The hacker group the Shadow Brokers released files Monday alleging to show which foreign governments and organizations were under surveillance by the National Security Agency.
The Shadow Brokers directly asked the U.S. government to pay for the remaining files to be returned.
“How bad do you want it to get? When you are ready to make the bleeding stop, payus, so we can move onto the next game. The game where you try to catch us cashing out!” the Shadow Brokers wrote in their latest message.
The Shadow Brokers, which previously released and attempted to sell NSA cyber warfare tools online, claim that the NSA’s hacking team, the Equation Group, targeted Chinese servers and universities in Pakistan and Saudi Arabia.
The Shadow Brokers labeled the latest folder of files “trickortreat” with the password “payus.”
The new files appear to be from 2000 to 2010, with domain names and addresses that link to countries including Russia, Japan, Hungary, Germany, and alleged targets such as the counselor’s office of the Chinese state council, the King Abdulaziz City for Science and Technology in Saudi Arabia, and the Fatima Jinnah Medical University in Pakistan.
There were nine .gov sites on the list, five of which were located in China. Thirty-two of the 306 domain names were educational institutions in China and Taiwan.
Many of the targeted servers were run by Solaris, an operating system now owned by Oracle.
Neither Oracle nor the NSA released a response at the time this article was published.
Although the files appear to be authentic, the unusual behaviors that accompany the data releases threaten the Shadow Brokers’ credibility such as the messages in broken English, the method for auctioning the previous file dump, and a call for Americans to disrupt the presidential election.
“On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016,” the Shadow Brokers wrote.