'Released docs on alleged NSA malware provide instructions for criminals’
A hacking group named Shadow Brokers has published what it claims are some of the cyber-infiltration tools used by the NSA, alleging that the American spy agency used them to break into banking systems.
The leaked NSA malware is said to be capable of breaking into more than half of computers using a Microsoft Windows operating system.
The hacking group behind the revelation also says the NSA may have penetrated several banking services, including SWIFT.
RT: It is quite a staggering thought that 65 percent of Windows users could now be at risk. Is this as big a deal as it seems?
Denis Roio: The last release that was indeed published to the world is a big deal. It is one of the biggest leaks of actual malware, source code, and documentation on how to do this sort of malware. So, basically, it empowers even more criminals and intelligence agencies to develop more in this direction. Most of the news is reporting that Windows is affected, but unfortunately it is not the only operating system affected. The malware that the National Security Agency of the US has been using to intrude in other organizations also includes EFI (Extensible Firmware Interface) which is a BIOS extension, includes instructions and examples on how to actually build software that will reside on any computer, and not only on computers running on certain version of Windows. The EFI extension is a BIOS extension, it is in every PC, laptop, and desktop computer. And it is basically the small code that runs the operating system. Sometimes you can see on some computers the screen that says BIOS and make some checks of the computer and of the peripherals connected to it. Actually, it includes even code that can run in that phase of the booting and that can address all memory of the computers. So, I would say that the amount of people that are affected is huge, pretty massive.
RT: In what ways has people’s security been compromised exactly?
DR: The way in which the security is compromised is very fussy, is very hard to define. Obviously, this is something that runs attacks on several targets around the world. What is clear is that there is a network, almost like a botnet that is run to control the quantity of computers that are affected by this sort of malware. It resulted from this leak really that there is a fairly sophisticated network of computers that can connect to all the victims and that can report and act on their computers. So, how this is being used – there is not only one way. Nowadays, a lot of very delicate operations in different states and organizations around the world are run on top of computers. I would say that most operating systems and computers that are being produced in the last ten years are basically affected. On this leak, there are less details about objects, as of Internet of Things objects, that connect to the network. But the result is that specifically, desktop usage is being addressed, is being targeted and can be manipulated. And you can imagine how many things we keep on our desktop, how much information on our hard disks that we access every day. This information can be changed, can be retrieved by these third party users of the malware, in this case the NSA, but not only. Of course, now that the software is out there, it can be used by anyone that can be able to study, reproduce, and even modify this sort of code.
When we speak about intelligence agencies we have to consider that these guys have huge cyber capabilities, so they are able to hit systems that are not updated. In many cases, these systems have not been designed to be resilient to cyber-attacks… They [NSA] are trying to hit systems worldwide probably in order to get information. We have to consider that today almost every intelligence agency may get sensitive information trying to hack computers worldwide. – Pierluigi Paganini, head of Cybersecurity Services at Grant Thornton Consultants
RT: What was the NSA doing with this malware, do you think?
DR: Clearly, the malware was developed to intrude in desktop computers and servers, control them and basically counterfeit the information that is on them. There are different users that can be applied to this. And I hear the news that most targets were in the eastern part of the world… It is pretty bad that they targeted SWIFT, because financial networks should be neutral. And now it is clear they are not.
The statements, views and opinions expressed in this column are solely those of the author and do not necessarily represent those of RT.