Hacking tools were stolen from NSA - Almost all Windows affected

Page 1 of 15 12311 ... LastLast

  1. Posts : 26,980
    Windows 10 (Pro and Insider Pro)

    Hacking tools were stolen from NSA - Almost all Windows affected

    Hackers group have posted online a set of tools for hacking Windows operating systems. Most of them was designed for older Windows up to 8.1, but some of them can be also used for gaining access to Windows 10.

    Tools were stolen from NSA last summer, but now they were posted online and available to almost anybody.

    No way to remain protected
    Security experts warn that with the hacking tools now available online, the number of attacks aimed at Windows systems is very likely to skyrocket during the weekend, especially because newbie hackers have more time to launch their attacks, while at the same time being able to find victims easily because users spend more time online on their days off.
    Edward Snowden has also confirmed the leak, explaining that “this is not a drill, NSA exploits affecting many fully-patched Windows systems have been released to the wild. NSA did not warn Microsoft.”
    As for ways to remain protected until Microsoft delivers patches, there’s really no hackerproof solution right now, other than running Windows 10, though there’s evidence that this operating system version can be hijacked as well. Security experts recommend to keep critical systems offline for a few days, at least until after the weekend, but it’s very clear this isn’t the most convenient solution right now.
    We’ve contacted Microsoft to ask for more information on this leak and we’ll update the article when an answer is offered.
    UPDATE: Microsoft has provided us with the following statement: "We are reviewing the report and will take the necessary actions to protect our customers."

    Read more on Softpedia: nsa-s-windows-hacking-tools-leaked-millions-of-users-exposed

    Update: WinBeta (onMSFT) reports that some vulnerabilities are fixed and provides links to security fixes on MS site..

    Update 2: Here is link to MS Blog article with security fixes

    Last edited by AndreTen; 15 Apr 2017 at 06:07.
      My Computers

  2. Posts : 16,278

    Thanks for posting this. Great, just great. My "workload" just increased exponentially by Domegemegrottebytes.
      My Computer

  3. Posts : 53
    Windowes 10 Pro 15063.332

    and who did the nsa steal the hacking tools from in the first place?
      My Computer

  4. Posts : 5,833
    Dual boot Windows 10 FCU Pro x 64 & current Insider 10 Pro

    Thanks for posting that, Andre.
      My Computers

  5. Posts : 16,278

    ChaChaLaBoom said:
    and who did the nsa steal the hacking tools from in the first place?
    The NSA develop them.
      My Computer

  6. Posts : 16,278

    This is crazy.

    Leaked NSA Malware Threatens Windows Users Around the World

    “I don’t think I have ever seen so much exploits and 0day [exploits] released at one time in my entire life,” ... “and I have been involved in computer hacking and security for 20 years.”
    “This is as big as it gets,” ... “Nation-state attack tools are now in the hands of anyone who cares to download them…it’s literally a cyberweapon for hacking into computers…people will be using these attacks for years to come.”

      My Computer

  7. Posts : 5,833
    Dual boot Windows 10 FCU Pro x 64 & current Insider 10 Pro

    simrick said:
    This is crazy.
    It's beyond crazy. It's absolutely ludicrous. Wonder if MS is doing anything about this.
      My Computers

  8. Posts : 16,278

    HippsieGypsie said:
    It's beyond crazy. It's absolutely ludicrous. Wonder if MS is doing anything about this.
    Well, nothing has been done by MS since last August, when this stuff was stolen.
      My Computer

  9. Posts : 16,278

    Shadow Brokers Release New Files Revealing Windows Exploits, SWIFT Attacks

    EASYBEE appears to be an MDaemon email server vulnerability [source, source, source]
    EASYPI is an IBM Lotus Notes exploit [source, source] that gets detected as Stuxnet [source]
    EWOKFRENZY is an exploit for IBM Lotus Domino 6.5.4 to 7.0.2 [source, source]
    EXPLODINGCAN is an IIS 6.0 exploit that creates a remote backdoor [source, source]
    ETERNALROMANCE is a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges [source, source]
    EDUCATEDSCHOLAR is a SMB exploit [source, source]
    EMERALDTHREAD is a SMB exploit for Windows XP and Server 2003 [source, source]
    EMPHASISMINE is a remote IMAP exploit for IBM Lotus Domino [source, source]
    ENGLISHMANSDENTIST sets Outlook Exchange WebAccess rules to trigger executable code on the client's side to send an email to other users [source, source]
    ERRATICGOPHER is a SMBv1 exploit targeting Windows XP and Server 2003 [source, source]
    ETERNALSYNERGY is a SMBv3 remote code execution flaw for Windows 8 and Server 2012 [source, source, source]
    ETERNALBLUE is a SMBv2 exploit [source] that also works on Windows 10, even if it wasn't designed to [source]
    ETERNALCHAMPION is a SMBv1 exploit [source]
    ESKIMOROLL is a Kerberos exploit targeting 2000, 2003, 2008 and 2008 R2 domain controllers [source, source]
    ESTEEMAUDIT is an RDP exploit and backdoor for Windows Server 2003 [source, source]
    ECLIPSEDWING is an RCE exploit for the Server service in Windows Server 2008 and later [source, source]
    ETRE is an exploit for IMail 8.10 to 8.22 [source]
    FUZZBUNCH is an exploit framework, similar to MetaSploit [source, source], which was also part of the December-January "Windows Tools" Shadow Brokers auction [source]
    DOUBLEPULSAR is a RING-0 multi-version kernel mode payload [source]
    EquationGroup had scripts that could scrape Oracle databases for SWIFT data [source, source]
    ODDJOB is an implant builder and C&C server that can deliver exploits for Windows 2000 and later [source, source], also not detected by any AV vendors [source]
    Metadata [possibly faked, possibly real] links NSA to Equation Group [source]
    NSA used TrueCrypt for storing operation notes [source]
    Some of the Windows exploits released today were undetectable on VirusTotal [source]
    Some EquationGroup humor in the oddjob instructions manual [source, source]
    JEEPFLEA_MARKET appears to be an operation for collecting data from several banks around the world [source], previously linked to the NSA by Snowden [source, source]
    The Equation Group targeted EastNets, a SWIFT connectivity provider [source, source, source, source, source]
      My Computer

  10. Posts : 5,833
    Dual boot Windows 10 FCU Pro x 64 & current Insider 10 Pro

    Wow, @simrick. You've been busy. Impressive list you made!

    So what do we do about all this?
      My Computers


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:08.
Find Us

Windows 10 Forums