History is littered with data breaches. Years pass. Decades even. No names. No faces. The hackers stay ghosts.
Sure. We catch the loud ones.
Take LAPSUS$. The extortion ring took down Microsoft, Nvidia, others. Multiple arrests. Then there are the state actors. Russian units. Chinese squads. We have their names. Indictments. Wanted lists. They leave paper trails we can follow.
Some cases though… they just hang there.
Wide open. No culprit. No motive. Sometimes not even a reason that makes sense.
We are going back to look. Starting with one of the weirdest intelligence leaks ever recorded.
The Shadow Brokers
This story begins in summer 2016.
The Russian hacks tied to the U.S. election were making noise. Into the fray steps a group called the Shadow Brokers.
They popped up on Twitter. Linked a Pastebin post. Tagged news outlets. A strange strategy. Ineffective, too. Most outlets likely missed it entirely. But click the link anyway.
The document was titled “Equation Group CyberWeapons Auction — Invitation”.
Equation Group? That’s the codename for operations widely believed to run by the NSA.
“!!! Attention government sponsors of cyber warfar and those who profit form it !!!! How much you pait for enemy’s cyber warfares?”
Bad spelling. Bad grammar. Almost comical. But they claimed they had hacked Equation.
They posted download links for hacking tools. Then a link for an encrypted file. You could decrypt it if you made a bid.
“Auction files better thn Stuxnet”
They referenced Stuxnet. The famous malware used in that joint U.S.-Israeli attack on Iranian nuclear sites in 2007.
Their ask? At least one million Bitcoin.
The press caught on. Security researchers looked closer.
The tools weren’t just good. They were weapon grade. NSA grade. The suspicion hit home because some tools shared names with programs Edward Snowden had leaked years before.
Was the auction real?
Probably not. Months later, the Brokers just dumped everything publicly. Why?
Doesn’t matter. It doesn’t add up. The broken English felt fake. Like a performance. Yet they craved attention.
They gave exactly one interview.
To Joseph Cox. Back when he wrote for VICE Motherboard, before 404 Media. Brief. Curteous.
That’s it.
Still ghosts
Ten years later.
We know nothing.
We interviewed ex-NSA staff then. Their take? An insider. Or maybe someone who used to work there.
No arrests though. Never.
For one of the worst intelligence tool leaks in U.S. history, nobody was charged. That is… rare.
One name came up. Harold T. Martin III.
NSA contractor. Arrested for stealing classified info. Plausible suspect. But timeline checks out against it. The Shadow Brokers stayed online while Martin was in custody.
He was never formally charged with the leaks.
So what happened?
Most people think Russia did it. A state-sponsored propaganda move.
“Vulnerabilities hoarded by intelligence agencies dont stay secret forever.”
The impact wasn’t theoretical.
Among the leak? EternalBlue.
It was a suite of zero-day flaws for Windows. A zero-day means the vendor doesn’t know about it yet. No patch. It lets you breach a network, move sideways, plant worms that eat themselves into every machine they can find.
North Korea grabbed it. Unleashed WannaCry.
Later, Russian hackers embedded it in NotPetya. It started in Ukraine. Spread globally. Cost about $10 billion.
Businesses learned the lesson the hard way.
Gathering weapons in the shadows only delays the inevitable. When those shadows open… the private sector pays.
Who was behind it?
We still don’t know.
