NSA-Leaking Shadow Brokers Just Dumped Its Most Damaging Release Yet

An anonymous reader quotes a report from Ars Technica: The Shadow Brokers -- the mysterious person or group that over the past eight months has leaked a gigabyte worth of the National Security Agency's weaponized software exploits -- just published its most significant release yet. Friday's dump contains potent exploits and hacking tools that target most versions of Microsoft Windows and evidence of sophisticated hacks on the SWIFT banking system of several banks across the world. Friday's release -- which came as much of the computing world was planning a long weekend to observe the Easter holiday -- contains close to 300 megabytes of materials the leakers said were stolen from the NSA. The contents (a convenient overview is here) included compiled binaries for exploits that targeted vulnerabilities in a long line of Windows operating systems, including Windows 8 and Windows 2012. It also included a framework dubbed Fuzzbunch, a tool that resembles the Metasploit hacking framework that loads the binaries into targeted networks. Independent security experts who reviewed the contents said it was without question the most damaging Shadow Brokers release to date. One of the Windows zero-days flagged by Hickey is dubbed Eternalblue. It exploits a remote code-execution bug in the latest version of Windows 2008 R2 using the server message block and NetBT protocols. Another hacking tool known as Eternalromance contains an easy-to-use interface and "slick" code. Hickey said it exploits Windows systems over TCP ports 445 and 139. The exact cause of the bug is still being identified. Friday's release contains several tools with the word "eternal" in their name that exploit previously unknown flaws in Windows desktops and servers.

Thanks, NSA

The Shadow Brokers advertised the names of these exploits in January. The NSA had 3 months to warn Microsoft. But nope. Enjoy the 0day shitstorm that's about to drop.

The other submission

The other submission, which mods ignored, contained a better list of the exploits: https://www.bleepingcomputer.c...

Re:bugs or backdoors?

[bill_mcgonigle]

I wonder how many of this "unknown bugs" used by "slick code" where put there on purpose in windows and how much is actual bugs.

If you talk to people who have seen the older parts of Windows source, you start to become less conspiratorial. Much of the code was written when these machines were only networked if the company had a Novell network (yeah, yeah, both of you who ran LANMan can pipe down) and security wasn't even on the RADAR. Modern programmers at Microsoft are either disgusted or terrified by it, from what I hear.

Backwards compatibility cuts both ways.

Security removed for good reasons

[raymorris]

> Much of the code was written when these machines were only networked if the company had a Novell network (yeah, yeah, both of you who ran LANMan can pipe down) and security wasn't even on the RADAR.

Indeed. Historically, it was DISK Operating System (DOS) on a PERSONAL Computer (PC) as opposed to the then-traditional NETWORK operating system on a time-sharing computer (which cost over $100,000). The point of DOS, the difference between Microsoft and what was already common place, was that the Microsoft OS was for cheap little computers used by one person, and not connected to a big corporate network. Instead of requiring many MBs of RAM, DOS could run in as little as 16KB pf RAM by getting rid of all the stuff that wasn't needed on a PERSONAL, DISK-based computer - stuff like security, stuff like isolating the files and processes of one user from the rest of the system.

This was a great idea. It worked brilliantly. Then the internet happened. Microsoft had a shit fit. Not only was their entire company based on PCs rather than the client-server model, but they had just spent millions upgrading Object Linking and Embedding (OLE), and named the new version COM. It was really cool - it let you do things like embed a picture in a Word document, or link a sound file from a picture. It was awesome. Then the web showed up with "img src" and "a href". Oh shit!

Microsoft did exactly the right thing, making an OS for personal, home computers, which weren't on a network and therefore any security was unnecessary overhead that they removed. Then the sudden popularity of the web screwed them and they had to play catch-up for 15 years.