Leaked NSA point-and-pwn hack tools menace Win2k to Windows 8 The Shadow Brokers have leaked more hacking tools stolen from the NSA's Equation Group – this time four-year-old exploits that attempt to hijack venerable Windows systems, from Windows 2000 up to Server 2012 and Windows 7 and 8. The toolkit puts into anyone's hands – from moronic script kiddies to hardened crims – highly …
The whole advertising industry is based on the idea that there's always more privacy left to violate.
Even with a camera pointed at your face, algorithmically reading your expression, there's still data missing from their model. Your thoughts are still private.
It only ends when they can plumb the depths of consciousness itself.
Nothing imaginable probes deeper than windows 10, why anal probe, because when you go to the proctologist and windows anal probe 10 is running, M$ right is in there with the windows powered camera that goes where no one wants.
Go to a dentist with Windows anal probe 10 and M$ is checking out your cavities.
Go to a lawyer and they use Windows anal probe 10 and M$ is right in there checking you legal brief.
Doesn't matter what you do, Windows anal probe 10 is right there spying on you, it is truly disgusting and should be banned, it is criminal that it got into an operating system and they should enjoy an extended custodial sentence for the machination especially loading spyware into doctors offices where it is illegal to do so under law.
"On coins, on stamps, on the covers of books, on banners, on posters, and on the wrappings of a cigarette Packet — everywhere. Always the eyes watching you and the voice enveloping you. Asleep or awake, working or eating, indoors or out of doors, in the bath or in bed — no escape. Nothing was your own except the few cubic centimetres inside your skull."
I suppose if you're a newbie and thinking of starting in the penetration testing game - good to start with something easy and work up.
You only have to look back at all the past 200+ critical Windows vunerabilities, you'll soon notice a theme to where they occur, multiple times, over and over again.
The exploits were stolen in 2013, before Windows 10 came out, so obviously it wouldn't have been listed as a potential target. But given the range of vulnerable versions from 2K all the way to 8 in some of these, only a fool who smugly posts "it pays to be running Windows 10" would wrongly assume Windows 10 is not vulnerable!
Indeed. The Windows 10 kernel is nearly identical to that of 8.1, so if 8.1 is vulnerable, I'd bet that 10 is too. Nearly every time there is a new security patch, it comes in versions from Vista (until support ran out the other day) to 10... the same issue affecting all versions of Windows in current support. I would expect this to be no different.
Maybe there is some obscurity in having a pain the ass, "moving conveyor belt OS" like Windows 10, but boy, it's a complete fcuker to stay at the leading edge.
For every 1 hour of work, it feels like 10 hours of notifications/distractions, to make sure everything is current. It seems aimed at keeping 'non jobs' busy.
Maybe there is something to be said to running Insider Builds, Fast Ring, Slow Ring even it's the equivalent of Swiss Cheese (in terms of holes), you and the hackers are both running runtimes that has seen the same amount of daylight, leveling the field somewhat.
If you want real obscurity though, it seems that choosing a non standard setup (in terms of Firewalls/Routers), Linux based OSs that few people use is probably the best approach, because its just not economical for either the NSA or Hackers to bother targeting/hacking it, until it hits the "McDonalds" mainstream.
Funding a hacking project always has to be justified, in terms of cost/benefits, even if they do have unlimited deep pockets and do some projects at such scale, most "normal folk" would find incredulous i.e. Massive Data Centres next to Data Centres to monitor social media.
This post has been deleted by its author
Looking forward to next Andrew Marr / Amber Rudd's take on this. I'll go by whatever Amber Rudd says and do the complete opposite.
New Tact/Approach?
(If you can't win the PR War consensus* after a terrorist attack (she didn't), to get the Public to give up their Encryption/Privacy, maybe the next best approach is to target all those mainstream IT Tech products "with a release of hacking tools in the public domain" to make those products feel as insecure as possible.
