Slashdot Mirror
NSA Exploits Ported To Work on All Windows Versions Released Since Windows 2000 (bleepingcomputer.com)
Catalin Cimpanu, reporting for BleepingComputer: A security researcher has ported three leaked NSA exploits to work on all Windows versions released in the past 18 years, starting with Windows 2000. The three exploits are EternalChampion, EternalRomance, and EternalSynergy; all three leaked last April by a hacking group known as The Shadow Brokers who claimed to have stolen the code from the NSA. Several exploits and hacking tools were released in the April 2017 Shadow Brokers dump, the most famous being EternalBlue, the exploit used in the WannaCry, NotPetya, and Bad Rabbit ransomware outbreaks.
Interesting that he went for a 2 year old version of Windows 10. Would have been much more interesting if he tested the latest patched versions of all OS's. If he did that for Windows 10, won't surprise me if he also used unpatched versions of Windows 8.1 and 7.
It's not the fact that the NSA isn't allowed to hack. It's the fact that they discovered multiple critical vulnerabilities in an OS used by hundreds of millions of American citizens and other American agencies and governments, and instead of disclosing it responsibly so that Americans would be protected, they sat on that information. Worse, they weaponized it, then they let the weapon escape out into the wild. NSA exploits are responsible for more billions of dollars in ransomeware attacks than any single source.
The NSA failed to protect Americans, weaponized a weakness shared by virtually every citizen, and then failed to keep their weapons locked up. Imagine if the US Air Force lost a few nukes. The property damage by NSA leaks is about akin to dropping a nuke on medium sized city. The NSA leadership responsible for those decisions shouldn't just be fired, they should be hauled (in chains) before congress to answer publicly for those decisions. I cannot fathom why the American people aren't still howling for their arrest.