“The Keys To The Kingdom”…Panic As NSA’s Windows Hacking Tools

Posted By: Watchman
Date: Friday, 14-Apr-2017 22:19:12
“This is not a drill,” notorious NSA whistleblower Edward Snowden says.

Malware used by the NSA to hack into Microsoft Windows systems was reportedly leaked just hours ago, meaning anyone who gets the software will have the virtual “keys to the kingdom” and can hack into practically any computer running Windows they want.

This is not a drill: #NSA exploits affecting many fully-patched Windows systems have been released to the wild. NSA did not warn Microsoft. https://t.co/2H8F7vH7fW

— Edward Snowden (@Snowden) April 14, 2017

This is really bad, in about an hour or so any attacker can download simple toolkit to hack into Microsoft based computers around the globe.

— Hacker Fantastic (@hackerfantastic) April 14, 2017

#NSA knew their hacking methods were stolen last year, but refused to tell software makers how to lock the thieves out. Are they liable?

— Edward Snowden (@Snowden) April 14, 2017

Windows 10 is allegedly safe:

New: @lorenzoFB spells out why you should care about the latest dump of alleged NSA exploits. It’s gonna get rocky https://t.co/AqXD5gpNJW pic.twitter.com/wum0dy1Y16

— Joseph Cox (@josephfcox) April 14, 2017

The NSA allegedly knew the leaks were coming but did nothing:

WINDOWS 10 does not appear impacted by ETERNALBLUE or ETERNAL exploit series in my lab test.

— Hacker Fantastic (@hackerfantastic) April 14, 2017

Shadow Brokers previously advertised these Windows exploits, with codenames, in January. NSA knew what was coming https://t.co/3WijxUaxTQ pic.twitter.com/m57t5zlESV

— Joseph Cox (@josephfcox) April 14, 2017

The Intercept got video of one of the hacks in question:

From The Intercept:

The ShadowBrokers, an entity previously confirmed by The Intercept to have leaked authentic malware used by the NSA to attack computers around the world, today released another cache of what appears to be extremely potent (and previously unknown) software capable of breaking into systems running Windows. The software could give nearly anyone with sufficient technical knowledge the ability to wreak havoc on millions of Microsoft users.

The leak includes a litany of typically codenamed software “implants” with names like ODDJOB, ZIPPYBEER, and ESTEEMAUDIT, capable of breaking into — and in some cases seizing control of — computers running version of the Windows operating system earlier than the most recent Windows 10. The vulnerable Windows versions ran more than 65 percent of desktop computers surfing the web last month, according to estimates from the tracking firm Net Market Share.

The crown jewel of the implant collection appears to be a program named FUZZBUNCH, which essentially automates the deployment of NSA malware, and would allow a member of agency’s Tailored Access Operations group to more easily infect a target from their desk.

According to security researcher and hacker Matthew Hickey, co-founder of Hacker House, the significance of what’s now publicly available, including “zero day” attacks on previously undisclosed vulnerabilities, cannot be overstated: “I don’t think I have ever seen so much exploits and 0day [exploits] released at one time in my entire life,” he told The Intercept via Twitter DM, “and I have been involved in computer hacking and security for 20 years.” Affected computers will remain vulnerable until Microsoft releases patches for the zero-day vulnerabilities and, more crucially, until their owners then apply those patches.

“This is as big as it gets,” Hickey said. “Nation-state attack tools are now in the hands of anyone who cares to download them…it’s literally a cyberweapon for hacking into computers…people will be using these attacks for years to come.”

Windows said they’re reviewing the hack:

A Microsoft spokesperson told The Intercept “We are reviewing the report and will take the necessary actions to protect our customers.” We asked Microsoft if the NSA at any point offered to provide information that would help protect Windows users from these attacks, given that the leak has been threatened since August 2016, to which they replied “our focus at this time is reviewing the current report.” Asked again, the spokesperson replied that Microsoft has “nothing further to share.”

Last week the same Shadow Brokers released the password to a collection of NSA hacking tools to protest President Trump for “abandoning his base.”

Shadow Brokers releases password to NSA hacking tool binaries from 2013 as “protest” over “abandoning base” https://t.co/zFrz1vumcL pic.twitter.com/7ruMT0JPTH

— WikiLeaks (@wikileaks) April 8, 2017