dewayne@warpspeed.com
Date: Sun, Apr 16, 2017 at 6:47 AM
Henry Farrell, 15 Apr 2017 https://www.washingtonpost.com/news/monkey-cage/wp/2017/04/15/shadowy-hackers-have-just-dumped-a-treasure-trove-of-nsa-data-heres-what-it-means/
A group of hackers called the Shadow Brokers has just released a new dump of data from the National Security Agency. This is plausibly the most extensive and important release of NSA hacking tools to date. It's likely to prove awkward for the U.S. government, not only revealing top-secret information but also damaging the government's relationships with U.S. allies and with big information technology firms. That is probably the motivation behind the leak: The Shadow Brokers are widely assumed to be connected with the Russian government. Here's what the dump means.
What information has been released?
The release is only the most recent in a series of Shadow Broker dumps of
information. However, it is by far the most substantial, providing two key
forms of information. The first is a series of zero-day exploits for
Microsoft Windows software. Zero-day exploits are attacks that take
advantage of unknown vulnerabilities in a given software package. Exploits
against commonly used software such as Windows are highly valuable =94
indeed, there is a clandestine international market where hackers sell
exploits (sometimes through middlemen) to intelligence agencies and other
interested parties, often for large sums of money. Intelligence services
can then use these exploits to compromise the computers of their targets.
Second, information in the dump seems to show that the NSA has penetrated a
service provider for SWIFT, an international financial messaging service.
Specifically, it appears to have penetrated a SWIFT Service Bureau that
provides support for a variety of banks in the Middle East.
Why are zero-day exploits important?
The leak of the zero-day exploits is important for two reasons. First, once
the existence of a zero-day exploit is revealed, it rapidly loses a lot of
its value. Zero-day exploits work reliably only when they are held secret.
Microsoft may already have fixed many of these vulnerabilities (there are
conflicting reports from Microsoft and security companies UPDATE: NOW
SECURITY RESEARCHERS APPEAR TO HAVE WITHDRAWN THEIR CLAIMS). However, if it
hasn't, or if the attacks provide information to hackers that can b=
e used
to generate more attacks, unscrupulous hackers might be able to take
advantage. In a worst-case scenario, there may be a period when it's as if
criminal hackers suddenly acquired super powers in an explosion, as in the
TV show The Flash, and started using them for nefarious ends.
Second, and as a consequence, trust between the United States and big software companies may be seriously damaged. Some weeks ago, Adam Segal of the Council on Foreign Relations wrote a report talking about how the U.S. government needs to rebuild a relationship with Silicon Valley that had been badly damaged by the Edward Snowden revelations. Now, the damage is starting to mount up again.
Most people think of the NSA as a spying agency and do not realize that it
has a second responsibility: It is also supposed to protect the security of
communications by U.S. citizens and companies against foreign incursions.
When the United States learns of a zero-day exploit against software used by
Americans, it is supposed to engage in an equities process, in which the
default choice should be to inform the software producer so that it can fix
the vulnerability, keeping the zero-day secret only if a special case can be
made for it. [...]