All in all, there is a large possibility that we can elucidate the background of these crimes if arresting “shadow brokers”. They are just data brokers, but highly likely related to more crimes and we might tail other global crime organizations, including the equation group.
Additionally, they are an indispensable part of the crime infrastructure in Japan. When we arrest them, this infrastructure should be severely damaged. They are critical targets for the Japanese police as well.
There is another unsolved question for all of us. Snowden worked at the Japan desk of the NSA, which implies it is highly likely he knew some of the members of shadow brokers. It was one of his job descriptions when working for the NSA to find these hackers. Is it common not to realize or even to misread old enemies when leaving the job?
In any way, I hope they are caught as soon as possible.
If the CIA and NSA were intentionally concerned with this issue, it was not to frame the criminals but exploit them. This might be an approach to stir up a threat from the global crime organization with providing them obsolete hacking tools. In the end, the intelligence circles should be more demanded than before.
This type of counterintelligence really took place and I knew some of them, but this specific crime, the auction of hacking tools, was less likely an organizational decision of them, as this appeared too much. However, there is a possibility that some of the agents might leak these to keep their authority. If they are in charge of the job against these criminals or the national security breach, they can keep or even elevate their authority in the intelligence circles.
If that is the case, the equation group itself consists of the rogue agents. It should make sense why they hired Japanese data broker to auction and leaked the obsolete hacking tools under this scenario.
This case is probable, but if you consider they are assumed to be one of the global crime organization, the conclusion should be the same as original; the global crime organization hacked into the NSA server and obtained the tools which were provided to the Japanese data brokers who were told to auction them.
The difference might appear at their motivation that it is not for the show-up, but they would like to keep their authority to stir up the threat of the global crime organization.
The equation group is a mastermind, which is assume to be the main scenario, but there is a possibility that another global crime organization hacked into the server of the equation. Thereafter, they leaked the hacking tools through Japanese data brokers.
If this is the case, it is necessary to understand why they should structure this crime framework, including why they decided to auction them and why they hired these specific data brokers.
In May 2016, there was a crime illegally drawing cash from ATMs at convenience stores in Japan, amounting to $20 million damage. This breach was huge, as the crime took place at 17 prefectures out of 47 totally in Japan within a few hour timeframe. It was calculated as more than 1,000 people involved in its crime. This crime background is quite similar to “shadow brokers”.
Originally, the South African bank was hacked and they stole a cash at ATMs from their banking accounts, as they decrypted the code which this bank employed for a transaction. The basic skill-set was a hacking and decryption. It was highly likely for the global crime organization to hire the Japanese crime infrastructure for its monetization. This background is totally the same as this crime, the auction of NSA hacking tools.
Therefore, there is a possibility that this global organization hacked into the equity group to obtain these hacking tools. However, the equation can also structure the same crime framework, so it does not just mean they were hacked.
There are, surely, other possibilities.
The first different possibility is that shadow brokers really hacked the server and obtained the NSA hacking tools. They are definitely Japanese data brokers, but they might have more hacking capability than originally assumed. Although it is quite doubtful they were able to hack the NSA, but they might obtain the data from the server of the equation group.
As a matter of fact, they mentioned they hacked the equation group, which is possible. If the equation group has halted their activity since 2013, it is likely that they should do so with some reasons. If that is the case, there is a probability that their stolen hacking tools have been hidden in the certain server without enough maintenance.
Under this condition, the shadow brokers might hack the equation group to obtain the tools. This is just a slight possibility but they might obtain them by their own effort, not from the global crime organization.
In this case, their purpose was to show off their capability to the US government, and simultaneously to the equation group. There was no other practical reason why they conducted the crime in this case, which implied the auction was too much, therefore this possibility is unlikely.
Shadow brokers are Japanese data brokers who consist the domestic crime infrastructure and commit a ransomware. This is the main profile of them.
At the same time, this guy can speak English. I am not sure how good he is, but at least they can make himself understood in English and can communicate with foreign criminals. These foreigners are highly likely related to the equation group and are highly likely to hire the Japanese data broker to disguise their identities.
The shadow brokers have a skill-set to hack the corporate server, but I doubt they can sneak into the NSA server. It is more like they obtained the data from others, though their action was a total breach of the national security and it is assumed to be a felony. Japanese police should have an interest in them, but also the CIA and FBI should come to Japan to investigate them.
I am not sure how many data brokers are in practice in Japan, but there are limited number of players holding a capability of hacking and ransomware. I assume Japanese authority can narrow down the suspect within ten probabilities. When they have registered as the private investigator in Japan, the police know who they are at least. It is necessary to register as such to conduct a private investigation in Japan, which is applicable to the data broker if they would like to sell their product in the consumer market.
One more addition, but the member of this global crime organization have likely visited Japan and knew the brokers’ English capability through the conversation. If we can catch shadow brokers, we can tail others as well.