Shadow Brokers Have Been Running a Subscription Service Selling NSA Exploits

Rafia Shaikh
the shadow brokers monero
The group has made over ~$154,000 in Monero in just two months

The Shadow Brokers, a hacker group that first made headlines in 2016 by dumping hacking tools and exploits stolen from the National Security Agency, have apparently been running and profiting from a subscription program. "It looks like people are still paying them [the Shadow Brokers] for NSA malware," an anonymous researcher, who goes by the online moniker wh1sks, has revealed in a blog post.

In its dumping spree earlier this year, they embarrassed several tech companies, including Microsoft and Cisco, along with revealing how irresponsible the NSA itself was with the security of these zero day vulnerabilities while demanding tech companies of creating backdoors in their devices and services. However, this group hasn't only been publicly shaming the NSA and tech companies but has also been selling what some call sophisticated cyberweapons to anyone who can afford them.

Related StoryJason R. Wilson
Tesla owners mining up to $800 US a month of crypto utilizing power from their idle vehicles

In June this year, the Shadow Brokers had launched a subscription service promising to offer new weaponized malware to subscribers every month (emphasis is ours):

new monthly subscription model. Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members.
TheShadowBrokers Monthly Data Dump could be being:

  • web browser, router, handset exploits and tools
  • select items from newer Ops Disks, including newer exploits for Windows 10
  • compromised network data from more SWIFT providers and Central banks
  • compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs

The recent blog post by the security researcher reveals that the subscription model has been going strong with the group earning as much as $88,000 in cryptocurrency in July and another ~$66,000 in Monero in June. The blogger has also claimed to have identified TSB's subscribers. When contacted by Motherboard, none of the 5 identified subscribers responded to the publication.

However, earlier last month one TSB subscriber did come out publicly, as the researcher has referenced in their blog post. Calling themselves fsyourmoms, the subscriber didn't look happy with the quality of exploits they received.

Wh1sks believes that TSB "revised their payment system for their August Monthly Dump Service" after fsyourmoms' tweet and the security researcher's earlier blog post went viral.

At this moment, it is unclear if the Shadow Brokers still have any sophisticated exploits up their sleeves since they dumped several damning tools when they first appeared last year. Some of TSB's tools were also used by criminals behind the WannaCry ransomware, who only recently started to empty their bitcoin wallets ahead of Marcus Hutchin's arrest.

Share this story