Infosec 2017: ShadowBrokers Means Business Following NSA Leaks

Notorious hacker collective The ShadowBrokers has quickly risen to fame over the last 12 months or so and special advisor for Europol EC3 Rik Ferguson believes the group means business.

Speaking at InfoSecurity Europe 2017 in London yesterday, Ferguson warned that the so called ‘hacktivists’ are here to stay after proving their worth by gaining access to computer surveillance tools used by America’s National Security Agency (NSA).

In January the group released 61 files that have reportedly been used by the NSA for things such as compromising systems and circumventing defensive software after previously calling for cyber criminals to pay them for the data via an auction.

Big plans

Even more of a worry for organisations is the recently announced plans to release a fresh batch of stolen code in July.

“They’ve aptly demonstrated that they have the data they said they had,” Ferguson said. “I think what we’re witnessing with ShadowBrokers is a realisation that their go-to-market strategy was messed up. They were promising something with no demonstration of the reality of what they had, they got no takers and that stuff eventually ended up being dumped.

“Now everyone knows that the information they have is real, they know what they have hasn’t been dumped in its entirety and Shadow Brokers have looked at how they go to market and looked at how they can maximise the return on their hacking investment.”

The new plan is to follow a subscription model, described by Ferguson as “vulnerabilities as a service”, where the group will be able to sell the same data to multiple buyers and string the process out for as long as possible.

“The more months go by, the more things get released that are nation state-level toys, the more subscribers they will have, the more money they will make and the more WannaCry’s we will see,” Ferguson warned.

James Lyne, global head of security research at Sophos added that ShadowBrokers has clearly “got everyone’s attention now, which will pose a far greater risk as this stuff actually plays out. We just have to look back at what’s happened and bolster our defences as much as we can“.

Think you know all about security in 2017? Try our quiz!