The hacking group that helped enable last week’s global ransomware attack is threatening to make public even more computer vulnerabilities in the coming weeks – including “compromised network data” pertaining to the nuclear missile programs of China, Iran, Russia and North Korea, as well as secret exploits affecting Windows 10, which is run by millions of computers around the world.
A spokesperson for the group, which calls itself the Shadow Brokers, claimed in a blog post Tuesday that some of those computer bugs may be released on a monthly basis as part of a new subscription-based business model that attempts to mimic what has proven successful for companies such as Spotify, Netflix, Blue Apron and many more.
“Is being like wine of month club,” said the blog post, which is written in broken English. “Each month peoples can be paying membership fee, then getting members only data dump each month.”
The move highlights the growing commercial sophistication of groups such as the Shadow Brokers, which has already demonstrated a fearsome technical ability to compromise the world’s top intelligence agencies. And it underscores the way much of the underground trade for computer bugs resembles a real-world commercial market.
Security experts have been analyzing the blog post for clues about the Shadow Brokers’ intentions and capabilities.
Marcy Wheeler, a longtime independent researcher, said in a blog post of her own Tuesday that the Shadow Brokers’ post “brings the hammer” down both on Microsoft, whose products could be affected by any further leaks, and the National Security Agency, whose information the Shadow Brokers leaked in April. That leak led indirectly to the creation of WannaCry and the subsequent crisis, security experts say.
“Simply by threatening another leak after leaking two sets of Microsoft exploits, Shadow Brokers will ratchet up the hostility between Microsoft and the government,” Wheeler wrote.
Microsoft didn’t immediately respond to a request for comment. In a blog post Sunday, the company criticized the NSA for stockpiling digital weapons. The tech industry writ large opposes efforts by the government to weaken the security of its products, while national security advocates say it could help combat terrorism.
Although experts say the Shadow Brokers do not appear to have been directly involved in the WannaCry crisis, leaking the exploit in the first place was a major step toward facilitating the attack.
The group’s new claim that it possesses information on the nuclear programs of state governments is extremely worrisome, said Joseph Lorenzo Hall, chief technologist for the Center for Democracy and Technology, a Washington think-tank.
“While they don’t seem to have the most amazing PR department,” he said, “they’ve already proved that they had some pretty serious access. The nuke facility stuff is particularly concerning, [speaking] as a former physicist.”
The tactic of distributing computer vulnerabilities for a monthly fee reflects a change in approach that could result in those bugs being spread far and wide, he added.
Previously, the group had merely sought to sell its hacking tools to the highest bidder. Few buyers came forward, the group said in its blog post. But now, the monthly subscription model might mean the bugs will find their way into the hands of more people, said Hall.