Tuesday, November 14, 2017

Does the National Security Agency WannaCry?

The NSA cyber tool leak is considered one of the worst in the intelligence community's history. 

Here's why.

     In August of 2016, a relatively unknown hacking group calling themselves the Shadow Brokers publicly announced via Twitter that it had managed to acquire some of the National Security Agency's most valuable and secretive cyber tools, including zero-day exploits. For readers who may not be accustomed to cyber vernacular, a zero-day exploit is most troubling because it is a vulnerability to which the user, company, product, or service has not been made aware. That means a user has 'zero days' to fix the problem before it is exploited. The announcement linked to a website where the tools were auctioned and sold to the highest cryptocurrency bidder. The exploits were primarily linked to vulnerabilities within older Microsoft operating systems.

     Later, in April of 2017, the Shadow Brokers struck again. Using a site intended for programmers, the group released more of the NSA's cyber tools - this time for free. The United States' most advanced cyber espionage tools were suddenly public knowledge, which proved too tempting for malicious actors to resist obtaining. Subsequently, strains of ransomware began infecting systems worldwide - from Russia, Ukraine, the United Kingdom, to the United States, Indonesia, and even Tasmania - marking the horror of how America's procured cyber weapons were now being used against itself and it's allies. 

    WannaCry is a strain of those ransomware attacks. First, what exactly is ransomware? Ransomware is a form of malware (think bad, virus-y software) that assumes control of a user's sensitive information. The attacker may gain control of viral files, such as personal or financial information, records, databases; the attack may even be able to control a mobile device. Typically, the attacker demands egregious payment in a form of cryptocurrency, like Bitcoin, in order to return the user's files and sensitive data. Ransomware is cheap and usually affective, and also potentially delivers a high payload. Now, back to the NSA leaks. WannaCry was first discovered in May 2017 and infected the entire health apparatus in the United Kingdom. So far, estimates claim that WannaCry has held more than 200,000 computers hostages.  That translates to about 150 countries. WannaCry has the attributes of a criminal scheme, not that of a nation-state. Attribution is difficult. Cyberspace is tricky and quite easy to manipulate, especially if an actor is crafty enough to actually hack the National Security Agency. Russian or North Korean actors are the most likely culprits, but neither have been confirmed. 

     Regardless, the leaks have been damning. Why? The NSA supposedly hoarded its cyber tools so that it could utilize them as a part of larger surveillance campaigns. Since the leaks and consequential hackings, tech companies like Microsoft (whose Windows operating systems were the vulnerable victims) chastised the intelligence agency for hoarding sensitive information. The other problem? Exploits are finite. They have a shelf life. Once used, regardless of intent or purpose, the vulnerability typically is not able to be exploited again. For users and companies, this is good news. However, for the NSA and its purposes, this is not good news. Assuming vulnerabilities are patched, the NSA can no longer use its methods for conducting intelligence operations. Also, the leak raises some serious ethical questions. (note: I am not suggesting this is or is not ethical; I am simply presenting the questions raised in the aftermath). Should the NSA hoard critical vulnerabilities? Is it obligated to inform U.S. companies of holes in their software or systems? Unsure.

     Ultimately, the cyber leak should act as an example, or at the very least, a reason for why the United States defense apparatus needs to take cyber, network, and system defense very seriously.




No comments: