Shadow Brokers launch zero-day exploits subscriptions for monthly fee.
Internet consumers are obsessed these days with subscription retail services. The original concept behind things like subscription DVDs or games has given rise to things like subscription grocery delivery and meal prep, subscription razor “clubs,” even subscription deodorant and feminine supplies. Amazon has banked an entire portion of its business on subscription-based goods, even offering significant discounts for customers who subscribe to a minimum of five items per month. But a new player in the internet subscription game is raising a few eyebrows… and apparently, a lot of money.
Known hacking techxperts Shadow Brokers are now offering what they’re calling a “wine of the month club,” but instead of fine vintages they’re offering up recently discovered, undisclosed zero day vulnerabilities. Their admitted target audience for this expensive offer is hackers, but also includes government officials who want to know what threats are out there, businesses who want to know if their products (or their competitors’ products) contain flaws, and other similar stakeholders.
How expensive are they talking about? Roughly $21,000 for a month’s worth of discoveries, paid out in the cryptocurrency Zcash. That might seem like a ridiculous amount of money (that no one would ever seriously consider), but according to a report from The Hacker News, “Although what the June dump would contain is not clear at the moment, the Shadow Brokers’ last announcement claimed that the upcoming data dump would include:
- Exploits for operating systems, including Windows 10.
- Exploits for web browsers, routers, and smartphones.
- Compromised data from banks and Swift providers.
- Stolen network information from Russian, Chinese, Iranian, and North Korean nuclear missile programs.”
The BBC is already reporting that two security researchers have formed a crowdfunding option to raise the money. Since Shadow Brokers’ last data dump included information that was stolen from the NSA and used to launch the WannaCry series of attacks, there just might be something to their content. Of course, the security industry is currently divided on this new type of subscription; on the one hand, it’s relatively cheap compared to the costs associated with a large-scale data breach or ransomware attack, but some say it’s also encouraging hackers to make a buck off of a zero day discovery rather than reporting it to the developer.