole auction is just designed to generate income.

Equation Group is a real group. They do exist, they get paid really well to
operate, and a couple things jump out as obviously being bait.

If you were to place a bid, (I plan to bid a couple dozen BTC or so, but I
want to see what other people do first) then they say they'd contact you with
decrypt information and then you'd have the rest.

The real Equation Group is a group of intelligent individuals, rumored to be a
group of several dozen people, and so they realize that they all have to
operate under the same standards, and resist being correlated. These guys know
that every so-called elite hacker that we know about, we know about them
because they fucked up. We know that EG exists because their tradecraft WASNT
good enough. The real question is whether or not they wanted us to find out.
Bitmessage isnt perfect, i2p isnt perfect, none of these tools are perfect and
the entire idea of a group that might not even exist contacting a bidder after
they may or may not have bid the highest bid is just ridiculous.

There is reason to believe that if EG actually exists, that there might be
subdivisions within whatever larger collective they belong to (NSA, CIA, etc)
that seem to learn from approaches that can be correlated to work that EG
either wanted us to find, or didn't.

Regardless, these guys know enough to not get in trouble over this. Even if
they're NSA contractors, or permanent employees, or some sort of secret
operatives from some crazy Intel firm, whatever the case is, they aren't going
to make some stupid mistake and ruin this.

I'd give this like a 30% chance of being real. Doesn't seem likely.

~~~
ars
> I plan to bid a couple dozen BTC or so

You plan to bid $5,000 to $20,000 for this? Are you serious? Where do you
work?!?

~~~
kharms
[S]He's probably one of the folk that got into the bitcoin game back when you
could mine one in a day.

It's one of the things that puzzles and fascinates me about bitcoins in
general - the early adapters have a disproportionate amount. Seems like a
terrible investment because of the cap on growth - as soon as the currency
reaches a certain threshold value, the select few cash out a few dozen or
hundred. It drops again, they sit back and let demand build up again.

------
omgitstom
Auction information is here: [https://github.com/theshadowbrokers/EQGRP-
AUCTION](https://github.com/theshadowbrokers/EQGRP-AUCTION)

~~~
moyix
Yep, I bungled the link. The tumblr has all of the information but it's split
into separate posts:

[https://theshadowbrokers.tumblr.com/](https://theshadowbrokers.tumblr.com/)

~~~
sctb
Thanks, we updated the submission.

~~~
moyix
Could you change the link to the tumblr? The github page has been pulled.

~~~
sctb
Done.

~~~
schallertd
Both seem to be down right now.

------
DINKDINK
I wonder if the style of the author is either to 1)Mimic an English-as-a-
second-language author 2)Thwart stylometry analysis[1]

[1][https://en.wikipedia.org/wiki/Stylometry](https://en.wikipedia.org/wiki/Stylometry)