So in effect, "the default", feels like there is no Privacy anymore, so in future you'll feel less likely to argue/stand up for the right to Privacy).
* We never did get any real clarification/proof that WhatsApp was used, by WhatsApp themselves. It seems to have all gone quiet on that front.
"If there is a fix in the next month, we will KNOW that the NSA has been working with m$ on this."
Alternative possibility. Microsoft did a deal with Shadow Brokers some time ago so that fully supported stuff would get patched beforehand leaving W7 users with an incentive to migrate to 10 given that they've resisted everything else so far.
"For IT managers and normal folks, the Windows-hacking arsenal, which dates to around 2012, is the most worrying. It contains exploits for vulnerabilities – including at least four zero-day flaws for which no security patches yet exist – that can be used to hack into at-risk Windows systems, from Windows 2000 to Windows 8 and Server 2012. In some cases this can be done across the network or internet via SMB, RDP, IMAP, and possibly other protocols."
While some claim that there was no evidence of the server being hacked, we have two problems...
1) The server was compromised by the IT Staff who mishandled it.
2) These tools show that governments have the sophistication to hack machines at will and leaving little or no trace.
If the NSA had it ... odds are other governments had similar tools too.
ugh, a tip from an AC to an AC - that horse has been dead for a while now. keep flogging it, and you might get suspected of necrophilia.
Yes, I'd be careful that you don't get a whip full necrotic tissue. If you want to pay attention to slightly more current affairs, try working out just how much the current orange idiot is raking it in via his ownership of the places that are now deemed "presidential residencies", and how much his shares in military hardware shops have gone up since he discovered how useful a war is to divert attention.
Blabbing over Hillary is entirely irrelevant - she's not your problem right now.
This post has been deleted by its author
So... the NSA has know for quite a while that they've lost control of their toolkit.
They must have been very busy getting all our counties (govt) computers with Top Secret data upgraded to Windows 10, right? What about our allies?
Seems like none of this should be zero day, if someone was doing their jobs...
If I remember (reading) correctly much of our countries servers/systems run on old computers.
This is a colossal F up to end all F up's.
The govt/business partnership to keep our country safe seems nonexistent. What is it going to take to reevaluate our priorities...
"What is it going to take to reevaluate our priorities..."
A mega class action law suit comprising the Top 500 corporations who sue the dangerously incompetent NSA / government to the tune of countless tens or hundreds of billions for all the additional security measures they need to take, loss of data, loss of revenues due hacks ?
It probably won't happen, they are easily leaned on by the spooks if necessary, but it's nice to imagine it happening one day, perhaps.
A mega class action law suit comprising the Top 500 corporations who sue the dangerously incompetent NSA / government to the tune of countless tens or hundreds of billions for all the additional security measures they need to take, loss of data, loss of revenues due hacks ?
Funny thing about the US Government.... they have the right of refusal to lawsuits. You can sue them only if they say you can... on an individual basis. It is a lovely idea though.
>Anything with Top Secret data on it shouldn't be anywhere near the Internet anyway
Agree, but these "highly secure" systems are the sorts of systems that most probably don't get regular updates:
"We have a sneaking suspicion that Uncle Sam's foreign espionage targets aren't exactly the types to keep all their systems bang up to date."
To patch the vulnerabilities that were coming out. After all the NSA is also oversees America's cybersecurity command.
But I wouldn't be surprised if they did nothing, rather than have a series of embarrassing "OK NSA, we know you've exploited THESE vulnerabilities, but what else are you not telling us?" conversations with each vendor.
you had one job.
So there's the honourable Mr. Snowden, who went public. Then there's the not so honourable Shadow Brokers...who went public.
I would think that most people, were they to take the time and risk to smuggle stuff out of the NSA, would want to sell their plunder as quickly and quietly as possible. Kind of makes me wonder how many other NSA care packages are out there.
Also, any theories as to the weird and broken English in the SB messages? You'd think they would have someone who could string a sentence together.
