The collective known as “The Shadow Brokers,” who previously leaked the infamous Windows SMB exploit which gave rise to last weekend’s WannaCrypt ransomware plague, are back and ready to cause yet more damage.
What is the Windows SMB? It’s a file sharing protocol which allows Windows clients to request services and to read and write files from Windows servers in a network.
The collective recently released a statement of intent in which they state they were selling the exploits, that they never held anything for ransom, and that they are upset that no one had believed them:
In August theshadowbrokers is telling thepeoples theequationgroup fails at security, theequationgroup is losing their data. Is telling thepeoples, theshadowbrokers is having equation group data, hacker tools for auctioning. Auctioning is sale, bid or no bid. Auction is not ransom. TheShadowBrokers is releasing theequationgroup 2013 firewall tools as proof and advertising. Only Zero-Day is old Cisco. All thepeoples laughing or not paying attention. No peoples is believing theshadowbrokers.
ThePeoples is asking “why not do X or Y or Z?” “Why auction?” TheShadowBrokers is not being interested in bug bounties, selling to cyber thugs, or giving to greedy corporate empires. TheShadowBrokers is taking pride in picking adversary equal to or better than selves, a worthy opponent. Is always being about theshadowbrokers vs theequationgroup.
But theequationgroup didn’t bid in auction. The Five Eyes, Russia, China, Iran, Korea, Japan, Israel, Saudi, the UN, NATO, no government or countries didn’t bid in auction. Cisco, Juniper, Intel, Microsoft, Symantec, Google, Apple, FireEye, any other bullshit security companies didn’t bid in auction.
They have vowed to release even more zero-day exploits and bugs for a multitude of desktop, mobile, and more platforms beginning next month, in June of 2017. However, this time the leaks are only available to those who subscribe to their subscription model in a sort of exploit-of-the-month club.
In June, TheShadowBrokers is announcing “TheShadowBrokers Data Dump of the Month” service. TheShadowBrokers is launching new monthly subscription model. Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members.
This means potentially millions of Windows users will be left vulnerable to exploitation until the potential flaws can be revealed by security experts and researchers so the software can be patched and hardened against attacks. This scenario allows a large amount of individuals with malicious intent to create their own malicious tool kits for their own nefarious purposes whether they merely be for criminal use, or for use by a government. This exploit-of-the-month club will be open to anyone willing to spend Bitcoin for, which The Shadow Brokers have stated will include, but not be limited to:
- web browser, router, handset exploits and tools
- select items from newer Ops Disks, including newer exploits for Windows 10
- compromised network data from more SWIFT providers and Central banks
- compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs
The claims made by the group have yet to be verified.
The exploits developed by the NSA dubbed EternalBlue and DoublePulsar were later used to create the WannaCrypt tool kit last month, which were stolen from the NSA linked collective known as The Equation Group, and subsequently leaked by The Shadow Brokers after multiple failed attempts to sell the exploits directly. They first tried to auction off the exploits for 750 Bitcoin, as reported here at Being Libertarian, and when that had failed they had attempted to sell the exploits piecemeal on an underground site for various prices in Bitcoin. However, last month, The Shadow Brokers released the devastating Microsoft Windows SMB Exploit, which led to the creation of the WannaCrypt Toolkit which all by itself had managed to infect over 200,000 machines in 150 countries within 48 hours.
We know for sure that the exploits dubbed the EternalBlue exploit and DoublePulsar backdoors were developed by the NSA.
Whilst talking about the WannaCry ties to the North Korean State-Sponsored black hat hacking collective known as The Lazarus Group, The Shadow Brokers sarcastically said,
“The Oracle is telling theshadowbrokers North Korea is being responsible for the global cyber attack Wanna Cry. Nukes and cyber attacks, America has to go to war, no other choices!”
The Shadow Brokers also bashed and criticized both the US government and tech companies such as Microsoft, citing their inability to fix the holes exploited by these zero-day exploits the months prior to their public release. The Shadow Brokers said the US government is also paying IT companies not to patch their zero-days in their respective products, claiming they have spies in inside of Microsoft and other IT companies.
If theshadowbrokers is telling thepeoples theequationgroup is paying U.S technology companies NOT TO PATCH vulnerabilities until public discovery, is this being Fake News or Conspiracy Theory? Why Microsoft patching SMB vulnerabilities in secret? Microsoft is being embarrassed because theequationgroup is lying to Microsoft. TheEquationGroup is not telling Microsoft about SMB vulnerabilities, so Microsoft not preparing with quick fix patch. More important theequationgroup not paying Microsoft for holding vulnerability. Microsoft is thinking it knowing all the vulnerabilities TtheEquationGroup is using and paying for holding patch. Douche bag, dumbass, libtard, rich prick Head Microsoft Lawyer is running his cock holster because he is having ruff weekend doing real work. Head Microsoft Lawyer being angry because he is missing leisurely weekend playing the skin flute behind the country club. Real work is not being for executives. Real work is being for dirty foreign H1B workforce, happily working for less than stupid lazy American workers.
The Shadow Brokers even accused the Google Project Zero team, whose sole goal is to seek out, report, and help fix zero-day exploits, stating, “TheShadowBrokers is thinking Google Project Zero is having some former TheEquationGroup member. Project Zero recently releasing “Wormable Zero-Day” Microsoft patching in record time, knowing it was coming? Coincidence?”
We may never know if these accusations are true or false. Regardless, the world will need to be prepared for another WannaCrypt-like weapon of mass destruction.
The excerpts quoted are exactly as they had posted it, thus any grammatical errors are from The Shadow Brokers, not from Being Libertarian.
This post was written by Alon Ganon.
The views expressed here belong to the author and do not necessarily reflect our views and opinions.
Latest posts by Alon Ganon (see all)
- Israel Discovered American Breaches Caused by Russians - October 14, 2017
- North Korea’s New Russian Internet Connection - October 11, 2017
- How to Disable the Intel Management Engine Backdoor – Courtesy of the NSA - September 14, 2017