In August, a group of supposed hackers calling themselves the Shadow Brokers leaked a trove of outdated NSA-linked cyber-weapons and encouraged observers to bid on software exploits they had stolen. On Wednesday, someone paid the group $9,000 worth of bitcoin, based on publicly visible transaction records. The mysterious payment represents the single largest deposit made to a bitcoin wallet previously listed by the Shadow Brokers.
While the aforementioned bitcoin wallet had seen past activity in the form of small deposits ranging from just a few cents to several hundreds of dollars, Wednesday’s payment is by far the largest contribution. Bitcoin is an anonymous digital currency that is sold, traded, accepted and tracked online.
I looks like somebody sent $9,000 worth of Bitcoins to Shadow Brokers couple of hours ago. https://t.co/dy9HPA17SP
— Mikko Hypponen ♾ (@mikko) January 4, 2017
Former NSA contractor and Booz Allen Hamilton employee Harold Martin is one of the prime suspects behind the Shadow Brokers leaks, according to The Washington Post. He was arrested by the FBI on Aug. 27 for allegedly stealing more than 50 terabytes’ worth of data over the course of a two-decade career working for both the NSA and Office of the Director of National Intelligence. Although Martin was arrested in late August, subsequent communications from the Shadow Brokers has indicated the involvement of others.
Investigators say Martin was communicating online with various individuals in Russian.
The $9,000 payment comes about three months after someone claiming to represent the group wrote a Medium post in which the author provides a list of IP addresses that were supposedly once used as staging servers by the Equation Group, an elite hacking unit widely believed to be affiliated with the NSA. That message was signed with the same PGP key used to sign a previous post.
In older Medium posts signed by the Shadow Brokers, the group described a frustration with the lack of bidding and attention from mainstream media outlets. Since emerging into public view, the group has changed the price and format of its auction multiple times.
Cybersecurity experts say that past leaks by the group contained legitimate exploits capable of penetrating systems.
Most recently, the Shadow Brokers advertised a crowdsourced fundraising dynamic, where the code behind the digital weapons would be openly published once the offering reached a monetary goal of roughly $7,070,300 in bitcoin. Even with the $9,000 deposit, the ShadowBrokers are still short of that goal by about $7,059,000.