Expect trouble as Shadow Brokers retire, give away hacking tools

News by Rene Millman

TheShadowBrokers hackers are retiring but before they go, they are leaving behind a huge collection of Windows vulnerabilities - expect an uptick in opportunistic hacking.

Hacking outfit Shadow Brokers has abandoned the auction of hacking tools stolen from the US NSA in favour of giving the tools away to anyone.

The hacking group came to prominence after leaking advanced NSA hacking tools. It said it was “going dark” but not before handing out Windows hacking tools to the public free of charge, a move which is likely to enrage the US intelligence community.

In a blog post, the hacking group said that continuing was “much risk and bullshit, not many bitcoins”.

“TheShadowBrokers is deleting accounts and moving on so don't be trying communications. Despite theories, it always being about bitcoins for TheShadowBrokers. Free dumps and bullshit political talk was being for marketing attention. There being no bitcoins in free dumps and giveaways,” it added.

But the group is still looking to sell another tranche of tools for 750 Bitcoins. The Shadow Brokers said it was “trying crowdfunding”, but “peoples is no liking”.

“Now TheShadowBrokers is trying direct sales. Be checking out ListOfWarez. If you like, you email TheShadowBrokers with name of Warez you want make purchase." 

There is also a price list in bitcoins for hackers to peruse. Luckily for organisations, many of the tools can be detected by a number of anti-virus tools.

In a blog post, Andra Zaharia, security evangelist at Heimdal Security, said that while this sale could follow the path of the previous auction attempt by The Shadow Brokers, “It could also mean that cyber criminals have a new set of tools they can use to launch attacks from new and unexpected angles.”

Pascal Geenens, Radware's EMEA security evangelist, told SC Media UK that the announcement by Shadow Brokers shows that there is no room for premium tools on the ‘open' black market.

“The economics of the dark markets is mainly based on un-exclusive, common, and low priced tools for lower end cyber criminals that look for low hanging fruit. The more sophisticated hackers prefer to roll their own toolset and thrive on their own research to make exclusive and untraceable exploits. They are patient, as to the point they can stay for years in hiding, timing their actions well before making their ‘coup de grace',” he said.

“But it is not improbable that the freebie left by Shadow Brokers will be picked up and used by the lower end of opportunistic cyber criminals in campaigns to extort victims for easy money,” he added.

More than half of the windows tools are already known and detected by most anti-malware tools, so it is only a matter of time before security analysts close the gap and provide protection against all the threats in the toolset.

“If there is something to expect, it might be sudden and short rise in opportunistic campaigns. Enterprise should expect this, and preferably today start to take measures to prevent them: update all systems, update IDP signatures and contact their vendors for quick implementations of measures specific to this threat package,” he said.

Stephen Gates, chief research intelligence analyst at NSFOCUS, told SC that the reason why this group was so successful, and their tools so effective, was because they preyed on people's lack of knowledge, diligence and care.  

“In many cases their tools took advantage of ‘known vulnerabilities'.  Known vulnerabilities can be patched, making many of these tools completely ineffective,” he said.

“Why were they successful?  People, organisations and governments continue to fail to patch their systems and applications appropriately, and will click on just about anything.  If you don't lock your doors correctly, eventually someone will walk in and steal the goods, especially when you invite them in.  It's that simple.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews