- ‘Weathering With You’ blends fantasy and realism in a magical love story Saturday 6:18 PM
- Kidnapped teen used Snapchat to get rescued Saturday 4:35 PM
- What fans do and don’t want to see in future ‘Far Cry’ installments Saturday 4:26 PM
- Aaron Carter accused of stealing lion art for merch Saturday 3:10 PM
- Instagram’s hidden like counts were inspired by a ‘Black Mirror’ episode Saturday 2:06 PM
- Student says they were expelled for tricking teacher into making inappropriate TikTok Saturday 12:26 PM
- Space Force uniforms relentlessly mocked, memed Saturday 10:52 AM
- Man flamed after admitting he called police on Target employee over a toothbrush Saturday 9:10 AM
- Netflix’s ‘Vivir Dos Veces’ searches for a last chance at first love Saturday 8:00 AM
- Camila Cabello must do more about her racist history Saturday 6:00 AM
- Instagram and Facebook are reportedly blocking queer ads Friday 8:58 PM
- Review: Tyler Perry’s ‘A Fall From Grace’ is both nonsensical and utterly predictable Friday 6:48 PM
- Is Hulu censoring the Iran episode of Anthony Bourdain’s ‘Parts Unknown’? Friday 6:05 PM
- Trump admin celebrates Michelle Obama’s birthday by proposing rollback of her signature initiative Friday 4:01 PM
- TSA apologizes after agent grabs indigenous woman’s braids, says ‘giddyup’ Friday 3:28 PM
The well-known hacking group (or individual) called “Shadow Brokers,” just leaked a number of Windows vulnerabilities allegedly designed to go after old Microsoft computers. The release of these exploits, which the group claims were taken from the National Security Agency (NSA), begs the question: Did the NSA tell Microsoft about what could be targeted after the agency’s own hacking tools were stolen?
As Marcy Wheeler of emptywheel points out, the NSA had at least 96 days to warn Microsoft about the extent of the leaks. The software giant was evidently not able to defend itself in time for the latest dumps, as many hackers have already gotten the files to work. This points to a zero-day attack, or one that goes after a flaw in software that vendors are completely unaware of—or in this case, never warned of.
Researchers are sifting through the heaps of leaked files determining their legitimacy and capabilities. Kevin Beaumont, who has been working tirelessly to fill in the blanks, says he thinks many of the vulnerabilities, including those that affect Windows XP, 2003, Vista, 7, and 8, are zero-day. He even told Motherboard, “All of the Windows implants are new to VirusTotal [an online file scanning tool], which suggests they’ve not been seen before.”
The concerns surrounding the transparency of the NSA and its duty to warn a company of an impending attack puts the Vulnerabilities Equities Process (VEP) into question. The VEP is a procedure that gets triggered when the government needs to decide whether it should disclose information about a software vulnerability, or if it hides that critical information.
There is still no definitive evidence showing the government did or did not tell Microsoft of the swaths of exploits Shadow Brokers allegedly stole from it. You’d hope the government would attempt to protect the company and its hundreds of millions of users once it became aware that its own hacking files ended up in the wrong hands.
A Microsoft spokesperson told Motherboard the company is “reviewing the report and will take the necessary actions to protect our customers.”
We have reached out to the NSA and will update this article if we hear back.
While you wait, anyone running a Windows PC on old software should seriously consider updating to Windows 10.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.