A hacker named 1×0123 claims he has the other half of the recently-leaked NSA hacking toolkit for sale — but samples of the dataset are only available if you can figure out his cryptographic puzzle.
On Sunday, the hacker posted on Twitter that he was selling the entire archive of files for $8,000, seemingly undercutting the mysterious “Shadow Brokers” hacking group that leaked one-half of the archive last week at various file-sharing websites with claims of an “auction” for the rest.
It appears that 1×0123 is indeed a hacker who has found and sold security vulnerabilities in the past. Even ex-NSA contractor Edward Snowden praised him in April for finding an issue on the Freedom of the Press website.
But it’s not clear whether the hacker really has the other half of the NSA archive, nor is it clear where he could have obtained it. It’s entirely possible this is an elaborate troll and the encrypted archive 1×0123 is offering contains nothing more than a Rickroll.
Still, he’s been dropping many hints over the past few days of how to access it.
Here’s the first hint, which includes an encrypted web address, directory listing, and file name:
This is what he posted as a screenshot of the supposed directory structure of the files, though it should be noted that these can easily be faked.
Then on Tuesday, he posted another hint. This time, it was a screenshot of the supposed .onion site — only accessible via the Tor browser — with the full address redacted.
2 people where able to solve the puzzle i posted,
NSA exploits dump are ready for download
There are a few things we can discern from what 1×0123 has revealed so far: The site hosting the files is an .onion link and the revealed file name — “EQ_exploits_Fullpack.zip” in the screenshot probably helps in decrypting the letters in the original message. Further, the browser title of “ng crypto” is telling, indicating the software the hacker used to encrypt his message.
This hasn’t really helped us much in figuring it out, but if you get it, please let us know.
After 1×0123 posted his claim, Business Insider reached out to ask for a sample of the data to confirm it was legitimate. Instead, the hacker said the data could not be shared until it’s sold, and added that he does not talk to journalists.
Still, we noted that 1×0123 had spoken with Gizmodo reporter William Turton. 1×0123 claimed he did not share anything with Turton since he didn’t pay him, and hinted that we could get a sample if we paid around $500 to $1000. We declined.
“Money is the key to write an execlusive (sic) article,” 1×0123 told Business Insier.
If the crypto puzzle game doesn’t work out, we’ll just have to wait for WikiLeaks to release the rest, which it also claims to have.
“We had already obtained the archive of NSA cyber weapons released earlier today,” its official Twitter account wrote on Aug. 15. “And will release our own pristine copy in due course.”