Hackers Are Crowdfunding Cryptocurrency to Buy Alleged NSA Exploits

Using a Patreon to raise cash to buy Zcash to obtain alleged state-level exploits to stop the next wave of ransomware infecting hospitals. The future is weird.

|
May 31 2017, 10:34am

frankieleon/Flickr

Update: The researchers behind the Patreon have decided to cancel the fundraising effort, largely for legal reasons.

"If you ever want to hear a lawyer shout expletives at volume down a phone you need to call him and tell him that you have created the first open source crowd-funded cyber arms acquisition attempt," the researchers said in a statement.

The original story follows below.

*

The Shadow Brokers are not going away. Earlier this month, the group of self-described hackers said it planned to launch a paid "subscription" service, where customers could apparently gain access to more exploits allegedly stolen from the NSA.

On Tuesday, the Shadow Brokers provided some more details of this service in an online post and said that June's cache of exploits would cost 100 Zcash—a more privacy focused cryptocurrency—or around $23,000 at the time of writing. In response, a few information security researchers are trying to crowdfund enough funds to get in on the action. The point, according to the researchers, is to inform affected vendors and get any lingering security vulnerabilities fixed.

"What's better: the tool everyone, including the good guys and bad guys, know about, or the one which only your adversaries have?" Matthew Hickey, co-founder of UK cybersecurity company Hacker House, and who is one of the researchers trying to raise funds, told Motherboard in a Twitter direct message.

Along with the security researcher known as x0rz, Hickey has launched a Patreon campaign. At the moment, 11 people have pitched in, raising just over $1,200. If the campaign doesn't reach its goal, the researchers will donate the funds to an as of yet undecided human or digital rights charity.

"This patreon is a chance for those who may not have large budgets (SME, startups and individuals) in the ethical hacking and whitehat community to pool resources and buy a subscription for the new monthly released data," the Patreon reads.

Since last year, the Shadow Brokers have publicly released a variety of exploits for hardware firewalls, Unix, and Windows systems. In a previous post, the group claimed they have access to exploits for popular web browsers, Windows 10, and routers, although the group has not presented concrete evidence for these alleged tools yet.

Hackers have incorporated some of the released Windows exploits into new, powerful pieces of malware. WannaCry, a ransomware variant, infected networks in Spain, Russia, China, and elsewhere, and hit the UK's National Health Service (NHS) particularly hard.

Indeed, this what the researchers want to avoid by purchasing the alleged exploits.

"By paying the Shadow Brokers the cash they asked for we hope to pool resources and avert any future WannaCry type incidents," the Patreon page explains. (According to a report in The Washington Post, the NSA provided Microsoft with details of the Windows exploits, including those used in WannaCry. In turn, the company issued patches for an array of different operating systems).

"As a harm reduction exercise it is important that any compromised parties are notified, vulnerabilities in possession of criminals are patched and tools are assessed for capabilities. We will release any and all information obtained from this once we have assessed and notified vendors of any potential 0days," the Patreon adds.

Of course, this episode brings up all sorts of ethical questions: should researchers pay criminals for exploits at all? What if the intention is ultimately to patch systems?

However, those questions also rest on the premise that the subscription service is genuine. The Shadow Brokers have ostensibly tried to sell exploits before: first, in an auction, and then individually, with little to no success. But the group ended up dumping the hacking tools anyway, making it plainly obvious that this isn't about the money at all. Instead, this increasingly bizarre, public showmanship is about a feud between the Shadow Brokers, whoever they are, and Equation Group, a hacking unit allegedly part of the NSA.

"TheShadowBrokers is not being interested in stealing grandmother's retirement money. This is always being about theshadowbrokers vs theequationgroup," the group wrote in a recent post.

Subscribe to Science Solved It, Motherboard's new show about the greatest mysteries that were solved by science.