Welcome, Guest. Please login or register.

Author Topic: Leaked NSA hacking tools can target all Windows versions from the past 20 years  (Read 472 times)

0 Members and 1 Guest are viewing this topic.

Offline 1bit

  • STAFF - Technical Expert
  • Must be an Admin?
  • ********
  • Posts: 8789
  • Gender: Male
    • Tech Forum
Quote

REMEMBER THOSE LEAKED NSA TOOLS? Well, they can now hack any version of Windows, not just the old version of Microsoft's operating system.

Researcher Sean Dillon from cybersecurity firm RiskSense tweaked the source code of three nicked NSA exploits - EternalSynergy, EternalChampion and EternalRomance - to work against Windows versions dating back as far as Windows 2000.

Going by the name of 'zerosum0x0' on GitHub and Twitter (hat tip to Betanews for that), Dillon noted his modifications to the code exploits the CVE-2017-0143 and CVE-2017-0146 vulnerabilities in numerous versions of unpatched Windows OS.

MS17-010 #EternalSynergy #EternalRomance #EternalChampion exploit and auxiliary modules for @Metasploit. Support for Windows 2000 through 2016. I basically bolted MSF psexec onto @sleepya_ zzz_exploit. https://t.co/UnGA1u4gWe pic.twitter.com/Y9SMFJguH1 — zǝɹosum0x0🦉 (@zerosum0x0) January 29, 2018
While other leaked hacking tools like EternalBlue have been attributed to facilitating the likes of WannaCry and NotPetya, which affected systems running older versions of Windows like Windows 7, the modified exploits can be used against Windows 10 builds.

Windows 10 was originally thought to be immune to the stolen NSA tools leaked by hacker group Shadow Brokers. But unpatched versions of Redmond's latest OS appear to be vulnerable to attacks that make use of the modified code, not that any have been reported out in the wild.

Naturally, ensuring Windows 10 is up-to-date and patched should make any systems running the software immune to the modified hacking tools. But older versions of Windows that are no longer supported by Microsoft could face attacks that put the modified NSA exploits to use if the operating systems are not updated with patches Redmond pushed out in March 2017.

Plonking his modified code on GitHub with the disclaimer that it's intended for academic research and the development of cyber defences, Dillon said: "This module is highly reliable and preferred over EternalBlue where a Named Pipe is accessible for anonymous logins (generally, everything pre-Vista, and relatively common for domain computers in the wild)."

The trio of modified exploits also boast remote control and code execution features that could be used to wreak havoc on compromised machines.

If you've kept up with patches for more recent versions of Windows, then you should be safe from the exploits.

For companies with large and complex IT estates that aren't all running the latest software, such modified exploits could cause a headache. Either way, such tweaks to the modified NSA tools show that the Eternal family of exploits is still have some life left into them; jeez, thanks for that NSA. µ

https://www.theinquirer.net/inquirer/news/3026129/leaked-nsa-hacking-tools-can-target-all-windows-versions-from-the-past-two-decades

PlusNet VDSL Fibre 40/10
BT HomeHub 5B (Broadcom 63168) <---> ECI Dslam (Lantiq M41a)

Offline 1bit

  • STAFF - Technical Expert
  • Must be an Admin?
  • ********
  • Posts: 8789
  • Gender: Male
    • Tech Forum
PlusNet VDSL Fibre 40/10
BT HomeHub 5B (Broadcom 63168) <---> ECI Dslam (Lantiq M41a)

Offline fudgietheoriginal

  • Full-Time Member
  • ****
  • Posts: 466
I'm not ready to.........Last one using MS windows please switch the lights out  lol:1

Maybe some of this is just clever marketing....Getting the public to embrace something new we haven't seen yet, by softening them up first...with fear. JMO :angel: ;) :D ;D

Offline 1bit

  • STAFF - Technical Expert
  • Must be an Admin?
  • ********
  • Posts: 8789
  • Gender: Male
    • Tech Forum
the only true way to stay completely private and hidden (after much studying videos of NSA et al / Surveillance and documents of the same things.... cyber warfare/ computer and internet security, hacking etc etc)

is:

1) Use ONLY a 'Secure version' of a Live Linux Operating System such as QUBES or TAILS which main files are stored on a USB and boots directly into RAM where no folders are used at all on a local hard-drive or the USB stick, just in RAM as you use it ...once you kill power to the computer all data is gone with no remnant image, if you want some data retention such as browser extensions & bookmarks to stay behind they can be done so in a manner they are stored heavily encrypted on the USB...while SIGNITs may have tools for linux, 90% of the world use Windows and thats what they will be concentrating on.

