back to article Spotted: Miscreants use pilfered NSA hacking tools to pwn boxes in nuke, aerospace worlds

Miscreants are using a trio of NSA hacking tools, leaked last year by the Shadow Brokers, to infect and spy on computer systems used in aerospace, nuclear energy, and other industries. This is according to Kaspersky Lab, whose researchers today said the American snooping agency's DarkPulsar cyber-weapon – along with a pair of …

  1. Anonymous Coward
    Anonymous Coward

    Expected outcome of leaving holes in your security

    All those people who think that they should never have been made public are forgetting that the holes didn't get there by accident.

    Further who says that the tools were not employed in these cases by the authors, after all Kaspersky's lips were moving

  2. Mark 85 Silver badge

    Patches should also be available for the vulnerabilities targeted by the leaked NSA exploits.

    "Should be"????? I would hope by now that they "are" available and just about every server user has installed them.

  3. Big Al 23

    Remember Kasperski Labs...

    ...has a direct connection to the Russian government who they have worked for. It's interesting that Kaspersky seems to find security issues that no other security researchers find or report.

    1. Anonymous Coward
      Anonymous Coward

      Re: Remember Kasperski Labs...

      It's interesting that Kaspersky seems to find security issues that no other security researchers find or report.

      So are you saying we should ignore any security issues found by Kaspersky, as they are making them up?

      Or what, exactly?

    2. teknopaul Bronze badge

      Re: Remember Kasperski Labs...

      Re "Kaspersky seems to find security issues that no other security researchers find or report."

      All security researchers find issues no one else has found or reported.

      Otherwise they would be called security pirates.

  4. Denarius Silver badge
    Meh

    you trust any of them ?

    just like the useful idiots who speak of the spooks setting up the Oz Panopticon. "Why should I worry, I have nothing to hide." Mentioning the poor sods who get extra jail time in Merkin Land merely because an algorithm institutionalises training sets racism does not scare them or PRC Social Capital example has no effect. As for Kapersky, whoever is behind them, at least the IT audience gets to hear about issues. More than the spookeries who developed the tools originally ever did.

  5. Yet Another Anonymous coward Silver badge

    Not outsourced then ?

    frameworks are designed to be flexible and to extend functionality and compatibility with other tools

    So why doesn't the government do all the other projects, NHS IT, MOD recruitment etc, in-house if it is so good at software development?

    1. dnicholas Bronze badge

      Re: Not outsourced then ?

      Budget. Sick poor people don't rank high on the budget list

  6. Will Godfrey Silver badge
    Unhappy

    A statement from the 5 eyes

    On being asked how it was possible that Kaspersky was the first agency to make a detailed report on the NSA's leaked malware, they said:

    *crickets*

  7. Chronos Silver badge
    FAIL

    Are you reading this, Five Eyes?

    This is exactly what was predicted. Even William Gibson predicted state sponsored malware leakage which, make no bones about it, is what this is, long before the Internet became widespread, albeit in fiction. Kuang Grade Mk 11, anyone?

    At the risk of a logical fallacy, I suspect this is the tip of a very large iceberg. And they want us to trust them with back-door encryption? Not on your sodding nelly!

  8. Andy The Hat Silver badge

    Russians, sorry Kaspersky, are good at finding and declaring "Western" state sponsored hacking tools (but are derided in the west)

    The NSA, sorry Symantec et al, are good at finding "Eastern" state sponsored hacking tools (and are declared to be bastions of freedom)

    Both are good at what they do but is one better or more trustworthy than the other?

    I suggest the entire exercise is just playing politics with political masters in order to control the populations for the benefit of the elite (much like the basic aims of any other self-styled religious leaders).

    If both sides believed in "freedom", perhaps a more open and formulated approach to producing decent, secure networks and software without holes (deliberate or otherwise) would be a better use of everybody's time?

  9. Mike Moyle Silver badge

    Since these were "leaked" and are now found being used in the wild...

    ... the NSA can claim plausible deniability for the listed attacks on Russian, Iranian, and Egyptian nuke and aerospace targets.

    (...or that's what I'd think if I was a cynical and suspicious sort of person.)

    (...which, of course, I'm not.)

    1. Anonymous Coward
      Anonymous Coward

      Re: Since these were "leaked" and are now found being used in the wild...

      Mike, you are right. If they had been caught Before the leak, it would be clear who it was, now that everyone has them, anyone can use them without concern for getting the blame. But the blame is still there - they created and kept secret these exploits at the expense of national security. Making the NSA a threat to all data on the web. If the NSA had guns and bombs they would be the biggest, best funded terrorist outfit in the world. And they just got handed a blank check for 6 BILLION bucks. All of that will go toward weakening security for everyone. Looking forward to retiring and giving up computers and internet.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019