Hacked NSA Tools Now In The Wild

Update – reports are now saying that the number of infected systems is over 200,000 – and rising.

The NSA and CIA can’t seem to keep their toys under wraps.  Last week the Shadow Brokers released more NSA tools.  The generally agreed upon theory is that the tools were developed by the NSA’s Equation Group, a hacking for hire contractor.  What is less clear is how they got out.  One possibility is that the tools came from Harold Martin, the Booz contractor for the NSA who was recently arrested for having 50 terabytes of stolen data in his house, but some of the leaks happened while he was in jail.  Another theory is the leak came from Russia.

One of the tools is called DoublePulsar.  It is a backdoor that is used to run malicious code on an infected PC.  DoublePulsar is installed using another NSA tool called EternalBlue.

The good news is that Microsoft released patches for this last month.  The bad news is that people either haven’t installed the patches or are running old, out of data operating systems like Windows XP and Windows Server 2008.

An early scan of the Internet found 15,000 or so infected computers.  A larger scan showed 41,000 infected computers and the number will rise.

Since the hack code is out in the wild, it doesn’t take much skill to start a new infection.

Since DoublePulsar development was likely funded by a nation state (the United States), it is a very sophisticated piece of software.  Because of that, it is highly unlikely that the average user would ever know that they are infected and that some hacker has total control over his or her computer.

There are two critical points to this and neither one of them has to do with DoublePulsar, even though one security expert called it a bloodbath, or, he said, less politically correctly, a dumpster fire clown shoes sh*t show.  Ultimately, there might be a few hundred thousand systems in the U.S. infected.

The first issue is that people need to install patches when they come out.  Many of the infected systems that have already been found are current generation systems like Windows 7.

The second issue is users who continue to use unsupported versions of desktop, mobile and phone operating systems.  Whether it is Windows versions like Windows XP or Windows Server 2008 or Android operating systems like version 4 Jelly Bean or earlier,  when these bugs are revealed, they are not patched and hackers have a field day, hence the term dumpster fire clown……

This is a much bigger problem with phones because there are hundreds of millions of unsupported phones out there being used worldwide.

Somehow we have to get users to understand that just because a system will still power up does not mean that it is wise to continue to use it.

My two cents.

Information for this post came from the Register.

Leave a Reply

Your email address will not be published.