ShadowBrokers threaten to release more NSA tools

Shutterstock image (by Sergey Nivens): Security concept, lock on a digital screen. 

The mysterious organization behind the theft of alleged NSA hacking tools is frustrated that no one has stepped up to buy back the data from them -- some of which was recently used to launch the WannaCry ransomware attack -- and is threatening to continue releasing NSA tools through a subscription service.

The ShadowBrokers appeared in August 2016 and attempted to auction a trove of hacking data they claim was stolen from the NSA's Equation Group. No one purchased the stolen tools, and so the ShadowBrokers began leaking details in an effort to convince people they had what they claimed.

In April, the ShadowBrokers dumped Microsoft exploits that led to the development of the WannaCry ransomware that has infected hundreds of thousands of computers around the world.

Some security researchers say there are indications that WannaCry could have been developed by the Lazarus Group, an alleged North Korean hacking organization, but others have cautioned it is too soon to tell who was behind the attacks.

In a May 16, blog post written in broken English peppered with internet slang, the ShadowBrokers claim they acted responsibly by leaking the NSA tools a month after Microsoft issued a patch for the vulnerability exploited by WannaCry.

"Do thepeoples be preferring theshadowbrokers dump windows in January or August? No warning, no time to patch? this is being theshadowbrokers version of alternative facts," states the blog post.

The post goes on to criticize, often in crude terms, the NSA, other nation states and large tech companies for not purchasing the stolen data and making the group "go dark permanently."

As a result, the group is threatening to launch a new subscription service in June.

Future data dumps could include browser, router and mobile phone exploits and tools; malware that could compromise newer operating systems; compromised network data from more SWIFT providers and central banks; and even information about Russian, Chinese, Iranian or North Korean nuclear and missile programs.

Previous releases have included tools and exploits that are a few years old for which patches already exist, but countless devices and systems around the world have not been updated.

The ShadowBrokers also revealed more of their motivation in the post. They said they are not interested in selling the stolen tools to cybercriminals and this is all about battling "a worthy opponent" in state-sponsored spy agencies, particularly the NSA.

And, the group also claimed in the post that the Equation Group, an advanced persistent threat group identified by cybersecurity researchers as a NSA hacking operation, has spies in large tech firms and is paying them not to patch vulnerabilities until there is public discovery.

The NSA did not respond to a request for comment about the blog post.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

Stay Connected