A group of hackers named the Shadow Brokers has just made a new National Security Agency data dump public. Some experts believe the Shadow Brokers is a cover name for the Russian government but no proof of that is out just yet. According to the Washington Post, the data the Shadow Brokers have released is going to affect U.S. relations with everyone from other governments to large tech firms. Possibly the biggest part of the data dump is a series of zero-day exploits found in Microsoft Windows.
Having access to a zero-day exploit gives hackers an advantage since they’re normally kept a secret to avoid companies patching them. There is a black market for zero-day exploits and they’re very much in demand. Now that these exploits are public, Microsoft is likely already working to patch them so they will no longer be useful for hackers. Knowing the NSA has backdoors into your software is probably not the best for corporate/government relations. Now that this exploit is public, there will be some hackers who will rush to take advantage of it while Microsoft works on plugging it.
Most people think of the NSA as a spying agency and do not realize that it has a second responsibility: It is also supposed to protect the security of communications by U.S. citizens and companies against foreign incursions. When the United States learns of a zero-day exploit against software used by Americans, it is supposed to engage in an “equities process,” in which the default choice should be to inform the software producer so that it can fix the vulnerability, keeping the zero-day secret only if a special case can be made for it. The revelation that the United States has kept its hands on so many vulnerabilities will further confirm the skepticism of many in the technology community, who believe that the equities process isn’t working.
According to the Washington Post, the NSA also compromised a service called SWIFT. SWIFT is a messaging service that provides financial messaging services to many banks located in the Middle East. This basically means the NSA could have been monitoring every financial transaction going through SWIFT. The NSA having access to this kind of information is certainly going to ruffle many international feathers in the Middle East and even further out than that.
It will be interesting to see how this all shakes out and what Microsoft’s and SWIFT’s reactions are, if any. What do you think of this story? Let us know your thoughts in the comments below or on Google+, Twitter, or Facebook.Source: Washington Post