How leaked NSA spy tools created a hacking free-for-all

Infiltrating Hacker Circles
Infiltrating Hacker Circles

Hackers have compromised thousands of computers around the world with a government-grade spy tool.

A backdoor published in a trove of leaked NSA hacking tools is being loaded onto vulnerable Windows computers. The attacks demonstrate what happens when people fail to regularly update their machines.

The hacks were leaked almost two weeks ago by the anonymous Shadow Brokers group and contain a backdoor called DOUBLEPULSAR. It can be remotely installed on Windows machines that have not been patched since March. This allows hackers to take over the computers and execute tasks as if they were the computer's administrator.

As of Monday, there are over 144,000 machines infected with this backdoor, according to research from Dan Tentler, founder and CEO of The Phobos Group security firm. Tentler built a tool to scan the internet for Windows machines vulnerable to the backdoor, and says the number is steadily climbing. He estimates between 200,000 and 300,000 could be infected by the end of the week.

"We are dealing with a digital epidemic," Tentler told CNNTech.

Related: NSA's powerful Windows hacking tools leaked online

It's impossible to tell who is behind the hacks. Data from Shodan, a service for finding information about internet-connected devices, shows that the U.S. is the top country with infected machines.

John Matherly, founder of Shodan, says the sheer number of compromised machines means that either there are some false positives, or that third parties, not the NSA, are infecting computers.

shodan doublepulsar infections

There are some alarming scenarios that could come from hackers having remote access to thousands of computers. For instance, they could steal your personal information and make you pay a ransom to get it back. Or they could use the computers to create a botnet, an army of zombie computers that do things like send spam or take down web services without the owner realizing it.

Are you at risk?

Microsoft says anyone with the most recent updates is safe. The company released a patch for the exploits on March 14, a month before the Shadow Brokers dump.

But DOUBLEPULSAR continues to spread, demonstrating that many people do not regularly update their machines. (Here's how to turn on automatic Windows updates.)

Related: Microsoft says it's already patched flaws exposed in leak of NSA hacks

"We encourage customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers," a Microsoft spokesperson told CNNTech.

Businesses are at a greater risk, Tentler explains, because they have multiple machines connected to one network. So if one computer is compromised, it could facilitate additional hacks on the network.

The message from security researchers is clear: Always update your computers.

"The reason we're experiencing this massive outbreak is because nobody patches," Tentler said.

CNNMoney Sponsors