Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

‘Shadow Brokers’ Threaten to Dox Former NSA Hacker

The Shadow Brokers has sent out its first round of exploits and data as part of a recently announced monthly subscription service, and the group claims it has a significant number of subscribers.

The Shadow Brokers has sent out its first round of exploits and data as part of a recently announced monthly subscription service, and the group claims it has a significant number of subscribers.

The hackers, who claim to possess exploits and secret documents stolen from the U.S. National Security Agency (NSA), particularly the Equation Group actor linked to the agency, announced last month that anyone could obtain parts of the data for a monthly fee of 100 Zcash (ZEC), which at the time was worth roughly $20,000.

The group announced on Wednesday its data dump for the month of June and said that they had “many many subscribers.” As a result, individuals and organizations that want next month’s files will have to pay double – 200 ZEC or 1,000 XMR (Monero).

The Shadow Brokers also announced that following requests from several individuals, they have decided to launch a so-called “VIP Service.” Those who want the group’s attention – to learn if they have exploits for specific vulnerabilities or intel on a certain organization – have to make a one-time payment of 400 ZEC, which is currently worth roughly 130,000. The hackers claim someone has already signed up for the VIP service.

A significant part of the statement published on Wednesday by the Shadow Brokers is a message to an individual the hackers call “doctor.” This person, who they claim to have met on Twitter, sent the hackers some “ugly tweets” and later deleted them.

The hackers did some digging and they discovered that the “doctor” is a former member of the Equation Group and they believe he is responsible for building many tools and hacking organizations in China. They also claim that this individual is the co-founder of a new security company.

The Shadow Group told “doctor” that if he doesn’t sign up for their next monthly dump, they will dox him (i.e. expose his real identity).

“TheShadowBrokers is thinking this outcome may be having negative financial impact on new security companies international sales, so hoping ‘doctor’ person and security company is making smart choice and subscribe. But is being ‘doctor’ person’s choice. Is not being smart choice to be making ugly tweets with enough personal information to DOX self AND being former equation group AND being co-founder of security company,” the Shadow Brokers said.

Advertisement. Scroll to continue reading.

While many of the exploits leaked in the past months by the Shadow Brokers had little value, the recent WannaCry ransomware attacks demonstrated that the group’s leaks can lead to significant damage. The hackers’ requests for money were largely ignored until the WannaCry outbreak, but these attacks have made many realize that the group’s exploits can be highly valuable.

Some members of the infosec community decided to launch a crowdfunding initiative to acquire Shadow Brokers exploits via the monthly dump service in an effort to help prevent a future WannaCry-like incident, but they ultimately decided to cancel the project due to legal concerns.

UPDATE. The “doctor” the Shadow Brokers are targeting appears to be the owner of the Twitter account @drwolfff. Before the hackers could leak the information they allegedly have on him, the owner of the account revealed himself to be Daniel R. Wolfford. He claims to reside in the United Arab Emirates, he has no connection to the Equation Group, and is not the co-founder of a cybersecurity startup.

Related: “Shadow Brokers” Data Obtained From Insider: Flashpoint

Related: Shadow Brokers Release More NSA Exploits

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...