An unexpected release occurred last Friday when a cache of hacking tools that were created by the US’s NSA was suddenly dumped online by the hacking group called the Shadow Brokers.
This news was pretty shocking for many members of the digital security community, mostly because these tools were created for hacking computers that used Windows operating system, which would leave millions and millions of machines at NSA’s mercy.
The tools were tested by security experts, and after they discovered that the tools were fully operational, many started to fear for their privacy and safety of their devices.
This is really bad, in about an hour or so any attacker can download simple toolkit to hack into Microsoft based computers around the globe.
— Hacker Fantastic (@hackerfantastic) April 14, 2017
Another unexpected event followed this discovery when Microsoft calmed the situation down by saying that many of the vulnerabilities that could have been exploited by this method were already addressed in one of their security updates that were released a month ago.
This was mentioned in an official statement made by Microsoft executive Philip Misner, who’s in charge of security. He said that the company’s experts have already analyzed the tools and the way they worked and that they confirmed that the vulnerabilities that the tools would exploit were already taken care of.
Later in this post, we can see the nine vulnerabilities that were discovered, and Misner claims that Microsoft has already fixed three of them. Many were left confused by this since the usual practice of the company is to give credit to those who have discovered the flaw, and to mention them in the notes that come with an update. Nothing like this was found in the note connected to the update from March 14, while there are many acknowledgments for other discovered flaws.
There are many potential reasons for this. Perhaps the person or the organization that discovered the flaw wanted to remain anonymous. Perhaps something else is in question. One theory even claims that the NSA reported the flaws to Microsoft and that they knew that the tools would be released to the public.
So far, the US government hasn’t made an official statement concerning this incident, nor did they comment on the authenticity of the tools in question. Still, previous leaks by the organization called the Shadow Brokers have proved to be genuine, at least partially.
Another big news that this organization has released is the NSA’s supposed infiltration of the SWIFT network, that’s used by financial institutions for money transfers. It’s been claimed that the NSA used a firm from Dubai, called EastNets, but the firm said that there was no evidence of such actions in their systems. NSA was also accused of implanting malware in up to 16 different banks in the Middle East, all in the purpose of collecting data. This could mean that they’re secretly tracking every money transaction in that region.
And when it comes to regular internet users, they’re not sure whether to panic because their systems were flawed, or to be relieved that the flaws are now fixed. This only confirms that nothing is truly safe if it’s posted online, or even if it has any sort of connection to the web.