Prices For Stolen NSA Exploits Go Higher

Uploaded on 2017-07-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The Shadow Brokers is once again trying to sell yet more stolen NSA cyber weapons, raising the asking price in the process.  And the gang has threatened to out one of the US spy agency's ex-operatives that it claims hacked Chinese targets.

In the now-traditional broken English statement, the smug miscreants said they had so many punters throwing money at them for their June exploit sale that they are jacking up their prices. 

If you want to get hold of the forthcoming July batch, it'll set you back 200 ZEC (Zcash) ($65,000) or 1,000 XMR (Monero) ($46,000), which is a rather bizarre pricing policy and double the amount the crew were charging before. What's also slightly bizarre is that there has been, seemingly, zero fallout from that sale last month, and no evidence anyone paid up or got any code.
"Another global cyber-attack is fitting end for first month of theshadowbrokers dump service," it said. "There is much theshadowbrokers can be saying about this but what is point and having not already being said?"

That's referring to this week's Petya/NotPetya outbreak and last month's WannaCry drama: both of these strains of malware used NSA exploits from the Shadow Brokers' April leak to attack Windows PCs around the world.  The group, which is thought to be linked to Russian intelligence, claims the cyber-weapons it is now selling were stolen from the Equation Group, which is understood to be a moniker for an NSA hacking team.

In addition to its very expensive exploit-of-the-month club, the group is offering a VIP service, where it will offer specific exploits that people ask for. This doesn't come cheap however: the entry price is 400 ZEC ($131,000) and the group says "VIP Service is no guarantee of future good or services, negotiation for those is being separate."
In its latest screed the Shadow Brokers also take issue with someone they refer to as the "Doctor," who isn't a time lord but a hacker the group claims was working for the Equation Group. The brokers are apparently miffed that this person has been tweeting bad things about them.
"TheShadowBrokers is thinking 'doctor' person is former EquationGroup developer who built many tools and hacked organization in China. TheShadowBrokers is thinking 'doctor' person is co-founder of new security company and is having much venture capital," they said.

While not identifying the doctor as yet, one man thinks it might be him they are referring to. Daniel Wolfford, a specialist working for Middle Eastern mobile security firm DarkMatter, denied that he was involved in the Equation Group and does only defensive hacking.

The price increase is bad news for white-hat security researchers, who had been planning to crowdfund buying up Shadow Broker exploits and fix them. Then again, the group could just dump the exploits on the market for free, as they have done in the past. 

The Register

You Might Also Read:

Shadow Brokers Release Secret List Of NSA-Compromised Servers:

Stolen NSA Hacking Tools For Sale In Bizarre Auction:

 

« Fallout From Petya On Global Shipping
GCHQ Unveils Its Cybersecurity Playbook »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Code42

Code42

Code42 CrashPlan, is an enterprise SaaS solution that backs up all distributed end-user data on a single, secure platform.

Guardtime

Guardtime

Guardtime's Black Lantern platform provides real-time cybersecurity and data-centric asset protection.

Inky Technology Corp

Inky Technology Corp

Inky® Phish Fence is an email protection gateway that uses sophisticated AI, machine learning and computer vision algorithms to block deep sea phishing attacks that get through every other system.

Truepic

Truepic

Truepic provides technologies that prevent fraud, identity theft, misinformation, and disinformation caused by generative, manipulated, or deepfake digital content.

Gradiant

Gradiant

Gradiant’s mission is to contribute to the growth and competitive improvement of Galician businesses through technology development and innovation using ICT.

redGuardian

redGuardian

redGuardian is a DDoS mitigation solution available both as a BGP-based service and as an on-premise platform.

AnChain.AI

AnChain.AI

AnChain.AI's analytics platform proactively protects crypto assets by providing proprietary artificial intelligence, knowledge graphs, and threat intelligence on blockchain transactions.

Trusted CI

Trusted CI

Trusted CI, the NSF Cybersecurity Center of Excellence is comprised of cybersecurity experts who have spent decades working with science and engineering communities.

Elysium Analytics

Elysium Analytics

Elysium Cognitive Security Analytics delivers the latest and most flexible security system to reduce cost and complexity while providing unmatched scalability.

Cyble

Cyble

Cyble Vision enables faster detection of cyber threats and focuses on identifying and analysing the motivations, methods, capabilities and tools of adversaries.

HackersEra

HackersEra

HackersEra is a leading offensive cybersecurity service provider. We enable our clients to operate in a more secure environment efficiently and produce more value.

DartPoints

DartPoints

DartPoints helps bridge the digital divide by delivering cloud, colocation, managed services + edge infrastructure.

Zigrin Security

Zigrin Security

Zigrin Security offer comprehensive, hands-on security testing of internal networks, applications, cloud-based solutions, e-commerce applications and mobile devices.

Computacenter

Computacenter

Computacenter is a leading independent technology partner, trusted by large corporate and public sector organisations. We help our customers to source, transform and manage their IT infrastructure.

Certera

Certera

Certera is a modern and affordable SSL Certificate, Code Signing Certificate, and Cyber Security Services provider.

Smartcomply

Smartcomply

Smartcomply is an automated and AI-powered cybersecurity and compliance platform that aids businesses in reducing the time and money spent on cybersecurity and compliance.