After WannaCry, the Shadow Brokers promise to unleash more NSA exploits soon

Joanna Estrada
May 21, 2017

Each month peoples can be paying a membership fee, then getting members only data dump each month.

Marcy Wheeler, a longtime independent researcher, said in a blog post of her own Tuesday that the Shadow Brokers' post "brings the hammer" down both on Microsoft, whose products could be affected by any further leaks, and the National Security Agency, whose information the Shadow Brokers leaked in April.

The group additionally claims to possess data on providers of SWIFT - the messaging system used for global wire transfers - and central banks. All indications point to this data is legitimate.

The US government said it seized 50 terabytes of confidential data from Martin's home which was stolen from the NSA and other intelligence agencies. The SWIFT release, on the other hand, is most likely the internal, Internet-connected workstation of a Texas NSA analyst because it consists entirely of operational notes and an in-progress slide deck detailing the operation.

Even the April release of NSA exploits is not close to exhausted, according to several cyber specialists.

The Shadow Brokers had originally tried to sell the stolen tools in an auction but backed down after receiving no bidders. Although this could be a hoax, assuming it is legitimate, it should raise serious alarm bells.

Tuesday's article doesn't say when NSA officials tipped off Microsoft. "The oracle" told us that North Korea is responsible for WannaCry.

The group says that it posted screenshots in January of a "2013 Windows Ops Disk" belonging to the Equation Group. Remember the "Wormable Zero Day" that Project Zero uncovered? The fact that the WannaCry attack has persisted as long as it has is an indication of the refusal of many people globally to update and protect their systems, despite the risks. How do they expect their newly proposed "monthly subscription" plan work when the previous one fell flat on its face?

Using another exploit, called EternalBlue, attackers began targeting vulnerable machines with a self-replicating software "worm" that locked files and posted a ransom demand.

Careful analysis of the Shadow Brokers' previous data dumps has left little doubt that the group somehow gained access to troves of sensitive US government information. So what does the threat entail, exactly?

Exploits for web browsers, routers, and mobile devices. The private disclosure led to a patch that was issued in March. A good example is the Firefox exploit used by a European police agency with the FBI's NIT: in less than a week, it turned from something impacting millions of computers to one affecting nearly zero as Firefox browsers updated around the world. Oracle patched "huge number of vulnerabilities".

It was claimed by anonymous insiders earlier this week that the spy agency had been forced to warn Microsoft of the EternalBlue Windows exploit it developed after it was stolen by Shadow Brokers. It also alleges that Microsoft colluding with The Equation Group - "the Microsoft is being BFF with the equation group" - the NSA's hacking group, and that the NSA has spies inside of Microsoft and other top USA technology companies.

The Shadow Brokers' latest attempts to make money from its trove of exploits could be described as an "exploit-as-a-service" offering, or as described by the group, a sort of "wine of the month club".

Other reports by Click Lancashire

Discuss This Article