2) DO NOT own or use any type of Social Media account (Microsoft, Google, Facebook, Twitter, Apple etc) as SIGNITs (Signals Intelligence) are allowed in the backdoor - making using a VPN etc useless for that.

3) Use only PGP (Pretty Good Privacy) email accounts such as Protonmail which massively encrypts your emails with special public and private keys and only those using similar PGP software and no-one else can read them - more HERE how it works.

4) TOR (The Onion Router) Browser..is used in both the afore mentioned OS's...but even better is adding up to 3 bridges  - yes due to TOR your browsing will be slow but ultimately secure, as your request is bounced through at least 3 servers each of which only know where the last packet came from and is going to..meaning only 3 hops is required for anonymity, but these are public nodes and 'active' surveillance (where your being targeted on the spot by warrant & attempted hacking you etc) if clever and fast enough could possibly attempt to trace it back (only by size, amount and frequency of the encrypted data at each end going in and out would they know its possibly the same person)..a bridge relay is a 'private' unknown node unlisted, you can add up to 3 to the 3 public nodes making it even more difficult - also more slower

5) Use a reliable 256-bit AES VPN service like AirVPN or NordVPN for Linux - all routers have a VPN pass through mode which means your computer is allowed to 'pass-through' your ISP connection IP address and use its own in a data centre in any country, is also encrypted - think of it like a tunnel that hides your IP address and scrambles all your data to almost impossible heights of decrypting - have it change server every 5 minutes

6) use something like DuckDuckGo as your search engine (this is default in TOR anyway) DuckDuckGo is a go-to search engine for the privacy-conscious. DuckDuckGo doesn’t log data about you, so it’s become popular amongst users that wish to surf the web anonymously. DuckDuckGo has no way of knowing if multiple searches came from the same computer because it does not generate an identifier to identify any unique user or log user data.

7) OPTIONAL: use firefox extensions for TOR such as Ghostery or Decentraleyes (NoScript is preinstalled), WebRTC Leak Protection, Geo Location Protection - of course your trusting these addons arent recoding data from your browser for their own purposes..or worse (unlikely)
PlusNet VDSL Fibre 40/10
BT HomeHub 5B (Broadcom 63168) <---> ECI Dslam (Lantiq M41a)

Offline fudgietheoriginal

  • Full-Time Member
  • ****
  • Posts: 466
Interesting and helpful.
After reading that....that's me gone :o
It's good you can't use a VPN for the above mentioned thing's as there maybe people out their who would take advantage ::) ;) ;D

Offline 1bit

  • STAFF - Technical Expert
  • Must be an Admin?
  • ********
  • Posts: 8789
  • Gender: Male
    • Tech Forum
you can use VPN for passive surveillance (where everythings recorded and anyone can take a peep at your I/O, but when your been actively targeted because then they can just go get a warrant and ask Mr Zuckerburg "give us access to fudgies facebook or google account etc" as VPN is blocking them
PlusNet VDSL Fibre 40/10
BT HomeHub 5B (Broadcom 63168) <---> ECI Dslam (Lantiq M41a)

Offline fudgietheoriginal

  • Full-Time Member
  • ****
  • Posts: 466
Just reading though the above info again, from what I can understand?
I would have thought hiding in plain site would be the best option sometimes?
Once they all detected a VPN blocking them from listening, wouldn't you go on some sort of short list anyway?

Offline 1bit

  • STAFF - Technical Expert
  • Must be an Admin?
  • ********
  • Posts: 8789
  • Gender: Male
    • Tech Forum
they dont detect a VPN hiding your access unless your already on an 'active' targeting list already (as in your being checked out by govs for whatever reason already) - just your encrypted data is recorded (passive) so it can be viewed at anytime - but as its encrypted it cant be

I see Firefox is blocking FB from recording your history et-al, they seem to be coming out with some good tools lately, i cant rem if it was chrome or firefox that now has crypto mining detection built in, I know Opera has
PlusNet VDSL Fibre 40/10
BT HomeHub 5B (Broadcom 63168) <---> ECI Dslam (Lantiq M41a)

 

Powered by EzPortal
anything