Last week Russia-backed hacking collective ShadowBrokers announced it had hacked private US security contractor Equation Group. Equation Group is believed to be a contractor for the US National Security Agency and responsible for developing cyber tools. To prove it had successfully breached Equation Group, ShadowBrokers offered up 300MB of exploits, tools and scripts. These were quickly authenticated as being real and of being used by the NSA. That authentication came from former US intelligence work Edward Snowden.
ShadowBrokers also announced an auction for the remaining data. It claims it holds many more tools, hacks, zero-day vulnerabilities and much more. If true that data will be worth a lot not just to the NSA who will want it back but also other governments and even large corporations. In a bizarre twist, blogger Krypt3ia has reported that the US Government is itself bidding in the auction.
Private companies develop a lot of cyber tools
The use of tools developed by private companies is nothing new. There are dozens on companies that discover code vulnerabilities and then exploit them. The exploits they develop are sold to governments and commercial companies. Some are used to spy on people, others to spy on competitors. In some cases the tools have been used to track dissidents which has caused serious concern.
The attack on Equation Group is the most serious since the 2015 attack on Italian security company Hacking Team. The data from that hack is available on the Internet. It includes emails, invoices, software, tools, documents and details of customers. It led to a number of new zero-day exploits becoming public knowledge. The dump also exposed the fact that these companies were being enabled by governments and not reporting vulnerabilities to vendors.
US Government using seized bitcoins in auction
When the Equation Group files first appeared last week the hackers, ShadowBrokers decided to auction off the data. The terms of the auction are even stranger than the details of the hack. ShadowBrokers told all bidders that they would lose their bitcoins even if they lost the auction. They also said that if they got 1 million Bitcoins, around $500 million in real currency, they would make more files public.
If true, by bidding for the data the NSA is going against US Government policy. The US has always maintained that it never pays ransoms or blackmail money. This auction is little more than ShadowBrokers blackmailing the US Government and forcing it to buy back its data and code. Krytp3ia says that some of the bitcoins being used were seized as part of the Silk Road case. This means that either the bidding is being carried out by the FBI who seized the coins or the NSA has been given permission to use them.
There are a number of things that make this interesting. The use of stolen bitcoins by the US Government to pay for stuff on the Internet will raise eyebrows. It is likely that they thought they could do this and keep the payment off of government books. Now it is known that the bitcoins that were seized are being tracked, anonymity will be difficult.
Is it possible that this is not the US Government bidding? Possible yes but highly unlikely. The US Government has run a number of sales of bitcoins to raise money. This is not unusual. Governments often sell off property seized as the proceeds of crime. Several governments are making sales of seized cryptocurrencies. How long before they are given more formal currency status?
Are bitcoins being mined by governments?
Krypt3ia also raises the question as to what else the US Government might be doing with seized bitcoins? Is it using bitcoins to pay for other things on the dark web? If so, it is taking a significant risk. As Krypt3ia points out the bitcoins can be traced so such a move would indicate a lack of awareness. That does not mean it isn’t happening. An alternative is that the US Government has been mining its own bitcoins. After all, it does have significant compute power to make that possible.
The same claim can made against any major government and in particular their intelligence divisions. This would provide a way for governments to buy and trade on the dark web. This is something that intelligence analysts would see as being perfectly reasonable. The question that Krypt3ia throws up is what other parts of the US Government are using bitcoins?
There is, of course, a bigger question here. Are companies using bitcoins to make off book payments? International banking treaties have made it harder but not impossible to pay bribes with cash. As anti-bribery laws have tightened some companies will inevitably look for alternatives. This does not mean companies should not have bitcoins. Many of the security attacks on companies require bitcoin as a payment so having a stock makes sense.
The attractiveness of all cryptocurrencies is their anonymity. What Krytpt3ia’s blog shows is that once you know the details of a particular bitcoin you can track it. Pass it to a known individual and you can then track their use of it. It provides an opportunity for governments to follow the money. This doesn’t expose individuals but if any one is caught then it helps to tie transactions to crimes. This will interest law enforcement around the world.
Should the US Government be bidding on the data stolen by ShadowBrokers? It has little choice if the data concerned affects government spy programmes.