All in all, there is a large possibility that we can elucidate the background of these crimes if arresting “shadow brokers”. They are just data brokers, but highly likely related to more crimes and we might tail other global crime organizations, including the equation group.
Additionally, they are an indispensable part of the crime infrastructure in Japan. When we arrest them, this infrastructure should be severely damaged. They are critical targets for the Japanese police as well.
There is another unsolved question for all of us. Snowden worked at the Japan desk of the NSA, which implies it is highly likely he knew some of the members of shadow brokers. It was one of his job descriptions when working for the NSA to find these hackers. Is it common not to realize or even to misread old enemies when leaving the job?
In any way, I hope they are caught as soon as possible.
If the CIA and NSA were intentionally concerned with this issue, it was not to frame the criminals but exploit them. This might be an approach to stir up a threat from the global crime organization with providing them obsolete hacking tools. In the end, the intelligence circles should be more demanded than before.
This type of counterintelligence really took place and I knew some of them, but this specific crime, the auction of hacking tools, was less likely an organizational decision of them, as this appeared too much. However, there is a possibility that some of the agents might leak these to keep their authority. If they are in charge of the job against these criminals or the national security breach, they can keep or even elevate their authority in the intelligence circles.
If that is the case, the equation group itself consists of the rogue agents. It should make sense why they hired Japanese data broker to auction and leaked the obsolete hacking tools under this scenario.
This case is probable, but if you consider they are assumed to be one of the global crime organization, the conclusion should be the same as original; the global crime organization hacked into the NSA server and obtained the tools which were provided to the Japanese data brokers who were told to auction them.
The difference might appear at their motivation that it is not for the show-up, but they would like to keep their authority to stir up the threat of the global crime organization.
There is another possibility that the CIA and NSA should frame the global crime organization and shadow brokers. It was nearly revealed that these government intelligences conducted an illegal hacking and they exploited this situation. They utilized obsoleted data given to them for a confirmation of the global crime connection.
The whole issue was staged as their counterintelligence, if this is the case.
This possibility cannot be denied, but its odd is not high. As you know, the general American reaction was a surprise and confusion. They more or less knew that the CIA and NSA had this hacking capability, but they disbelieved a little how deeply they were hacked by the crime organization.
As a result, there is no possibility this leak is perceived positive to the NSA, hence it is unnecessary to employ this approach as a counterintelligence. At least as far as we know, it is less likely conducted as their strategy, unless there is another truth coming up to make it more sense.
The equation group is a mastermind, which is assume to be the main scenario, but there is a possibility that another global crime organization hacked into the server of the equation. Thereafter, they leaked the hacking tools through Japanese data brokers.
If this is the case, it is necessary to understand why they should structure this crime framework, including why they decided to auction them and why they hired these specific data brokers.
In May 2016, there was a crime illegally drawing cash from ATMs at convenience stores in Japan, amounting to $20 million damage. This breach was huge, as the crime took place at 17 prefectures out of 47 totally in Japan within a few hour timeframe. It was calculated as more than 1,000 people involved in its crime. This crime background is quite similar to “shadow brokers”.
Originally, the South African bank was hacked and they stole a cash at ATMs from their banking accounts, as they decrypted the code which this bank employed for a transaction. The basic skill-set was a hacking and decryption. It was highly likely for the global crime organization to hire the Japanese crime infrastructure for its monetization. This background is totally the same as this crime, the auction of NSA hacking tools.
Therefore, there is a possibility that this global organization hacked into the equity group to obtain these hacking tools. However, the equation can also structure the same crime framework, so it does not just mean they were hacked.
There are, surely, other possibilities.
The first different possibility is that shadow brokers really hacked the server and obtained the NSA hacking tools. They are definitely Japanese data brokers, but they might have more hacking capability than originally assumed. Although it is quite doubtful they were able to hack the NSA, but they might obtain the data from the server of the equation group.
As a matter of fact, they mentioned they hacked the equation group, which is possible. If the equation group has halted their activity since 2013, it is likely that they should do so with some reasons. If that is the case, there is a probability that their stolen hacking tools have been hidden in the certain server without enough maintenance.
Under this condition, the shadow brokers might hack the equation group to obtain the tools. This is just a slight possibility but they might obtain them by their own effort, not from the global crime organization.
In this case, their purpose was to show off their capability to the US government, and simultaneously to the equation group. There was no other practical reason why they conducted the crime in this case, which implied the auction was too much, therefore this possibility is unlikely.
Shadow brokers are Japanese data brokers who consist the domestic crime infrastructure and commit a ransomware. This is the main profile of them.
At the same time, this guy can speak English. I am not sure how good he is, but at least they can make himself understood in English and can communicate with foreign criminals. These foreigners are highly likely related to the equation group and are highly likely to hire the Japanese data broker to disguise their identities.
The shadow brokers have a skill-set to hack the corporate server, but I doubt they can sneak into the NSA server. It is more like they obtained the data from others, though their action was a total breach of the national security and it is assumed to be a felony. Japanese police should have an interest in them, but also the CIA and FBI should come to Japan to investigate them.
I am not sure how many data brokers are in practice in Japan, but there are limited number of players holding a capability of hacking and ransomware. I assume Japanese authority can narrow down the suspect within ten probabilities. When they have registered as the private investigator in Japan, the police know who they are at least. It is necessary to register as such to conduct a private investigation in Japan, which is applicable to the data broker if they would like to sell their product in the consumer market.
One more addition, but the member of this global crime organization have likely visited Japan and knew the brokers’ English capability through the conversation. If we can catch shadow brokers, we can tail others as well.
Japanese data brokers have connected to the global crime organization, which is how they got hacking tools developed by the NSA. In this sense, their job was totally a data broker and the global criminals should know its fact beforehand. This implies they auctioned the tools but have never thought it should be actually sold out. Their intention was to show up themselves.
The issue is how they can monetize their show-up. There is one possibility that they have already known globally as the Japanese data broker and they can get a contact from potential buyers directly in another way. This possibility holds true to the equation group that they might get a direct demand from the third party to acquire their tools in hand.
There is another main possibility that they just showed off their capability. At this time moment, it is still unclear how they obtained these tools, and at the same time, their identity had been unknown for some time, hence many governments just escalated their anxiety. If they maintained their anonymity, the US government would have misperceived they would be quite skillful criminals, critical to the national security.
Having said that, the truth is that “shadow brokers” were just hired to leak the hacking tools as an agent of the foreign counterpart who perfectly understood the Japanese data broker consisted the crime infrastructure and also conducted a ransomware to take a ransom without notice. In the end, their crime was an extension of these capabilities.