Ransom where? ‘Hundreds of thousands of companies vulnerable to next computer attack’
A group of hackers claims they have details of the nuclear programs of several countries, and they're ready to sell them off. The threat comes in the wake of last week's ransomware attack by another group called the Shadow Brokers, which crippled government computer systems around the world.
RT: The group made use of NSA tools, so how damaging could these next leaks be?
Karsten Nohl: I think we’ve seen pretty much the worst of it already. A Windows exploit as we’ve seen being used last week that can, with no preparation, infect any Windows computer. That is about as bad as it gets. We’re expecting some similar leaks over the next couple of weeks, as the alleged NSA collection has been deployed on the internet. Again, we’re talking about hundreds or thousands of companies being affected in each of these waves.
RT: Do you expect any reaction from the countries mentioned, namely Russia, China, North Korea?
KN: I would imagine that those countries are already prepared for hacking attacks independently from NSA material being leaked on the internet, especially because they would be targets of the NSA anyway. So had they not been hacked already, then they are safe from those tools, to begin with.
RT: The Shadow Brokers' announcement comes as the world's still reeling from that ransomware attack. What's behind it, ultimately? Is it just about the money?
KN: We have to distinguish two things here. The information as to how to exploit computers was put on the internet about two weeks ago – allegedly by Russia, nobody knows - but definitely it was a propaganda action against the NSA showing what stockpile of dangerous security vulnerability the American government is hoarding. Now some criminals took this information, and ran away with it, and made some money off the back of this propaganda action.
RT: All this is being described as a 'wake-up call' to companies and governments. How can hacking groups like this be stopped?
KN: We have seen 200,000 computers being affected by this attack last week. We’ve seen many millions of computers not being affected last week. What makes the difference is those other computers were patched. The cure for this problem from last week was released more than a month earlier. So anybody who had installed the updates during that one month was safe from last week’s attack, and going forward that would become an even more important obligation to anybody running organizations - small and large - to regularly apply all security patches.
The statements, views and opinions expressed in this column are solely those of the author and do not necessarily represent those of RT.