The first StrictlyVC of 2026 hits SF on April 30. Tickets are going fast. Register now.
Get Disrupt Early Bird savings of up to $410 by May 29, 11:59 p.m. PT. Register now.
TechCrunch Desktop Logo TechCrunch Mobile Logo Latest Startups Venture Apple Security AI Apps Events Podcasts Newsletters Search Submit Site Search Toggle Mega Menu Toggle Topics Latest
Ghost hackers: the cybersecurity mystery that nobody has solved Lorenzo Franceschi-Bicchierai 8:27 AM PDT · May 26, 2026 In the long history of hacking, there have been numerous data breaches that, years or even decades later, remain unsolved. Countless hackers and hacking groups behind them have never been unmasked.
But prolific hacking groups do get caught. This is true whether they’re cybercriminals such as LAPSUS$, a notorious extortion gang that compromised companies such as Microsoft and Nvidia and that have had multiple members arrested, or sophisticated government hacking groups from Russia and China, whose members have been named, indicted, and placed on most-wanted lists.
Still, some of the most fascinating cases in cybersecurity history remain wide open — no culprits, no answers, and in some cases, not even a clear motive. We decided to revisit several of them in a series of articles, starting with one of the strangest episodes in the history of intelligence leaks.
The first installment centers on the Shadow Brokers — an enigmatic group that surfaced online, dumped a trove of hacking tools believed to belong to the NSA, and then vanished.
In the summer of 2016, in the midst of the Russian hacks related to the U.S. presidential elections, the group appeared on Twitter . They linked to a Pastebin post and @-mentioned several news outlets — a strange, ineffective strategy that meant most of those outlets likely never saw the tweets.
But if anyone had clicked on the link, they would have seen a document titled “Equation Group Cyber Weapons Auction — Invitation” — a reference to the shadowy hacking operation widely believed to be run by the NSA.
“!!! Attention government sponsors of cyber warfare and those who profit from it !!!! How much you pay for enemies’ cyber weapons?” the hackers wrote, claiming to have hacked the Equation Group.
The document included links to download some hacking tools, as well as a link to download an encrypted file that interested buyers could decrypt by making a bid. “Auction files better than Stuxnet,” they wrote, referring to the famous malware used against Iranian nuclear facilities in a U.S.-Israeli cyberattack in 2007. They asked for at least 1 million Bitcoin .
The leak quickly attracted press coverage. Once security researchers analyzed the tools, they realized these were exceptionally sophisticated cyberweapons, very likely stolen from the NSA — a suspicion bolstered by the fact that some shared names with programs revealed by NSA whistleblower Edward Snowden.
The auction was likely a ruse, since the group eventually dumped many of the tools publicly months later. Much about the Shadow Brokers made little sense. Their broken English was almost comical, as if they were either trying too hard or deliberately signaling the artifice. Despite clearly seeking attention — and getting plenty of press coverage — the group only spoke to a journalist once, giving a brief interview to 404 Media’s Joseph Cox, then a reporter at VICE Motherboard.
Ten years later, we know literally nothing about who was behind the Shadow Brokers persona. Cox and I interviewed former NSA staffers at the time, who said an NSA insider or former insider could be involved. But nobody has ever been arrested and charged — extraordinary, given this was arguably one of the worst leaks of U.S. intelligence hacking tools ever.
One potential suspect was Harold T. Martin III, an NSA contractor arrested for stealing classified information from the agency. But the theory has a problem: While Martin was in custody, the Shadow Brokers remained active online. He has never been formally charged in connection with the leaks. The most widely credited theory is that the Shadow Brokers were created by a Russian government spy group as a propaganda tool.
___________________________________________________________________________________________________________
-- --
PLEASE LIKE IF YOU FOUND THIS HELPFUL TO SUPPORT OUR FORUM.