Also, any theories as to the weird and broken English in the SB messages? You'd think they would have someone who could string a sentence together.
Why would they want to? It is easy enough to identify the writer by his/her choices of words, the grammatical preferences, the rhetorical devices, and even the spelling mistakes. It does not take too much text either. If you just happen to have samples of public writings from all, or nearly all computer-literate humans alive, you might be tempted to do a bit of correlation analysis.
It is much safer to run your messages through a few (obviously, off-line) machine translation systems, taking care to use different vendors so that the underlying semantic representation is not the same on each translation stage. This way, the correlation analysis will only pick up signatures from the last few translation algorithms used in the process.
This only shows that the SB are not complete idiots, but then we already knew this.
"It is easy enough to identify the writer by his/her choices of words, the grammatical preferences, the rhetorical devices, and even the spelling mistakes. It does not take too much text either."I seem to recall we did that with Peter Gleick's fake memo. It only took us a day. No computering involved.
Yeah, sure, multiple machine translations, "Chinese Whispers" or "Telephone" style with a check at the end to see that the message isn't just too garbled. However, it could be that they want people to think that their native language is not English. That it is, for example, Russian. When comedian Jessica Holmes does a Russian character, it sounds just like those excerpts. Easter, of course, they want you to think they're favouring Orthodox countries which calculate Easter (holidays) on a different basis. Although I looked it up, and in 2017, both Easters fell on the same day. Maybe there's a message in that, too. They probably didn't want to wait until Christmas.
Mr Snowden is not due to inherit an English lordship. Therefore he is not entitled to be addressed as "The honourable..."
Whether Mr. Snowden is honourable or not, is something each of us can decide for ourselves.
I do not believe he is presently entititled to the title of "Honourable" (or "Honorable", if you are a left-pondian), but given the enormously long list of occupations and hereditary qualifications for claiming it, it would not be easy to be completely sure.
Personally, I also would not exclude a possibility of the honourable Mr. Snowden acquiring the right to be referred to as Hon. Mr. Snowden at some point in the future, however unlikely it might seem now.
...that standards-compliant software is a universal panacea for security.
When I started in the industry the server room was accessible only through locked doors, and housed in a Faraday Cage, in a building guarded 24/7/365.25. Ethernet was still in development. The only way to have a two-way dialog with the server was through teletype situated in the server room.
Standards such as Ethernet, TCP/IP are great for flexibility, but it is a two-way street. If you want security then the relevant bespoke hardware/firmware/software needs to be developed and rolled out. Too difficult, too expensive? Well, that's the trade-off that has to be considered.
In Werner Herzog's 2016 documentary "Lo and Behold Reveries of the connected world" he interviews Kevin Mitnick who utilised the sense of security to trick people by phone into revaling the details he needed.
It is not just insiders that are a threat, the people that manipulate them are equally dangerous.
"The only way to have a two-way dialog with the server was through teletype situated in the server room."
Server or mainframe? The characteristic of a server is that it provides services. Unless all the users of those services are to be herded into the secure server room it's going to have to communicate externally. Alternatively you could secure even further by closing it down, removing the power, encasing it in concrete and burying in a hole in the ground.
It could be called a mainframe, if you wish. But if services provided are surfaced through dumb VT100 terminals, or similar, then there is less danger of vulnerability. Why "Less" and not "no"? If commands are defined which are allowed to configure the host environment, then it depends on the extent of those commands.
The problem with techies is that they/we find it difficult to resist extending functionality through backdoors which have been specifically programmed in. A good example of this is BASIC. The original intent of this language was the provision of a padded cell where programmers could knock themselves silly with whatever code they wanted to, no damage done. Then some bright spark invented the POKE command...
Even those venerable mainframes were built to serve some purposes, and hence could be called servers.
