NSA used Microsoft shortcuts seen as security risk

NSA used Microsoft shortcuts seen as security risk
© Getty Images

Recently released National Security Agency (NSA) emails show that the top digital spying group uses Word macros, widely considered a security risk.

Word macros, programmable shortcuts in Microsoft Word, have been used in recent years to distribute ransomware, to launch attacks on credit card systems and even to black out the power grid of the Ukraine.


Emails released by a Freedom of Information Act request by Vice show that as recently as 2012, the NSA was using Word macros.

Attacks using Word Macros have gone in and out of vogue since the 1990s. In March, Microsoft released a feature for Word to block certain high-risk macros. It came at the end of a massive upswing in macro malware between 2014 and 2015. Intel estimated year-over-year growth of such attacks at 350 percent.

While attacks on Word macros were not as common in 2012 as they are today, dangerous vulnerabilities were still being announced around that time.

Vice uncovered the use of macros after requesting emails sent by Edward Snowden, the former government employee who leaked classified NSA information. In one, Snowden provides tech support for a proprietary macro embedded in NSA Hawaii documents that was incompatible with Washington, D.C., offices.