Annoyed with the U.S. missile strike last week on an airfield in Syria, among other things, hacker group Shadow Brokers resurfaced on Saturday and released what they said was the password to files containing suspected National Security Agency tools they had earlier tried to sell.
“Is appearing you are abandoning ‘your base’, ‘the movement’, and the peoples who getting you elected,” the group wrote in broken English in a letter to U.S. President Donald Trump posted online on Saturday.
The hacker group, believed by some security experts to have Russian links, released in January an arsenal of tools that appeared designed to spy on Windows systems, after trying to to sell these and other supposedly Windows and Unix hacking tools for bitcoin.
The group also announced its retirement, which coming a few days before Trump's inauguration led to speculation that the Shadow Brokers was part of the hacking operations Russia had set up to allegedly help the new president get elected.
The group shot to prominence in August after it dumped hacking tools for routers and firewall products that they said came from the Equation Group, a cyberespionage team that is suspected to work for the NSA. The group published sample files as well as those to which they would provide the password to the winning bidder in the auction.
The U.S. attacked a Syrian government airfield last week in response to reports of an alleged chemical weapon attack by the government that killed many people including children. Trump said the chemical attack had been launched from the airfield.
“Quick review of the #ShadowBrokers leak of Top Secret NSA tools reveals it's nowhere near the full library, but there's still so.... much here that NSA should be able to instantly identify where this set came from and how they lost it," former NSA contractor and whistleblower Edward Snowden said in Twitter messages.
“If they can't, it's a scandal,” he added.
The strike on the airfield has also irked Russia, a backer of the regime of President Bashar al-Assad. The Shadow Brokers' criticism of the move is likely to further fuel speculation that they are backed by the Russian government, though there have also been theories that they are cleverly disguising their identity with their broken English on Twitter and in their posts to pass off as Russians.
The group on Sunday denied it was backed by Russia stating that: “If theshadowbrokers being Russian don’t you think we’d be in all those U.S. government reports on Russian hacking?” they wrote.
The NSA could not be immediately reached for comment after business hours.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.