By the way, the term "server" to be used for some machine/device to run programs and processing data became popular at those ancient times when pennypinchers had the great idea to turn PC's by 90 degrees, remove their monitors and keyboards and put many of those side by side into some shelves initially bought at IKEA, calling the result very appropriately a "server farm". For some reason this now has become the dominating form of IT, real computer systems had to retract into niches.
To be honest, nowadays those shelves do not come from IKEA any longer and those vast conglomerates of PC's are now wonderfully disguised by multicores, virtualization and fancy hyperconverged boxes - but essentially, the art of IT today is still trying to manage server farms.
Sneaking into a farm isn't very difficult ...
The only way to interact with a SWIFT server is via an internal telephone in their ops centre, giving verbal instructions to an operator. You have to pass through a body-scanner to stop anyone entering or leaving the building with a memory stick or DVD. There is CCTV everywhere. The toilets are analysed for drug use. The servers are setup to NSA standards, then modded to suit the internal SWIFT security group.
I've worked at ATC and the security was nothing like SWIFT. The one thing they shared were the foot of the walls of the buildings were curved, apparently a defence against truck bombs.
If people start actively using these exploits then Windows 7, 8 and 10 systems will be patched and protected. Windows XP systems won't be, thus encouraging people to upgrade those at least to Windows 7 (since that's easily pirated like XP was)
The percentages of people still on Windows XP has to be a monthly embarrassment for them.
That the US has tabs (heh) on financial traffic is very, very old news - it is the very reason why the Swiss set up their own VISA payment processing centre.
As I'm all for reciprocity, I think it's time we get access to theirs. Trump's, for instance, must be fascinating :)
... VISA payment processing centre. As I'm all for reciprocity, I think it's time we get access to theirs. Trump's, for instance, must be fascinating :)
Fascinating? Since Trump's trick is to buy stuff using other people's money (a bit like Royalty, and governments, for that matter), it might tell nothing at all. Yugely.
The indifference to this release and others recently is baffling... It almost feels deliberate, welcomed even... To try and create a total meltdown in confidence in the net, in order to bring about out some new change or offer some new 'product'... 'Too Many Secrets' etc.
Let me just adjust my tin foil hat.
I'm going to suggest that these leaks are not from the NSA but from Microsoft.
These exploits cover windows up to and including windows 8.1.
If they were fixed in Windows 10 then why have they not been back ported to OS's that are currently supported? Microsoft must know about them to remove them in windows 10. Microsoft is also well known for carrying exploits over.
Finally how an earth do a "hacking group" hack into the NSA if the NSA are aware of all the exploits before them?
Something just does not sit right with this.
@Tinfoil AC
I also have a tinfoil hat, but in this case, I'm leaving it on the hat rack. As with any large organization, there will vectors that were 'overlooked' somehow in the security update/upgrade cycle, no network is impervious,
And do not discard the theory that an NSA insider leaked these, and then there is no need to wonder how the NSA's digital castle was looted.
In the end the NSA could have gotten some of the goods from MS, some from the darknet, and some from internal know how.
The Equation Group is just an alias for Group E. There are other groups with lettered names (much like Q Branch in Ian Fleming's world) and they don't talk to each other much due to compartmentalization. Their tool kit names mostly start with E or EM but include names with different documenation styles which I assume came from other groups. I expect the E groups's focus was just a small part of the Middle East related intelligence since they did seem to like the banks. I expect they got rolled into a different group and the inevitable corporate knowledge got lost in the reshuffle and somehow someone else ended up with the goodies. I expect the Equation Group is long gone and replaced by a whole new group with no doubt a cooler sounding name...at least cooler sounding to some middle manager government bureaucrat.
"Finally how an earth do a "hacking group" hack into the NSA if the NSA are aware of all the exploits before them?"
How could they not? Once it was confirmed that NSA had a huge cache of zero day exploits hidden away, it was the Klondike Gold Rush all over again.
Dangerous, risky, but, oh, the rewards if you succeeded!
