Imagine a loot box — but for security exploits.
The people behind the security exploits that powered WannaCry are threatening more leaks.
The Shadow Brokers — a group that claimed last Saturday (May 13) that they have stolen hacking tools from the National Security Agency (NSA) — said in a blog post that it would set up a "monthly subscription model" for security exploits.
"Is being like wine of month club," they wrote in broken English. "Each month peoples [sic] can be paying membership fee, then getting members only data dump each month."
Tools that belonged to the NSA and were found in WannaCry, the ransomware that paralysed much of the world last weekend, were originally released by the Shadow Brokers in April.
The Shadow Brokers said that members can expect to get compromised banking data from SWIFT, a global banking network, newer exploits for Windows 10, and compromised network data from "Russian, Chinese, Iranian or North Korean" nuclear and missile programs.
Revealing data from SWIFT and nuclear programs in Russia, China, Iran or North Korea could disrupt ongoing NSA operations, according to Nicholas Weaver, a staff cybersecurity researcher writing on LawFare.
He added that most of the exploits The Shadow Brokers May release are still patchable, though exploits to Android handsets might remain "devastating."
"Financial spying by the NSA is probably the most important and least liberty-infringing bulk-style program possible — and I doubt anyone outside the targeted countries would have a problem with the NSA spying on foreign WMD and missile programs," Weaver wrote.
This isn’t the first time the group has attempted to sell its exploits and cyber-weaponry.
The Shadow Brokers had originally tried to sell the stolen tools in an auction, but backed down after receiving no bidders.
"TheShadowBrokers is not being interested in stealing grandmothers’ retirement money," the group said, adding that the theft has "always" been about the Shadow Brokers versus the Equation Group, a hacking group linked to the NSA.
The group had also previously put exploits up for sale on ZeroNet for up to 250 bitcoins a piece ($454,815 today) in January, Motherboard reported.