Hundreds of megabytes worth of sophisticated hacking tools purportedly stolen from the National Security Agency became publicly available Friday, triggering security experts across the globe to sound alarms as the U.S. government’s weaponized software exploits seemingly entered the wild.
The latest disclosure appears to have come courtesy of “The Shadow Brokers,” a mysterious entity that for months has managed to slowly leak computer code allegedly used by NSA hackers to conduct cyberattacks on behalf of the U.S. intelligence community.
A blog post bearing The Shadow Brokers’ name appeared Friday directing visitors to download a cache of computer code, the likes of which contain previously undisclosed computer exploits capable of wreaking widespread havoc, according to security experts.
Included within the leak is code that can be used to hack into Microsoft computers assumed to be otherwise secure, experts warned.
“This is not a drill,” former NSA contractor Edward Snowden tweeted Friday. “NSA exploits affecting many fully-patched Windows systems have been released to the wild. NSA did not warn Microsoft.”
Matthew Hickey, a researcher at the U.K’s Hacker House security firm, said it is “by far the most powerful cache of exploits ever released.
“It is very significant as it effectively puts cyber weapons in the hands of anyone who downloads it,” he told Ars Technica. “A number of these attacks appear to be 0-day exploits which have no patch and work completely from a remote network perspective.”
Mr. Hickey told The Associated Press he was able to use the now publicly-available code to successfully breach multiple version of Microsoft’s flagship operating system.
“It’s an absolute disaster,” he told AP. “I have been able to hack pretty much every Windows version here in my lab using this leak.”
The widely-followed @HackerFantastic Twitter account tweeted Friday: “This isn’t a data dump, this is a damn Microsoft apocalypse.”
Microsoft said in a statement Friday it was “reviewing the report and will take the necessary actions to protect our customers.” Following its review, however, the company issued a new statement Friday evening downplaying the severity of the latest leak.
“Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products,” Phillip Misner of the Microsoft Security Response Center wrote in a blog post.
The Shadow Brokers, meanwhile, indicated more exploits may follow.
“Maybe if all surviving WWIII, theshadowbrokers be seeing you next week,” Friday’s post read.
The NSA did not immediately respond to requests for comment, AP reported.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.