The hacking group that leaked the bugs that enabled last week's global ransomware attack is threatening to make public even more computer vulnerabilities in the coming weeks — potentially including “compromised network data” pertaining to the nuclear or missile programs of China, Iran, North Korea and Russia, as well as vulnerabilities affecting Windows 10, which is run by millions of computers worldwide.
A spokesperson for the group, which calls itself the Shadow Brokers, claimed in a blog post Tuesday that some of those computer bugs may be released on a monthly basis as part of a new subscription-based business model that attempts to mimic what has proved successful for companies such as Spotify, Netflix, Blue Apron and many more.
“Is being like wine of month club,” read the blog post, which is written in broken English. "Each month peoples can be paying membership fee, then getting members only data dump each month."
The move shows the growing commercial sophistication of groups such as the Shadow Brokers, which already has demonstrated a fearsome technical ability to compromise the world's top intelligence agencies. And it underscores the way much of the underground trade for computer bugs resembles a real-world commercial market.
Security experts have been analyzing the blog post for clues about the Shadow Brokers' intentions and capabilities.
1) they all over infosec Twitter
2) there's a lot of hidden messaging
3) very media aware
4) sucks to be NSA rn
— the grugq (@thegrugq) May 16, 2017
Marcy Wheeler, a longtime independent researcher, said in a blog post Tuesday that the Shadow Brokers' post “brings the hammer” down both on Microsoft, whose products could be affected by any further leaks, and the U.S. National Security Agency, whose information the Shadow Brokers leaked in April. That leak led indirectly to the creation of WannaCry and the subsequent crisis, security experts say.
“Simply by threatening another leak after leaking two sets of Microsoft exploits, Shadow Brokers will ratchet up the hostility between Microsoft and the government,” Wheeler wrote.
Microsoft didn't immediately respond to a request for comment. On Sunday, the company criticized the NSA for stockpiling digital weapons. The tech industry opposes efforts by the government to weaken the security of its products, while national security advocates say it could help combat terrorism.
Although experts say the Shadow Brokers do not appear to have been directly involved in the WannaCry attack, leaking the exploit in the first place was a major step toward facilitating the cyberattack.
The group's new claim that it possesses information on the nuclear programs of state governments is extremely worrisome, said Joseph Lorenzo Hall, chief technologist for the Center for Democracy and Technology, a Washington think tank. "While they don't seem to have the most amazing PR department," he said, "they've already proved that they had some pretty serious access. The nuke facility stuff is particularly concerning, [speaking] as a former physicist.”
Previously, the group had sought to sell its hacking tools to the highest bidder. Few buyers came forward, the group said in its blog post. But now, the monthly subscription model might mean the bugs will find their way into the hands of more people, spreading far and wide, Hall said.