The Shadow Brokers
An anonymous group dumped the NSA's offensive toolkit on the public internet, complete with deliberately broken English commentary and pay-per-view auction theatrics.
In August 2016, an entity calling itself The Shadow Brokers appeared simultaneously on Pastebin, Tumblr, and GitHub. It claimed to have stolen the operational toolkit of the Equation Group — a sophisticated state actor that researchers at Kaspersky had previously, by careful technical fingerprinting, linked to the United States National Security Agency.
The Shadow Brokers posted a sample. It was real.
Auctions, dumps, and broken English
What followed across the next year was an unusual public performance: paid "auctions" for the rest of the toolkit denominated in Bitcoin, monthly subscription proposals, and a series of dumps released into the open when the auctions failed. The accompanying text was written in a deliberately broken English that read like a parody of itself.
The leaks included exploits with names — EternalBlue, EternalRomance, EternalChampion, DoublePulsar — that would become household terms in incident response. EternalBlue alone went on to power WannaCry, NotPetya, and years of opportunistic cryptominer worms.
Who, exactly
Attribution remained contested. The leading public theory, never fully confirmed, pointed to a Russian intelligence operation that had recovered the material from a contractor who had taken NSA tools home in violation of policy. A separate strand pointed to an insider; the case of a former NSA contractor named Harold Martin, who had hoarded terabytes of classified material in his home, surfaced shortly after the leaks began.
What the chronicle remembers
The Shadow Brokers is the cleanest case study in why offensive cyber stockpiles are inherently dual-use. The same NSA exploit that defended sensitive operations against adversaries shut down British hospitals once it left American hands. The argument for vulnerability equities has never been the same since.