Advertisement

How much would you pay to receive a monthly bundle of goodies? Beauty enthusiasts pay about $120 a year to receive an assortment of cosmetics each month through Birchbox. Wine connoisseurs shell out between $300 and $1,800 a year for periodic bottle deliveries as members of the Wine of the Month Club. I’ve long considered spoiling my dog with a $25 monthly subscription to BarkBox, which delivers toys and pet supplies to subscribers’ doorsteps. But the latest monthly subscription service, which will make its first delivery next month, is much more expensive, much more exclusive and much more ominous.

The Shadow Brokers announced late last month that they would be offering a paid monthly “dump,” which is expected to include some of the stolen hacking tools and zero-day exploits that make the hacking group infamous. Who will these tools and exploits be available to? Anyone willing to pay the approximate $27,000 in cryptocurrency (100 Zcash or 500 Monero) per month. (Note: The values of these cryptocurrencies fluctuate regularly and may change after the time of this writing.)

The group most recently made the news during the worldwide WannaCry ransomware attack in May, which was made possible by the “EternalBlue” Microsoft exploit leaked by the Shadow Brokers in April. (The actual perpetrators of that attack have not yet been discovered.) So the news of this planned monthly dump, in which similar exploits could be exposed and weaponized by some very rich and potentially very powerful and capable malicious actors, made me wonder whether another attack of WannaCry scale could be on the horizon.

I spoke with cybersecurity expert Tom Kellermann, the CEO of Strategic Cyber Ventures, who served on the Commission on Cybersecurity for the 44th Presidency and as an advisor to the International Cyber Security Protection Alliance, about the implications of the Shadow Brokers’ recent actions and the potential risks associated with the anticipated exploit dumps.

“(The Shadow Brokers) are selling the latest and greatest weapons on the streets of American cyberspace that will manifest into a free-fire zone with a multiplicity of hackers,” Kellermann said, comparing the situation to the movie “Lord of War,” in which a man illegally and indiscriminately sells dangerous weapons, some of which land in the hands of war criminals. “It’s very concerning to me that they are now going to monetize this campaign and that now the environment’s going to become that much more punitive and that much more hostile.”

The identity and exact motives of the Shadow Brokers are a matter of public speculation—Kellermann said he believes they are “patriotic hackers, cyber militias operating for the best interests of the Russian regime.” From his perspective, their motive is not necessarily financial; nevertheless, he says the funds they receive through this subscription plan could be cause for concern.

“They’re essentially developing an economy of scale behind their operations, and they’re empowering themselves now to become a one-stop shop for mercenaries and criminals, terrorists and nation-states, to endow themselves with the latest and greatest U.S. cyber weaponry,” he said. “And really it just highlights the downward spiral that we are in currently, where we essentially have a true lack of stability in cyberspace, and it’s become reminiscent of the wild, wild West.”

In addition to hackers who would use the tools for nefarious purposes, the subscription is also available to those without criminal intentions—“white hat” hackers, researchers and other cybersecurity experts could purchase the dumps to study the exploits included, and potentially help patch them and defend against anticipated hacks. Businesses and organizations seeking to protect themselves from potential attacks may also seek to purchase the dumps. When the dumps were first announced, a white hat hacker and security researcher pair began a (now canceled) crowdfunding campaign under the name “Shadow Brokers Response Team,” planning to purchase the exploits as “a harm reduction exercise,” according to Network World.

“That’s a dangerous game to play. It’s essentially similar to paying ransom,” Kellermann expressed. “In terms of people buying the capabilities from them, and providing a true enemy of the United States of America to fund their campaigns against the U.S., I don’t agree with that. Do I understand the utility of buying such exploits in order to preserve defense and to improve defenses? I do. So I’m a bit torn by this. I personally wouldn’t pay for these exploits.”

In terms of what cybersecurity heads can do to protect their organizations, short of paying for the exploits before they become a danger to them, Kellermann says they “need to embrace the new architecture of choice called intrusion suppression (...) and that is basically an architecture that resembles more of supermax prison than that of a castle environment, where you can deceive, divert and contain an adversary unbeknownst to them inside of your network versus trying to keep them out at all times.”

He also suggests the use of virtual patching, deception grids and user behavior analytics.

“If they do those things they can marginalize the capacity of a lot of these threats to materialize,” he said. “If they don’t do those things, and they rely upon their firewalls or their endpoint security technologies to stop this problem from ravishing their systems, then they have a really rough year ahead of them.”

Advertisement
Advertisement