Having failed to win big rewards for the stolen National Security Agency (NSA) hacking tools it auctioned last year, the Shadow Brokers hacking group is now trying to cash in on what credibility it might have left through a new monthly dumping service that accepts Zcash. The group has tried…
Having failed to win big rewards for the stolen National Security Agency (NSA) hacking tools it auctioned last year, the Shadow Brokers hacking group is now trying to cash in on what credibility it might have left through a new monthly dumping service that accepts Zcash.
The group has tried holding a public auction, a crowdfunding campaign and selling individual exploits.
Shadow Brokers now wants to see if people will pay a monthly fee for a dump of exploits. They promised the following data and tools in mid-May:
• Mobile handset tools and exploits
• Compromised data from central banks and SWIFT providers,
• Route exploits
• New Ops Disks items
• Web browser exploits
• Compromised data from Chinese, North Korean, Iranian or Russian missile programs and nukes
Shadow Brokers posted a Q&A message to give more information on its monthly dumping service. It gives a Zcash address on how to subscribe and get the next dump. It explains how to use a delivery email address in the encrypted memo field when sending Zcash, and it states that a mass email will have a link and password for the dump.
The group wants 100 Zcash, around $22,000, for this service at the present time.
Zcash is harder to track than bitcoin. It would circumvent the complexities the group faced when it recently moved bitcoin from its previous operations through a bitcoin mixing service to shield the identity of the recipient. Zcash hides the sender’s address, enabling funds to travel with less visibility through the blockchain.
Paradoxically, Shadow Brokers diminished Zcash by saying it has connections to Israeli and U.S. intelligence, according to Bleeping Computer.
Experts noted that such a senseless attack on Zcash, emptying its bitcoin wallet and the lack of demonstrated exploits indicates the group does not have the exploits and is trying to make another cash grab.
In announcing its presence last year, Shadow Brokers released exploits to prove they possessed the NSA hacking tools. They now acknowledge the tools they announced have been released.
What they now claim to offer has not been mentioned prior to mid-May following the WannaCry attack.
At that time, Shadow Brokers announced a “data dump of the month” service. But unlike its first announcement, it did not produce any demo files to substantiate its claims. Instead, it took credit for Microsoft patching zero-days.
The group implied that since they posted a screenshot with some of their hacking tools, the NSA saw what they lost and advised Microsoft of the zero-days, after which Microsoft canceled February’s Patch Tuesday to work on patches it delivered in March. The patches included MS17-010, which has a fix for the SMB exploit the Shadow Brokers leaked in April that was used by the WannaCry ransomware.
Iliasse Sdiqui, an analyst at Delma Institute, said the group does not have much to show in regard to content. By moving to Zcash and then denouncing it, the group diverts attention from the fact that it has released no evidence of new exploits.
The WannaCry ransomware might have created an opportunity for the Shadow Brokers. Kryptos Research said in a blog that the number of affected systems could involve as many as 16 million infections.
By using crowdfunding, some cyber security firms could be interested in the service in order to analyze data and have patches ready before another WannaCry attack occurs, according to Networkworld.com.
Hacker House and FSecure’s Hypponen told the BBC they were considering using the dump service, according to Networkworld.
Featured image from Shutterstock.
Last modified: January 25, 2020 12:10 AM UTC