To arouse interest in the auction, the hackers released samples of programs they said could break into popular firewall software made by companies including Cisco Systems Inc, Juniper Networks Inc and Fortinet Inc.
The companies did not respond to request for comment, nor did the NSA.
Writing in imperfect English, the Shadow Brokers promised in postings on a Tumblr blog that the auctioned material would contain “cyber weapons” developed by the Equation Group, a hacking group that cyber security experts widely believe to be an arm of the NSA.
The Shadow Brokers promised to leak more data to whoever puts in a winning bid, while WikiLeaks claimed to have copies of the source code.
The Shadow Brokers said the programs they will auction will be “better than Stuxnet,” a malicious computer worm widely attributed to the United States and Israel that sabotaged Iran’s nuclear program.
Reuters could not contact the Shadow Brokers or verify their assertions. Some experts who looked at the samples posted on Tumblr said they included programs that had previously been described and therefore were unlikely to cause major damage.
“The data (released so far) appears to be relatively old; some of the programs have already been known for years,” said researcher Claudio Guarnieri, and are unlikely “to cause any significant operational damage.”
Still, they appeared to be genuine tools that might work if flaws have not been addressed. After examining the code released Monday, Matt Suiche, founder of UAE-based security startup Comae Technologies, concluded they looked like "could be used."
Other security experts warned the posting could prove to be a hoax. The group said interested parties had to send funds in advance of winning the auction via Bitcoin currency and would not get their money back if they lost.
Meanwhile, former intelligence worker Edward Snowden said Tuesday the hack was likely a message to the US from Russia.
In a series of messages posted to Twitter, Snowden suggested the leak was the fruit of a Russian attack on an NSA-controlled server and could be aimed at heading off US retaliation over allegations that the Kremlin is interfering in the US electoral process.
"Circumstantial evidence and conventional wisdom indicates Russian responsibility," Snowden said. "This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server. That could have significant foreign policy consequences. Particularly if any of those operations targeted US allies. Particularly if any of those operations targeted elections."
Allegations of Russian subversion have been hotly debated following the hack of the Democratic National Committee, an operation which Democratic politicians, security companies and several outside experts have blamed on the Kremlin. Russian officials have dismissed the claims as paranoid or ridiculous, so the message delivered by Snowden—who resides at an undisclosed location in Moscow under the protection of the Russian government—struck many as significant.
The auction will end at an unspecified time, Shadow Brokers said, encouraging bidders to "keep bidding until we announce winner."
The Associated Press contributed to this report.