There are, surely, other possibilities.
The first different possibility is that shadow brokers really hacked the server and obtained the NSA hacking tools. They are definitely Japanese data brokers, but they might have more hacking capability than originally assumed. Although it is quite doubtful they were able to hack the NSA, but they might obtain the data from the server of the equation group.
As a matter of fact, they mentioned they hacked the equation group, which is possible. If the equation group has halted their activity since 2013, it is likely that they should do so with some reasons. If that is the case, there is a probability that their stolen hacking tools have been hidden in the certain server without enough maintenance.
Under this condition, the shadow brokers might hack the equation group to obtain the tools. This is just a slight possibility but they might obtain them by their own effort, not from the global crime organization.
In this case, their purpose was to show off their capability to the US government, and simultaneously to the equation group. There was no other practical reason why they conducted the crime in this case, which implied the auction was too much, therefore this possibility is unlikely.
Shadow brokers are Japanese data brokers who consist the domestic crime infrastructure and commit a ransomware. This is the main profile of them.
At the same time, this guy can speak English. I am not sure how good he is, but at least they can make himself understood in English and can communicate with foreign criminals. These foreigners are highly likely related to the equation group and are highly likely to hire the Japanese data broker to disguise their identities.
The shadow brokers have a skill-set to hack the corporate server, but I doubt they can sneak into the NSA server. It is more like they obtained the data from others, though their action was a total breach of the national security and it is assumed to be a felony. Japanese police should have an interest in them, but also the CIA and FBI should come to Japan to investigate them.
I am not sure how many data brokers are in practice in Japan, but there are limited number of players holding a capability of hacking and ransomware. I assume Japanese authority can narrow down the suspect within ten probabilities. When they have registered as the private investigator in Japan, the police know who they are at least. It is necessary to register as such to conduct a private investigation in Japan, which is applicable to the data broker if they would like to sell their product in the consumer market.
One more addition, but the member of this global crime organization have likely visited Japan and knew the brokers’ English capability through the conversation. If we can catch shadow brokers, we can tail others as well.
The next focal point is a “brokers”. The broker is also called as “broker” in Japan, though it is used for the special term to the security broker or the real estate broker, while the general intermediator is not called as such. It implies they have conducted a job descripted as the broker in Japanese term.
This consideration narrows down their possible profile. Their business should not be security and real estate brokers and I came up with one possibility that they are smugglers or human traffickers. They are called as the underground import broker in Japanese term.
In the end, the broker is often used by the criminal. The illegal transporter is almost always called as such in Japan, and then researching further into the detail, I found out which criminals they should belong to. That is the data broker.
“Shadow brokers” are data brokers, partially accumulating their data by hacking into the corporate server. This skill-set is transformed to the ransomware, as they had to find a new source of income after the regulation was tightened after the massive leak of personal information in 2014 when tens of million data was leaked by the inside job. This leaked data was sold to the data broker, which was resold in the market. That is why the regulation was tightened and they needed to find another source of income.
I assume that was one of the motivations why they started to employ a ransomware, as they already had a capability of hacking. All in all, this is a profile of “shadow brokers”.