Security Market Segment LS
Wednesday, 31 May 2017 08:49

Next Shadow Brokers exploit release through subscription


The Shadow Brokers, the group that dumped a bunch of NSA exploits in April that led to the development and spread of the WannaCry ransomware earlier this month, has announced that it will be selling its next bunch of exploits through a subscription service.

The exploits dumped in April were first offered for sale; after there were no takers, the whole lot was released on the Web.

The group said that it would sell the next bunch of exploits for 100 Zcash units, a cryptocurrency which made its debut in October last year. At today's rates, one Zcash unit is worth about $308.

In what has now become its trademark broken English, the Shadow Brokers refused to provide any details of what was likely to be in the next dump.

"The time for 'I’ll show you mine if you show me yours first' is being over. Peoples is seeing what happenings when theshadowbrokers is showing theshadowbrokers’ first," the group wrote.

"This is being wrong question. Question to be asking “Can my organisation afford not to be first to get access to theshadowbrokers dumps?" it wrote.

Asked why Zcash was sought for transactions, the group said it was doing so only in June and if it found that it was not a good choice, then some other currency would be used in July.

Exactly who will pay in order to obtain exploits from the group remains to be seen. It would have to be someone with deep pockets as the asking price is more than $30,000.

Asked who would buy exploits at this price and how many people would think it was right to do so, Trend Micro senior architect Dr Jon Oliver replied: "If the next dump is as revealing as previous dumps, then cyber criminals and people who need protection from various 0-days might consider paying this.

"The cost being asked by the Shadow Brokers is less than the cost of employing a security expert."

"And the potential knowledge is probably greater than what you would get by spending the same amount by hiring a security expert. So I suspect some people will pay."

But Oliver said there was an important factor working against the cyber criminals involved.

"Microsoft was warned about the SMB problem that WannaCry exploited. I would suggest that the government agencies involved with these tools have almost certainly warned Microsoft and other vendors of the details of the exploits. And this in turn reduces the value of such caches.

"In order to avoid/minimise the situation, everyone needs to take the following precautions:

  • "start scheduling a systematic patching programme;
  • "patching needs to be a part of an organisation’s/business’ regular security activities - with a thorough testing procedure. Ideally it is not done when an incident occurs; and
  • "virtual patching can be used to protect the computers - so that such a systematic patching procedure can be put in place."

Alex Tilley, a senior researcher at security firm SecureWorks, said in response to queries that putting aside questions regarding the legitimacy of the Shadow Brokers' offer, the market for 0-day (unpatched, previously unknown exploits) was healthy and well-established.

"Depending on the type of exploits offered for sale, a price of $30,000 could be an absolute bargain for the right customer," he said. "While exact prices aren't exactly published in a recommended retail price-type catalogue publicly, exploit purchasing company Zerodium published its price guidance for various types of exploits which is one indication we have for the price of such things."

Asked about the ethics of buying exploits from such a group, Tilley responded: "I don't think it's a question of 'right and wrong' to the potential purchasers of such a service. The market for exploits and other technical capabilities that occupy an ethical 'grey area' is growing globally with many customers from varied backgrounds using the services of 'exploit vendors'."

He said given this, many people from different organisations would consider it was fine "to purchase such products and services and use them for purposes that the general public will most likely never be privy to".


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments