You probably missed it – but don’t worry, I’m here to give you the simple low-down 😏. The Cyber Security world was in meltdown for some of last weekend about the fact that a hacking group known as Shadow Brokers had released a load of NSA hacking tools to the internet and this meant everyone was at risk from hackers breaking into their files and the sky was going to fall and leopards would lie down with the goat, etc. etc. All pretty apocalyptic stuff 😨 (though, if you are a Windows XP/Server 2003 user it probably is the end times. 😳)
Well for the most part§ it turned into “not much to see here, move along”. Yes, these NSA hacking tools were released to the internet for anybody with evil intentions to use them on the innocent. Yes, they are highly effective. Yes, they can let hackers break into your computer.
But you follow my first commandment don’t you? You keep your Windows (and other software) automatically updated, don’t you? If so, then you’ll be fine … nothing to see here, move along … these NSA hacking tools are nothing to concern yourself with.
§Now, this is where the earlier reference to “for the most part” gets some clarity. If you are running Windows XP, then you are at extreme risk of probably every tool that was released by Shadow Brokers. Microsoft patched the vulnerabilities in their supported operating systems (so Windows 7, 8.1 and 10) that all of the hacking tools exploited, except for three. The tools that were named “EnglishmanDentist”, “EsteemAudit”, and “ExplodingCan” are the only ones that Microsoft didn’t bother with as they only affected earlier versions of Windows which Microsoft no longer support (Windows XP or Server 2003 anyone?).
So if you are still an XP/2003 user, you’ve got a pile of evil-doers, with access to at least 12 hacking tools which the NSA created and they can come and compromise your PC/Laptop/Server! 😨 It’s that simple, you really need to move off XP/2003 for your own good. If you can’t upgrade, then get the XP/2003 thing off the internet so you can’t be compromised. 😖
Some of you may recall back in March, I talked about how Microsoft offered no patches in February and then here was a double lot in March. Microsoft were pretty tight lipped about why this happened and most of the speculation was around problems encountered with the way they were changing their method of delivering updates.
Welllllll … it would seem it was much more likely that is was to do with the NSA giving them a low-down on the vulnerabilities that they knew were about to be revealed and exploited by the bad guys and so Microsoft put the head down and got on with fixing these “secret” vulnerabilities. 😏
There were also some tools released which enabled the NSA (the US National Security Agency) to monitor some service bureaus used by the SWIFT inter-bank payment network. This mainly targeted middle-east bureaus, but it’s possible this could be expanded. This is something for the SWIFT network to address and there is likely nothing you can do about this. 😞
Let’s be careful out there!