Personal Security Takes A Hit With Public Release Of NSA's Hacking Toolkit

from the national-security-still-healthy,-but-always-worth-panicking-over dept

Former members of Team Espionage recently expressed their concern that the Shadow Brokers' dump of NSA Windows exploits had done serious damage to the security of the nation. The unwanted exposure of NSA power tools supposedly harmed intelligence gathering efforts, even though the tools targeted outdated operating systems and network software.

However, there are still plenty of computers and networks online using outmoded software. This makes the released exploits a threat (especially those targeting XP users, as that version will never be patched). But not much of a threat to national security, despite the comments of anonymous former Intelligence Community members. It makes them a threat to personal security, as Chris Bing at CyberScoop points out:

One of these hacking tools, a backdoor implant codenamed DOUBLEPULSAR — which is used to run malicious code on an already compromised box — has already been installed on 30,000 to 50,000 hosts, according to Phobos Group founder Dan Tentler. Other researchers have also engineered different detection scripts to quickly scan the internet for infected computers.

John Matherly, the CEO of internet scanning-tool maker Shodan.io, said that upwards of 100,000 computers could be affected.

Rather surprisingly, data gathered by security researchers shows a majority of the infected computers are in the United States. This shows Microsoft's steady updating push still faces a sizable resistance right here at home. What it also shows is how fast exploits can be repurposed and redeployed once they're made public. The scans for DOUBLEPULSAR have turned up thousands of hits worldwide.

DOUBLEPULSAR is simply a backdoor, but an extremely handy one. Once installed, it makes targeted computers extremely receptive to further malware payloads.

“The presence of DOUBLEPULSAR doesn’t mean they’re infected by the NSA, it means there is a loading dock ready and waiting for whatever malware anyone wants to give it,” Tentler said. “The chances are none that all theses hosts [were hacked by] the NSA.

So, there's that small bit of comfort. It's not the NSA nosing around the innards of your Windows box, but a bunch of script kiddies playing with new toys… adding them to the normal rolls of malware purveyors seeking to zombify your device and/or make off with whatever information is needed to open fraudulent credit card accounts or whatever.

The NSA certainly could have informed Microsoft of these exploits before it ended support for certain platforms, thus ensuring late- (or never-) adopters were slightly more protected from malware merchants and state agencies. But that's the Vulnerabilities Equity Process for you: no forewarning until a third party threatens to turn your computing weapons over to the general public.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Darkhog, 2 May 2017 @ 3:05pm

    Release of the exploits is not the problem

    The problem is that NSA instead of informing companies about the flaws it detects is hiding that knowledge. And there will be more leaks of this nature in the future if they won't change their course of action.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 May 2017 @ 4:46pm

      Re: Release of the exploits is not the problem

      Total agreement. NSA believing they had their own private vulnerabilities&exploits is out of control arrogance.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 May 2017 @ 3:12pm

    Simply a backdoor? Like just metadata?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 May 2017 @ 3:26pm

    I thought

    I thought that the government was, by law, required to report vulnerabilities to the vendors so that could be patched.

    1. Am I mistaken?
    2. If not, who is going to jail?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 May 2017 @ 4:00pm

      Re: I thought

      There are exceptions like with the FOIA law.

      Namely they can claim "National Security" and never tell anyone about the bug/security risk.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 May 2017 @ 3:52pm

    Distraction, Distortion, & Ignorance

    Look, it is foolish to assume that the public release of any information or tools are damaging to Personal Security or Privacy. You can't solve problems in the dark because there is no light to see how to fix anything.

    "Former members of Team Espionage recently expressed their concern that the Shadow Brokers' dump of NSA Windows exploits had done serious damage to the security of the nation."

    Team Espionage are the ones that caused the serious damage, they are just trying to save face to "Distract" you from their wrong doings here, by using "Distortion" of the facts to play on everyone's "Ignorance" about technology.

    A Government of Liberty and Justice cannot operate in secrecy or shadows.

    Liberty and Justice can only stand in the light because it's principals generate light which destroys secrets and shadows. Secrecy and Shadows require darkness so that they can be safe from the light.

    When you agree that the Government can secretly spy or secretly interpret law, then you also agree that the Government will now become your master and owner and you the subject and slave.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 May 2017 @ 8:05am

      Re: Distraction, Distortion, & Ignorance

      Look, it is foolish to assume that the public release of any information or tools are damaging to Personal Security or Privacy. You can't solve problems in the dark because there is no light to see how to fix anything.

