Fearing Shadow Brokers leak, NSA reported critical flaw to Microsoft

Share

During the more than five years the NSA used EternalBlue's extraordinary powers to extract secrets from targeted computers, the Washington Post reported, some officials discussed whether the flaw was so unsafe they should reveal it to Microsoft.

The hacking group that says it facilitated the WannaCry ransomware attack has threatened to leak a new wave of hacking tools it claims to have stolen from the National Security Agency. On January 7, the Shadow Brokers announced the auction of dozens of NSA tools, including one called DoublePulsar, a backdoor that is installed by EternalBlue.

The Shadow Brokers member further says that Redmond is upset due to the bad PR surrounding the global shutdown caused by the WannaCry ransomware, which affected 2 lakh Windows PCs in around 150 countries.

"TheShadowBrokers Data Dump of the Month" is a new monthly subscription model, the group said. According to them, the list includes "web browser, router, handset exploits and tools, exploits for Windows 10, compromised network data from more SWIFT providers and Central banks". The threat to release monthly data dumps, like a wine of the month club, starts in June.

The group also promised to include compromised financial data from the SWIFT worldwide payment order system, used by banks to transfer trillions of dollars each day, as well as confidential data from several central banks.

Once somebody gets the data dump from the Shadow Brokers, Dillon said, the exploits would most likely become public.

In the Tuesday letter, they said they weren't "interested in stealing grandmothers' retirement money", but wanted to send a message to the Equation Group, a hacking group linked to the NSA.

Shadowbrokers are also claiming that they have very important information of nuclear and missile program of the countries like Russia, China, Iran and North Korea. Yet, we could not and should not believe anything the group says only because they posted it on a blog.

The Shadow Brokers said it chose to share screenshots from the NSA Equation Group's lost 2013 Windows Ops Disk in January, with the understanding that the Equation Group would then tell Microsoft and the vulnerability would be patched.

The patch eventually came out in March, a month before the EternalBlue exploit was made public, however computer systems which had not applied the patch were still vulnerable to attack.

"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage." - said Microsoft's Brad Smith - "An equivalent scenario with conventional weapons would be the US military having some of its Tomahawk missiles stolen".

Share