“This is not a drill.”
So warned Edward Snowden in an April 14 tweet addressing the latest dump of NSA hacking tools by the hacking group known as the Shadow Brokers. And, if the response of the security community is any indication, America’s most famous whistleblower has reason to be alarmed.
According to The Intercept, the Shadow Brokers’ April 14 release of previously undisclosed tools has the potential to comprise Windows computers running anything earlier than Windows 10. To make matters worse, one security expert says that even those using the latest Windows could be vulnerable.
That’s a lot of computers.
Matthew Hickey, the co-founder and director of the cybersecurity company Hacker House spelled out his take on the severity of the dump: “In about an hour or so any attacker can download simple toolkit to hack into Microsoft based computers around the globe.”
This is really bad, in about an hour or so any attacker can download simple toolkit to hack into Microsoft based computers around the globe.
— Hacker Fantastic (@hackerfantastic) April 14, 2017
Even though these attacks are believed to be several years old, there is speculation that at least one of them may still work on machines running Windows 10.
What makes this software — readily available online to anyone inclined to download it — so dangerous is that it makes use of numerous zero-day exploits. These exploits are particularly troublesome because, by definition, they have not been patched. Basically, there’s no existing defense.
Snowden, for his part, is pointing a finger at the NSA.
Microsoft appears to be taking the news seriously.
“We are reviewing the report,” a Microsoft spokesperson told Mashable, “and will take the necessary actions to protect our customers.”