It could just be a "throw away line" referencing tooth (and hence data) removal. MS, fb, GCHQ and so on. They're all in the extraction biz. Would you like to join in, NSA? Why yes, old fiend, nothing short of a Pymms could make the oyster go down more smoothly. Shame about your teeth.
Indeed.
A hacking group with a fearsome reputation and a near bottomless war chest for zero days is itself hacked.
Then the group that manages this fails to organize an effective auction to sell the stuff on.
So they just release it.
Assuming this is not a deliberate plant by the NSA itself this sounds like someone who got lucky, like a little brother who got into his siblings home PC and the sibling bought his work home from the NSA.
That said if you want to steal secrets the NSA is probably the outstanding mega target on the planet. Penetrate them and you get a)Their hacking tools b)Their access codes to whatever systems they have penetrated c)Establish massive credibility for yourself or your team.
Of course you'll also make yourself the #1 target of the most pervasive surveillance machine on the planet due to the very bruised ego you'll have given the NSA's assorted PHB's. This would appear to have been a sufficient deterrent up to now.
But I'm reminded of that line from Man 2 "If you could make God bleed...."
Rather appropriate for the time of year. Happy Easter.
"Assuming this is not a deliberate plant by the NSA itself..."
Alternatively, if you consider that it could be a deliberate plant, can you think of a better way to get binary software onto a load of pentesters' and black hat systems?
But maybe I've read too many spy novels.
The main take away from this saga is that ANYTHING online is hackable by the spooks and criminals and everyday processes for the public such as internet banking, email, browsing etc should not be regarded in any way as being secure. Unfortunately with bank branches being closed down all over the place, we'll soon have no alternatives to avoiding the internet. Even keeping cash under the floor boards will soon be impossible as we speed towards a cashless society.
"While we cannot ascertain the information that has been published, we can confirm that no EastNets customer data has been compromised in any way"
How often do we see this sort of PR statement made immediately after an indication of a breach before there's been time for an investigation and how often is it followed by a climb-down.
Worthless only if the affected versions are not actively used. Given the popularity of 7 and XP as well the crumbs for 8/8.1 I would say they are valuable. With Slurp (and often true of other OSes) the same zero day is often found in multiple versions as well as other bugs. Thus knowing one worked on these versions means it likely will work on the latest Bloat version.
1, for all the talk of backdoored encryption, we simply cannot trust state actors to keep a secret secret; and encryption with a hole is only going to work whilst the hole is closed
2, while it may serve the state actors to keep an arsenal of ways to hack into things, the failure to report these problems becomes in itself an act of sheer negligence when these hacks end up being released to the public
3, way to go America, great job breaking it hero......
Because someone, somewhere they want to target is still running Solaris 3.0/WindowsXP/Windows7/Dos etc.
So one of the "secret weapons" is a good filing system for your hacking tools so you can pull the right set of tools out when you need them.
The literal truth: no evidence that SWIFT was broken.
The actual truth: NSA has a client copy of SWIFT software, so obviously SWIFT is pwned-- perhaps even willingly. SWIFT is, well, ancient and never broken, they said so smugly themselves from 5 star Geneve hostelries.
For many organizations, there is little to literally fear from the five eyes. Russia, maybe. Norks, almost certainly. The SB data is mostly interesting as an example of the likely "worst case" nation state pwnage.
I'm honestly surprised that nobody at the NSA simply bought back their own damn toolkit whilst posing as some other actor in order to just keep the lid on this.
Hell, even Sherlock Holmes was willing to use cash when other means would fail to avoid a massive public disclosure scandal, judging that the practical hazard outweighed the moral hazard.
And, what makes you think that SB would have sold them an exclusive copy of the purloined tools? Maybe they'd sell them a copy, and then, next month, they'd sell the Russians a copy, and the Chinese a copy, and the Norks a copy, and....
Dave
P.S. I'll get my coat. It's the one with the non-exclusive copy of the SB tools in the pocket.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
