15/04/2017
NSA's powerful
Windows hacking
tools leaked online
A hacking group has
dumped a collection of spy
tools allegedly used by the
National Security Agency
online. Experts say they
are damaging.
The exploits, published by the Shadow
Brokers on Friday, contain
vulnerabilities in Windows computers
and servers. They may have been
used to target a global banking
system. One collection of 15 exploits
contains at least four Windows hacks
that researches have already been able
to replicate.
"This is quite possibly the most
damaging thing I've seen in the last
several years," said Matthew Hickey,
founder of security firm Hacker House.
"This puts a powerful nation state-level
attack tool in the hands of anyone who
wants to download it to start targeting
servers."
The exploits target a variety of
Windows servers and Windows
operating systems, including Windows
7 and Windows 8. Hickey was able to
test out exploits in his UK firm's lab
and confirmed they "work just as they
are described."
The Shadow Brokers is a group of
anonymous hackers that published
hacking tools used by the NSA last
year. Last Saturday, the group returned
and published a batch of NSA exploits
it had previously tried, and failed, to
sell. This Friday's release contains
more serious exploits. The releases are
published with strange and misspelled
blog posts, and recent posts have
been critical of the Trump
administration. The group complained
about the lack of media coverage of its
release last Saturday.
Related: Hacker claims to be selling
stolen NSA spy tools
Hickey said the Windows exploits
leaked on Friday could be used to
conduct espionage and target critical
data in Windows-based environments.
Consumers using Windows PCs could
be at risk, though experts say these
kinds of tools are more commonly
used to target businesses.
"The individual consumer is a little less
at risk, as these kinds of tools are
targeted at enterprise and business
environments," Hickey said.
A Microsoft spokesperson told
CNNTech they are reviewing the report
and will "take the necessary actions to
protect our customers." An email to
the NSA's press office has not been
returned.
Microsoft told CNNTech no one from
the government had contacted it about
the exploits listed in the dump. Since
the Shadow Brokers previously said
they had obtained NSA exploits, the
agency was likely aware of the
potential for these hacks to be exposed
to the public.
"At this time, other than reporters, no
individual or organization has
contacted us in relation to the materials
released by Shadow Brokers," a
Microsoft spokesperson said in an
email.
The Windows hacking tools may have
been used to target the SWIFT financial
security system, specifically an anti-
money laundering financial institution
called EastNets. The leaked documents
contain notes about passwords,
configuration data and networks.
The U.S. government has long been
able to access financial data through
SWIFT as part of an anti-terrorism
effort. However, according to security
researcher Nicholas Weaver of the
International Computer Science
Institute, the methods in the
documents show the NSA was going
beyond its "official access."
"Whenever the NSA is caught going in
the backdoor when they already had
front-door access (such as the
backdoor monitoring of Google and
Yahoo's internal communication
revealed in the Snowden documents),
it not only closes the backdoor but
also results in legal pushback that may
limit the front-door access," Weaver
told CNNTech in an email.
SWIFT told reporters it has not seen
unauthorized access on its networks,
and EastNets said the same.
Hickey said there are currently no
patches available for some of the
working exploits.
"As more information is learned about
these, hopefully Microsoft will release
fixes and patches," he said.
http://money.cnn.com/2017/04/14/technology/windows-exploits-shadow-brokers/index.html?sr=fbCNN041417windows-exploits-shadow-brokers1110PMVODtopLink&linkId=36531488
The tools may have been used to target banks.
