Viewing a single comment thread. View all comments

cyanclam t1_jeaumin wrote

If you are wondering how much protection we can expect from the NSA: One Vulcan Files document shows Russian engineers recommending Russia add to its own capabilities by using hacking tools stolen in 2016 from the US National Security Agency and posted online.

165

Ok-Bumblebee9289 t1_jebz3dn wrote

You'd hope that they would have at least moved to protect themselves from being exploited by their own tools.

39

Chip_Hazard t1_jedsvw5 wrote

They did as much as they could but there isn't much they can do once it's out. The hacking tools exploited vulnerabilities that were inherent to Windows systems. Once they knew it was out they got Microsoft to patch it up, but that requires users to update their PCs, so hackers were still able to get into outdated systems. The WannaCry attack in 2017 used the NSA exploits.

The questionable part, I guess, is that NSA knew about these exploits but instead of warning Microsoft immediately, they used the exploits themselves until it got out into the wrong hands.

20

Prometheus720 t1_jee9x53 wrote

They did.

That doesn't mean they protected you.

Imagine you were the first country to invent a handgun. You also have the idea of making body armor, but you haven't yet because there are no handguns shooting at you.

Then someone steals your handgun. You quickly make body armor. It isn't perfect but it works really well.

Then someone 3 streets over gets shot. Because they weren't aiming at you. You have handguns. And body armor.

They'd rather go after someone exploitable.

1

topchuck t1_jedmgc5 wrote

So they're using outdated tech that's thoroughly understood by the people it would be meant to attack?

11

Prometheus720 t1_jee9ze4 wrote

No, it is meant to attack you.

This is like terrorists stealing riot gear from police.

1

QuantumDES t1_jedxdk0 wrote

That sounds like protection to me?

The zero days those tools exploited are long patched.

4