Prices For Stolen NSA Exploits Go Higher

The Shadow Brokers is once again trying to sell yet more stolen NSA cyber weapons, raising the asking price in the process.  And the gang has threatened to out one of the US spy agency's ex-operatives that it claims hacked Chinese targets.

In the now-traditional broken English statement, the smug miscreants said they had so many punters throwing money at them for their June exploit sale that they are jacking up their prices. 

If you want to get hold of the forthcoming July batch, it'll set you back 200 ZEC (Zcash) ($65,000) or 1,000 XMR (Monero) ($46,000), which is a rather bizarre pricing policy and double the amount the crew were charging before. What's also slightly bizarre is that there has been, seemingly, zero fallout from that sale last month, and no evidence anyone paid up or got any code.
"Another global cyber-attack is fitting end for first month of theshadowbrokers dump service," it said. "There is much theshadowbrokers can be saying about this but what is point and having not already being said?"

That's referring to this week's Petya/NotPetya outbreak and last month's WannaCry drama: both of these strains of malware used NSA exploits from the Shadow Brokers' April leak to attack Windows PCs around the world.  The group, which is thought to be linked to Russian intelligence, claims the cyber-weapons it is now selling were stolen from the Equation Group, which is understood to be a moniker for an NSA hacking team.

In addition to its very expensive exploit-of-the-month club, the group is offering a VIP service, where it will offer specific exploits that people ask for. This doesn't come cheap however: the entry price is 400 ZEC ($131,000) and the group says "VIP Service is no guarantee of future good or services, negotiation for those is being separate."
In its latest screed the Shadow Brokers also take issue with someone they refer to as the "Doctor," who isn't a time lord but a hacker the group claims was working for the Equation Group. The brokers are apparently miffed that this person has been tweeting bad things about them.
"TheShadowBrokers is thinking 'doctor' person is former EquationGroup developer who built many tools and hacked organization in China. TheShadowBrokers is thinking 'doctor' person is co-founder of new security company and is having much venture capital," they said.

While not identifying the doctor as yet, one man thinks it might be him they are referring to. Daniel Wolfford, a specialist working for Middle Eastern mobile security firm DarkMatter, denied that he was involved in the Equation Group and does only defensive hacking.

The price increase is bad news for white-hat security researchers, who had been planning to crowdfund buying up Shadow Broker exploits and fix them. Then again, the group could just dump the exploits on the market for free, as they have done in the past. 

The Register

You Might Also Read:

Shadow Brokers Release Secret List Of NSA-Compromised Servers:

Stolen NSA Hacking Tools For Sale In Bizarre Auction:

 

« Fallout From Petya On Global Shipping
GCHQ Unveils Its Cybersecurity Playbook »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Orolia

Orolia

Orolia are experts in deploying high precision GPS time through network infrastructure to synchronize critical operations.

CFC Underwriting

CFC Underwriting

CFC is a specialist insurance provider and a pioneer in emerging risk, including cyber insurance.

Intensity Analytics

Intensity Analytics

Intensity Analytics is a software firm that develops next-generation, physical user and entity behavioral authentication ("physical UEBA") security software technology.

Horiba Mira

Horiba Mira

Horiba Mira is a global provider of automotive engineering, research and test services including services and solutions for automotive cybersecurity.

NeuroChain

NeuroChain

NeuroChain is an intelligent ecosystem that is more secure, more reliable and much faster than blockchain.

Neudomains

Neudomains

Neudomains is a Corporate Domain Name Management and Brand Protection Online Specialist. One of the world's top providers of online brand protection and enforcement.

Kasada

Kasada

Kasada has developed a radical approach to defeating automated cyberthreats based on its unmatched understanding of the human minds behind them.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

Comparitech

Comparitech

Comparitech strives to promote cyber security and privacy for all. We are committed to providing detailed information to help our readers become more cyber secure and cyber aware.

Cufflink

Cufflink

Cufflink makes your business more secure, compliant and trusted. We limit the likelihood and impact of a data breach by controlling exactly what can and can't be done with personal data.

Gridware

Gridware

Gridware is a specialised cybersecurity consultancy firm and an emerging global player in the cybersecurity intelligence and advisory field.

Cyber Risk International

Cyber Risk International

Cyber Risk International offer CyberPrism, a B2B SaaS solution that empowers businesses to perform a self-assessment of their cyber security program.

Strivacity

Strivacity

Strivacity lets brands quickly add secure login and identity management capabilities to their customer-facing applications without tying up an army of developers or consultants to do it.

Moonsense

Moonsense

Moonsense is on a mission to level the playing field in the fight against online fraud.

QFunction

QFunction

QFunction works within your existing security stack to detect anomalies and threats within your data.

Amplifier Security

Amplifier Security

Amplifier Security are on a mission to empower security teams to modernize their practice by connecting the dots between their security stack and their people.