In a message posted online early this morning, the Shadow Brokers — the cyber-espionage group believed to have stolen hacking tools from the NSA — announced new details about their upcoming "monthly dump service."
The group previously teased the new monthly dump service in mid-May, four days after the WannaCry ransomware wreaked havoc across the world using two hacking tools the Shadow Brokers leaked online in mid-April.
Trying to capitalize on the hype around NSA hacking tools created by the WannaCry outbreak, this new monthly dump service is yet another attempt from the Shadow Brokers to commercialize and sell their exploits. Previously, the group held a public auction, a crowdfunding campaign, and tried to sell individual exploits, all of which have failed to attract the customers they hoped.
The group now wants people to pay a monthly fee for a small dump of exploits each month. In mid-May, the Shadow Brokers promised they'd leak the following types of tools and data:
The message the group posted today provides more details about how their monthly dump service would work:
The biggest change in the Shadow Brokers modus operandi is a switch from Bitcoin to Zcash, a cryptocurrency that is more private and almost impossible to track.
Earlier this week, the Shadow Brokers started moving the 10.5 Bitcoin (~ $24,000) they gained from their previous operations through a Bitcoin mixing service designed to hide the true recipient behind a wall of micro-transactions.
With Zcash, this wouldn't be a problem, since this cryptocurrency hides the sender's address, allowing money to move through the Blockchain without the fear of having it tracked.
Despite announcing the move to a new crypto-currency the Shadow Brokers immediately blast Zcash, saying the project has connections to the US government and Israeli intelligence.
According to some experts, this paranoid and non-sensical attack on Zcash, the lack of demo exploits, and the emptying of the main Bitcoin wallet is a sign that the Shadow Brokers don't have the exploits they claim to have, and they're only attempting a last cash grab.
"I think [...] they don't have much of value to showcase/publish anymore in terms of content," Iliasse Sdiqui, cyber-analyst for the Delma Institute told Bleeping Computer.
The expert believes that by moving to Zcash, and then spending half of their announcement criticizing the crypto-currency they just switched to is a way to divert attention from the fact they haven't released any evidence they are in possession of new exploits.
"[The] Shadow Brokers are just shifting focus away from the dump itself," said Sdiqui. "That's why they would blast the currency, just to prolong the text and fill up the blanks."
The price for subscribing to the Shadow Brokers' monthly dump service is 100 Zcash, which is around $22,000 at today's value. That's a pretty high entry fee for a service there's no evidence of having any palpable content.
Last year, when the Shadow Brokers announced their presence to the world, the group released tens of exploits to prove that they truly are in possession of NSA hacking tools. According to the Shadow Brokers themselves, all the tools which they initially announced have now been released.
What the group is now selling has never been advertised or mentioned until mid-May.
If InfoSec vendors fund Shadow Brokers ($20k per monthly subscription) leaking Nation State tools I think it's a new low for InfoSec.— Kevin Beaumont (@GossiTheDog) May 30, 2017