This story is over 5 years old.


NSA Exploit Peddlers The Shadow Brokers Call It Quits

“Final fuck you, you should have been believing TheShadowBrokers.”

The fun is over. The Shadow Brokers, a hacker or group of hackers that publicly released NSA exploits last year and then tried to sell more, have called it quits, according to a recent message from the group.

This comes after The Shadow Brokers advertised a slew of alleged hacking tools specifically for Windows systems, presumably with no one taking them up on the offer.

"So long, farewell peoples. TheShadowBrokers is going dark, making exit. Continuing is being much risk and bullshit, not many bitcoins. TheShadowBrokers is deleting accounts and moving on so don't be trying communications," a message posted on a site that the group has previously used reads.


The Shadow Brokers emerged in August of last year, claiming that they had hacked a group linked to the NSA and stolen a treasure trove of exploits. Those exploits and other hacking tools turned out to be legitimate, and many affected hardware firewalls from vendors such as Cisco, Huawei, and Juniper. The group went on to dump more files in October, which allegedly revealed IP addresses linked to NSA hacking operations.

This whole time, The Shadow Brokers have been trying to sell more exploits to those willing to cough up a hefty amount of bitcoin. The group started with an auction and crowd-funded approach, before launching a site to apparently sell exploits one by one directly to customers.

But the group hasn't had much success. Bidders have only sent a total of 10 bitcoins ($7,800) to the group, far short of the 10,000 bitcoins ($7,800,500) The Shadow Brokers demanded in exchange for a collection of Linux and Windows hacking tools.

"There being no bitcoins in free dumps and giveaways. You are being disappointed? Nobody is being more disappointed than TheShadowBrokers," the group's message reads. The security researcher known as Hacker Fantastic told Motherboard he is attempting to crack the password on some of the encrypted files released by The Shadow Brokers.

Hacker Fantastic is trying to get at the contents of some of the encrypted Shadow Brokers dumps. Image: Screenshot/Hacker Fantastic

However, the group's offer is still open, apparently. If they do receive 10,000 bitcoin, they will publicly dump the password for the exploit cache.


In October, The Washington Post reported that Hal Martin, an NSA contractor arrested on suspicion of hoarding a vast amount of classified material, was the lead suspect in The Shadow Brokers case. However, while Martin sat in detention, The Shadow Brokers continued to post cryptographically signed messages. Then in December, Motherboard managed to briefly interview the group, providing the strongest public evidence yet the The Shadow Brokers and Martin are not necessarily one and the same.

The Shadow Brokers have maintained that their drive was for financial profit, although they have posted bizarre political content too. But in a climate of public data dumps from digital cut-outs, others have speculated that the group may have been connected to the Russian government.

"Despite theories, it always being about bitcoins for TheShadowBrokers. Free dumps and bullshit political talk was being for marketing attention," the group writes in its latest message.

As a parting gift with their farewell message, The Shadow Brokers dumped another small set of files that they imply further proves that the for-sale hacking tools are linked to the NSA. Hacker Fantastic told Motherboard that a new file contains a Windows implant that was disclosed by cybersecurity company Kaspersky in 2015.

"Password is FuckTheWorld Is being final fuck you, you should have been beleiving TheShadowBrokers," the message concludes.