Microsoft fixes NSA ‘malware’
PARIS, April 15, (Agencies): Up-to-date Microsoft customers are safe from the purported National Security Agency spying tools dumped online, the software company said Saturday, tamping down fears that the digital arsenal was poised to wreak havoc across the internet .
In a blog post, Microsoft Corp security manager Phillip Misner said that the software giant had already built defenses against nine of the 12 tools disclosed by The Shadow Brokers, a mysterious group that has repeatedly published NSA code. The three others affected old, unsupported products.
“Most of the exploits are already patched,” Misner said.
The post tamped down fears expressed by some researchers that the digital espionage toolkit made public by The Shadow Brokers took advantage of undisclosed vulnerabilities in Microsoft’s code. That would have been a potentially damaging development because such tools could swiftly be repurposed to strike across the company’s massive customer base.
Those fears appear to have been prompted by experts using even slightly out-of-date versions of Windows in their labs. One of Microso ft’s fixes, also called a patch, was only released last month .
“I missed the patch,” said British security architect Kevin Beaumont, jokingly adding, “I’m thinking about going to live in the woods now.”
Beaumont wasn’t alone.
Matthew Hickey, of cybersecurity firm Hacker House, also ran the code against earlier versions of Windows on Friday. But he noted that many organizations put patches off, meaning “many servers will still be affected by these flaws.”
Everyone involved recommended keeping up with software updates.
“We encourage customers to ensure their computers are up-to-date,” Misner said.
A new set of documents purportedly lifted from the US National Security Agency suggests that American spies have burrowed deep into the Middle East’s financial network, apparently compromising the Dubai office of the anti-money laundering and financial services firm EastNets. The company said Friday the documents were dated and denied that any customer data had been affected.
TheShadowBrokers, which startled the security experts last year by releasing some of the NSA’s hacking tools, has recently resumed pouring secrets into the public domain. In a first for TheShadowBrokers, the data include PowerPoint slides and purported target lists, suggesting the group has access to a broader range of information than previously known.
“This is by far the most brutal dump,” said Comae Technologies founder Matt Suiche, who has closely followed the group’s disclosures and initially helped confirm its connection to the NSA last year. In a blog post , he said it appeared that thousands of employee accounts and machines from EastNets’ offices had been compromised and that financial institutions in Kuwait, Bahrain and the Palestinian territories had been targeted for espionage.
In a statement , EastNets said there was “no credibility” to the allegation that its customers’ details had been stolen.
The company, which acts as a “service bureau” connecting customers to the financial world’s electronic backbone, SWIFT, said the ShadowBrokers documents referred to a “low-level internal server” that had since been retired and that a “complete check” of its systems had turned up no evidence of any compromise.
The denial drew skepticism from those who’d reviewed the files.
“Eastnets’ claim is impossible to believe,” said Kevin Beaumont, who was one of several experts who spent Friday combing through the documents and trying out the code. He said he’d found password dumps, an Excel spreadsheet outlining the internal architecture of the company’s server and one file that was “just a massive log of hacking on their organization.”
SWIFT, based in Belgium, released a less categorical statement, saying, “we understand that communications between these service bureaus and their customers may previously have been accessed by unauthorized third parties.” It said there was no evidence its own network had been compromised.
Repeated messages seeking clarification from EastNets went unreturned.
Beaumont said there was bad news in the release for Microsoft as well. He said the malicious code published Friday appeared to exploit previously undiscovered weaknesses in older versions of its Windows operating system — the mark of a sophisticated actor and a potential worry for many of Windows’ hundreds of millions of users.
The opinion was seconded by Matthew Hickey of Prestbury, Englandbased cybersecurity company Hacker House.
“It’s an absolute disaster,” Hickey