Hacking group ShadowBrokers raises prices for leaks

Hacking group ShadowBrokers raises prices for leaks

TheShadowBrokers, a group that leaked purported NSA hacking tools eventually used in a massive global ransomware attack, are seeking more money for their leaks.

The group had launched a monthly subscription service in June they likened to a "wine of the month club," offering to people who paid regular leaks of hacking tools and documents.

The service was launched at $27,000 a month in digital currency. The group raised the price to $61,000 that same month.

On Thursday, TheShadowBrokers raised the price again to roughly $92,500. 

The group gained notoriety by releasing source code that could be used to hack a variety of security hardware and operating systems throughout 2016 and 2017. The leaks were ostensibly to promote the sale of the remaining cache of hacking tools and documents in the group's possession, files the group claimed were stolen from the NSA.  

The massive ransomware outbreak WannaCry, which infected 300,000 systems around the world in a little less than a week, made use of the Windows hacking tools released by TheShadowBrokers. 

The group first tried auctioning off the files and later tried crowdfunding their release. Finally, it settled in recent months on selling them as a subscription service for monthly leaks.

An expert on the group, Matt Suiche, accused them of making false claims to boost their profile during a presentation on the group at the BlackHat conference on Thursday. He spoke hours after they raised their subscription service price.

Suiche, founder of Comae Technologies, was successful in reverse engineering TheShadowBrokers' products. The group in return accused him of being a former elite NSA hacker that helped design the hacking tools they leaked. Suiche is not American and would not likely qualify for that type of position.

There is a debate over whether TheShadowBrokers are motivated by money.

"I don't think money is the motive," Suiche said. 

"I would not be surprised if it came from a contractor," he added, later clarifying that he meant they obtained their files from a contractor or that a contractor was the leaker. 

In his presentation on the group, Suiche noted the aggressive tone toward the government in the group's messages and tweets. Others have noted that the group leaked vulnerabilities as the U.S. mulled making public its assertion that Russia hacked the Democratic National Committee.

There are also questions about what documents and hacking tools the group still has in its possession.

Suiche questioned the group's claims.

After it was launched in June, one claimed subscriber publicly complained that the group had only sent a single file in its first month. But inconsistencies in screenshots of the exchange between TheShadowBrokers and the customer led Suiche to believe the group was just trying to signal that it had more files in its possession.

The group announced the subscription service saying that it might leak a list of potentially controversial files detailing operations or describing new software vulnerability. Suiche said the group has never proven it has any more files than the ones it released. 

Their Thursday post announcing the new price was surprisingly focused for the group, which has often sent erratic messages in the past.

Past messages from the group included pro-conservative political statements, one claiming that they would release files in protest if President Trump tried to move to the political center.

Suiche said the responses to TheShadowBrokers' blogpost appeared to be so generic and similar they may have been posted using automated commenting systems.

One reply from "Team101," said simply "Interesting information. Thank you." Other replies were similar in tone.

"It almost looks like they've used a bot to post on it," he said.