Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    NSA Bank System Tracking Revealed in Shadow Brokers’ Zero-Day List

    By
    Wayne Rash
    -
    April 17, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Word Flaw Cyber-Spy

      When the hacker group Shadow Brokers released its latest list of Windows vulnerabilities last week, much of the security community was aghast. The new leaks listed a series of hacking tools aimed at those Windows vulnerabilities along with tools aimed at other services and operating systems, ostensibly stolen from the National Security Agency several months ago.

      The leaks appeared to be so serious that some security researchers were calling it a Windows apocalypse. Then on April 14, Microsoft spoiled all that fun by pointing out that the vulnerabilities that everyone was all atwitter over had actually been patched a month earlier. This meant that if you were using a machine that had been patched, your machine shouldn’t be vulnerable any more.

      Microsoft’s Phillip Misner, Principal Security Group Manager for the Microsoft Security Response Center explained in his blog what was going on. “Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products,” he said. Misner provided a chart of the exploits and of the updates that fixed them.

      Code Name

      Solution

      “EternalBlue”

      Addressed by MS17-010

      “EmeraldThread”

      Addressed by MS10-061

      “EternalChampion”

      Addressed by CVE-2017-0146 & CVE-2017-0147

      “ErraticGopher”

      Addressed prior to the release of Windows Vista

      “EsikmoRoll”

      Addressed by MS14-068

      “EternalRomance”

      Addressed by MS17-010

      “EducatedScholar”

      Addressed by MS09-050

      “EternalSynergy”

      Addressed by MS17-010

      “EclipsedWing”

      Addressed by MS08-067

      It’s worth noting that not only was the information from Shadow Brokers not an apocalypse, some of the vulnerabilities were nearly a decade old. One was fixed before the days of Windows Vista. The most recent fix was sent out in March, 2017, about a month before the revelations.

      Originally Shadow Brokers tried to auction the vulnerabilities and the tools that were used to exploit them, but there were no takers. At the time it was clear that many of those tools were already known, but on further examination, it seems that they simply were old.

      But that doesn’t mean that there isn’t any risk. While Windows computers that run up to date versions of Windows aren’t at risk for these exploits, there are a lot of machines that are still running Windows XP and are no longer supported by Microsoft, and these machines are vulnerable.

      In addition, enterprise implementations of Windows 7 and Windows 10 are frequently not up to date because the IT departments delay deployments of security patches for as long as several months to confirm that any updates don’t break anything. Those machines may be vulnerable and will be highly attractive to cyber-attackers.

      This means that enterprise IT departments should identify the updates from Microsoft that contain the fixes in the list and apply them as soon as possible. While it pays to be careful when making changes to mission-critical software, it doesn’t pay when you know those fixes are related to real attacks.

      Depending on the nature of the enterprise, there are other threats that go along with the revelations as well. The Shadow Brokers claim that their hacking tools came from the NSA, which uses them to spy on companies outside the U.S.

      If your enterprise is one of the many that are based outside the U.S. or have interests in foreign nations, then it might be of interest to the NSA and vulnerability may suddenly have become critical.

      While the Windows exploits are getting the most press, there’s actually a potentially more serious part of the Shadow Brokers release that’s not getting a lot of attention. Some of the vulnerabilities seem to show that the NSA, if that’s actually where the hacking tools came from, has penetrated part of the SWIFT network through a bank in the middle east.

      SWIFT is a global messaging network based in Belgium used by banks to transfer funds. The ability to penetrate the SWIFT messaging network then gives the NSA the ability to track funds as they move around the financial world. Part of this effort has been known for years as the Terrorist Financial Tracking Network, but the details of how it works have always been shadowy.

      While there are agreements between the U.S. intelligence community and the EU to share data from the SWIFT network, the amount of sharing that can take place is limited. By penetrating the network itself, the intelligence agencies can get information that’s very detailed and very current. Unfortunately, doing so also violates the agreements between the U.S. and the EU.

      By showing that the NSA may have violated the existing agreements, the implementation of the Privacy Shield agreement between the U.S. and the EU may be at risk. This is a significant problem because companies on both sides of the Atlantic depend on Privacy Shield, which regulates what type of sharing of personal information is allowed, and under what circumstances. Without such an agreement, commerce between them is impaired.

      So what all of this boils down to is that the Shadow Brokers revelations are a big problem, but not for the reasons originally thought. Microsoft fixed the vulnerabilities, although exactly how the company learned of these vulnerabilities and the tools to exploit them is unclear. But the other part revelations about the NSA’s penetration of the SWIFT network that most ignored at first could cause the U.S. and the intelligence community a very big problem indeed.

      What’s unfortunate is that we may never actually know just how much of a problem it turned out to be and ultimately what was done about it.

      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a freelance writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×