Joon Ian Wong | Quartz | April 17, 2017 | 0 Comments

Microsoft Mysteriously Fixed Security Gaps Allegedly Used by US Spies a Month Before They Leaked

In this Nov. 10, 20, ... ] Swayne B. Hall/Shutterstock.com

On Friday, a cache of hacking tools allegedly developed by the National Security Agency was dumped online.

The news was explosive in the digital security community because the tools contained methods to hack computers running Windows, meaning millions of machines could be at risk. Security experts who tested the tools, leaked by a group called the Shadow Brokers, found they worked. They were panicked:

But just hours later, Microsoft announced many of the vulnerabilities were addressed in a security update released a month ago.

“Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers,” Philip Misner, a Microsoft executive in charge of security, wrote in a blog post. “Our engineers have investigated the disclosed exploits, and most of the exploits are already patched.”

Misner’s post showed three of nine vulnerabilities from the leak were fixed in a March 14 security update. Security commentators were bamboozled. As Ars Technica pointed out, when security holes are discovered, the individual or organization that found them is usually credited in the notes explaining the update. No such acknowledgment was found in the March 14 update. Here’s a list of acknowledgments for 2017, showing credit for finding security problems in almost every update.

One theory among security practitioners is that NSA itself reported the vulnerabilities to Microsoft, knowing the tools would be dumped publicly. Microsoft told ZDNet it might not list individuals who discover flaws for a number of reasons, including by request from the discoverer.

The federal government has not commented on this leak, though previous leaks by the Shadow Brokers claiming to be NSA hacking tools were confirmed at least in part by affected vendors and NSA whistleblower Edward Snowden.

The other big revelation from the Shadow Brokers dump is the claim NSA infiltrated the SWIFT banking network through a firm called EastNets in Dubai. EastNets has said it has found no evidence its systems were compromised. The Shadow Brokers’ leak suggests NSA has “implanted” malware in 16 Middle Eastern banks and other financial firms to collect data. Such a set up could have allowed NSA to secretly monitor money flows in the region, Wired reported.

For ordinary internet users, it can be hard to decide between heaving a sigh of relief the security holes have been filled, or feeling even more paranoid these holes existed in the first place.

Comments
JOIN THE DISCUSSION

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.