- Cop under investigation after implying Ocasio-Cortez should be shot 2 Years Ago
- The ‘Big Little Lies’ finale sucked—but at least we have Renata 2 Years Ago
- Wendy Davis announces she’s running for Congress 2 Years Ago
- Please stop being horny on main for #IceBae and other horrible people Today 10:02 AM
- Illinois Republicans share ‘jihad squad’ meme of 4 Dem congresswomen Today 9:05 AM
- How a deepfake gets made Today 8:25 AM
- How to watch ‘Veronica Mars’ season 4 online Today 8:21 AM
- The MCU’s Phase 4 is all about Marvel getting weird Today 7:07 AM
- How alt porn site SuicideGirls gets women to pose naked for free Today 7:00 AM
- Why did the GOP launch a website hyping socialist candidates? Today 6:30 AM
- The macrophilia and size-change fetish communities are made possible through the magic of the internet Today 6:00 AM
- Is Trump defiling the U.S. flag in this MAGA dude’s artwork? Sunday 4:41 PM
- White woman claims she invented sleep bonnets, selling them for $100 Sunday 4:03 PM
- Even real cats are transfixed by the enigma that is the ‘Cats’ trailer Sunday 3:04 PM
- Wait, how tall is Peppa Pig? Sunday 1:55 PM
Questions surround NSA’s involvement in Microsoft security concerns
The well-known hacking group (or individual) called “Shadow Brokers,” just leaked a number of Windows vulnerabilities allegedly designed to go after old Microsoft computers. The release of these exploits, which the group claims were taken from the National Security Agency (NSA), begs the question: Did the NSA tell Microsoft about what could be targeted after the agency’s own hacking tools were stolen?
As Marcy Wheeler of emptywheel points out, the NSA had at least 96 days to warn Microsoft about the extent of the leaks. The software giant was evidently not able to defend itself in time for the latest dumps, as many hackers have already gotten the files to work. This points to a zero-day attack, or one that goes after a flaw in software that vendors are completely unaware of—or in this case, never warned of.
Researchers are sifting through the heaps of leaked files determining their legitimacy and capabilities. Kevin Beaumont, who has been working tirelessly to fill in the blanks, says he thinks many of the vulnerabilities, including those that affect Windows XP, 2003, Vista, 7, and 8, are zero-day. He even told Motherboard, “All of the Windows implants are new to VirusTotal [an online file scanning tool], which suggests they’ve not been seen before.”
The concerns surrounding the transparency of the NSA and its duty to warn a company of an impending attack puts the Vulnerabilities Equities Process (VEP) into question. The VEP is a procedure that gets triggered when the government needs to decide whether it should disclose information about a software vulnerability, or if it hides that critical information.
There is still no definitive evidence showing the government did or did not tell Microsoft of the swaths of exploits Shadow Brokers allegedly stole from it. You’d hope the government would attempt to protect the company and its hundreds of millions of users once it became aware that its own hacking files ended up in the wrong hands.
A Microsoft spokesperson told Motherboard the company is “reviewing the report and will take the necessary actions to protect our customers.”
We have reached out to the NSA and will update this article if we hear back.
While you wait, anyone running a Windows PC on old software should seriously consider updating to Windows 10.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.