16:33 GMT +329 May 2017
Live
    A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017
    © REUTERS/ Kacper Pempel/Illustration

    How 'NSA's Toolbox' Was Used by the Masterminds of the 'WannaCry' Epidemic

    In Depth
    Get short URL
    Denis Bolotsky
    Web Safety: How Hackers Steal Your Data and How to Protect Yourself (5)
    0 12745

    In the early days of the computer era, most hacking was done by curious students who used "playful cleverness" to manipulate electronics. Later, the term "hacker" took on a negative connotation. But besides criminals and rogue actors, the modern hacking scene is also populated with hackers who work for the government.

    In April of 2017, hacktivist group Shadow Brokers posted several archive files on the popular blogging platform Medium. According to posters, the files contained utilities that belonged to Equation – a hackers group which allegedly works for the National Security Agency.

    At first Shadow Brokers put the archives up for auction, but in the end the toolbox did not go to the highest bidder. For some reason the group posted passwords to the archives, releasing the genie out of the bottle.

    "Beasts" with names like ODDJOB, FUZZBUNCH, ETERNALBLUE and DOUBLEPULSAR were downloaded by thousands of Internet users from all over the world. With these tools even inexperienced programmers were able to gain access to various PCs, including those that use Linux and Solaris operating systems.

    Here is Watchguard CTO Corey Nachreiner talking about the leaked scripts on YouTube.

    The researchers mentioned there were 12 significant vulnerabilities in various versions of Windows, including what they said were up-to-date versions of Windows that could allow bad guys to remotely exploit Windows computers over the network. SMB vulnerabilities are a very big deal. Threats like Configure have used major SMB vulnerabilities in order to spread automatically.

    The appearance of the alleged "Big Brothers toolbox" out in the open led to heated debates about the US government's online spying ops, and about the NSA's ability to defend itself and eventually find the source of Shadow Brokers leaks. Some NSA critics, like the organization's former contractor Edward Snowden, said that the source should be easily identifiable.

    ​The massive leak of "government malware" led to serious consequences. In less than a month unknown bad guys compiled ransomware utilities, which spread across the Internet at the speed of light, infecting and locking Windows computers all over the world and demanding a ransom in bitcoins. According to researchers, malware called "WCry" or "WannaCry" use two utilities leaked by Shadow Brokers – ETERNALBLUE and DOUBLEPULSAR. The spread of WCry was stopped rather quickly by Microsoft and other software manufacturers taking action and warning users to install updates and patches. But other variations of WannaCry sprung up like jack-in-the-box, making it harder for anti-virus makers to thwart the epidemic.

    We'd love to get your feedback back at radio@sputniknews.com.

    Have you heard the news? Sign up to our Telegram channel and we'll keep you up to speed!

    Topic:
    Web Safety: How Hackers Steal Your Data and How to Protect Yourself (5)
    Tags:
    cybersecurity, virus, hacking, WannaCry virus, NSA
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik
    • Сomment