Depending on the nature of the enterprise, there are other threats that go along with the revelations as well. The Shadow Brokers claim that their hacking tools came from the NSA, which uses them to spy on companies outside the U.S.
If your enterprise is one of the many that are based outside the U.S. or have interests in foreign nations, then it might be of interest to the NSA and vulnerability may suddenly have become critical.
While the Windows exploits are getting the most press, there’s actually a potentially more serious part of the Shadow Brokers release that’s not getting a lot of attention. Some of the vulnerabilities seem to show that the NSA, if that’s actually where the hacking tools came from, has penetrated part of the SWIFT network through a bank in the middle east.
SWIFT is a global messaging network based in Belgium used by banks to transfer funds. The ability to penetrate the SWIFT messaging network then gives the NSA the ability to track funds as they move around the financial world. Part of this effort has been known for years as the Terrorist Financial Tracking Network, but the details of how it works have always been shadowy.
While there are agreements between the U.S. intelligence community and the EU to share data from the SWIFT network, the amount of sharing that can take place is limited. By penetrating the network itself, the intelligence agencies can get information that’s very detailed and very current. Unfortunately, doing so also violates the agreements between the U.S. and the EU.
By showing that the NSA may have violated the existing agreements, the implementation of the Privacy Shield agreement between the U.S. and the EU may be at risk. This is a significant problem because companies on both sides of the Atlantic depend on Privacy Shield, which regulates what type of sharing of personal information is allowed, and under what circumstances. Without such an agreement, commerce between them is impaired.
So what all of this boils down to is that the Shadow Brokers revelations are a big problem, but not for the reasons originally thought. Microsoft fixed the vulnerabilities, although exactly how the company learned of these vulnerabilities and the tools to exploit them is unclear. But the other part revelations about the NSA's penetration of the SWIFT network that most ignored at first could cause the U.S. and the intelligence community a very big problem indeed.
What’s unfortunate is that we may never actually know just how much of a problem it turned out to be and ultimately what was done about it.