The Shadow Brokers ZeroNet website analysis
ZeroNet
ZeroNet is a decentralized web-like network of peer-to-peer users. Instead of having an IP address, sites are identified by a public key (specifically a bitcoin address). The private key allows the owner of a site to sign and publish change, which propagate through the network. Sites can be accessed through an ordinary web browser when using the ZeroNet application, which acts as a local webhost for such pages. In addition to using bitcoin cryptography, ZeroNet uses trackers from the BitTorrent network to negotiate connections between peers. ZeroNet is not anonymous by default, but users can hide their IP address by using the built in Tor-functionality. (Wikipédia)
Creation
It is not clear when the theshadowbrokers.bit site was created. The first mention I found came from a post on @CleetusBocefus Medium on 2016-12-14 10:35:03 UTC.
Source: https://medium.com/@CleetusBocefus/are-the-shadow-brokers-selling-nsa-tools-on-zeronet-6c335891d62a
Appearance
The site uses a basic ZeroNet template.
Communications
As mentioned above, this site using the ZeroNet network to operate is called “peer-to-peer” i.e. as long as there is a connected host with the site in memory, it will continue to be present on the network. This site was used by The Shadow Brokers to counter censorship against them.
| ID | Resource | Mirror |
|---|---|---|
| 1 | Contact | http://archive.is/W8ate |
| 2 | Post | https://archive.is/H6Lko |
| 3 | Message1 | http://archive.is/e98Jn |
| 4 | Message2 | http://archive.is/SENl6 |
| 5 | Message3 | http://archive.is/u6MX8 |
| 6 | Message4 | http://archive.is/knrMQ |
| 7 | Message5 | http://archive.is/msLOe |
| 8 | Message6 | http://archive.is/nvqOV |
| 9 | Message7 | http://archive.is/rZROU |
| 10 | MessageFinale | https://archive.is/QrKhT |
| 11 | Unix | http://archive.is/gmlqy |
| 12 | Windows | http://archive.is/fwVz9 |
N.B.: A complete backup of all these messages is available in Archive folder.
Website Internal architecture
Using site stills which are still available, as well as screenshots I found, I reproduced a tree diagram of the site.
Files hosted
The Shadow Brokers has hosted files, most of which are messages or screenshots. All these files have been signed with a PGP key also available on ZeroNet.
-
public_key.asc The Shadow Brokers PGP Key
-
august_announcement.txt.asc Signed Message
-
unix_screenshots.zip Archive
-
unix_screenshots.zip.sig Archive sign
-
unix_warez.zip Archive
-
unix_warez.zip.sig Archive sign
-
windows_screenshots.zip Archive
-
windows_screenshots.zip.sig Archive sign
-
windows_warez.zip Archive
-
windows_warez.zip.sig Archive sign
-
trickortreat.tar.xz.gpg Archive
-
trickortreat.tar.xz.gpg.sig Archive sign
-
Screenshots.zip Archive
-
Screenshots.zip.sig Archive sign
-
equation_drug.tar.xz.gpg Archive
-
equation_drug.tar.xz.gpg.sig Archive sign
-
equation_drug_hashes.txt Message
-
equation_drug_hashes.txt.sig Signed Message