[NEWSFLASH] An Egregious Blunder
Some of the most powerful hacking tools, apparently developed by the National Security Agency’s elite cyber-espionage group, have been leaked online, creating an enormous threat to the security of the entire Internet and everyone who uses it. Governments, corporations, and yes, you, must now deal with the possibility that anyone could have these super-spy tools and start using them. Read on… |
NSA Hacking Tools Leaked
A file containing a trove of programs with names like EpicBanana, BuzzDirection and EgregiousBlunder appeared online over the weekend of August 13-14, reports the Washington Post. Two former employees of the NSA’s hacking division, known as the Tailored Access Operations (TAO), examined the files and deemed them real.
“Without a doubt, they’re the keys to the kingdom,” said one. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.” And “From what I saw, there was no doubt in my mind that it was legitimate,” the second TAO alumnus told the Post.
More than 300 megabytes of data included zero-day exploits, which the NSA has long been suspected of keeping to itself instead of sharing them with hardware and software developers so the vulnerabilities could be patched. The exploits target enterprise-grade firewalls made by the likes of Cisco and Fortinet. They would enable an attacker to penetrate private networks and the public networks of ISPs. Other tools in this Pandora’s box can be used to vacuum up mass quantities of data from compromised computers.
Whoever put the NSA’s tools on a public server now knows the vulnerabilities that the spy agency has discovered over decades of intensive research with a practically unlimited budget. The culprit also knows what entities the NSA has been targeting, and exactly where the agency has penetrated corporate, government, and other networks.
The Post speculates that a foreign spy agency may have snatched and leaked the NSA files in an effort to embarrass the agency and provoke Congress to impose restraints on the NSA’s hacking program. Indeed, the discovery of zero-day exploits in the leaked files confirms that the NSA has compromised everyone’s security in pursuit of its mission, and that may well lead to Congressional action.
Hacking the Hackers
This is not the first time that top-secret NSA hacking tools have ended up on a public server, according to one of the TAO alumni who spoke with the Post. NSA hacker team members, he explained, sometimes uploaded sensitive tools to public servers in error. “What’s unprecedented is to not realize you made a mistake,” he said. “You would recognize, ‘Oops, I uploaded that set’ and delete it.” Only this time, it probably wasn’t a mistake, but a deliberate leak.
A mysterious group calling themselves the "Shadow Brokers” published a ranting manifesto that claimed responsibility for the NSA leak and promoted an “auction” of its secrets to the highest bidder, who would probably be a foreign government. The security establishment is skeptical of the group’s claims and calls an auction “impractical.” Many, including Edward Snowden himself, are pointing fingers at Russia as the culprit.
The theory is this leak might be a “warning shot” aimed at the U. S. government by Russia, showing us what the latter is capable of doing if accusations that Russia is interfering in U. S. election politics continue. I find that theory hard to believe.
To me it seems much more likely that this was an inside job, like Ed Snowden’s theft of top-secret communications and leaking of them to Wikileaks. Its purpose would be to further expose the extent of the NSA’s cyber-spying capabilities and provoke action to limit them.
But the result is truly terrible for everyone who uses the Internet. Now we have much more to worry about than the NSA. Hardware and software vendors are scrambling to address this issue. But until they do, the entire Internet, including your home network connected to it, could be compromised by low-skilled anonymous hackers based anywhere in the world.
A (thin) Silver Lining?
One bright spot in this mess is that Cisco's newest routers (the PIX 7.0 models) are not vulnerable to these hacking tools. But there are over 15,000 older Cisco routers still operating all over the world. These "electronic lock pickers" also don’t target $50 consumer-grade routers, but those are a thin line of defense against state-sponsored cyber-attacks.
Another good thing: this leak drives a stake right through the heart of FBI Director James Comey’s “you can trust us” argument for legislation that would require Internet hardware and software makers to provide back doors into encrypted communication systems. Forget about it, Jimmy... the NSA just proved that no government agency can be trusted with that power.
Stay tuned for more on this debacle, and keep your computer and home network buttoned up as tightly as can be.
This article was posted by Bob Rankin on 23 Aug 2016
For Fun: Buy Bob a Snickers. |
Prev Article: [BYOP] Republic Wireless Just Got Better |
The Top Twenty |
Next Article: Geekly Update - 24 August 2016 |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- [NEWSFLASH] An Egregious Blunder (Posted: 23 Aug 2016)
Source: https://askbobrankin.com/newsflash_an_egregious_blunder.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "[NEWSFLASH] An Egregious Blunder"
Posted by:
Jon
23 Aug 2016
What always amazes me when the USA 'Agencies' are 'discovered' doing such stuff is the shock and horror expressed by Americans.
This is the business of Government and keeping Citizens safe.
Of course, allowing it to be 'whistle-blown' is something that demonstrates a lack of competence on a level where Heads Should Roll.
The concentration on the leakers diverts anger from those responsible who should have fallen on their swords long before this was made public.
It surely makes one think?
Jon
P.S. I suppose applying for compensation is out of the question? Half in jest twice in earnest:o)
Posted by:
IanG
23 Aug 2016
Well done Bob. Thanks for the early warning.
I have never trusted ANY government agency to be able to protect sensitive information, in full. This is yet more proof, if any were needed.
Posted by:
swabyw
23 Aug 2016
Good information, but what can we do? If the Government is a part of the debacle then we are sitting ducks. Maybe we need to get rid of the internet altogether(if that is even possible) and go back to pencil and paper. At least that would improve the employment situation. But that is just wishful thinking. The silver lining is that we small fries might be safe because nobody wants what we have. It 1s useless to us already, so who want useless stuff? I guess the Unabomber, Ted Kaczynski, is smiling anywhere he it, saying "I told you so!"
