NSA Theft Unnerves Cybersecurity Industry
By Paul Liu
Wednesday, June 21st, 2017

The theft of NSA’s cyber weapons has unleashed an earthquake in the cybersecurity landscape. The entire episode began when hackers belonging to the “Shadow Brokers” group released information (as well as bits and pieces of code) regarding the theft on their Tumblr page. The target of the hack was the “Equation Group” which was unmasked as working for the NSA by Kapersky last year (the news was later validated by Edward Snowden). The news has clearly rattled American tech and security firms since the leak contains hacks and exploits related to their products.
The cache of data released by Shadow Brokers not only contains information about vulnerabilities present within products created by Cisco, Juniper and Fortigate; it also points to something more sinister. Apparently, the Equation Group was creating custom malware for the NSA which was being used in cyber attacks and espionage. The group has released over 300 MB of data containing more than 50 attack tools and some of them are specifically designed to bypass firewall products created by American firms.
By leaking portions of stolen code online, the hackers have suddenly made American firms more vulnerable to cyber attacks. Since it would take some time for the affected organizations to study and fix the exploits mentioned in the hack, they are open to attacks from criminals who have downloaded the code.
Jeremiah Grossman, head of security at SentinelOne, agreed that NSA needed certain exploits to carry out their activities. However, he was also of the opinion that by not disclosing such flaws and keeping them a secret for too long, the spy agency was in fact weakening the security infrastructure of America. He even suggested that there should be a policy to force NSA to disclose such leaks and exploits to the affected organizations within a certain timeframe.
Networking giant Cisco seems to validate the opinion of Jeremiah. After going through the code leaked by the Shadow Brokers, the company discovered at least two attack tools related to their products. What’s worse, the tools contained at least one security flaw which was previously unknown to the organization. This clearly shows that the code released from NSA’s cache is genuine and capable of affecting the security of products created by multiple companies. The entire episode has raised serious questions regarding why the NSA is sitting on such exploits without telling the affected companies.
While there is a mechanism in place which requires the NSA to reveal security vulnerabilities related to security products to the White House National Security Council, the leak of so many cyber weapons at one go clearly shows that the process is not being followed in spirit. While it is too early to speculate about the fallout of the leak, many experts believe that the disclosure policy would be strengthened in the near future.
The episode has also raised uncomfortable questions regarding international espionage and hacking. Most cybersecurity experts now believe that hackers from Russia and China have access to even more sophisticated hacks and exploits raising serious questions about the entire security infrastructure of United States.
June 21, 2017