One of the most significant events in computer security happened in April 2017, when a still-unidentified group calling itself the Shadow Brokers published a trove of the National Security Agency’s most coveted hacking tools. The leak and the subsequent repurposing of the exploits in the WannaCry and NotPetya worms that shut down computers worldwide made the theft arguably one of the NSA’s biggest operational mistakes ever.
On Monday, security firm Symantec reported that two of those advanced hacking tools were used against a host of targets starting in March 2016, fourteen months prior to the Shadow Brokers leak. An advanced persistent threat hacking group that Symantec has been tracking since 2010 somehow got access to a variant of the NSA-developed "DoublePulsar" backdoor and one of the Windows exploits the NSA used to remotely install it on targeted computers.
It's why many security researchers say if you want true security do not create exploits or bury backdoors in code. Engineers used to like embedding these in case they either needed to get into an inoperable system or as insurance if they were unfairly fired. The point is it weakens security, it always seems to get found out even if it is two years later (and many do not update their systems, and it even gets used against your own population. You either aim for totally as secure as you can make it, or you have a compromise. Totally secure means encrypted and no auto password resets. If you create weaponised code you need to plan for it being found and used against you or unintended targets.
See more about the NSA's lost tools at arstechnica.com/information-te…