Two cybersecurity experts are attempting to crowdfund the purchase of alleged National Security Agency (NSA) cyberweapons from a collective known as The Shadow Brokers, less than a month after one previously-leaked exploit was used to fuel a global ransomware epidemic.
In mid-May, the Shadow Brokers, which may be linked to Russian cybercrime, teased a new "monthly subscription model" would be used to release more computer exploits. It claimed to have information about major vulnerabilities and network data from nuclear missile programs.
This week (30 May), the hackers released a statement saying anyone interested should pay 100 ZCash ($23,000) – a cryptocurrency – by the end of June 2017.
This piqued the interest of two experts - Matthew Hickey of security firm Hacker House and a researcher known as 'x0rz'. The pair started a Patreon, used to solicit funds for business ideas or creative projects.
"The worst case situation is that these tools end up in the hands of criminals and are used to conduct further attacks," a description page reads.
At the time of writing, it had more than a dozen backers with $1,694 raised.
The researchers said if they fail to crowdfund the goal of $25,000 for the monthly membership deal with the illicit hacking group the money will instead be donated to a digital rights organisation such as the Electronic Freedom Foundation (EFF).
In April this year, the Shadow Brokers released a suspected NSA exploit that was later used to superpower a form of ransomware now dubbed "WannaCry". Within 48 hours, infections had spread to more than 200,000 machines in 150 countries according to Europol.
Shunning legal concerns, Hickey and x0rz believe the focus should be on transparency.
They said the ultimate aim of the Patreon is to help analyse the leaked information in order to help curb the next potential outbreak. That's if the Shadow Brokers can even be trusted, of course.
"The Shadow Brokers might not have any more data, they could be trolling the world and laughing at us from their terminal," the pair wrote, later adding a line of caution to potential backers: "It really has been left as an open-ended question as to what they hold - if anything at all."
It continued: "All data will be handled in-line with responsible disclosure security guidelines before being made public in the interests of transparency. The outcome of this fund raise, data and analysis performed will be made publicly available for everyone."
When the Shadow Brokers first emerged, it demanded 1 million bitcoin – the equivalent to more than $550 million at the time – in exchange for NSA hacking tools. Later, after the "auction" was unsuccessful, it scrapped the idea and publicly released the data into the public domain.