Posted on June 29, 2017 at 3:16 PM
A new message from Shadow Brokers appeared today. In it, the hacking group is gloating about the problems that the new ransomware is causing. Besides this, it also contains a threat to expose the identity of one of NSA’s employees. The reason for this is, allegedly, this employee’s tweet in which they mock the hacking group.
They also mention having many subscribers for the monthly data dump that was started after the NSA hack. They also announced that from July, anyone wishing to subscribe to these data dumps will have to pay double for their subscription. This means that the sum of $33,000 is required, or around 200 Zcash.
Also, after they were approached several times with questions concerning the data dumps, they decided to start a new ‘VIP Sevice’. Those who pay 400 ZEC will get the group’s VIP attention. They offer no real data, only information for those who have questions.
The more important part of their announcement, however, revolves around threats to the alleged former NSA member. In their broken English, the Brokers said that a certain ‘Doctor’ person is ‘writing ugly tweets to theshadowbrokers’. They continued to accuse this user of being the former NSA developer, that has co-founded a new security company.
They threatened to reveal his true identity unless he signs up for their data dump service. If not, their identity is becoming a part of the package. This is obviously blackmailing, however, a Twitter user @drwolfff reached out to the reporters and said that he is the one that the Brokers have mentioned.
Apparently @shadowbrokerss threatened me in his new post. 1) don't feed trolls. 2) I was never equationgroup. 3) let's meet in vegas
— Daniel R. Wolfford (@drwolfff) June 28, 2017
This user denied having anything to do with NSA, or that he created any cyber tools for this agency. He even denied having a cyber security company. Instead, this user claims that the Shadow Brokers are mad at him because he made fun of their grammar.
Many believe that this bad grammar is a part of the Brokers’ online persona so that they would hide any linguistic clues to their identities. Many believe that the Brokers are of Russian origin, while Drwolfff himself theorized that they might be the former NSA.
Drwolfff also allows the possibility that Shadow Brokers have misidentified him. The founder of a US-based cyber security firm RenditionSec, Jake Williams, supports this as well. He even said so on his Twitter and stated that the Brokers are wrong about the @drwolfff account.
— Jake Williams (@MalwareJake) June 28, 2017
Those who know who Drwolfff really is, have all been genuinely surprised by these accusations, which proves the theory of the threats being a mistake. Because of this, Drwolfff stated that on June 29, he plans of doxing himself to prevent these false accusations.
Also, the fact that the Brokers are threatening exposure of NSA employees, even if they are wrong about them, was not appreciated. Releasing such data threatens people’s safety and security, and it is mentioned that they never tied people so specifically to operations in which they were or are involved.
This is seen as a huge escalation in cyber warfare, which means that hiding online behind codenames isn’t safe anymore.
Still, it wasn’t the Brokers who started this identity-revealing trend. Instead, the US DOJ was the responsible party, and just this year they actually named two of the Russian FSB officials. They even connected them to Yahoo data breach from 2014.
Additionally, the US went after Iranian hackers and even Chinese military members. Because of this, some say that what happens to NSA now is their own fault. The biggest problem would be if they started going after innocent people and accusing them of being a part of the NSA.