Posted by:
SamiamHis
23 Aug 2016
So here is clear confirmation that putting our trust in the government and allowing it to grow to the size it has, is not trustworthy at all. There is no reason for a government agency with an unlimited budget to take its job seriously. Also with no punishment for poor performance why worry about what you don't guard or mistakes you make? If you have to step down you will be welcomed to another government agency with another plush job with perhaps even better title. We are so toast!
Posted by:
Daniel
23 Aug 2016
What is the root of the problem? HONOR
"...we mutually pledge to each other our Lives, our Fortunes, and our sacred Honor." That is the last line of the Declaration of Independence. We do not teach this willingness to sacrifice all for your country in many of our schools and Universities. Our 'Agencies' are filled with those who have no honor. We have become a self-centered and selfish nation to a large degree. There are many in our country who still serve with honor and distinction, but their percentages are dwindling. If this trend is not reversed, we are in trouble as a nation.
Posted by:
no worries
23 Aug 2016
Only as far as personal security is concerned: I am not worried about this at all. Through troubleshooting online with one of the top three isp's in the USA I have the backdoor to all their routers. If I have it, I have to assume a lot of people have it too. Yes change your password but don't think for a second you are secure. Your network is hung out there and is fairly easy to log into. Make everything on your network as secure as possible FROM YOUR OWN NETWORK ROUTER or assume it is online.
Posted by:
B. Miller
23 Aug 2016
This is more proof that the government and society have become too reliant on and trusting of the Internet. The internet, Cyber Space, anything wireless; is a smorgasbord for hackers, criminals and enemy countries. Nothing is safe, private or secret on the Internet. It is all out there in Cyber Space to be harvested by the professional hackers or available to be leaked by disgruntled employees.
Internet security is like door locks and security systems; just a false sense of security. If a thief/hacker is determined to get in, they will.
Thanks Bob for the great article which helps to enlighten the public and business world to the fact that the Internet is not safe or secure.
Posted by:
Paul
23 Aug 2016
Well that gives me more reasons not to trust the GOV, never did trust them.
Posted by:
Bob Greene
23 Aug 2016
The evidence, such that it is, points to Russia and/or a domestic leaker. Russia is at least as competent as China, which has made a major project of government penetration for the past two decades. Clearly, any of the major cyberpowers can play the game, and the rewards are essentially without cost of retribution.
Ultimately, this is the bitter fruit of power abuse by those who do not respect the constitution they were sworn to defend. NSA stands accused of not only gross abuse of our civil liberties and damage to our relationships with our allies, but has loosed a Pandora's box of new security nightmares.
As Rankin points out, this is yet another argument against unrestrained government surveillance power.
Posted by:
GmMarshall
23 Aug 2016
Simple solution to this problem,Bob. We the public are fighting a war against criminals aided and abetted by government agencies. The party that leaked this information is obviously of a criminal nature, be it for greed or whatever pack of lies he ,she or it, wishes to justify their actions.
Solution, summary court martial, action, firing squad. NO LESS.
Hard working people across the world have been delivered into the hands of scum. Their rights violated. Their personal security totally compromised. Their personal security laid bare to criminals.
WAKE UP!!
Posted by:
Doc
23 Aug 2016
Why am I not surprised that something like this has happened? Why am I not surprised that something like this will happen again? Sometimes the price of "freedom" (note quotes) can be VERY high.
Posted by:
Jeff
23 Aug 2016
I thought I was fairly safe behind a router and software firewall. Now it seems like child's play. So what are regular folks like myself supposed to do? This is very troublesome.
Posted by:
Jeff Ferguson
24 Aug 2016
How come nobody mentioned the advocates of "Closed System Computing". Both Apple and Microsoft see their potential revenues eroding due to the open systems, thus leak this info to see how bad the open systems are then promote their closed and protected system. We live in the best of all possible worlds!
Posted by:
jeff
24 Aug 2016
The funny thing about the auction is the auctioneers are hoping to raise a million Bitcoins. So far the highest bid is a measly $937. Not to mention the fact that the auction is nonsensical; no matter whether or not you're the highest bidder, the Shadow Brokers still keep your money/bid. You actually have to put money upfront. I'm sure that's why there's not a lot of interest.
Posted by:
Jon
24 Aug 2016
Have you thought that the NSA leaked this stuff on purpose so that they could create a global agency to control the whole internet setting up their own so called security standards? This would mean that they could outlaw all the older technologies as a security risk to not only the user but also to everyone else that could be hacked through those users older devices. Security is probably a moot point already with the advent of quantum computers.
Posted by:
Citellus
24 Aug 2016
Ah. All the conspiracy and anti-government people are again off on a tear. Government secrets have been leaked at least as far back as the Romans and Greeks. And businesses, including current megacorporations (think Sony, for example) have been hacked or secrets leaked.
There have always been bad guys waiting to hit you with a fist, rock, sword, gun, bomb, or electrons. It is a fact of existence.
Posted by:
Citellus
24 Aug 2016
Ah. All the conspiracy and anti-government people are again off on a tear. Government secrets have been leaked at least as far back as the Romans and Greeks. And businesses, including current megacorporations (think Sony, for example) have been hacked or secrets leaked.
There have always been bad guys waiting to hit you with a fist, rock, sword, gun, bomb, or electrons. It is a fact of existence.
Posted by:
Mike
24 Aug 2016
Why don't these shady characters go get an honest job? Or, are they waiting for Bill Gates to notice them and their dexterity and employ them at an outrageous salary?
Posted by:
Al Jankowski
30 Aug 2016
Even worse news: according to some reports the leaked tools may be a few years old (2-3?). I wonder what the current state of the art tools that the NSA is using.