Monthly subscription for 0-Day vulnerabilities stolen from the NSA - What challenges for the group of hackers The Shadow Brokers?
Taking advantage of a well-known reputation following the worldwide cyber attack WannaCry, the hacker group The Shadow Brokers announced the opening of an online store, operating on the principle of the monthly subscription, in order to sell new stolen exploits to the NSA. In addition to questions concerning the veracity of the exploits held by the group of pirates, there are questions concerning the buyers of these exploits: governments, companies, hackers, who, to subscribe to such a subscription, the anonymity of which is guaranteed by the use of Zcash and Monero cryptocurrencies.
Also Read: http://blogdirectory.freeblog.biz/all-about-cyber-threats-and-cyber-secu...
The hacker group launched a monthly subscription service, dubbed “Data Dump of the Month”, promising members access to NSA hacking tools when they claimed to be in possession of 75% of the cyber arsenal American, as well as data stolen from the Swift banking network and various central banks, or data relating to nuclear weapons programs from different countries: Russia, China, Iran and North Korea. The € 22,000 that the monthly subscription costs must be paid via the Zcash and Monero cryptocurrencies.But should this new economic model, touted by the group of pirates, be taken seriously?
Should they really be feared?
Looking back on a year of action
August 2016: The group of pirates acquires worldwide notoriety
Shadow Brokers became known worldwide by announcing that they were in possession of hacking tools - stolen from the Equation Group, a cyber-espionage computer group linked to the National Security Agency (NSA) - and by offering them for sale at auction. But, despite documents supposed to contain many 0-day flaws, data concerning surveillance programs, nuclear programs, missile plans, etc., they will only draw 10 bitcoins and therefore will not disclose the documents facing the low bids.
January, March, April 2017: Communication campaign of the pirate group
During the first quarter of 2017, the hacker group released screenshots of Windows hacking tools for free to prove that it is not just a scam.
March 2017: Microsoft Security Bulletin Microsoft Bulletin MS-17-010
Microsoft urgently provides a security patch for the recent version of the OS, and issues a press release in the Microsoft bulletin MS-17-010 dated March 14, 2017.
April 2017: Eternalblue exploit made public by hackers
The hacker group releases the exploit called Eternalblue which is based on the vulnerability of the SMB server on Windows and Windows Server systems. Discovered by the NSA, the latter is a program element allowing an individual or malware to exploit a computer security breach in an operating system or software.
May 2017: Wannacry consolidates the reputation of this criminal organization
The Eternalblue exploit is reused by hackers to launch the worldwide WannaCry cyber attack. Shadow Brokers are once again gaining media visibility, and take the opportunity to announce the launch of their monthly subscription.
May 2017: The Group opens its “Data Dump of the Month” online store
The hackers launched a monthly subscription service, dubbed “Data Dump of the Month”, promising its members access to NSA hacking tools when they claimed to be in possession of 75% of the US cyber arsenal, as well as data stolen from the Swift banking network and various central banks, or data relating to nuclear weapons programs from different countries: Russia, China, Iran and North Korea. The € 22,000 that the monthly subscription costs must be paid via the Zcash and Monero cryptocurrencies.
From a fledgling strategy, to media poker stunt?
The Shadow Brokers' first failure testifies to the difficulty of finding buyers for the hacking tools stolen from a government agency, especially when it comes to the NSA. The hacker group did not hesitate to accuse in a note the NSA and the companies of the data-processing sector not to have bought the stolen information and to be thus partly responsible for WannaCry.
With hindsight, we can now analyse the Shadow Brokers' media strategy.
If it was difficult at first reading to understand why the group of hackers had made available for free on the web the hacking tools stolen from the NSA, the distance allows us today to understand that the group probably considered that hackers would be tempted to use these tools if some of them were put online for free. While the group boasts of being in possession of 75% of the NSA cyber arsenal, the media coverage obtained following the wave of cyber attack WannaCry seems to be the opportunity that the group was waiting for to resell the vulnerabilities and secret information that he holds. The group is now recognized and the tools in their possession are now taken seriously.
Also Read: http://hacking-courses.launchrock.com/
Who will dare to subscribe to the service offered by a pirate entity?
Two researchers recognized cyber security and x0rz HackerFantastic, tried to raise the sum of 22,000 € per crowdfunding to subscribe to the offer of Shadow Brokers of June which should be provided between the 1st and July 17, 2017 But ethical and legal questions put an end to this initiative, since information stolen from the NSA comes into play and made public without the consent of the government agency. Any buyer who subscribes to the service provided by Shadow Brokers is exposed to a real risk from a legal point of view.
Questions therefore remain as to who will take the risk of subscribing to this service. Could some governments not take advantage of this to acquire computer weapons? Couldn't companies be tempted to subscribe to it in order to be able to provide patches to their customers? Will other hackers dare to subscribe to it to reuse the flaws in new large-scale cyber attacks?
If the vulnerabilities revealed by the group in April have proven to be dangerous, will it be the same as those provided by this new service in June? The new economic model used by the pirate group depends on it.
So many questions that will probably be answered in the coming months, one thing is certain, the Shadow brokers have certainly not finished talking about them.