The Shadow Brokers is once again trying to sell yet more stolen NSA cyber-weapons, raising the asking price in the process. And the gang has threatened to out one of the US spy agency's ex-operatives that it claims hacked Chinese targets.
In the now-traditional broken English statement, the smug miscreants said they had so many punters throwing money at them for their June exploit sale that they are jacking up their prices. If you want to get hold of the forthcoming July batch, it'll set you back 200 ZEC (Zcash) ($65,000) or 1,000 XMR (Monero) ($46,000), which is a rather bizarre pricing policy and double the amount the crew were charging before.
What's also slightly bizarre is that there has been, seemingly, zero fallout from that sale last month, and no evidence anyone paid up or got any code.
"Another global cyber attack is fitting end for first month of theshadowbrokers dump service," it said. "There is much theshadowbrokers can be saying about this but what is point and having not already being said?"
That's referring to this week's Petya/NotPetya outbreak and last month's WannaCry drama: both of these strains of malware used NSA exploits from the Shadow Brokers' April leak to attack Windows PCs around the world. The group, which is thought to be linked to Russian intelligence, claims the cyber-weapons it is now flogging off were nicked from the Equation Group, which is understood to be a moniker for an NSA hacking team.
In addition to its very expensive exploit-of-the-month club, the group is offering a VIP service, where it will offer specific exploits that people ask for. This doesn't come cheap however: the entry price is 400 ZEC ($131,000) and the group says "VIP Service is no guarantee of future good or services, negotiation for those is being separate."
In its latest screed the Shadow Brokers also take issue with someone they refer to as the "Doctor," who isn't a time lord but a hacker the group claims was working for the Equation Group. The brokers are apparently miffed that this person has been tweeting bad things about them.
"TheShadowBrokers is thinking 'doctor' person is former EquationGroup developer who built many tools and hacked organization in China. TheShadowBrokers is thinking 'doctor' person is co-founder of new security company and is having much venture capital," they said.
"TheShadowBrokers is hoping 'doctor' person is deciding to subscribe to dump service in July. If theshadowbrokers is not seeing subscription payment with corporate email address of firstname.lastname@example.org then theshadowbrokers might be taking tweets personally and dumping data of 'doctor' person's hacks of China with real id and security company name."
While not identifying the doctor as yet, one man thinks it might be him they are referring to. Daniel Wolfford, a specialist working for Middle Eastern mobile security firm DarkMatter, denied that he was involved in the Equation Group and does only defensive hacking.
To protect the innocent and prevent further false accusations, I will dox myself tomorrow. Nobody makes me bleed my own blood except me 4/4— Daniel R. Wolfford (@drwolfff) June 28, 2017
The price increase is bad news for white-hat security researchers, who had been planning to crowdfund buying up Shadow Broker exploits and fix them. Then again, the group could just dump the exploits on the market for free, as they have done in the past. ®