dChan
Anonymous ID: 973c47 March 10, 2019, 9:16 p.m. No.5617656   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8113

>>5617090 lb

 

subject of retweets

 

  1. : Dark money group gave $2 Million DEMOCRACY INTEGRITY PROJECT, the org that hired Fusion GPS and Chris Steele

 

  1. Uncovers DOJ Docs Showing Numerous Bruce Ohr Communications with Clinton/DNC's Fusion GPS, Christopher Steele

 

  1. Lindsey Graham today touring a Gaza terror tunnel. Cost of tunnel = cost of 2 new schools = cost of 30 new homes

 

  1. Lindsey Graham - Executive Business meeting this morning on judicial nominees in the @senjudiciary committee

 

  1. : H.R.1 is a blatant power grab to give Washington bureaucrats control over what American citizens can say about politics

 

  1. BREAKING: US Border Patrol says that after physical barriers were erected in San Diego and El Paso sectors, as well as Yuma

 

  1. _: BREAKING: Even Mueller's case against Russia itself, for interfering in the 2016 election, is breaking down

 

  1. TomFitton: The real collusion scandalโ€ฆ why haven't Hillary Clinton and her lawyers been questioned about their collusion with Fusion GPS

 

  1. Top House Dem says Cohen likely to face DOJ perjury probe

 

  1. RepAdamSchiff has another ethics scandal as a result of his and his staff colluding with Cohen on his testimony,

 

  1. โ€œThereโ€™s not one shred of evidence that President Trump has done anything wrong.โ€ @GrahamLedger One America News. So true, a total Witch Hunt - All started illegally by Crooked Hillary Clinton, the DNC and others

Anonymous ID: 973c47 March 10, 2019, 9:32 p.m. No.5618081   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8112

>>5618058

Name and alias[edit]

Several news sources noted that the group's name was likely in reference to a character from the Mass Effect video game series.[10][11] Matt Suiche quoted the following description of that character: "The Shadow Broker is an individual at the head of an expansive organization which trades in information, always selling to the highest bidder. The Shadow Broker appears to be highly competent at its trade: all secrets that are bought and sold never allow one customer of the Broker to gain a significant advantage, forcing the customers to continue trading information to avoid becoming disadvantaged, allowing the Broker to remain in business."[12]

Leak history[edit]

First leak: "Equation Group Cyber Weapons Auction - Invitation"[edit]

While the exact date is unclear, reports suggest that preparation of the leak started at least in the beginning of August,[13] and that the initial publication occurred August 13, 2016 with a Tweet from a Twitter account "@shadowbrokerss" announcing a Pastebin page[5] and a GitHub repository containing references and instructions for obtaining and decrypting the content of a file supposedly containing tools and exploits used by the Equation Group.

Anonymous ID: 973c47 March 10, 2019, 9:33 p.m. No.5618112   ๐Ÿ—„๏ธ.is ๐Ÿ”—kun   >>8179

>>5618081

Second leak: "Message #5 - TrickOrTreat"[edit]

This publication, made on October 31, 2016, contains a list of servers, supposedly compromised by Equation Group as well as references to seven supposedly undisclosed tools (DEWDROP, INCISION, JACKLADDER, ORANGUTAN, PATCHICILLIN, RETICULUM, SIDETRACK AND STOCSURGEON) also used by the threat actor.[15]

Link to message

Link to material (Password = payus)

Third leak: "Message #6 - BLACK FRIDAY / CYBER MONDAY SALE"[edit]

Message #6 reads as follows:

TheShadowBrokers is trying auction. Peoples no like. TheShadowBrokers is trying crowdfunding. Peoples is no liking. Now TheShadowBrokers is trying direct sales. Be checking out ListOfWarez. If you like, you email TheShadowBrokers with name of Warez you want make purchase. TheShadowBrokers is emailing you back bitcoin address. You make payment. TheShadowBrokers emailing you link + decryption password. If not liking this transaction method, you finding TheShadowBrokers on underground marketplaces and making transaction with escrow. Files as always being signed.[16]

This leak[17] contains 60 folders named in a way to serve as reference to tools likely used by Equation Group. The leak doesn't contain executable files, but rather screenshots of the tools file structure. While the leak could be a fake, the overall cohesion between previous and future leaks and references as well as the work required to fake such a fabrication, gives credibility to the theory that the referenced tools are genuine.

Fourth leak: "Don't Forget Your Base"[edit]

On April 8, 2017, the Medium account used by The Shadow Brokers posted a new update.[18] The post revealed the password to encrypted files released last year to be CrDj"(;Va.*NdlnzB9M?@K2)#>deB7mN. Those files allegedly reveal more NSA hacking tools.[19] This posting explicitly stated that the post was partially in response to President Trump's attack against a Syrian airfield, which was also used by Russian forces.

The decrypted file, eqgrp-auction-file.tar.xz, contained a collection of tools primarily for compromising Linux/Unix based environments.[20]