An infamous hacker group known as the Shadow Brokers on Friday released a bunch of tools that that made it easier for hackers to break into all kinds of Microsoft Windows computers and other Microsoft software, security researchers are warning.
The hacking tools are allegedly part of the arsenal that was said to be stolen from the NSA last summer. That arsenal was reportedly part of what NSA analysts use to break into computers, networks and other systems to do their spy work.
Back in August the group released a bunch of hacking tools and on Friday it released another bunch of “really amazing stuff” according to Nicholas Weaver, a computer security researcher at the International Computer Science Institute in Berkeley on the blog Lawfair.
“This may well be the most damaging dump against the NSA to date, and it is without question the most damaging post-Snowden release,” Weaver wrote.
—Edward Snowden (@Snowden) April 14, 2017
He also noted that timing of the dump is particularly harsh, right at the start of the Easter holiday weekend when many IT pros will busy with their families, and inexperienced hackers (like teenagers) have extra time on their hands. Those inexperienced hackers are known as “script kiddies.”
“Friday is the perfect day to dump tools if your goal is to cause maximum chaos; all the script kiddies are active over the weekend, while far too many defenders are offline and enjoying the Easter holiday. I’m only being somewhat glib in suggesting that the best security measure for a Windows computer might be to just turn it off for a few days,” Weaver says.
Other researchers, pouring through the dump, say they are finding some hacking tools that are really dangerous and could impact most versions of Windows, including the type that runs on computer servers.
“This is really bad, in about an hour or so any attacker can download simple toolkit to hack into Microsoft based computers around the globe,” tweeted one such researcher, Hacker Fantastic, who’s been pouring through the materials.
—Ben (@Gridlock) April 14, 2017
—Hacker Fantastic (@hackerfantastic) April 14, 2017
The Shadow Brokers are widely believed to be Russian, and possibly tied to the Russian government.
Microsoft later on Friday released a blog saying that they had patched most of the bugs the month before, and of the three they hadn’t patched, none were particularly dangerous. This led to speculation that the NSA had warned Microsoft. In any case, apocalypse avoided.