Hackers shelve crowdfunding drive for Shadow Brokers exploits

To some, it was a terrible idea akin to paying bad people to do harm. To others, it was a chance to build more powerful defenses against the next WannaCry.

It’s now a moot point.

Forty-eight hours after they started a crowdsourcing effort on Patreon to raise $25,000 a month for a monthly Shadow Brokers subscription service, security researchers Matthew Hickey – perhaps better known as Hacker Fantastic – and x0rz, announced the fund’s cancellation. Thursday morning, the page was empty:

In a statement posted on Pastebin, x0rz chalked it up to legal concerns:

The researchers had launched a poll along with the crowdsourcing page, showing feelings about the effort nearly split down the middle:

Shortly after its leak of NSA exploit tools enabled the spread of WannaCry, the Shadow Brokers hacking group promised to launch a monthly subscription service for more zero-days. To get in on the action, Shadow Brokers said it would require that subscribers send them 100 ZEC (Zcash cryptocurrency) or $21,000 per month. The group emptied its Bitcoin wallet, then switched over to Zcash. The group said it could require a different currency the following month.

So what will this subscription service get you? A roll of the dice, essentially. Shadow Brokers put it this way on their site:

Monthly dump is being for high rollers, hackers, security companies, OEMs, and governments. Playing ‘the game’ is involving risks.

They promise to continue with a seat-of-the-pants approach beyond June. Asked what will be in the next dump, the group said:

TheShadowBrokers is not deciding yet. Something of value to someone. See theshadowbrokers’ previous posts. The time for ‘I’ll show you mine if you show me yours first’ is being over. Peoples is seeing what happenings when theshadowbrokers is showing theshadowbrokers’ first. This is being wrong question. Question to be asking ‘Can my organization afford not to be first to get access to theshadowbrokers dumps?’

Sophos CTO Joe Levy warned earlier this week that those who consider doing business with Shadow Brokers and others like them should tread very carefully.

As recent leaks show, the Shadow Brokers crew certainly seem to have acquired some high-value stolen goods, although their previous attempts to auction them off came to nothing and they ended up dumping the data for free. But there’s no reason to believe they have an ongoing supply, or that their subscription service is anything but a cash grab. 

He said would-be subscribers should ask themselves the following before diving in: what are you going to do if they don’t deliver? Ask for a refund? Report them to the ombudsman?

Sophos’s view: Better to not go there.