The group of hackers that released the Windows SMB (Server Message Block) Eternal Blue used in last weekend’s massive international cyberattack has announced their plans to release even more devastating tools this summer.
On Wednesday the Shadow Brokers announced that in June they would begin charging “monthly dues” for new hacking tools that are potentially more dangerous than those used in the WannaCry ransomware attack that affected computers in 150 countries.
The monthly subscription service will offer members top secret information including “compromised network data” from the nuclear and ballistic missile programs of Russia, China, North Korea and Iran.
The group’s monthly data dump could also include hacking exploits for web browsers, routers, and operating systems including Windows 10.
“TheShadowBrokers Data Dump of the Month” is a new monthly subscription model, the group said. Payment will likely be made in the cryptocurrency Bitcoin given the group’s ransom demands in previous cyber attacks.
The group also promised to include compromised financial data from the SWIFT international payment order system, used by banks to transfer trillions of dollars each day, as well as confidential data from several central banks.
Jerusalem Online quoted Roni Bachar of the US-based Cybersecurity firm Avnet saying,
“In the first stage, the group wanted to create [a level of] trust among the hacker community and thus it released a small sample, which caused the global panic we saw last weekend …
But I believe that the security companies, Microsoft and the others, will purchase the tools in order to research them and develop suitable protection.”
In a blog post published Tuesday, titled, ‘Oh Lordy! Comey Wanna Cry Edition’ the group accused the NSA of paying Microsoft to keep vulnerabilities in its software.
“The ShadowBrokers is feeling like being very responsible party about Windows dump,” Shadow Brokers wrote in the blog, in its usual bizarre dialect.
The group is responsible for the release of the National Security Agency’s (NSA) hacking exploits which highlighted a Windows vulnerability used by hackers in the recent WannaCry global ransomware attack.
It isn’t clear where the Shadow Brokers got the NSA hacking tools, but the arrest of former NSA contractor Harold T. Martin III last August for stealing a massive amount of data has made him the most likely suspect.
Former NSA officials have claimed the Shadow Brokers’ tools are “identical” to those taken by Martin, reports The Washington Post.
The US government said it seized 50 terabytes of confidential data from Martin’s home which was stolen from the NSA and other intelligence agencies. A veteran contractor, Martin had access to classified information as part of his work in the intelligence-gathering division of the NSA named Tailored Access Operations.
He has been in custody since his arrest and is facing espionage charges. Another NSA employee was also arrested in 2015, but no information has been released about the individual.
Shadow Brokers first emerged last August, offering to auction hacking exploits it said were used by the NSA’s elite hacking team known as Equation Group (officially named Tailored Access Operations). NSA whistleblower Edward Snowden and others confirmed the leak was authentic.
In December, Shadow Brokers cancelled its auction and offered to sell the exploits.
In April, the group released passwords to the rest of the hacking exploits in a move described as a protest against President Donald Trump for abandoning his base.
The release included a Windows SMB [Server Message Block] exploit, EternalBlue, which was leveraged in the recent WannaCry global ransomware attack.
In its Tuesday blog post, the group expressed its surprise that governments or tech companies didn’t bid in its past auctions.
It said is has always been about “the shadowbrokers vs theequation group,” and implied the NSA is a cohort of tech companies like Microsoft.
The Shadow Brokers said it decided to share screenshots from the NSA Equation Group’s lost 2013 Windows Ops Disk in January, with the understanding that the Equation Group would then tell Microsoft and the vulnerability would be patched.
The shadowy hacking group claimed that Microsoft released its vulnerability patch in March while also alleging that the Equation Group was paying US tech companies not to patch vulnerabilities.
“TheEquationGroup is having spies inside Microsoft and other U.S. technology companies. Unwitting HUMINT[Human Intelligence],” the group claimed in its blog.
“TheEquationGroup is having former employees working in high up security jobs at U.S. Technology companies. Witting HUMINT. Russian, China, Iran, Israel intelligence all doing same at global tech companies.”
Shadow Brokers finished its post saying if a responsible party were to buy “all lost data before it is being sold to the peoples”then the group would have no more financial incentives and would “go dark permanently.”