Leaked NSA Tools Infect Computers Worldwide

Weaponized software stolen from NSA, leaked.

Hacking group The Shadow Brokers has leaked more than a gigabyte worth of weaponized software exploits stolen from the United States National Security Agency (NSA). This toolkit gives anyone, even those without sophisticated technical knowledge, the technology to potentially compromise systems around the world. The Shadow Brokers had attempted to auction off the stolen technology, but when no buyers appeared they released it online for free.

One tool leaked by the group has been used to infect Windows computers with malware. Known as DoublePulsar, the malware is an extremely stealthy backdoor through which other malware can be loaded onto infected computers. The infected machines can then be used to distribute malware, send spam, and launch attacks on other computers. Once infected, those machines may be open to other attacks. Initial reports were that more than 10,000 computers may have been infected. According to Dan Tentler, founder of security consultant Phobos Group, “People [who] have gotten their hands on the tools just started exploiting hosts on the Internet as fast as they could.”

The good news is that patches exist to fix the vulnerabilities exploited by these tools. Microsoft has said that the exploits disclosed by The Shadow Brokers have already been addressed by previous updates to supported products, so customers with up-to-date software are already protected. The bad news is that some users are unable (or unwilling) to apply the critical Windows updates, leaving those systems open to infection. This would include users running systems that are no longer supported, such as Windows XP or Vista. Systems running Windows 10 were not affected.

The most important action consumers and businesses can take to protect themselves from these and similar threats is to keep their operating systems current and install all timely updates. As threats are discovered, Microsoft patches Windows to remove vulnerabilities.