Personal Security Takes A Hit With Public Release Of NSA's Hacking Toolkit
from the national-security-still-healthy,-but-always-worth-panicking-over dept
Former members of Team Espionage recently expressed their concern that the Shadow Brokers' dump of NSA Windows exploits had done serious damage to the security of the nation. The unwanted exposure of NSA power tools supposedly harmed intelligence gathering efforts, even though the tools targeted outdated operating systems and network software.
However, there are still plenty of computers and networks online using outmoded software. This makes the released exploits a threat (especially those targeting XP users, as that version will never be patched). But not much of a threat to national security, despite the comments of anonymous former Intelligence Community members. It makes them a threat to personal security, as Chris Bing at CyberScoop points out:
One of these hacking tools, a backdoor implant codenamed DOUBLEPULSAR — which is used to run malicious code on an already compromised box — has already been installed on 30,000 to 50,000 hosts, according to Phobos Group founder Dan Tentler. Other researchers have also engineered different detection scripts to quickly scan the internet for infected computers.
John Matherly, the CEO of internet scanning-tool maker Shodan.io, said that upwards of 100,000 computers could be affected.
Rather surprisingly, data gathered by security researchers shows a majority of the infected computers are in the United States. This shows Microsoft's steady updating push still faces a sizable resistance right here at home. What it also shows is how fast exploits can be repurposed and redeployed once they're made public. The scans for DOUBLEPULSAR have turned up thousands of hits worldwide.
DOUBLEPULSAR is simply a backdoor, but an extremely handy one. Once installed, it makes targeted computers extremely receptive to further malware payloads.
“The presence of DOUBLEPULSAR doesn’t mean they’re infected by the NSA, it means there is a loading dock ready and waiting for whatever malware anyone wants to give it,” Tentler said. “The chances are none that all theses hosts [were hacked by] the NSA.
So, there's that small bit of comfort. It's not the NSA nosing around the innards of your Windows box, but a bunch of script kiddies playing with new toys… adding them to the normal rolls of malware purveyors seeking to zombify your device and/or make off with whatever information is needed to open fraudulent credit card accounts or whatever.
The NSA certainly could have informed Microsoft of these exploits before it ended support for certain platforms, thus ensuring late- (or never-) adopters were slightly more protected from malware merchants and state agencies. But that's the Vulnerabilities Equity Process for you: no forewarning until a third party threatens to turn your computing weapons over to the general public.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: exploits, hacking tools, privacy, security, shadow brokers
Reader Comments
Subscribe: RSS
View by: Time | Thread
Release of the exploits is not the problem
[ link to this | view in chronology ]
Re: Release of the exploits is not the problem
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I thought
1. Am I mistaken?
2. If not, who is going to jail?
[ link to this | view in chronology ]
Re: I thought
Namely they can claim "National Security" and never tell anyone about the bug/security risk.
[ link to this | view in chronology ]
Re: Re: I thought
[ link to this | view in chronology ]
Distraction, Distortion, & Ignorance
"Former members of Team Espionage recently expressed their concern that the Shadow Brokers' dump of NSA Windows exploits had done serious damage to the security of the nation."
Team Espionage are the ones that caused the serious damage, they are just trying to save face to "Distract" you from their wrong doings here, by using "Distortion" of the facts to play on everyone's "Ignorance" about technology.
A Government of Liberty and Justice cannot operate in secrecy or shadows.
Liberty and Justice can only stand in the light because it's principals generate light which destroys secrets and shadows. Secrecy and Shadows require darkness so that they can be safe from the light.
When you agree that the Government can secretly spy or secretly interpret law, then you also agree that the Government will now become your master and owner and you the subject and slave.
[ link to this | view in chronology ]
Re: Distraction, Distortion, & Ignorance
If that's your view, using any software without publically viewable source code (and a way to verify the binaries match) would be a mistake.
[ link to this | view in chronology ]
Re: Re: Distraction, Distortion, & Ignorance
[ link to this | view in chronology ]
Old implants vs New implants
[ link to this | view in chronology ]
Always running the latest
I don't understand these people who act like software companies who are so evil to make us upgrade our machines against our will all the time.
Most of the time there are solid fixes and improvements. As this little tale of WinXP vulnerabilities highlights. Even when there are things done over time that you don't like, almost always these are more than compensated for by the stuff that is fixed.
[ link to this | view in chronology ]
Re: Always running the latest
Their recent move to the new take all or non updates doesn't help either.
And the lack of privacy controls in Win 10 Creators make it very clear that Microsoft intends to monitor what you do and view with your PC and feed you Ads based on that. NO option for most to opt out.
[ link to this | view in chronology ]
Re: Re: Always running the latest
I am no fan of M$ or Win 10 but I upgraded my Win 10 laptop to creators yesterday and was surprised to be instantly given the privacy options (which they had very nicely re-enabled all tracking features for me). In previous updates they just re-enabled them without telling me so at least I didn't have to go hunting for the options to check they were disabled.
[ link to this | view in chronology ]
Re: Re: Always running the latest
Microsoft shouldn't hold security updates hostage in order to encourage you to update to Win 10.
/quote
no.. they aren't holding them.
they simply don't waste work hours creating security updates for unsupported operating systems, partially updated systems or unsupported silicon.
what you're actually demanding is forced labour / unpaid labour / slavery for a system configuration it was not designed for, or intended to be used on.
[ link to this | view in chronology ]
Re: Always running the latest
[ link to this | view in chronology ]
But the problem was, nobody called it a "backdoor", and the Bad Guys didn't realize they couldn't use it.
[ link to this | view in chronology ]
FTFY
The truth shall set US free.
[ link to this | view in chronology ]
Old implants vs New implants
[ link to this | view in chronology ]
Joke aside, yes whenever the law gets a mandated backdoor some bad guys will eventually get access to it.
Even if security WAS foolproof, cops are, at the end of the day, still human and therefore corruptible.
[ link to this | view in chronology ]
public hacking tools making us more vulnerable
Perhaps we need a national agency tasked with finding exploits and working with the major software groups. I'm sure many people would like to work for the good guys and help Microsoft, Adobe, Symantec, etc find the exploits so they can patch them.
[ link to this | view in chronology ]
Re: public hacking tools making us more vulnerable
Um, never?
If that's what you want, find a Live OS DVD distro of your choosing. KNOPPIX and TAILS come to mind, but most any of the Linux install DVD's would fit the bill. Most can be installed on thumb drives with minimal effort.
And I'm sure someone will point out a Windows based Live DVD image somewhere.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]