The Shadow Brokers hacking group is pushing a monthly subscription service offering members top secret information including “compromised network data” from the nuclear and ballistic missile programs of Russia, China, North Korea and Iran.
The group’s monthly data dump could also include hacking exploits for web browsers, routers, and operating systems including Windows 10.
"TheShadowBrokers Data Dump of the Month" is a new monthly subscription model, the group said. Payment will likely be made in the cryptocurrency Bitcoin given the group’s ransom demands in previous cyber attacks.
The group also promised to include compromised financial data from the SWIFT international payment order system, used by banks to transfer trillions of dollars each day, as well as confidential data from several central banks.
READ MORE: Victims paid WannaCry ransom hackers less than $70k, no data recovered – White House
In a blog post published Tuesday, titled, ‘Oh Lordy! Comey Wanna Cry Edition’ the group accused the NSA of paying Microsoft to keep vulnerabilities in its software.
“The ShadowBrokers is feeling like being very responsible party about Windows dump,” Shadow Brokers wrote in the blog, in its usual bizarre dialect.
The group is responsible for the release of the National Security Agency’s (NSA) hacking exploits which highlighted a Windows vulnerability used by hackers in the recent WannaCry global ransomware attack.
It isn’t clear where the Shadow Brokers got the NSA hacking tools, but the arrest of former NSA contractor Harold T. Martin III last August for stealing a massive amount of data has made him the most likely suspect.
READ MORE: Snowden 2.0: NSA contractor arrested for stealing malware
Former NSA officials have claimed the Shadow Brokers’ tools are “identical” to those taken by Martin, reports The Washington Post.
The US government said it seized 50 terabytes of confidential data from Martin’s home which was stolen from the NSA and other intelligence agencies. A veteran contractor, Martin had access to classified information as part of his work in the intelligence-gathering division of the NSA named Tailored Access Operations.
He has been in custody since his arrest and is facing espionage charges. Another NSA employee was also arrested in 2015, but no information has been released about the individual.
Shadow Brokers first emerged last August, offering to auction hacking exploits it said were used by the NSA’s elite hacking team known as Equation Group (officially named Tailored Access Operations). NSA whistleblower Edward Snowden and others confirmed the leak was authentic.
In December, Shadow Brokers cancelled its auction and offered to sell the exploits.
In April, the group released passwords to the rest of the hacking exploits in a move described as a protest against President Donald Trump for abandoning his base.
The release included a Windows SMB [Server Message Block] exploit, EternalBlue, which was leveraged in the recent WannaCry global ransomware attack.
In its Tuesday blog post, the group expressed its surprise that governments or tech companies didn’t bid in its past auctions.
It said is has always been about “the shadowbrokers vs theequation group,” and implied the NSA is a cohort of tech companies like Microsoft.
The Shadow Brokers said it decided to share screenshots from the NSA Equation Group’s lost 2013 Windows Ops Disk in January, with the understanding that the Equation Group would then tell Microsoft and the vulnerability would be patched.
The shadowy hacking group claimed that Microsoft released its vulnerability patch in March while also alleging that the Equation Group was paying US tech companies not to patch vulnerabilities.
“TheEquationGroup is having spies inside Microsoft and other U.S. technology companies. Unwitting HUMINT[Human Intelligence],” the group claimed in its blog.
“TheEquationGroup is having former employees working in high up security jobs at U.S. Technology companies. Witting HUMINT. Russian, China, Iran, Israel intelligence all doing same at global tech companies.”
Shadow Brokers finished its post saying if a responsible party were to buy “all lost data before it is being sold to the peoples” then the group would have no more financial incentives and would “go dark permanently.”