LONDON — Shadow Brokers, the hacking group responsible for a dump of NSA cyber-weapons and software exploits that were used in Friday’s devastating global cyberattack, claims it intends to leak more stolen data on a monthly basis.
In a blog post, the group said the releases will start in June, and be available to people who pay a “subscription” fee.
It alleges the data could include “compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs,” as well as exploits for Windows 10, handset exploits, and stolen data from central banks.
“In June, TheShadowBrokers is announcing ‘TheShadowBrokers Data Dump of the Month’ service,” they wrote. “TheShadowBrokers is launching new monthly subscription model. Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members.”
The group provided no proof that it holds the data it claims, and it’s possible that it is lying. But either way, it’s a noteworthy statement from the group — alternately berating tech countries and tech companies for not buying its data, and directly attacking Microsoft.
Shadow Brokers’ leaked data is responsible for the WannaCry attack
Starting in 2016, Shadow Brokers has been leaking hacking tools linked to the NSA online. Earlier this year, it dumped more, including exploits targeting Windows computers, after failing to sell them in an online auction.
These were then used by as-yet unidentified attackers to help spread “WannaCry” ransomware that hijacked computers around the world on Friday, causing chaos in hospitals and telecoms firms. Microsoft had already patched the vulnerabilities prior to the attack, but because many organisations had not updated their software, they remained vulnerable.
It also caused a public statement from Microsoft attacking the US government for stockpiling software exploits, arguing: “An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”
The group is berating everyone from China to Apple
National security journalist Marcy Wheeler has suggested that Shadow Brokers’ recent claims of a new Windows 10 exploit might be a deliberate attempt to inflame tensions between Microsoft and the US government. “Heck, at this point, Shadow Brokers doesn’t even need to have this exploit (though I’m guessing the NSA and Microsoft both may be erring on the side of caution at this point),” she wrote on her site.
“Because simply by threatening another leak after leaking two sets of Microsoft exploits, Shadow Brokers will ratchet up the hostility between Microsoft and the government.”
Shadow Brokers directly attacks Microsoft exec Brad Smith, whose name was on the company’s statement, calling him a “scumbag” and questioning his company’s links to the NSA. And it also attacks everyone from China to Apple for not bidding in its auction earlier this year: “The Five Eyes, Russia, China, Iran, Korea, Japan, Israel, Saudi, the UN, NATO, no government or countries didn’t bid in auction. Cisco, Juniper, Intel, Microsoft, Symantec, Google, Apple, FireEye, any other bullshit security companies didn’t bid in auction.”