Shadow Brokers Launch Zero-Day Exploit Subscriptions For $21K Per Month; Act Of Desperation?, Shot In The Digital Dark?
Swati Khandelwal writing on the May 29, 2017 edition of The HackerNews.com, that “the infamous hacking group, the Shadow Brokers, is back with more information on how to subscribe, and become a private member for receiving exclusive access for future leaks.” Shadow Brokers of course, is the group that has been selling, and/or, attempting to sell purloined NSA hacking tools for the past year or so. Ms. Khandelwal writes that it was Shadow Brokers online sale of “NSA’s Windows hacking tools and zero-day exploits, that led to the WannaCry,” ransomware outbreak. Shadow Brokers previously announced that “it would only sell new, zero-day exploits and hacking tools to individuals who pay to join a monthly subscription service.
Shadow Brokers posted details Tuesday, “about how to participate in the monthly subscription model — or, the ‘Wine Of The Month Club,’ as the group called it,” Ms. Khandelwal wrote, and Shadow Brokers posted that you would be required to join/purchase a monthly subscription service, “to get exclusive access to the upcoming leaks each month starting in June,” or this Thursday.
Shadow Brokers posted instructions for their potential customers, which “included a delivery email address, in the encrypted memo field,” the Hacker News reported. The Shadow Brokers said they were keeping the subscription “expensive; because, the [their] data dump has been [and is] intended for hackers, [cyber] security companies, government, and original equipment manufacturers (OEMs). If you care about losing $20K+ Euro[s] — then [this may not be] being for you.”
Shadow Brokers posted that their June data dump would include: “Exploits for operating systems, including Windows 10; Exploits for web browsers, routers, and smartphones; Compromised data from banks and SWIFT providers; and, Stolen network information from Russian, Chinese, Iranian, and North Korean nuclear missile programs.”
Ms. Khandelwal writes “keeping in mind the last disaster [release of WannaCry ransomware] caused due to the leaked NSA exploits [hacking tools], it would not be wrong if [cyber] security companies buy the June dump for $21k per month; and, secure their products before hackers get their hands on new, zero-day exploits to wreak havoc [on their own systems] across the world.”
There is no guarantee that the group really has any new, sophisticated hacking tools and zero-day exploits; and, anyone/company who does sign up for a $21k monthly subscription, runs the risk that this latest Shadow Brokers offer is nothing more than a last act of attempting to collect as much money as it can before attempting to disappear. If however, the upcoming June release is authentic, the companies, governments, others may well find themselves digital victims of WannaCry ransomware 2.0. But, paying Shadow Brokers could also be construed by some, if not many, of paying a digital kidnapper. “It certainly creates a moral issue for me,” said Matthew Hickey, Co-Founder of the [cyber] security firm, Hacker House, in an interview with Ars Technica’s Dan Goodin. “Endorsing criminal conduct by paying, would be the wrong message to send. Equally, I think $21K is a small price to pay to avoid another WannaCry situation; and, I am sure many of its victims would agree with that sentiment.”
Mr. Goodin, writing in the May 30, 2017 online edition of Ars Technica, noted the Shadow Broker’s Tuesday post recommended options for paying the monthly $21K fee — including a digital “wallet address for sending a payment in Zcash, a form of crypto-currency that’s widely believed to be almost impossible to track. Those who send 100 Zcash coins — worth about $21K at the moment — from June 1 to June 30, will receive an email in the first half of July, with a link and a password needed [required in order] to receive the next release,” of zero-day exploits, Mr. Goodin noted. Those who don’t pay, won’t receive anything — except maybe a new ransomware virus.
Many seasoned, cyber security experts do not believe that the Shadow Brokers real motive is to make money, Mr. Goodin wrote; but rather, is designed to “annoy, or damage the NSA; and, disrupt its spying activities.” The Shadow Brokers “are foreign intelligence, and the continued requests for money are all geared towards plausible deniability that they [really] are [an] intelligence [entity],” said Jake Williams, Founder of Rendition InfoSec, in an interview with Ars Technica. “A former employee who worked for the NSA’s elite, Tailored Access Operations (TAO) Division/Hacking Unit, until 2013, Williams has long speculated that the Shadow Brokers is a group closely aligned with Russian government officials,” Mr. Goodin wrote. “The group is attempting to counter actions former POTUS Obama took in response to U.S. intelligence reports that Russian hackers meddled in the 2016 Presidential election,” and the subsequent fallout here in the United States.
“If [Shadow Brokers] demonstrate that the U.S. is also performing Nation State hacking by burning our tools, they accomplish two things: normalization of the activity, and disruption of future NSA activity,” Mr. Williams said. “The repeated calls for people to purchase the stolen NSA [hacking] tools,” Mr. Williams contends, “are smokescreens designed to raise questions about ‘are the [these] guys really a nation-state. If they come out and say: ‘we are Russian hackers, we are hurting you more,’ [and] that hurts their narrative. Then we say, ‘look at the big, bad Russians continuing to interfere.”
“For an anonymous hacking group, the Shadow Brokers have, so far, an unusually reliable record of delivering on earlier threats,” Mr. Goodin wrote. “Then again,” he adds, “there may be reason to believe that the mysterious group may finally be nearing the exhaustion of its cache of stolen [offensive cyber] weapons. Around the same time Tuesday’s post was published, the Shadow Brokers moved 24K Bitcoins it made in previous auctions — to a series of new [digital] wallets; presumably, in an attempt to obfuscate where they ultimately wind up. Some [cyber] security researchers have taken the move as a sign the Shadow Brokers are tying up lose ends now, before it becomes common knowledge that their cache of NSA exploits have dried up.”
“The take-away from all this,” Mr. Goodin contends, is that “the Shadow Brokers are forcing a gamble on [the cyber security] white-hats with previously unimaginable risks. Perhaps the least distasteful option, is for the white-hats to agree to pay a single subscription fee; and, share any proceeds as widely as possible. NSA officials should also strongly consider reporting as many of the underlying vulnerabilities in its arsenal as possible.”
In conclusion, Mr. Goodin does not recommend calling the Shadow Broker’s bluff. “The price for completely boycotting the auction is the very real possibility of being caught flat-footed in a malware outbreak that could rival the one brought about by WannaCry,” which infected some 200,000 computers/devices in 150 countries within about a 36 hour time-frame. “The almost equally unattractive alternative is to pay the fee, and live with the knowledge that the move is precisely what the group has been seeking all along — while possibly risking that the group won’t deliver, or release the new exploits as promised.”
If I were forced to take a stand on this, my guess would be that this June/July cache of purloined NSA hacking tools will be the Shadow Brokers last hurrah — at least with this particular set of NSA hacking tools. My guess would be that the Shadow Brokers will try and collect as many Bitcoins as possible before they try and launder the money through a complicated maze of offshore banking institutions. And, if the group is linked to Russia, then they are probably going to have little trouble finding willing financial entities — as long as Putin gets his cut. It is too bad we do not yet have the equivalent of exploding dye we utilize for paper money/dollars. We need to figure out a way to have digital tags on Bitcoins and other digital coinage, that would allow a nation or law enforcement entity to digitally track illicit transactions. But, besides whether or not we could develop the technology to do that — I do not know what the pros and cons of doing that might be, nor what some of the unintended consequences might look like. V/R, RCP