TheShadowBrokers launches subscription service – like a monthly wine club only for hackers

It’s the subscription service no white hat hacker or IT pro asked for, but that could be delivered straight to your inbox soon.

You may remember the hacking group, TheShadowBrokers, from their exploit dump conducted earlier this year. The group got a hold of several NSA exploits and backdoor vulnerabilities such as EternalBlue, an exploit that was integral in the Wanna Cry attack that occurred two weeks ago.

Not content to simply auction off the information to the highest bidder, TheShadowBrokers wanted to go more widespread with their market.

Apparently, TheShadowBrokers are using that success to launch a new subscription service that runs, apparently, like a wine-of-the-month club. And that’s their words, not ours (disclaimer: article from ESL writer). So what will this nefarious exploit-of-the-month club include?

Those that subscribe will have access to their choice of the following:

  • web browser, router, handset exploits and tools
  • select items from newer Ops Disks, including newer exploits for Windows 10
  • compromised network data from more SWIFT providers and Central banks
  • compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs

The service is set to launch some time in June, following TheShadowBrokers’ underwhelming success in selling off their data. Wanna Cry has only boosted the credibility of the otherwise new-to-the-hacking-scene group, which has only been active for less than a year.

TheShadowBrokers’ service does pose an interesting dilemma for vendors and security researchers, however. It’s unclear just what other NSA exploits the hackers have and how easy these exploits can be weaponized. So do the white hats and vendors buy into the service to get a better understanding for what to protect users against, and in doing so support illegal activities? Or do they sit back and bolster defenses for an all-around attack?

In cybersecurity, there is no easy and straightforward answer. Cybersecurity professionals are in a constant dance with hackers to protect systems and data from intrusions. With this, the pros could at least be on an even playing field with the bad guys, but at what greater cost?

With TheShadowBrokers claiming to hold 75% of the NSA’s cyber exploits and weapons, what other choice do they have?