The Shadow Brokers, they of the NSA hacking tools leak, have announced plans to institute a monthly subscription for new exploits.
The “exploits-as-a-service” offering will go for 100 Zcash per month, which is a cryptocurrency. That translates at the time of writing to approximately $28,000. The Shadow Brokers are claiming a raft of evil goodies (baddies?), including: Web browser exploits, router exploits, mobile handset exploits and tools, items from newer Ops Disks, exploits for Windows 10, compromised network data from more SWIFT providers and central banks, and compromised network data from Russian, Chinese, Iranian or North Korean nukes and missile programs. The group previously also warned of a June data dump for yet more NSA hacking tools.
If that seems like an outsized claim, you’re not alone in thinking that. Gabriel Gumbs, vice president of product strategy at STEALTHbits Technologies, questions why, if it possesses such tools, Shadow Brokers doesn’t simply use them itself, especially if it does indeed have compromised SWIFT network data.
“Zero-day exploits still do not account for the majority of successful breach attack vectors, and they are, relatively speaking, already quite populous in both the dark and open web; comprised SWIFT networks on the other hand are what led to the $80m dollar digital heist last year that would have been $1bn if not for a mere typo. So why would a group of hackers need to peddle exploits and the like if they have, at their disposal, the means to steal untold amount of money? I for one am very skeptical of the group and their motives.”
However, as the group demonstrated with its very real dump of NSA hacking tools, they have made good on threats in the past and some say it’s worth taking seriously.
"The whole situation is really scary,” said Csaba Krasznay, product evangelist at Balabit, in an email. “On one hand, if the exploits are really existing and someone (or multiple parties) buys them, we may be faced with another Wannacry campaign as we can be sure that the buyer(s) will monetize those exploits. On the other hand, if the whole story is not true, Shadow Brokers' questionable ‘reputation’ may suffer [further], and it may seek to prove trustworthiness in another destructive way. Whatever the truth is, it is clear now that the governments should handle their cyberweapons in ways similar to the handling of their weapons of mass destruction.”
He added, “Those codes shouldn't get to a Shadow Broker-like group, and this is a governmental responsibility."
This is the latest “business model” that the group has tried out. It has had varying success with auctions and direct sales in the past, where it asked for millions in both cases.
“None of the past models has generated any revenue for them, neither from government agencies interested in offensive security nor from security companies trying to build protections,” said Mounir Hahad, senior director at Cyphort Labs, via email. “I suspect this new model will have better success given the price tag is much lower. My concern would be with rogue entities like cybercrime groups which now would have a more affordable access to weapons of choice. Some not-so-well funded foreign governments may dip their toes in as well.”
It’s also possible that security firms themselves will subscribe to the service in order to analyze and patch the issues, though the ethics of doing so are murky at best.
STEALTHbits, incidentally, has issued a free Shadow Brokers Vulnerability Utility that helps organizations determine their risk exposure to known Shadow Broker exploits such as the WannaCry ransomware.