Older Windows Systems Targeted by Newly Released Hack Tools
Microsoft is investigating reports about leaked hacking tools that target older Windows systems.
The tools were announced on Friday by a group calling itself "The Shadow Brokers." A Microsoft spokesperson provided a statement via e-mail, stating that "we are reviewing the report and will take the necessary actions to protect our customers."
The Shadow Brokers has been posting hacking tools to the GitHub repository in an online auction over the last year, according to Wikipedia's account. The tools are alleged to have come from the U.S. National Security Agency.
The tools date from 2013, so they're thought to affect Windows systems older than Windows 10, according to a Motherboard story posted today. One hacking tool, called "FuzzBunch," appears to affect Windows 8, Windows 7 and Windows Vista, as well as Windows Server 2000 though Windows Server 2012, according to the story.
The GitHub post of the tools by The Shadow Brokers contains three folders, marked "oddjob," "swift" and "windows," which can be unlocked by a password that was released by the group. The swift folder contains PowerPoint slides suggesting that the Middle East network used by the Society for Worldwide Interbank Financial Telecommunication (SWIFT) for financial transactions was targeted by the NSA, according to a blog post by Microsoft Most Valuable Professional Matt Suiche. Banks in Bangladesh and Ramallah, Palestine were targeted, he indicated, regarding the released materials.
The Windows hacking tools that were released are used for remote exploits. They have names such as "EternalRomance," "EnternalChampion" and "ExternalBlue." Some of the targeted Windows versions, such as Windows Vista and Windows 2008, have fallen out of support. Consequently, their flaws won't get patched, Suiche noted.
The oddjob folder contains various log files and Excel documents, plus PowerPoint files marked "Top Secret," according to Suiche.
The release of the tools comes after WikiLeaks today published documents about purported CIA backend malware with a "public-facing HTTPS interface." WikiLeaks also released more so-called CIA "Vault 7" attack tools earlier this month that are designed to target Windows systems.
This week, CIA Director Mike Pompeo called WikiLeaks a "hostile intelligence service," according to a New York Times article. WikiLeaks, which provides leaked materials to journalists, is perhaps best known for its release of a video showing a U.S. military helicopter gunning down civilians in Iraq.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.