{"id":90676,"date":"2017-04-17T12:00:56","date_gmt":"2017-04-17T11:00:56","guid":{"rendered":"https:\/\/www.transcend.org\/tms\/?p=90676"},"modified":"2017-04-15T18:00:25","modified_gmt":"2017-04-15T17:00:25","slug":"leaked-nsa-malware-threatens-windows-users-around-the-world","status":"publish","type":"post","link":"https:\/\/www.transcend.org\/tms\/2017\/04\/leaked-nsa-malware-threatens-windows-users-around-the-world\/","title":{"rendered":"Leaked NSA Malware Threatens Windows Users Around the World"},"content":{"rendered":"
\"\"<\/a>

People sit in front of devices running the Microsoft Windows 8 operating system at a press conference launch of the system in New York City, on Oct. 25, 2012. Photo: Mario Tama\/Getty Images<\/p><\/div>\n

14 Apr 2017 – <\/em>The ShadowBrokers, an entity previously confirmed by The Intercept to have leaked authentic malware<\/a> used by the NSA to attack\u00a0computers around the world, today released another cache of what appears to be extremely potent (and previously unknown) software capable of breaking into systems running Windows. The software could give nearly anyone with sufficient technical knowledge the ability to wreak havoc on millions of Microsoft users.<\/p>\n

The leak includes a litany of typically codenamed software \u201cimplants\u201d with names like ODDJOB, ZIPPYBEER, and ESTEEMAUDIT, capable of breaking into \u2014 and in some cases seizing control of \u2014 computers running version of the Windows operating system earlier than the most recent Windows 10. The vulnerable Windows versions ran more than 65 percent of desktop computers surfing the web last month, according to estimates<\/a> from the tracking firm Net Market Share.<\/p>\n

The crown jewel of the implant collection appears to be a program named FUZZBUNCH, which essentially automates\u00a0the deployment of NSA malware, and would allow a member of agency\u2019s Tailored Access Operations group to more easily infect a target from their desk.<\/p>\n

\"\"<\/a>

via Matthew Hickey<\/p><\/div>\n

According to security researcher and hacker Matthew Hickey, co-founder of Hacker House<\/a>, the significance of what\u2019s now publicly available, including \u201czero day\u201d attacks on previously undisclosed vulnerabilities, cannot be overstated: \u201cI don\u2019t think I have ever seen so much exploits and 0day [exploits] released at one time in my entire life,\u201d he told The Intercept via Twitter DM, \u201cand I have been involved in computer hacking and security for 20 years.\u201d Affected computers will remain vulnerable until Microsoft releases patches for the zero-day vulnerabilities and, more crucially, until their owners then apply those patches.<\/p>\n

\u201cThis is as big as it gets,\u201d Hickey said. \u201cNation-state attack tools are now in the hands of anyone who cares to download them\u2026it\u2019s literally a cyberweapon for hacking into computers\u2026people will be using these attacks for years to come.\u201d<\/p>\n

Hickey provided The Intercept with a video of FUZZBUNCH being used to compromise a virtual computer running Windows Server 2008\u2013an industry survey from 2016 cited this operating system<\/a> as the most widely used\u00a0of its kind.<\/p>\n

httpv:\/\/vimeo.com\/213263277<\/p>\n

Susan Hennessey, an editor at Lawfare and former NSA attorney, wrote on Twitter that the leak will cause \u201cimmense harm to both U.S. intel interests and public security simultaneously.\u201d<\/p>\n

A Microsoft spokesperson told The Intercept\u00a0\u201cWe are reviewing the report and will take the necessary actions to protect our customers.\u201d We asked Microsoft if the NSA at any point offered to provide information that would help protect Windows users from these attacks, given that the leak has been threatened since August 2016, to which they replied \u201cour focus at this time is reviewing the current report.\u201d\u00a0The company later clarified that\u00a0\u201cAt this time, other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers.\u201d<\/p>\n

Update: April 15, 2017<\/strong><\/p>\n

Late Friday\u00a0night, Microsoft published a blog post<\/a> stating that after an analysis of the ShadowBrokers leak, it had determined that most\u00a0of the vulnerabilities were patched in a series of Windows updates released in March \u2014 updates that security researchers who analyzed the NSA tools apparently neglected to install. This means the exploits in question were not in fact \u201czero days\u201d and that anyone running the most recent updates on software still supported by Microsoft is safe from the ShadowBrokers arsenal. But the timing of the patch in question is interesting: If Microsoft truly did not receive any help from the NSA, as it claims, the fact that it fixed a litany of holes vulnerable to secret NSA tools exactly a month before those tools were made public is an amazingly fortunate coincidence (curiously, Microsoft skipped the usual acknowledgements section with the patch, which typically nods to how they were informed of the threats fixed in a given update). At any rate, this is certainly good news for Windows users who keep their computers up to date, good news for Microsoft, and still very bad news for the NSA.<\/p>\n

Update: April 14, 2017<\/strong><\/p>\n

This post has been updated with an additional comment from Microsoft.<\/p>\n

________________________________________<\/p>\n

\"\"<\/a>Sam Biddle<\/a> – \u2709sam.biddle@\u200btheintercept.com<\/a> <\/em><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Go to Original \u2013 theintercept.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

14 Apr 2017 – The ShadowBrokers, an entity previously confirmed by The Intercept to have leaked authentic malware used by the NSA to attack computers around the world, today released another cache of what appears to be extremely potent (and previously unknown) software capable of breaking into systems running Windows. The software could give nearly anyone with sufficient technical knowledge the ability to wreak havoc on millions of Microsoft users.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[60],"tags":[],"class_list":["post-90676","post","type-post","status-publish","format-standard","hentry","category-whistleblowing-surveillance"],"_links":{"self":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/90676","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/comments?post=90676"}],"version-history":[{"count":0,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/posts\/90676\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/media?parent=90676"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/categories?post=90676"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.transcend.org\/tms\/wp-json\/wp\/v2\/tags?post=90676"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}