Monday, December 11, 2023
HomeIndustry NewsAirports, ATMs, hospitals: Microsoft Windows XP leak would be less of an...

Airports, ATMs, hospitals: Microsoft Windows XP leak would be less of an issue, if so many didn’t use it

The source code of the Windows XP operating system is now circulating online as a huge 43GB mega-dump.

Although the software is nearly two decades old, it’s still used by people, businesses and organisations around the world. This source code leak leaves it open to being scoured for bugs and weaknesses hackers can exploit.

The leaked torrent files, published on the bulletin board website 4chan, include the source code for Windows XP Service Pack 1, Windows Server 2003, MS DOS 3.30, MS DOS 6.0, Windows 2000, Windows CE 3, Windows CE 4, Windows CE 5, Windows Embedded 7, Windows Embedded CE, Windows NT 3.5 and Windows NT 4.

The leak came with files containing bizarre misinformation related to Microsoft founder Bill Gates and various conspiracy theories. This is consistent with past leaks from 4chan, a site often associated with extremist content and internet trolls.

Using the name “billgates3”, the leaker reportedly said: “I created this torrent for the community, as I believe information should be free and available to everyone and hoarding information for oneself and keeping it secret is an evil act in my opinion.”

If the leak is genuine, this won’t be the first time a Microsoft operating system source code was released online. At least 1GB of Windows 10 source code was leaked a few years ago, too.

Vulnerabilities in the source code

The source code is the “source” of a program. It’s essentially the list of instructions a computer programmer writes when they develop a program, which can then be understood by other programmers.

A leaked source code can make it easier for cyber criminals to find and exploit weaknesses and serious security flaws (such as bugs) in a program. It also makes it easier for them to craft malware (software designed to cause harm).

One example would be “rogue” security software trying to make you think your computer is infected by a virus and prompting you to download, or buy, a product to “remove” it. Instead, the download or purchase introduces a virus to your computer.

According to a report from computer security company F-Secure, on average it takes about 20 minutes for a Windows XP machine to be hacked once it’s connected to the internet.


Read more: Remote Work Is Killing the Hidden Trillion-Dollar Office Economy


Is Windows XP still supported?

Windows XP hasn’t had “official” support from Microsoft since 2014. This means there are currently no security updates or technical support options available for users of the operating system.

However, until as recently as last year, Microsoft continued to release security fixes and virus preventive measures for it.

The most notable was an emergency patch released in 2017, to prevent another incident like the massive WannaCry ransomware attack from happening again. This malware affected 75,000 computers in 99 countries – impacting hospitals, Telefonica, FedEx and other major businesses.

Windows XP is still used by people, airlinesbanks, organisations and in industrial environments the world over.

In 2016, the network which runs the Royal Melbourne Hospital, Melbourne Health, was infected with a virus targeting computers using Windows XP. The attack forced staff to temporarily manually process blood, tissue and urine samples.

Online, users have posted photos of Windows XP being used at places such as Singapore’s Changi Airport, Heathrow Airport and Zeventem Brussels Airport.

Although the exact figure isn’t known, one estimate suggests the operating system was running on 1.26% of all laptops and desktops, as of last month.

Is there still incentive for hackers to target Windows XP?

The availability of the Windows XP source code opens access for cyber criminals to search for “zero-day threats” in the code that could be exploited.

These are discovered flaws in software, hardware or firmware that are unknown to the parties responsible for patching or “fixing” them – in this case, Microsoft.

Zero-day threats are often found in older ATM machines, for example, as these can’t be patch-managed remotely. This is because they have an embedded version of Windows XP with limited connectivity.

To upgrade in such cases, a bank’s IT professionals would have to visit the machines one by one, branch by branch, to apply security patches for the embedded systems. One report suggests hackers can break through the defences and security features of these older style ATMs within 10-15 minutes.

There’s no easy way to confirm whether ATMs in Australia are still running this 19-year-old software, but past reports indicate this could be the case.

Possible defences

Windows XP was left to its own defences back in 2014 when Microsoft stopped mainstream support for the operating system.

But as one of Microsoft’s most widely-used operating systems, it’s still being run and could be around for many years to come.

According to Microsoft Support, since Windows XP is no longer supported, computers running it “will not be secure and will still be at risk for infection”.

Any antivirus software has limited effectiveness on computers that don’t have the latest security updates. The number of holes in software also increases as machines are left unpatched.

Luckily, most organisations have strategies (requiring money and human resources) to manage large-scale upgrades and isolate their most critical systems.

If your computers are still running on the extremely outdated Windows XP operating system, you too should migrate to a more modern one. No one can force you, but it’s certainly a good idea.

• Brianna O’Shea is a Lecturer in Ethical Hacking and Defense at Edith Cowan University. Co-writer Paul Haskell-Dowland is Associate Dean (Computing and Security) at Edith Cowan University. This article originally appeared at TheConversation. 

Brianna O Shea
Brianna O Shea
Brianna O’Shea is a Lecturer in Ethical Hacking and Defense, Computing and Security, within the School of Science. She is a PhD Candidate at the Tasmanian Institute of Law Enforcement Studies at the University of Tasmania.

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You might also like

Stay Connected

Must Read

Related News

Share it with your friends:

Airports, ATMs, hospitals: Microsoft Windows XP leak would be less of an issue, if so many didn’t use it