In the long history of hacking, there have been numerous data breaches that, years or even decades later, remain unsolved. Countless hackers and hacking groups behind them have never been unmasked.
But prolific hacking groups do get caught. This is true whether they’re cybercriminals such as LAPSUS$, a notorious extortion gang that compromised companies including Microsoft and Nvidia, who have had multiple members arrested, or sophisticated government hacking groups from Russia and China, whose members have been named, indicted, and placed on most-wanted lists.
Still, some of the most fascinating cases in cybersecurity history remain wide open — no culprits, no answers, and in some cases, not even a clear motive. We decided to revisit several of them in a series of articles, starting with one of the strangest episodes in the history of intelligence leaks.
The first installment centers on the Shadow Brokers — an enigmatic group that surfaced online, dumped a trove of hacking tools believed to belong to the NSA, and then vanished.
In the summer of 2016, in the midst of the Russian hacks related to the U.S. Presidential elections, the group appeared on Twitter. They linked to a Pastebin post and @-mentioned several news outlets — a strange, ineffective strategy that meant most of those outlets likely never saw the tweets.
But if anyone had clicked on the link, they would have seen a document titled “Equation Group Cyber Weapons Auction — Invitation” — a reference to the shadowy hacking operation widely believed to be run by the NSA.
“!!! Attention government sponsors of cyber warfare and those who profit from it !!!! How much you pay for enemies’ cyber weapons?” the hackers wrote, claiming to have hacked the Equation Group.
The document included links to download some hacking tools, as well as a link to download an encrypted file that interested buyers could decrypt by making a bid. “Auction files better than Stuxnet,” they wrote, referring to the famous malware used against Iranian nuclear facilities in a U.S.-Israeli cyberattack in 2007. They asked for at least one million Bitcoin.
The leak quickly attracted press coverage. Once security researchers analyzed the tools, they realiz …