Shadow Brokers Subscription Service: Hacking Group Charging For Monthly Releases Of Stolen NSA Exploits

A group of anonymous hackers known as the Shadow Brokers announced Tuesday it is creating a monthly subscription service that will provide exploits stolen from the U.S. National Security Agency.

The group is opening the subscription service June 1 and asking interested parties to pay 100 ZCash coins to join. The cryptocurrency — which the Shadow Brokers note is not a reliable currency — is currently valued at $230 per coin, making the sign-up cost more than $23,000.

Read: NSA Hacking Tools Used In WannaCry Global Ransomware Attack Targeting Hospitals, Banks And Tech Companies

In a message announcing the service, the Shadow Brokers said the subscription model is designed to attract “high rollers, hackers, security companies, [Original Equipment Manufacturers] and governments.”

It is unclear what the anonymous hacking collective will offer up to subscribers in its first information dump. The group said it hasn’t decided what will be released, but it will be “something of value to someone.” While the price is steep, the hackers suggest companies won’t be able to afford not to have early access to the leaked exploits.

Some security researchers already have suggested launching crowdfunding campaigns as a way to raise funds and gain access to the leaks without having to pay the full price. Others have suggested paying for the exploits would simply go to serve the ends of the hackers and potentially encourage them to carry out more attacks.

The subscription service, for which details still are sparse, is just the latest attempt by the hacking collective to turn a profit on the stolen exploits in their possession. Last summer, the Shadow Brokers attempted to auction off stolen NSA tools to the highest bidder.

Read: WannaCrypt Ransomware Windows Patch: Microsoft Tells Government To Stop Hoarding Security Vulnerabilities

When the auction failed to generate enough interest, the Shadow Brokers released the stolen exploits — including one that was used to spread the WannaCry ransomware attack that hit hundreds of thousands of computers in 150 countries around the world.

Other exploits also released by the Shadow Brokers have been used to launch malicious campaigns, including the EternalRocks attack, which makes use of more than a half-dozen exploits stolen from the NSA and made public by the hacking group.

While the Shadow Brokers haven’t been around long, its track record of genuine releases so far make the proposition of a pay service tempting, both to groups that want to research and understand the security vulnerabilities and to those that want to exploit them.

The financial motivation to steal and sell the vulnerabilities adds a new layer of concern for those who may be put at risk by the availability of such information. In the case of WannaCry, millions of Windows users were left at risk because the NSA did not disclose the exploit used to spread the ransomware attack until the agency feared it would be made public.

The NSA did eventually inform Microsoft of the vulnerability and the company issued a patch but many people did not install the security update, leaving them vulnerable once the leaked exploit was put to use for malicious purposes. Microsoft has since called for government agencies to disclose exploits more actively to companies so they can be patched properly.