Breach, Compliance Management, Threat Management, Threat Intelligence, Data Security, Vulnerability Management

U.S. intel ponies up $100K to Russian operative for NSA hacking tools hawked by Shadow Brokers

Working with Russian and American intermediaries in Europe over the past year, the U.S. intelligence community reportedly negotiated in secret to retrieve classified documents nicked from the National Security Agency (NSA) by the Shadow Brokers and passed along to Russian intelligence – and even ponied up $100,000 as a first installment payment toward getting back its hacking tools, but eventually nixing the deal because they feared being sucked into a Russian effort to interject chaos into the U.S. government.

The cache may have “inadvertently” included compromising information on President Trump's ties to Russia, according to a report from the Intercept. But the New York Times reported that intelligence officers said in communications with a sketchy Russian operative that they weren't interested in the information on Trump, which supposedly included bank records, Russian intelligence and emails.

In August 2016, the Shadow Brokers group began posting NSA hacking tools online then tried various schemes to drum up buyers. In an October rant posted to Medium expressing frustration that an online auction of the tools hadn't yielded bidders, the group said the auction was real as well as the group's estimated value of the stolen goods, which they tallied at $1 million, and criticized researchers and the media alike before arriving at the conclusion that “peoples is not thinking auction is being real.”

After that - group offered information on Trump, the report said, citing anonymous sources and documents provided as evidence. Early analysis of spring 2017 ransomware attacks that began hitting the U.K. National Health System earlier and rapidly spread globally found that the attackers dropped WanaCryptOr 2.0, or WannaCry, using an NSA exploit tool released by the Shadow Brokers. 

After members of the intelligence community negotiated with the Russian operative, an intermediary – an American businessman – met with the operative in a West Berlin bar and was given a thumb drive of information, which U.S. intelligence deemed to be nothing more than information that the Shadow Brokers had already made available in the public domain. The information handed over to the American businessman in exchange for the $100,000 installment payment after a second meeting a few months later only concerned Trump and the 2016 presidential election.

The Russian operative, whose motives were already being questioned by U.S. intelligence after he bumped his original price down from $10 million to $1 million, eventually told the American businessman that Russian officials had told him to hold on to the hacking tools and only offer up the “kompromat” on Trump. The Times said a review of four pages of the trove of documents reportedly still in the custody of the American intermediary also seemed to be drawn from information already reported in the public domain. U.S. intelligence eventually severed ties with the operative – telling him to leave Europe unless he was willing to cooperative with investigators and hand over the names of those people in his network.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.