NSA's powerful hacking tools leaked

Saturday, 15 April, 2017 - 10:45

The exploits, published by the Shadow Brokers yesterday, contain vulnerabilities in Windows computers and servers.

They may have been used to target a global banking system. One collection of 15 exploits contains at least four Windows hacks that researches have already been able to replicate.

"This is quite possibly the most damaging thing I've seen in the last several years," said Matthew Hickey, founder of security firm Hacker House. "This puts a powerful nation state-level attack tool in the hands of anyone who wants to download it to start targeting servers."

The exploits target a variety of Windows servers and Windows operating systems, including Windows 7 and Windows 8. Hickey was able to test out exploits in his UK firm's lab and confirmed they "work just as they are described."

The operational notes on the NSA’s program extracting SWIFT data from Middle Eastern banks appear to date from September 2013, so this represents post-Snowden stolen data. The material is almost certainly legitimate—a spot check of data shows a large amount of consistency. This details exact targets, such as particular systems in eastnets.com to leverage access into the SWIFT systems of client banks, and sql queries designed to extract, in bulk, transactions of interest. Any access NSA maintained is now as good as eliminated, since this provides a detailed roadmap to how the NSA accessed this critical information.

The Shadow Brokers is a group of anonymous hackers that published hacking tools used by the NSA last year. Last Saturday, the group returned and published a batch of NSA exploits it had previously tried, and failed, to sell. This Friday's release contains more serious exploits. The releases are published with strange and misspelled blog posts, and recent posts have been critical of the Trump administration. The group complained about the lack of media coverage of its release last Saturday.