【Italy】

It's quite the dilemma: A nefarious group of hackers plans to sell a cache of stolen National Security Agency exploits,Italy but you can't quite come up with the cryptocurrency needed to buy it.

What to do?

Well, if you're two prominent security researchers, the answer is simple: crowdfund it. That's right, there's now a Patreon for buying stolen NSA hacking tools.

But it's not what you might think. The researchers behind the Patreon campaign, Hacker Fantastic and x0rz, hope that by purchasing the data they will be able to analyze it and possibly prevent another attack like the WannaCry ransomware.

This Tweet is currently unavailable. It might be loading or has been removed.

It all comes back to the Shadow Brokers, the group that dumped a host of exploits in April after ostensibly trying to sell them first. Its members made news again in May when they announced that they not only have more code, but that they intend to launch a subscription service to dole it out.

"TheShadowBrokers is launching new monthly subscription model," they explained. "Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month."

It's a threat that should not be taken lightly. Just a single NSA exploit — EternalBlue — was crucial to the global spread of WannaCry. Imagine a new WannaCry-like worm every time the Shadow Brokers released additional exploits. It would be more than a digital nightmare — people could die.

That doesn't need to happen, however. Hacker Fantastic and x0rz argue that early access to the exploits could provide security researchers time to develop and share fixes for vulnerable code. That's where the Patreon campaign comes in.

The Shadow Brokers requested payment in the cryptocurrency Zcash, and the two researchers think paying up is actually the smart move. Why? Because one way or another, those exploits are likely to get out.

"I think they will eventually dump it to cause mayhem," confirmed x0rz via Twitter direct message. "So far [the Shadow Brokers] didn't say they are willing to dump them for free (but we can guess they will)."

X0rz, who declined to provide a real name, went on to note that gaining access "even 48hours before [the dump] can be good for the community" so that "vendors and [Free and open-source software] developers can catch up and fix the vulns."

This approach is not without its critics. To be sure, giving 100 ZEC (approximately $23,344 at the time of this writing) to unknown criminal elements is not exactly without risk. The Shadow Brokers could use it to fund malicious actions, or at the very least just keep the money and not deliver.

This Tweet is currently unavailable. It might be loading or has been removed.

Hacker Fantastic and x0rz think it's worth the risk, however.

This Tweet is currently unavailable. It might be loading or has been removed.

Those interested in helping the campaign reach its goal can donate any amount of money, but those who kick $1,300 or more will get direct access to the Shadow Brokers' exploits as soon as they are released to paying members.

To prevent some random criminal from using this crowdfunding campaign to gain nation-state level toolkits for his or herself, Hacker Fantastic and x0rz are limiting code sharing to "whitehat ethical hackers" who can prove who they are. So that's good.

Meanwhile, the clock is ticking. As the Shadow Brokers' sale ends June 30, the two researchers have only a month to scrape together the money. Should they fall short, any funds they did collect will be donated.

But if they succeed? Well, then we all may just have a fighting chance against the next WannaCry.

UPDATE: June 1, 2017, 9:32 a.m. PDT

Well that didn't last long. The two security researchers behind the crowdfunding campaign have pulled the plug, and will return contributed Bitcoin where possible and donate it to the Electronic Frontier Foundation where not.

What happened? Well, in addition to being super controversial among the hacker community, their efforts put them at possible legal risk.

"If you ever want to hear a lawyer shout expletives at volume down a phone you need to call him and tell him that you have created the first open source crowd-funded cyber arms acquisition attempt," Hacker Fantastic wrote in a statement. "It transpires that should funds change hands from ours to the Shadow Brokers we would be certainly risking some form of legal complications. It was just too risky and the advice was under no circumstances to proceed further with this."

X0rz shared some of the above concerns, and further noted that buying allegedly stolen NSA exploits from what may or may not be a front for the Russian security services was perhaps a little too high stakes.

"I guess now we should only spectate what will happen next, like we did before," wrote the researcher. "It's unfortunate but that's the way it ought to be, we just can't play at this game between (*cough* allegedly) powerful countries."