NSA floor logo
Image: Xataca.

The Shadow Brokers leaked on Friday a new batch of files allegedly stolen from the National Security Agency (NSA). The dump contains zero-day Windows exploits and documents showing the agency infiltrated in Middle East bank servers.

Microsoft quickly addressed the issue saying it had patched most of the vulnerabilities for Windows 7 and later in a security update last month. The tech giant encouraged users still on earlier versions to upgrade promptly to supported OS builds.

Cyber security experts including Edward Snowden called the batch ‘The Mother of All Exploits’ in an attempt to illustrate just how damaging it was for old Windows systems. Banks in the Middle East and other parts of the world may be compromised by hackers with these tools as well.

The NSA knew about the leak, but did they tell Microsoft?

After learning of the data dump on early Friday, experts and analysts on social media quickly backtracked The Shadow Brokers’ steps and found the hacking group had offered some of these same exploits back in January.

Down to the version numbers, some of the Windows tools included in the batch were ‘public knowledge’ so to say for at least a couple of months. When reached out for comment, Microsoft said nobody had contacted them about any potentially harmful exploits.

The statement suggests the NSA failed to comply with the Vulnerabilities Equities Process, a protocol through which institutions should alert companies of the security holes in their systems if they pose a significant risk to the public.

Microsoft did issue a statement later on Friday saying all but three of the exploits leaked had already been patched a month earlier, and that those are not a threat in updated OS versions.

Much of the debate on Twitter centered on this particular oversight, while other experts focused on the disastrous threat these tools posed to the Windows ecosystem. Some suggest the value of these exploits could have been more than $2 million.

The NSA hacked into the Middle East banking system

While the Shadow Brokers released more than a dozen Windows vulnerabilities into the wild, they might have also sparked international conflict between U.S. and Middle East authorities over the hacking of their financial institutions.

Some of the tools leaked on Good Friday targeted SWIFT, the platform sustained by the Society for Worldwide Interbank Financial Telecommunication. This network consists of tens of servers set all over the globe.

One such server, EastNets, was revealed to be compromised by the NSA using its arsenal of cyber weapons. Based in Dubai, this service bureau is the largest in the Middle East, and it manages the transactions of some of the biggest banks in the region.

EastNets has since denied that its operations have been compromised in any way, while cybersecurity experts claim this was most definitely the case. Edward Snowden stated they were “inarguably and very seriously hacked.”

The NSA first bypassed firewalls and other high-security systems using Cisco exploits and then targeting computers vulnerable to the Windows exploits and other unpatched holes. The agency then implanted spyware that has since been silently collecting data.

Specialists say the news is sure to raise tensions between the two global powers due to the American agency overreaching once again. It is not the first time that a U.S. entity steps beyond its jurisdiction, even if spying is, in fact, the NSA’s job.

Why did The Shadow Brokers come back?

The hacking group was on hiatus since January, but it cited America’s recent actions against Syria among the reasons for their return. The Shadow Brokers have long been associated with the Russian government by analysts.

The post that accompanied the data dump addressed President Donald Trump directly and some of his cabinet’s recent actions. These hackers have openly supported Trump in the past, but some see this last leak as retaliation for going against their cause.


Neither the White House nor the NSA have made any statements about this significant security breach.

Source: Reuters / Shadow Brokers