• Welcome to Tamil Brahmins forums.

    You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our Free Brahmin Community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

    If you have any problems with the registration process or your account login, please contact contact us.

Leaked NSA MALWARE threatens WINDOWS users around the world

Status
Not open for further replies.
tks

tks

0
Source:
https://theintercept.com/2017/04/14/leaked-nsa-malware-threatens-windows-users-around-the-world/

NSA is National Security Agency (USA)
========================================================================

April 14 2017



The ShadowBrokers, an entity previously confirmed by The Intercept to have leaked authentic malware used by the NSA to attack computers around the world, today released another cache of what appears to be extremely potent (and previously unknown) software capable of breaking into systems running Windows. The software could give nearly anyone with sufficient technical knowledge the ability to wreak havoc on millions of Microsoft users.


The leak includes a litany of typically code named software “implants” with names like ODDJOB, ZIPPYBEER, and ESTEEMAUDIT, capable of breaking into — and in some cases seizing control of — computers running version of the Windows operating system earlier than the most recent Windows 10. The vulnerable Windows versions ran more than 65 percent of desktop computers surfing the web last month, according to estimates from the tracking firm Net Market Share.


The crown jewel of the implant collection appears to be a program named FUZZBUNCH, which essentially automates the deployment of NSA malware, and would allow a member of agency’s Tailored Access Operations group to more easily infect a target from their desk.

According to security researcher and hacker Matthew Hickey, co-founder of Hacker House, the significance of what’s now publicly available, including “zero day” attacks on previously undisclosed vulnerabilities, cannot be overstated: “I don’t think I have ever seen so much exploits and 0day [exploits] released at one time in my entire life,” he told The Intercept via Twitter DM, “and I have been involved in computer hacking and security for 20 years.” Affected computers will remain vulnerable until Microsoft releases patches for the zero-day vulnerabilities and, more crucially, until their owners then apply those patches.


“This is as big as it gets,” Hickey said. “Nation-state attack tools are now in the hands of anyone who cares to download them…it’s literally a cyberweapon for hacking into computers…people will be using these attacks for years to come.”


Hickey provided The Intercept with a video of FUZZBUNCH being used to compromise a virtual computer running Windows Server 2008–an industry survey from 2016 cited this operating system as the most widely used of its kind.


Susan Hennessey, an editor at Lawfare and former NSA attorney, wrote on Twitter that the leak will cause “immense harm to both U.S. intel interests and public security simultaneously.”


A Microsoft spokesperson told The Intercept “We are reviewing the report and will take the necessary actions to protect our customers.” We asked Microsoft if the NSA at any point offered to provide information that would help protect Windows users from these attacks, given that the leak has been threatened since August 2016, to which they replied “our focus at this time is reviewing the current report.” The company later clarified that “At this time, other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers.”
 
Here is another news story which describes the impact better

Source: CNN

http://money.cnn.com/2017/04/14/technology/windows-exploits-shadow-brokers/index.html


===============================================================


A hacking group has dumped a collection of spy tools allegedly used by the National Security Agency online. Experts say they are damaging.


The exploits, published by the Shadow Brokers on Friday, contain vulnerabilities in Windows computers and servers. They may have been used to target a global banking system. One collection of 15 exploits contains at least four Windows hacks that researches have already been able to replicate.


"This is quite possibly the most damaging thing I've seen in the last several years," said Matthew Hickey, founder of security firm Hacker House. "This puts a powerful nation state-level attack tool in the hands of anyone who wants to download it to start targeting servers."
The exploits target a variety of Windows servers and Windows operating systems, including Windows 7 and Windows 8. Hickey was able to test out exploits in his UK firm's lab and confirmed they "work just as they are described."


The Shadow Brokers is a group of anonymous hackers that published hacking tools used by the NSA last year. Last Saturday, the group returned and published a batch of NSA exploits it had previously tried, and failed, to sell. This Friday's release contains more serious exploits. The releases are published with strange and misspelled blog posts, and recent posts have been critical of the Trump administration. The group complained about the lack of media coverage of its release last Saturday.

Hickey said the Windows exploits leaked on Friday could be used to conduct espionage and target critical data in Windows-based environments. Consumers using Windows PCs could be at risk, though experts say these kinds of tools are more commonly used to target businesses.


"The individual consumer is a little less at risk, as these kinds of tools are targeted at enterprise and business environments," Hickey said.
A Microsoft spokesperson told CNNTech they are reviewing the report and will "take the necessary actions to protect our customers." An email to the NSA's press office has not been returned.


Microsoft told CNNTech no one from the government had contacted it about the exploits listed in the dump. Since the Shadow Brokers previously said they had obtained NSA exploits, the agency was likely aware of the potential for these hacks to be exposed to the public.
"At this time, other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers," a Microsoft spokesperson said in an email.


The Windows hacking tools may have been used to target the SWIFT financial security system, specifically an anti-money laundering financial institution called EastNets. The leaked documents contain notes about passwords, configuration data and networks.
The U.S. government has long been able to access financial data through SWIFT as part of an anti-terrorism effort. However, according to security researcher Nicholas Weaver of the International Computer Science Institute, the methods in the documents show the NSA was going beyond its "official access."


"Whenever the NSA is caught going in the backdoor when they already had front-door access (such as the backdoor monitoring of Google and Yahoo's internal communication revealed in the Snowden documents), it not only closes the backdoor but also results in legal pushback that may limit the front-door access," Weaver told CNNTech in an email.


SWIFT told reporters it has not seen unauthorized access on its networks, and EastNets said the same.
Hickey said there are currently no patches available for some of the working exploits.


"As more information is learned about these, hopefully Microsoft will release fixes and patches," he said.
 
Status
Not open for further replies.

Share this page

Share this page

Latest posts

Latest ads

Follow us on Social Media

Back
Top