‘Shadow Brokers’ hacker group to offer monthly subscription service
Published Wednesday, May 31, 2017
The Shadow Brokers – a prominent group of hackers who have stolen National Security Agency (NSA) tools – have announced plans to sell further stolen code with a monthly “dump service”.
In April this year, the group released a collection of hacking tools claimed to be stolen from the NSA. One of these tools, EternalBlue – which exploited a vulnerability in the Microsoft Windows operating system – was used as the basis of the worldwide “WannaCry” ransomware attack earlier this month.
The attack affected 300,000 computers, including those belonging to major organisations such as the National Health Service, FedEx and Telefónica. Users were presented with a message explaining that their files had been encrypted, and would be deleted if a ransom was not paid for their return.
It is uncertain who belongs to the Shadow Brokers, although some – including former CIA employee Edward Snowden – speculate that the group could have links to the Russian government, and largely aim to discredit the US government. Cyber security experts believe that despite causing some chaos and embarrassment, the group has so far failed to profit from their work.
In an announcement published online, the Shadow Brokers said that they will release a new batch of stolen code in July. Subscription to their “dump service” will cost 100ZEC (Zcash), approximately $24,000 per month.
Zcash is a cryptocurrency which promises complete privacy for sender and recipient. Previously, the group operated in Bitcoin, but recently emptied their Bitcoin wallet to prepare for the switchover to Zcash. They have said that they may use a different currency for the following month’s dump.
Under this scheme, the buyer will be asked to provide an email address, to which a confirmation email, and link and password to the first dump will be sent.
The dump service will provide the buyer with a “zero-day feed”. Zero-day vulnerabilities are unreported computer vulnerabilities which leave no time for engineers to create patches to defend against attacks exploiting the weakness. The group have said that they have not yet finalised the selection of files that will be available in the first dump.
Following the WannaCry attack, the Shadow Brokers boasted that they had access to tools for breaking into mobile handsets, and Microsoft’s Windows 10 operating system, web browsers and network routers. It has not yet been confirmed that the group is in possession of these tools.
Microsoft has said that it is aware of these claims and is actively monitoring emerging cyber threats.
The attack affected 300,000 computers, including those belonging to major organisations such as the National Health Service, FedEx and Telefónica. Users were presented with a message explaining that their files had been encrypted, and would be deleted if a ransom was not paid for their return.
It is uncertain who belongs to the Shadow Brokers, although some – including former CIA employee Edward Snowden – speculate that the group could have links to the Russian government, and largely aim to discredit the US government. Cyber security experts believe that despite causing some chaos and embarrassment, the group has so far failed to profit from their work.
In an announcement published online, the Shadow Brokers said that they will release a new batch of stolen code in July. Subscription to their “dump service” will cost 100ZEC (Zcash), approximately $24,000 per month.
Under this scheme, the buyer will be asked to provide an email address, to which a confirmation email, and link and password to the first dump will be sent.
The dump service will provide the buyer with a “zero-day feed”. Zero-day vulnerabilities are unreported computer vulnerabilities which leave no time for engineers to create patches to defend against attacks exploiting the weakness. The group have said that they have not yet finalised the selection of files that will be available in the first dump.
Following the WannaCry attack, the Shadow Brokers boasted that they had access to tools for breaking into mobile handsets, and Microsoft’s Windows 10 operating system, web browsers and network routers. It has not yet been confirmed that the group is in possession of these tools.
Microsoft has said that it is aware of these claims and is actively monitoring emerging cyber threats.
No comments: