Hackers promise ‘wine of the month’ data leaks
Shadow Brokers group claimed it was behind theft of NSA cyber tools
The group says its menu could include anything from Web browser tools to data on Russian, Chinese, Iranian or North Korean arms programs.
The Shadow Brokers hacking crew that claimed responsibility for leaking the cyber weapon used in last week’s global ransomware attack says it plans a “data dump of the month” service starting in June.
The group says its monthly menu could include anything from Web browser tools to compromised data on Russian, Chinese, Iranian or North Korean nuclear and missile programs.
“The Shadow Brokers is launching new monthly subscription model. Is being like wine of month club,” the group says in a communique released Tuesday in its typically choppy English. “Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members.”
Shadow Brokers leaked the “Eternal Blue” computer exploit in April, and Microsoft said it apparently had been obtained from NSA stockpiles. White House Homeland Security adviser Tom Bossert said the code “was not a tool developed by the NSA to hold ransom data” but did not say whether the exploitable flaw the ransomware was based on came from NSA cyber tools.
The tool was used by another group of hackers to infect hundreds of thousands of computers with the Wanna Cry virus last week. The identity of that group hasn’t been determined, but cyber security firms have discovered similarities to previous attacks linked to the Lazarus Group, a hacking team tied to North Korea.
“The Shadow Brokers is not being interested in bug bounties, selling to cyber thugs, or giving to greedy corporate empires,” the statement says. “The Shadow Brokers is taking pride in picking adversary equal to or better than selves, a worthy opponent. Is always being about the shadow-brokers vs the equation group.”
The Equation Group is a hacking group with suspected links to NSA. The ransomware relies on a flaw in the code for older versions of Windows for which Microsoft issued a patch March 14.
The attack Friday from the “Wanna Cry” malware crippled more than 20% of hospitals in the United Kingdom and affected more than 200,000 people in 150 countries. The attack hit computers in Europe and Asia hardest. The WannaCry attackers demanded $300 per computer in bitcoin payments to unlock infected computers, but experts have estimated that the plot took in less than $100,000.
The effect on the United States was minimal. Jeannette Manfra, a Homeland Security cyber security official, said fewer than 10 companies reported only minor disruptions. The federal government was not affected, she said.
“It is dying down,” Manfra said. “But we are not reducing our level of effort.”
Europol’s European Cybercrime Center says it is working closely with cyber crime units in affected countries and key industry partners to “mitigate the threat and assist victims.” It called the attack “unprecedented” and said it would require a complex international investigation to sort out the culprits.
Marcy Wheeler, a longtime national security blogger, wrote that Tuesday’s threat “brings the hammer” to Microsoft and the NSA.
“Shadow Brokers will ratchet up the hostility between Microsoft and the government,” Wheeler wrote. “It might even force some disclosure about exploits more critical to NSA’s current toolkit than the very powerful tools Shadow Brokers already used to create a global ransomware worm.”