The April 8th release of an NSA hacking toolkit by the group known as the Shadowbrokers shook technology circles when it was revealed that serious exploits targeting Microsoft may have been used to attack global banking systems. In the aftermath of the revelations, BBC News was called out by Wikileaks editor Julian Assange for misrepresenting the degree to which Microsoft has already addressed such serious vulnerabilities.
The Shadowbrokers hacking tools are a significant, serious event. CNN has stated that the leaks put “a powerful nation state-level attack tool in the hands of anyone who wants to download it to start targeting servers.” Fortune reported that the Shadowbrokers release had severe security implications, and that there appeared to be at least several dozen exploits, including zero-day vulnerabilities in the release. Some of the exploits offer a potential “God Mode” on select Windows systems which would give an intruder total control.
Microsoft released a security update in response to the news, which stated that it had already patched “most” of the vulnerabilities. When discussing “nation state-level attack tools,” this is a critical distinction. Microsoft’s statement made it clear that it was not claiming to have wholly resolved the issue or to have made itself completely invulnerable.
BBC News ran an article on the leaks titled: “Microsoft patched ‘NSA hack’ Windows flaws before leak” which deliberately misquoted Microsoft’s security update in order to imply that the company had entirely resolved the issue. The BBC referred to the exploits as “addressed,” and “already fixed,” specifically misstating the reality of Microsoft’s remaining vulnerabilities which the company itself admitted were only “mostly” addressed. The state-run media company was immediately called out by Wikileaks founder and editor Julian Assange on Twitter, who said the publication was full of “breathless dolts.”
The episode is the latest in a long history of scandals to hit the BBC over time, including false reports concerning Ethiopian arms purchases, faking footage of child laborers in Bangladesh and actively working to cover up the Jimmy Saville abuse scandal. Disobedient Media has previously reported on a similar instance of misrepresentation during Wikileaks’ Vault 7 release where Buzzfeed exaggerated statements made by Apple to imply that they had fixed the newly revealed security exploits when this was not the case.