Cybersecurity pros want to buy Shadow Brokers’ hacked exploits – CNET

Polish zloty slides to three-month low, Poland

The Shadow Brokers are releasing June’s batch of exploits for 100 ZCoin, which is worth more than $22,000, currently.

NurPhoto

It might take about $25,000 to stop the next WannaCry attack from happening. 

Considering that the global ransomware’s cost was estimated to reach $4 billion, that price sounds like a bargain and well worth a crowdfunding effort underway by a group of cybersecurity researchers.

On May 16, Shadow Brokers, the hacker group behind the stolen NSA tools that caused WannaCry and the crippling of Windows machines in 150 countries, threatened to release more exploits in June as part of its “Data Dump of the Month” service. It doubled down on its threats on Tuesday, by releasing instructions on how to buy into June’s leaks. The group is demanding 100 Zcash, another form of cryptocurrency that the Shadow Brokers hopes is more secure than bitcoin.

It’s still unclear what the Shadow Brokers will be releasing in June, but the group claims to have exploits that could hit Windows 10 machines, routers, phones and browsers. The 100 Zcash is currently valued at about $22,787 (£17688.29), but can adjust in pricing based on the cryptocurrency’s market.

“Monthly dump is being for high rollers, hackers, security companies, OEMs, and governments,” the Shadow Brokers group wrote in its instructions. “Playing ‘the game’ is involving risks.'”

But at that price, it’s not something just anybody can buy. That lead to the creation of the Shadow Brokers Response Team, a crowdfunding effort put together by Hacker Fantastic and x0rz, along with researchers Nicholas Weaver and Tim Strazzere.

They hope to be able to raise enough money to buy June’s leaked hacking tools, so they can research the exploits and find fixes for them.

“The thought of paying makes us very sad but so too did the countless calls of people affected by WannaCry and MS17-010,” the Response Team said. “If WannaCry could have been averted for a few measly cryptocurrency coins — why wasn’t it?”

Every person who backs the project will be able to get their hands on the purchased data as well — once the team has reviewed the exploits and shared the vulnerabilities to companies affected by it.

If the campaign does not reach its goals, donations will be refunded, and funds sent in bitcoin will be donated to a charity organization. The campaign had raised $2,360 by Wednesday afternoon, less than eight hours before the Shadow Brokers group is expected to release its exploits.

“The worst case situation is that these tools end up in the hands of criminals and are used to conduct further attacks,” the group said.

The idea of paying criminals to protect the public has sparked a debate among security experts, as people worry it would only encourage future threats.

“Security researchers wanting to get their hands on the exploits before cybercriminals sounds like a good thing,” Michal Salat, Avast’s director of threat intelligence said in an emailed statement. “However, we have to consider that paying the Shadow Brokers for the exploits would amost be like rewarding them for their criminal activities and will encourage them to continue.”

Logging Out: Welcome to the crossroads of online life and the afterlife.

Virtual reality 101: CNET tells you everything you need to know about VR.

Leave a Reply

Your email address will not be published. Required fields are marked *