A group of hackers calling themselves the “The Shadow Brokers” have claimed responsibility for releasing the WannaCry malware.
They have also claimed that the tool was stolen from the NSA.
According to a report from the Normangee Star, the group published a blog post, claiming that the NSA used a known flaw in the Windows operating system to build a custom hacking tool. That tool, they say, was the basis for WannaCry, the ransomware responsible for an ongoing attack in which over 230,000 systems have been compromised in over 150 countries. It has been described as unprecedented in scale, and has affected many major entities including Britain’s National Health Service, FedEx, and more.
The attack relies on an exploit called EternalBlue, which was, according to The Verge, at least known of by the NSA. According to the Shadow Brokers, they stole the tool two months ago and released it into the public. They also claim to have had a significant number of Oracle vulnerabilities, but that those were quietly patched up after the NSA informed Oracle of the breach.
But that’s not nearly all. The Shadow Brokers are now claiming to have a significant amount of additional data, which they say they will be releasing on a monthly basis. They claim that their stolen data could include “compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs,” alongside Windows 10 exploits, central banking data, smartphone exploits, and more.
The Shadow Brokers have some credibility at this point. Along with the EternalBlue exploit, they leaked other tools from a company called “Equation Group,” which is believed by many to be a part of the NSA. Given what other data they claim to have access to, particularly stolen nuclear program information, many consider their claims to be extremely alarming.
According to the Shadow Brokers, they aren’t interested in collecting “bug bounties” for finding vulnerabilities. They aren’t interested in selling to criminals or corporations either, they say; instead, they claim that “The Shadow Brokers is taking pride in picking adversary equal to or better than selves, a worthy opponent. Is always being about The Shadow Brokers vs The Equation Group.” (Note: the group is known for making their announcements in faux-broken English, for unknown reasons; the writer has demonstrated fluency with the language in the past.)
At the same time, the writer added, “But I can not defend an agency having powerful tools if it can not protect the tools and keep them in its own hands.”
The Shadow Brokers went on to announce their intention for a “new monthly subscription model,” allowing people to pay for access to the monthly data dumps. Ultimately, however, they implied that they expected governments and government agencies to bid on the data in their first action, and released it to the public when none did – they implied at the end of their post that the NSA could prevent further leaks by “buying all lost data” before it is sold to anyone else.
In other words, it sounds as if The Shadow Brokers are attempting to ransom governments.
The group also made reference to Microsoft President and Chief Legal Officer Brad Smith’s shots at the NSA earlier Sunday, where he criticized the organization for stockpiling exploits and vulnerabilities; The Shadow Brokers responded (in unusually right-wing language) that Microsoft was embarrassed and trying to push off the blame for not fixing the vulnerabilities themselves, and implied that the government was paying U.S. tech companies to deliberately leave flaws open for them.
Whatever the case may actually be, the group responsible for WannaCry is claiming to have a significant amount of extremely sensitive data, and is threatening to release it unless they are bought off. Only time will tell what the ultimate result will be.
[Featured Image by Sean Gallup/Getty Images]