The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

Spies Like Us

The Shadow Brokers' new offering of a monthly exploit subscription service poses a threat to just about everyone.

If you want to be a zero day wielding, network-owning hacker, boy are you in luck. Once upon a time, you either needed to do your own research and develop your own tools or you had to know someone who knew someone who could get them to you.

Now all you need is an email address and about $23,000 (or 100 Zcash, if you prefer). For that, you can get access to a monthly subscription service from the Shadow Brokers, the Internet’s favorite language-mangling NSA exploit thieves. The group known for dumping piles of attack tools, vulnerability information, and exploits apparently stolen from the NSA is now offering customers a Blue Apron-style monthly subscription service. But instead of pecan-crusted tilapia or something called Swiss chard, customers will get a regular feed of stolen United States government property.

As for what’s in that feed, that’s anyone’s guess.

“TheShadowBrokers is not deciding yet. Something of value to someone. See theshadowbrokers’ previous posts. The time for ‘I’ll show you mine if you show me yours first’ is being over. Peoples is seeing what happenings when theshadowbrokers is showing theshadowbrokers’ first,” the group said in a post announcing the service this week.

The Shadow Brokers have enjoyed more than their share of fame since they burst onto the scene last August. But the fortune that the group thought would come along with that notoriety has not materialized. After trying and failing to auction off a portion of the exploits and attack tools it has for an absurdly high price, the Shadow Brokers have released a number of different caches in the last few months.

Some of the data in those dumps has been marginally useful, but last month the group published information on several different flaws in Windows, including a critical bug in the SMB service. That vulnerability is about as bad as they get, and as it turned out, Microsoft had issued a patch for it in March, reportedly after NSA officials warned the company about the flaw’s existence and its likely inclusion in a future Shadow Brokers release. Funny how that works.

The Shadow Brokers saga has captivated the security community for the better part of a year. It has all the ingredients you need for a successful Internet soap opera: spies, zero days, weird magic Internet money, and possibly Russia. It’s the perfect recipe for a conspiracy casserole.

As a community, there’s no question that we spend far too much time and energy worrying about zero days, who has them, who doesn’t, how they’re bought and sold, and who’s controlling their use. Zero days are the Tim Tebow of security. Sure, they’re fun to talk about, but for the most part they don’t matter. The reason they don’t matter all that much to most organizations is that the attackers who have a supply of zero days are very careful about how they use them, for fear of burning them. Zero days usually show up in attacks against high-value targets, which is why agencies such as NSA prize them so much. That’s their bread and butter.

But the Shadow Brokers is one of the rare cases where this kind of information and attack tools are available to a wide audience. Assuming the group has what it claims – and all the evidence so far indicates that it does – there could soon be any number of different groups of attackers with high-level tools in their possession. And those groups may have wildly different motivations and potential targets than an intelligence agency does.

“Monthly dump is being for high rollers, hackers, security companies, OEMs, and governments. Playing ‘the game’ is involving risks,” the Shadow Brokers said in their post.

In this case, the risks apply to everyone, not just the buyers.

Dennis Fisher

Dennis Fisher

Dennis Fisher is editor-in-chief at Duo Security. He is an award-winning technology journalist who has specialized in covering information security and privacy for the last 15 years. Prior to joining Duo, he was one of the founding editors of On the Wire, Threatpost and previously covered security for TechTarget and eWeek.