All posts in “Shadow Brokers”

There’s now a crowdfunding campaign to buy stolen hacking tools

"Just a few clicks and it's all mine!"
“Just a few clicks and it’s all mine!”

Image: Getty Images/Cultura RF

It’s quite the dilemma: A nefarious group of hackers plans to sell a cache of stolen National Security Agency exploits, but you can’t quite come up with the cryptocurrency needed to buy it. 

What to do?

Well, if you’re two prominent security researchers, the answer is simple: crowdfund it. That’s right, there’s now a Patreon for buying stolen NSA hacking tools.

But it’s not what you might think. The researchers behind the Patreon campaign, Hacker Fantastic and x0rz, hope that by purchasing the data they will be able to analyze it and possibly prevent another attack like the WannaCry ransomware. 

It all comes back to the Shadow Brokers, the group that dumped a host of exploits in April after ostensibly trying to sell them first. Its members made news again in May when they announced that they not only have more code, but that they intend to launch a subscription service to dole it out.

“TheShadowBrokers is launching new monthly subscription model,” they explained. “Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month.”

It’s a threat that should not be taken lightly. Just a single NSA exploit — EternalBlue — was crucial to the global spread of WannaCry. Imagine a new WannaCry-like worm every time the Shadow Brokers released additional exploits. It would be more than a digital nightmare — people could die

WannaCry is no joke.

WannaCry is no joke.

Image: B. TONGO/EPA/REX/SHUTTERSTOCK

That doesn’t need to happen, however. Hacker Fantastic and x0rz argue that early access to the exploits could provide security researchers time to develop and share fixes for vulnerable code. That’s where the Patreon campaign comes in. 

The Shadow Brokers requested payment in the cryptocurrency Zcash, and the two researchers think paying up is actually the smart move. Why? Because one way or another, those exploits are likely to get out. 

“I think they will eventually dump it to cause mayhem,” confirmed x0rz via Twitter direct message. “So far [the Shadow Brokers] didn’t say they are willing to dump them for free (but we can guess they will).”

X0rz, who declined to provide a real name, went on to note that gaining access “even 48hours before [the dump] can be good for the community” so that “vendors and [Free and open-source software] developers can catch up and fix the vulns.”

This approach is not without its critics. To be sure, giving 100 ZEC (approximately $23,344 at the time of this writing) to unknown criminal elements is not exactly without risk. The Shadow Brokers could use it to fund malicious actions, or at the very least just keep the money and not deliver. 

Hacker Fantastic and x0rz think it’s worth the risk, however. 

Those interested in helping the campaign reach its goal can donate any amount of money, but those who kick $1,300 or more will get direct access to the Shadow Brokers’ exploits as soon as they are released to paying members. 

To prevent some random criminal from using this crowdfunding campaign to gain nation-state level toolkits for his or herself, Hacker Fantastic and x0rz are limiting code sharing to “whitehat ethical hackers” who can prove who they are. So that’s good. 

Meanwhile, the clock is ticking. As the Shadow Brokers’ sale ends June 30, the two researchers have only a month to scrape together the money. Should they fall short, any funds they did collect will be donated. 

But if they succeed? Well, then we all may just have a fighting chance against the next WannaCry. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80178%2f03c26aa7 8a69 4552 b095 864acdbca801

The people behind WannaCry’s security exploits are promising more leaks

Imagine a loot box — but for security exploits.

The people behind the security exploits that powered WannaCry are threatening more leaks. 

The Shadow Brokers — a group that claimed last Saturday (May 13) that they have stolen hacking tools from the National Security Agency (NSA) — said in a blog post that it would set up a “monthly subscription model” for security exploits.

“Is being like wine of month club,” they wrote in broken English. “Each month peoples [sic] can be paying membership fee, then getting members only data dump each month.”

Tools that belonged to the NSA and were found in WannaCry, the ransomware that paralysed much of the world last weekend, were originally released by the Shadow Brokers in April.

The Shadow Brokers said that members can expect to get compromised banking data from SWIFT, a global banking network, newer exploits for Windows 10, and compromised network data from “Russian, Chinese, Iranian or North Korean” nuclear and missile programs.

Revealing data from SWIFT and nuclear programs in Russia, China, Iran or North Korea could disrupt ongoing NSA operations, according to Nicholas Weaver, a staff cybersecurity researcher writing on LawFare

He added that most of the exploits The Shadow Brokers May release are still patchable, though exploits to Android handsets might remain “devastating.”

Financial spying by the NSA is probably the most important and least liberty-infringing bulk-style program possible — and I doubt anyone outside the targeted countries would have a problem with the NSA spying on foreign WMD and missile programs,” Weaver wrote.

This isn’t the first time the group has attempted to sell its exploits and cyber-weaponry.

The Shadow Brokers had originally tried to sell the stolen tools in an auction, but backed down after receiving no bidders. 

“TheShadowBrokers is not being interested in stealing grandmothers’ retirement money,” the group said, adding that the theft has “always” been about the Shadow Brokers versus the Equation Group, a hacking group linked to the NSA. 

The group had also previously put exploits up for sale on ZeroNet for up to 250 bitcoins a piece ($454,815 today) in January, Motherboard reported.

Http%3a%2f%2fcontent.jwplatform.com%2fthumbs%2frdnasjwl

Microsoft: We’ve already patched the Shadow Broker Windows exploits

Windows 10 is fine.
Windows 10 is fine.

Image: miles goscha/mashable

Shadow Brokers’ big Windows gotcha moment for millions of Windows users around the world looks more like a “not so fast.”

Hours after the hacking group, which apparently supports President Donald Trump and has been known to hack for money, dropped a terrifying package of NSA Windows Hacking tools that tapped into potentials vulnerabilities in most known versions of Windows (possibly even Windows 10), Microsoft finally stepped up with some more comforting news about the NSA hacking tools.

“We’ve investigated and confirmed that the exploits disclosed by the Shadow Brokers have already been addressed by previous updates to our supported products. Customers with up-to-date software are already protected.” a Microsoft spokesperson told Mashable overnight.

This news doesn’t entirely sync with what NSA leaker Edward Snowden tweeted yesterday, where he claimed that the exploits affected patched Windows systems.

Microsoft’s blog post on the hack, however, lists nine of the dozen exploits and the exact patches that closed the holes: 

“EternalBlue”: Addressed by MS17-010

“EmeraldThread”: Addressed by MS10-061

“EternalChampion”: Addressed by CVE-2017-0146 & CVE-2017-0147

“ErraticGopher”: Addressed prior to the release of Windows Vista

“EsikmoRoll”: Addressed by MS14-068

“EternalRomance”: Addressed by MS17-010

“EducatedScholar”: Addressed by MS09-050

“EternalSynergy”: Addressed by MS17-010

“EclipsedWing”: Addressed by MS08-067

There are three remaining exploits that, according to Microsoft, do not work on existing Windows systems. “[That] means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk,” notes Phillip Misner, Microsoft Security Response Center  Principal Security Group Manager in the post. 

Misner added that Microsoft supports coordinated vulnerabilities disclosures and reminded those looking for Windows exploits that the company even offers a bug bounty, which means real money if you let Microsoft know about any Windows holes you find.

Note, though, that Microsoft does not mention Windows XP in the post. This 16-year-old operating system is still used by 7.4% of the world’s desktops and could still be at risk.

It’s all just another reminder to dump old systems running legacy Windows and to start accepting Microsoft’s automated Windows updates…like now.

WATCH: Cortana is now part of your Windows 10 setup.