- 2016 election stories the ‘Newsroom’ reboot will cover Today 6:30 AM
- How to stream Brandon Rios vs. Humberto Soto for free Today 6:00 AM
- ‘The Haunting of Hill House’ heads to ‘Bly Manor’ for next installment Today 5:45 AM
- How to stream James DeGale vs. Chris Eubank Jr. for free Today 5:30 AM
- How to stream UFC Fight Night 145 in Prague for free Today 5:00 AM
- R. Kelly charged in Chicago with multiple counts of sex abuse Friday 7:51 PM
- Elon Musk finally hosts PewDiePie’s meme review Friday 6:27 PM
- Netflix throws ‘Umbrella Academy’-themed wedding for fans Friday 4:54 PM
- Report: Facebook collects app data on users’ body weight, menstrual cycles Friday 3:38 PM
- Amy Klobuchar reportedly ate salad with a comb, and Twitter’s got questions Friday 2:47 PM
- Nobody likes Spotify’s new update Friday 2:34 PM
- Student assaulted on campus while tabling for right-wing group Friday 1:56 PM
- Kim Kardashian West sues fashion company for using her likeness to sell clothes Friday 1:12 PM
- The Oscar-nominated movies you’ll actually want to watch again Friday 12:56 PM
- Viral graphic shows the moment Apple became the top brand Friday 12:27 PM
Questions surround NSA’s involvement in Microsoft security concerns
The well-known hacking group (or individual) called “Shadow Brokers,” just leaked a number of Windows vulnerabilities allegedly designed to go after old Microsoft computers. The release of these exploits, which the group claims were taken from the National Security Agency (NSA), begs the question: Did the NSA tell Microsoft about what could be targeted after the agency’s own hacking tools were stolen?
As Marcy Wheeler of emptywheel points out, the NSA had at least 96 days to warn Microsoft about the extent of the leaks. The software giant was evidently not able to defend itself in time for the latest dumps, as many hackers have already gotten the files to work. This points to a zero-day attack, or one that goes after a flaw in software that vendors are completely unaware of—or in this case, never warned of.
Researchers are sifting through the heaps of leaked files determining their legitimacy and capabilities. Kevin Beaumont, who has been working tirelessly to fill in the blanks, says he thinks many of the vulnerabilities, including those that affect Windows XP, 2003, Vista, 7, and 8, are zero-day. He even told Motherboard, “All of the Windows implants are new to VirusTotal [an online file scanning tool], which suggests they’ve not been seen before.”
The concerns surrounding the transparency of the NSA and its duty to warn a company of an impending attack puts the Vulnerabilities Equities Process (VEP) into question. The VEP is a procedure that gets triggered when the government needs to decide whether it should disclose information about a software vulnerability, or if it hides that critical information.
There is still no definitive evidence showing the government did or did not tell Microsoft of the swaths of exploits Shadow Brokers allegedly stole from it. You’d hope the government would attempt to protect the company and its hundreds of millions of users once it became aware that its own hacking files ended up in the wrong hands.
A Microsoft spokesperson told Motherboard the company is “reviewing the report and will take the necessary actions to protect our customers.”
We have reached out to the NSA and will update this article if we hear back.
While you wait, anyone running a Windows PC on old software should seriously consider updating to Windows 10.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.