Bid to crowdfund access to NSA leaks withdrawn over legal concerns

Bid to crowdfund access to NSA leaks withdrawn over legal concerns
© Getty Images

An effort by researchers to crowdfund access to a leak-of-the-month club from the group that leaked the tool used in the Wanna Cry ransomware has been called off due to legal concerns. 

The ShadowBrokers, who have been leaking hacking tools apparently stolen from the NSA since last year, have released intelligence agency-quality source code to bypass popular security hardware, files indicating that the NSA used an interbank communications network to hack Middle Eastern financial institutions and a suite of tools to penetrate and implant malware on Windows. The ShadowBrokers announced a "wine of the month club" type subscription service to receive leaks for the remainder of their files.

The original intent of the crowdfunded "Shadowbrokers Response Team" was to purchase access to the leaks and allow security researchers to tear through the files. The team would notify software and hardware manufacturers about any vulnerabilities the ShadowBrokers released in their systems.

"If you ever want to hear a lawyer shout expletives over the phone, you need to call him and tell him that you have created the first open source, crowd-funded cyber arms acquisition attempt," posted Response Team co-founder Matthew Hickey to Twitter. A hacker known as xOrz was the second creator. 


In its day and a half on the Paetron crowdfunding website, the effort received $3,096 in donations from 40 donors — more than 10 percent of the $23,000 monthly fee.

In an interview with The Hill on Wednesday, Hickey said he was excited about the prospects of running the service. 

"At the end of the day, we are reducing the value of the tools," said Hickey, who also co-founded the cybersecurity company My Hacker House.

"If we could spend [$23,000] to prevent the next Wanna Cry, I think it's worth it."

Wanna Cry infected hundreds of thousands of computers worldwide, interfering with organizations worldwide including hospitals in Britain and the Russian government. The outbreak could have been much worse save for a series of coding mistakes, including a poorly conceived system of figuring out if security software was testing the legitimacy of the ransomware and bugs preventing Wanna Cry from executing properly on Windows XP systems. 

The Response Team garnered high-profile support from the cybersecurity community, but support was not uniform. Many in the community felt like paying the ShadowBrokers for the exploits leaks be a moral defeat. 

"The most important thing we've gotten out of it is the debate about what to do," Hickey said.