Prices For Stolen NSA Exploits Go Higher

Uploaded on 2017-07-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The Shadow Brokers is once again trying to sell yet more stolen NSA cyber weapons, raising the asking price in the process.  And the gang has threatened to out one of the US spy agency's ex-operatives that it claims hacked Chinese targets.

In the now-traditional broken English statement, the smug miscreants said they had so many punters throwing money at them for their June exploit sale that they are jacking up their prices. 

If you want to get hold of the forthcoming July batch, it'll set you back 200 ZEC (Zcash) ($65,000) or 1,000 XMR (Monero) ($46,000), which is a rather bizarre pricing policy and double the amount the crew were charging before. What's also slightly bizarre is that there has been, seemingly, zero fallout from that sale last month, and no evidence anyone paid up or got any code.
"Another global cyber-attack is fitting end for first month of theshadowbrokers dump service," it said. "There is much theshadowbrokers can be saying about this but what is point and having not already being said?"

That's referring to this week's Petya/NotPetya outbreak and last month's WannaCry drama: both of these strains of malware used NSA exploits from the Shadow Brokers' April leak to attack Windows PCs around the world.  The group, which is thought to be linked to Russian intelligence, claims the cyber-weapons it is now selling were stolen from the Equation Group, which is understood to be a moniker for an NSA hacking team.

In addition to its very expensive exploit-of-the-month club, the group is offering a VIP service, where it will offer specific exploits that people ask for. This doesn't come cheap however: the entry price is 400 ZEC ($131,000) and the group says "VIP Service is no guarantee of future good or services, negotiation for those is being separate."
In its latest screed the Shadow Brokers also take issue with someone they refer to as the "Doctor," who isn't a time lord but a hacker the group claims was working for the Equation Group. The brokers are apparently miffed that this person has been tweeting bad things about them.
"TheShadowBrokers is thinking 'doctor' person is former EquationGroup developer who built many tools and hacked organization in China. TheShadowBrokers is thinking 'doctor' person is co-founder of new security company and is having much venture capital," they said.

While not identifying the doctor as yet, one man thinks it might be him they are referring to. Daniel Wolfford, a specialist working for Middle Eastern mobile security firm DarkMatter, denied that he was involved in the Equation Group and does only defensive hacking.

The price increase is bad news for white-hat security researchers, who had been planning to crowdfund buying up Shadow Broker exploits and fix them. Then again, the group could just dump the exploits on the market for free, as they have done in the past. 

The Register

You Might Also Read:

Shadow Brokers Release Secret List Of NSA-Compromised Servers:

Stolen NSA Hacking Tools For Sale In Bizarre Auction:

 

« Fallout From Petya On Global Shipping
GCHQ Unveils Its Cybersecurity Playbook »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

VdS

VdS

VdS is an independent safety and security testing institution. Cybersecurity services include standards, audit/assessment and certification for SMEs.

National Cyber League (NCL)

National Cyber League (NCL)

The NCL provides a virtual training ground for participants to develop, practice, and validate their cybersecurity knowledge and skills.

ComCode

ComCode

ComCode provides consulting services and solutions in the area of digitization and cyber security for mid-sized and big businesses.

IXDen

IXDen

IXDen provides a novel software-based approach to OT systems protection, covering Industrial IoT cybersecurity and sensor data integrity.

IT Jobs Watch

IT Jobs Watch

IT Jobs Watch provides a concise and accurate map of the prevailing IT job market conditions in the UK.

Iowa Cyber Hub

Iowa Cyber Hub

Iowa Cyber Hub is a cybersecurity education partnership between Iowa State University and Des Moines Area Community College.

ScienceSoft

ScienceSoft

ScienceSoft is a provider of software development and IT consulting services including Information Security.

White Cloud Security

White Cloud Security

White Cloud is a cloud-based Application Trust-Listing security service that prevents unauthorized programs from running on your computers.

Foundries.io

Foundries.io

Foundries.io have built a secure, open source platform for the world's connected devices, and a cloud service to configure this to any hardware and any cloud.

GitProtect.io

GitProtect.io

​GitProtect is a fully manageable, professional GitHub and Bitbucket backup and recovery software that protects repositories and metadata from any event of failure.

Timus Networks

Timus Networks

Timus Networks enables today's work from anywhere organizations to secure their networks very easily and cost effectively.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

Securious

Securious

If you need to improve your cyber security or achieve cyber security accreditations, Securious provide an independent service that will identify and address your issues quickly and efficiently.

Bores Security Consultancy

Bores Security Consultancy

Bores Security Consultancy are an established family-run business delivering expertise in security and technology.

GISEC Global

GISEC Global

GISEC Global provides vendors and companies from around the world with access to lucrative opportunity to capitalize on what's set to become one of the world's booming markets.

CoinCover

CoinCover

Blockchain technology is changing everything. However, it brings its own set of unique risks. Coincover ensures everyone is protected, enabling them to innovate freely, without constraints.