The Shadow Brokers first exited the stable with what seemed like overwhelming potential for disaster. They stole hacking tools from a group that claimed to have stolen them from the NSA. They tried to sell those twice-stolen tools. And then they failed and went underground. Then, in a strange turn of events, someone found them on the ZeroNet, selling the packages one-by-one.
Fast forward to modern day, shortly after one of the world’s largest cyber attacks ever seen, the Shadow Brokers surfaced again. This time, they announced a new method of dumping the cyber weaponry on the public: an “exploit of the month” club, if you will. Of course, the Shadow Brokers used different terminology. Yet, the analogy to a “wine of the month club” came unexpectedly.
The Brokers, in their latest blog post, “OH LORDY! Comey Wanna Cry Edition,” attempted to clear the air. And name their newest business venture, the “TheShadowBrokers Data Dump of the Month.” From their post:
“In June, TheShadowBrokers is announcing “TheShadowBrokers Data Dump of the Month” service. TheShadowBrokers is launching new monthly subscription model. Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members.”
They reassuringly announced what the month-to-month plan might yield. Exploits and tools for browsers, routers, and handsets; “newer exploits for Windows 10;” banking data in the form of the Swift identification codes (basically a universal bank interaction system for transfers between accounts and similar activities); and another listing, something somewhat out of left-field—Russian, Iranian, Chinese, and North Korean missile networking data.
Gigamon’s Kevin Magee suggested that since “the recent WannaCry outbreak was enabled by an exploit released by them, they’ve proven to the cybercrime market that they can deliver the goods.” He added, “[p]erhaps they are simply looking to capitalize on the media frenzy, cash in on all of this free publicity and monetize their future releases.”
Given the majority of the “OH LORDY! Comey Wanna Cry Edition” update focused on how nobody bought their wares before and how successful WannaCry was, Magee’s theory was not unlikely. The entity pulled a stunt where they came out many of the potential buyers of their stolen good, including the Equation Group. The Shadow Brokers reprimanded the original thieves for not buying back the stolen NSA exploits.
Some of the States and companies cashed out for being “bullshit security companies” were the following: Russia, China, Iran, and Korea. NATO too. And for the companies: Cisco, Intel, Microsoft, Google, Apple, along with “any other bullshit security companies didn’t bid in auction.”
Unedited as to not alter the message: “TheShadowBrokers is not being interested in stealing grandmothers’ retirement money. This is always about theshadowbrokers vs theequationgroup.”
Jeremy Wittkop of InteliSecure wrote that we might be on the verge of a dramatic shift in the cybercrime world:
“I think we are seeing just the beginning of the democratization of high-end cyber weapons and vulnerabilities. It’s easier than ever to get your hands on weapons-grade cyber exploits, which means all defenders need to be prepared to deal with sophisticated attacks, not just those targeted by nation-states.”
The Shadow Brokers failed at their first sale. They asked for $500 million dollars in bitcoins for the entirety of the dump. And their second power-play struggled for recognition as well, even though some tools went for as low as $200,000. But, riding in on the wave of of destruction from WannaCry, they may finally grab a chance to sell a handful of monthly subscriptions.