In 1937, an American radio series named “The Shadow” made its debut. Its dramatic opening line—“Who knows what evil lurks in the hearts of men? The Shadow knows!”—captured the imagination of the nation and lives on to this day. Lost in the shrouds of time is the line uttered at the close of each episode—-“The weed of crime bears bitter fruit. Crime does not pay…The Shadow knows!” It turns out The Shadow was not particularly prescient when it comes to today’s cyber criminals. It’s a fair bet The Shadow would see the world differently after running into the Shadow Brokers, a group which announced it presence with a series of messages like…

“!!! Attention government sponsors of cyber warfare and those who profit from it !!!!

How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT+ LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.”

If you are following this at home, the Equation Group is allegedly tied to the National Security Agency, and is considered highly sophisticated in its hacking capabilities, presumed responsible for, among other things, the Stuxnet virus that crippled Iran’s nuclear program. So, the Shadow Brokers, acting on information from Kaspersky, itself accused of ties to Russian intelligence, offered to sell tools pilfered from an entity believed to have ties to American intelligence. This would make a grand movie plot, but the outcome here has significant real life implications.

The tools being sold and released by the Shadow Brokers are opening up vast new opportunities for cyber criminals. After the latest release by the group, security expert Matthew Hickey said “It is by far the most powerful cache of exploits ever released. It is very significant as it effectively puts cyber weapons in the hands of anyone who downloads it.”

Forbes just ran a piece that looked at how the Shadow Brokers’ leaks have led to real world attacks, and what may be in the offing. The article closed with a timely reminder from security guru Bruce Schneier: “Today’s NSA secrets become tomorrow’s PhD theses and the next day’s hacker tools. As long as we’re all using the same computers, phones, social networking platforms, and computer networks, a vulnerability that allows us to spy also allows us to be spied upon.”

Who knows what evil lurks in the hearts of men? We are, once again, about to find out.

By Tom Davis, SDI Cyber Risk Practice

May 2, 2017