Anonymous hackers probably gave away hundreds of thousands of dollars in potential sales in the black market when they leaked valuable cyberweapons allegedly stolen from the U.S. National Security Agency.
The hackers, known as the Shadow Brokers, posted a sample file of the cyberweapons earlier this month and at least some of them appear to be zero-day exploits, or attacks that rely on software defects that practically no one knew about.
Before they were publicly leaked, each of these zero-day exploits could have sold for a great deal of money, according to security researchers. They’re designed to affect firewall and router products from Cisco, Juniper Networks and Fortinet, in addition to those from Chinese vendors.
Alex Rice, CTO at bug bounty platform Hackerone, estimated individually that the zero-day exploits could have sold for “north of six figures” on the digital grey market.
“Most of these exploits target information that the organization is trying to protect,” he said, which makes them particularly valuable.
Risk Based Security has also been looking over the free sample and estimated that the exploits could have been worth in total between US$200,000 and a million dollars if they had been sold to “defensive” bug bounty buyers that work to patch vulnerabilities.
“That said, given the capabilities of the targets, in the hands of the right buyer, these exploits could be worth a lot more,” Risk Based Security said in a Monday blog post.
The exploits target at least ten different vulnerabilities, and they were allegedly obtained from the Equation Group, a top cyberespionage team that some suspect could be working on behalf of the NSA.
The Equation Group has been connected with the infamous Stuxnet computer worm, and is known for developing malware that’s impossible to remove.
However, the exploits found in the sample are pretty much worthless now. Anyone can download them, but more importantly, the affected vendors have been working to address the software vulnerabilities.
Why the Shadow Brokers decided to give away such valuable exploits, isn’t clear. Typically, hackers do provide free samples of their stolen goods to establish trust with possible buyers, Rice said.
But these exploits are different. They allegedly came from the NSA, meaning the U.S. government could alert the affected vendors if it had got wind of the sale. That might dissuade potential buyers, Rice said.
Nevertheless, the Shadow Brokers are selling more of what they stole in an online auction, but so far it’s generated very modest interest.
As of Monday, the auction had received bids worth a total of 1.76 in bitcoin or $1029. That’s very little when considering the auction’s winner is supposed to receive a cyber weapon that rivals Stuxnet.
But many security researchers suspect that the auction is more of a publicity stunt. The conditions to betting on the auction aren’t exactly encouraging. The Shadow Brokers have not said when they’ll accept the final bid. Rather, they hope to receive 1 million bitcoins or $584 million, in exchange for leaking all that they allegedly stole from the Equation Group.
“The money is too high for a group that is actually hoping to sell,” said Eric O'Neill, national security strategist with security firm Carbon Black. He speculated that the Shadow Brokers are in reality trying to embarrass the NSA, either for espionage or hacktivist reasons.
“Either way, the critical issue is that until we spend more attention and resources on cybersecurity at a national level, these sort of attacks will continue and escalate,” he added.