Welp, I found the darknet site for the ShadowBrokers new monthly dumps service this morning. The site’s proper name according to the masthead is Scylla Hacking Store, which if you Google up Scylla Hacking you locate a tool and a preso by two Columbians from DC20 called “Scylla, because there is no patch for human stupidity” which make me wonder if this site name is a double entender on perhaps the tool being used to hack the NSA as well as the cut line of “There is no patch for human stupidity”, which implies that it was something really stupid that led to this compromise of the NSA. Of course that is all supposition on my part but the more I look at this site and the attitudes of the Shadow Brokers I tend to think I am onto something there, I mean, they aren’t that subtle right?

The site requires you to create a login and uses the proper security protocols as passwords go, BUT, as you are on the darknet the one thing that makes you think is that they require Java to do business with the site and that is a no no in the darkwebs. So I temporarily allowed the site and created an account so I could have a look around. The site has more than a few sections selling their wares and those include now APT exploits not only from the US but it seems from other countries and actors like Cozy Bear, using the Crowdstrike terminology for Russian actors. They have the old favorites too from FuzzBunch payloads and sources as well as DoS tools and other goodies for sale, so it seems we are now seeing all the things they have that may or may not have come from their hacking of the NSA?

When you create an account the site generates a bitcoin wallet for you and then you have to transfer funds to it for transactions, it is literally their wallet and you are gaining points or credits to buy the exploits you want. I checked the wallet and there is in fact a zero balance so perhaps they are generating them on the fly or this wallet is in use by the brokers as the sole one? In any case, they have come through as promised before that they would create the dumps service and now they are using the bitcoin once again as their means to an end.

Overall it seems that whoever is behind this not only has NSA’s trove but also a bunch of other exploits, tools, 0day, etc. They are in the market for making money this time and they are carrying it all out in the darknet.

So, is this Russia or is this DPRK?

Who needs money?

I know a guy…

Maybe….

Honestly though, for the longest time this group has to me, seemed to be GRU/FSB fuckery but now with this whole money making scheme I am not so sure anymore. Of course it could be RU just fucking with everyone and making it look like maybe it is ol’ Un. I mean with the fake written Asian dialect it is easy to see that someone is trying to make it look like it’s Lil Kim and his Funky Bunch …Meh, it’s all just games anyway. We live in interesting times though. I guess I should just now look forward to another group of hackers to try to crowd source funds to send them the bitcoins for these sploits huh?

Derp.

K.