As you may have heard, a Group called Shadowbrokers have stolen Hacking tools from the NSA and made them available to the public.
I had a chance to take a look at these tools. A few days ago they already released some tools but those tools were quite outdated and not really harmful if you don’t use an old Windows XP or Vista PC. But these new tools are indeed up-to-date and I was able to use the tools to compromise one of my Windows 10 PCs which hasn’t been updated for a few days. After it was updated with the latest Creators Update from Microsoft including all security updates, that was no longer possible.
The NSA Tools also include tools to disable or hide themselves against all known virus scanners, including Microsoft.
There are rumors that NSA has informed Microsoft about the fact that their tools were stolen along with information about the vulnerabilities these tools are using so Microsoft was able to fix these vulnerabilities. This makes sense as these vulnerabilities are existing for quite some time now and it is interesting that Microsoft has created these fixes before Shadowbrokers have released the Tools to the public.
About the NSA tools
Some people already asked if these hacking tools are indeed from the NSA or ‘just’ from Hackers. I have seen many similar tools by many developers and of course developed my own. The available tools have been developed in Java, Python and Perl, some are available as binaries.
Even though I found some humor like in the Zippybeer tool which contains an ASCII image like this:
I found the code really really well organized and straight forward. Typical hacker code contain typos, they often don’t really care about code quality and a lot of code I have seen looks really ‘messy’ or even contains messages to other hackers. This code looks excellent, very reliable and foolproof with a lot of try/catch and exception handling to ensure that the tools are doing what they are supposed to do or fail and let the user know why and not leaving a trace. This code hasn’t been developed in a rush and it is indeed professional, just like a commercial software. This is why I am pretty sure that it comes from the NSA.
What you need to do
So if you didn’t already, hurry and update your Windows PCs. If you are using older Windows Versions than Windows 10, disconnect them from the internet.
This is not because of the NSA as they may have already (or soon) finished new tools which will still be able to compromise your PC. This is mainly because these NSA tools are now available to the public. They are easy to use and I suspect not only by people with good intentions.
Don’t trust the evil.
Happy Easter.
Marcus