- Biden says he asked Obama not to endorse him—but people aren’t buying it Today 3:17 PM
- Marvel makes more money than Harry Potter and Star Wars combined Today 3:13 PM
- ‘Avengers: Endgame’: Obituaries for the fallen heroes Today 2:51 PM
- T-Mobile, Verizon admit most Americans won’t see fast 5G Today 1:52 PM
- PlayStation Vue is offering a sweet streaming deal for a limited time Today 1:42 PM
- Twitter reportedly worried banning white nationalists would also flag some Republicans Today 1:31 PM
- Lawyer of cop in viral assault case calls the crime a ‘Facebook misdemeanor’ Today 12:33 PM
- Biden’s ‘all men’-focused announcement gets roasted Today 11:49 AM
- Skillshare is offering new users one month of premium for free Today 10:44 AM
- Report: Facebook is punishing Black people for talking about racism (updated) Today 10:15 AM
- Biden brings tepid language to the healthcare debate Today 9:52 AM
- TikTok’s ‘chin on palm’ challenge has people scratching their heads Today 9:01 AM
- How to stream the 2019 NFL Draft for free Today 9:00 AM
- How to watch every movie in the MCU before ‘Avengers: Endgame’ Today 8:00 AM
- Review: The apocalypse has never been more aimless than in Days Gone Today 7:00 AM
Questions surround NSA’s involvement in Microsoft security concerns
The well-known hacking group (or individual) called “Shadow Brokers,” just leaked a number of Windows vulnerabilities allegedly designed to go after old Microsoft computers. The release of these exploits, which the group claims were taken from the National Security Agency (NSA), begs the question: Did the NSA tell Microsoft about what could be targeted after the agency’s own hacking tools were stolen?
As Marcy Wheeler of emptywheel points out, the NSA had at least 96 days to warn Microsoft about the extent of the leaks. The software giant was evidently not able to defend itself in time for the latest dumps, as many hackers have already gotten the files to work. This points to a zero-day attack, or one that goes after a flaw in software that vendors are completely unaware of—or in this case, never warned of.
Researchers are sifting through the heaps of leaked files determining their legitimacy and capabilities. Kevin Beaumont, who has been working tirelessly to fill in the blanks, says he thinks many of the vulnerabilities, including those that affect Windows XP, 2003, Vista, 7, and 8, are zero-day. He even told Motherboard, “All of the Windows implants are new to VirusTotal [an online file scanning tool], which suggests they’ve not been seen before.”
The concerns surrounding the transparency of the NSA and its duty to warn a company of an impending attack puts the Vulnerabilities Equities Process (VEP) into question. The VEP is a procedure that gets triggered when the government needs to decide whether it should disclose information about a software vulnerability, or if it hides that critical information.
There is still no definitive evidence showing the government did or did not tell Microsoft of the swaths of exploits Shadow Brokers allegedly stole from it. You’d hope the government would attempt to protect the company and its hundreds of millions of users once it became aware that its own hacking files ended up in the wrong hands.
A Microsoft spokesperson told Motherboard the company is “reviewing the report and will take the necessary actions to protect our customers.”
We have reached out to the NSA and will update this article if we hear back.
While you wait, anyone running a Windows PC on old software should seriously consider updating to Windows 10.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.