When a secret weapon falls into the wrong hands

Sven Krumrey

Sunday afternoon movies can be so wonderfully relaxing. Stations frequently show old spy movies with super villains stealing super secret weapons from government facilities. Armed with laser cannons and other gadgetry, they go on a raid until they're stopped by the hero at the last minute. With the world on the verge of unspeakable catastrophes, we hear the cuffs click and see secret societies of villains get uncovered and eradicated. This blog article tells a similar story except that, in this case, heroes are scarce, villains still out and about and the secret weapon is targeted at your PC.

The spy on your PC - or is it the villain?

It's a story that involves many unknown variables and that began with an information leak. A hacker group that goes by the name of "Shadow Brokers" had infiltrated NSA servers and discovered a series of spy tools. Nobody knows who they are and secret services would likely pay a lot of money for this information. First, the brokers tried to monetize their find, asking for the modest sum of 568 million dollars in return for the delicate files. Understandably, there were no buyers so they decided to publish the files along with an appeal to Donald Trump to stand by his election promises. Confusing, isn't it?

While there were no official explanations issued (after all, it's a little embarrassing to lose your weapons to hackers), experts did believe the documents to be genuine. Real action, however, was taken by another unknown group (no James Bond movie is that vague!) who took the files and adapted the software to their own malevolent needs. The NSA had found a vulnerability in Windows that made an excellent and inviting target for criminals. Hackers modified the code and gave birth to "Doublepulsar", a malware that was then to be distributed as quickly as possible. The goal: to slip malware into Windows PCs via remote access.

Hackers will use every opportunity to their advantage

Doublepulsar is believed to have already infected about 200,000 Windows PCs, mainly in the United States, Hong Kong and the rest of China. From Windows Vista to Windows 10 and even various Windows Server editions - all computers had a serious security hole. The perfidious part is that the malicious software tool disappears at the next restart, only the malware introduced by the tool remains. This way, users may diagnose the damage but the infiltration method remains concealed. Infected machines are identifiable only if contacted in a special way (sending a ping to port 445). Though Microsoft doubts the validity of this approach, they haven't provided an alternative.

The problem chiefly affects Windows machines that don't receive updates on a regular basis. Microsoft have already taken action and published a patch that fixes the vulnerabilities exploited by Doublepulsar. Patch MS17-00 put a stop to the mischief and reduced the number of potential targets to machines that either have Windows Update disabled or rely on local system administrators for (often delayed) updates. If you must find a hero in this story, you may praise Microsoft for their quick reaction - or criticize them for having created the vulnerability in the first place, the choice is yours. I must admit I'd love to see Bill Gates strike a hero pose though, which is why, in this case, I tend to administer praise.

Heroes or not? You decide. Heroes or not? You decide.

The whole affair raises another question: how can you prevent software from falling into the wrong hands? If for example a secret service agency uses such a piece of software, chances are that it will eventually be discovered either by mere coincidence through a hacker, by a rival agency or by a company that specializes in computer security - some traces will always be left behind. Once discovered, shady characters will leave no stone unturned to misuse the tool to their own dubious ends. Back in the days, you needed years and think tanks to copy or modify weapons, now it only takes hours or days to do the same with malware in front your computer.

What other unpleasant offspring will come from this NSA software remains to be seen. Don't be surprised if you receive sudden Windows Update notifications over the next couple of days - there may be good reason for them. It turns out that regular security updates are crucial to us all - provided that their creators act swiftly and this mishap definitely shows that spy tools are doubly perilous. Not only can they be abused by the authorities but they can also misused by others once they're exposed. The "other side" definitely has the means and motive to exploit any and all security leaks which only leaves us with the hope that the good guys will be smart and save the day - and now we're back to spy movies again.

Back to overview

Write comment

Please log in to comment