      If that's your view, using any software without publically viewable source code (and a way to verify the binaries match) would be a mistake.

      reply to this | link to this | view in chronology ]

      • icon
        sigalrm (profile), 3 May 2017 @ 1:13pm

        Re: Re: Distraction, Distortion, & Ignorance

        Unless you're capable (technically and financially) of designing and building your own computing environment without the use of any COTS parts, using closed source code isn't so much a mistake as a necessary evil.

        reply to this | link to this | view in chronology ]

  • identicon
    SpaceLifeForm, 2 May 2017 @ 3:56pm

    Old implants vs New implants

    Do not assume that current count of infected machines has suddenly multiplied because the exploit is now known. It is great cover to dump the exploit to hide your original targets.

    reply to this | link to this | view in chronology ]

  • identicon
    bt, 2 May 2017 @ 4:45pm

    Always running the latest

    I'm sitting here running that new-fangled Win10CreatorsUpdateRelease.

    I don't understand these people who act like software companies who are so evil to make us upgrade our machines against our will all the time.

    Most of the time there are solid fixes and improvements. As this little tale of WinXP vulnerabilities highlights. Even when there are things done over time that you don't like, almost always these are more than compensated for by the stuff that is fixed.

    reply to this | link to this | view in chronology ]

    • icon
      tom (profile), 2 May 2017 @ 7:31pm

      Re: Always running the latest

      Microsoft burned a lot of folks with their near forced 'update' from Win non 10 to Win 10 via Windows Update. The same Windows Update that should be delivering security updates. Microsoft shouldn't hold security updates hostage in order to encourage you to update to Win 10.

      Their recent move to the new take all or non updates doesn't help either.

      And the lack of privacy controls in Win 10 Creators make it very clear that Microsoft intends to monitor what you do and view with your PC and feed you Ads based on that. NO option for most to opt out.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 2 May 2017 @ 10:42pm

        Re: Re: Always running the latest

        "lack of privacy controls in Win 10 Creators "

        I am no fan of M$ or Win 10 but I upgraded my Win 10 laptop to creators yesterday and was surprised to be instantly given the privacy options (which they had very nicely re-enabled all tracking features for me). In previous updates they just re-enabled them without telling me so at least I didn't have to go hunting for the options to check they were disabled.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 May 2017 @ 1:35am

        Re: Re: Always running the latest

        quote:
        Microsoft shouldn't hold security updates hostage in order to encourage you to update to Win 10.
        /quote

        no.. they aren't holding them.
        they simply don't waste work hours creating security updates for unsupported operating systems, partially updated systems or unsupported silicon.

        what you're actually demanding is forced labour / unpaid labour / slavery for a system configuration it was not designed for, or intended to be used on.

        reply to this | link to this | view in chronology ]

    • identicon
      Microsoft, 3 May 2017 @ 3:41am

      Re: Always running the latest

      We truly hope you enjoy your NSA Spydows 10 experience. Have a good day.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 May 2017 @ 5:21pm

    Imagine this was the "backdoor" the FBI et al have been demanding. Then it could Only Be Used By Governments And Other Good Guys: and we wouldn't be having this problem.

    But the problem was, nobody called it a "backdoor", and the Bad Guys didn't realize they couldn't use it.

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 2 May 2017 @ 5:35pm

    FTFY

    "Personal Security Takes A Hit Without Public Release Of NSA's exploits"

    The truth shall set US free.

    reply to this | link to this | view in chronology ]

  • identicon
    madalin stunt cars 2, 2 May 2017 @ 9:57pm

    Old implants vs New implants

    Do not assume that current count of infected machines has suddenly multiplied because the exploit is now known. It is great cover to dump the exploit to hide your original targets.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 May 2017 @ 2:14am

    After seeing the Child's Play movies I'm never trusting another Good Guy again. :D
    Joke aside, yes whenever the law gets a mandated backdoor some bad guys will eventually get access to it.
    Even if security WAS foolproof, cops are, at the end of the day, still human and therefore corruptible.

    reply to this | link to this | view in chronology ]

  • identicon
    Joe P, 3 May 2017 @ 8:53am

    public hacking tools making us more vulnerable

    When will Windows have features like the ability to dismount our hard drives while on the Internet and making ram directories noexec, nosuid, nodev?

    Perhaps we need a national agency tasked with finding exploits and working with the major software groups. I'm sure many people would like to work for the good guys and help Microsoft, Adobe, Symantec, etc find the exploits so they can patch them.

    reply to this | link to this | view in chronology ]

    • icon
      sigalrm (profile), 3 May 2017 @ 1:04pm

      Re: public hacking tools making us more vulnerable

      "When will Windows have features like the ability to dismount our hard drives while on the Internet and making ram directories noexec, nosuid, nodev?"

      Um, never?

      If that's what you want, find a Live OS DVD distro of your choosing. KNOPPIX and TAILS come to mind, but most any of the Linux install DVD's would fit the bill. Most can be installed on thumb drives with minimal effort.

      And I'm sure someone will point out a Windows based Live DVD image somewhere.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 May 2017 @ 3:10am

    Where do you get that “...chances are none that all theses hosts were hacked by the NSA..." means "...not the NSA..."? You're ability to equate and reason seems to be that of a monkey. What that means is that not "all" of the attacks are those of the NSA. It does not mean that "none" of them are.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.