Chinese Spies Intercepted NSA Malware Attack, Weaponized It Against Targets Around The World

from the fun-for-the-whole-IC-family! dept

You don’t own the exploits you’ve created. That’s the lesson the NSA has learned over the past few years as its hacking tools have made their way into the public domain via leaks. Of course, the harshest parts of this lesson have been felt by the general public, rather than the NSA, however. The leaked tools were swiftly repurposed to generate a new strain of ransomware, which took down dozens of businesses and government services around the world.

But it’s not just a random assortment of internet baddies wreaking havoc with NSA hacking tools and exploits. It’s also state-sponsored hackers making use of these tools. A report from Symantec shows other nations are more than willing to turn our state-sponsored attacks against us — demonstrating the danger of engaging in a cyberwar using weaponized code.

Chinese intelligence agents acquired National Security Agency hacking tools and repurposed them in 2016 to attack American allies and private companies in Europe and Asia, a leading cybersecurity firm has discovered. The episode is the latest evidence that the United States has lost control of key parts of its cybersecurity arsenal.

Based on the timing of the attacks and clues in the computer code, researchers with the firm Symantec believe the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers — like a gunslinger who grabs an enemy’s rifle and starts blasting away.

So much for the theory the best defense against a bad guy with malware is a good guy with malware. The NSA’s hacking tools were thwarted and rerouted to target US defense tech companies. This preceded the dumping of NSA malware and exploits by the Shadow Brokers by several months, indicating China’s hackers are more than capable of detecting US-sponsored attacks as they’re happening and skillful enough to turn our cyberweapons into their cyberweapons.

This isn’t to say the NSA and other US agencies should not be utilizing exploits and engaging in cyberattacks on enemy targets. This is saying the NSA and others need to exercise far more responsibility when doing so. For years, the NSA has refused to honestly participate in the Vulnerability Equities Process, allowing security holes in software used by thousands of businesses and millions of US citizens to go unpatched for years.

Now that its own tools are being repurposed into weapons — and, in this case, by one of its targets — the Intelligence Community can no longer sit back and pretend sacrificing the security of computers users around the world is an acceptable trade-off for the security of the United States.

For starters, this report shows the NSA’s attack of a Chinese target actually made the United States less secure. Furthermore, the report indicates the IC is not being honest with itself or its oversight about the risks its cyberweapons pose.

“We’ve learned that you cannot guarantee your tools will not get leaked and used against you and your allies,” said Eric Chien, a security director at Symantec.

Now that nation-state cyberweapons have been leaked, hacked and repurposed by American adversaries, Mr. Chien added, it is high time that nation states “bake that into” their analysis of the risk of using cyberweapons — and the very real possibility they will be reassembled and shot back at the United States or its allies.

Being a willing participant in the Vulnerability Equities Process would go a long way towards mitigating collateral damage. It may blunt the effectiveness of the NSA’s exploits, but that may be the price the NSA has to pay to actually keep the country more secure. As it stands now, the NSA cannot honestly claim its tools won’t leak or that its cyberweapons won’t be detected and re-deployed against targets in the United States. But since it rarely pays a higher price than receiving the occasional angry letter from Congress, it has seen no reason to alter its tactics.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Chinese Spies Intercepted NSA Malware Attack, Weaponized It Against Targets Around The World”

Subscribe: RSS Leave a comment
Scary Devil Monastery (profile) says:

Re: Remind me again...

"…Why the NSA isn’t mandated to responsibly disclose vulnerabilities that they find using taxpayer money?"

Because the NSA is primarily audited on their ability to find and penetrate targets, not for their ability to secure the citizenry as a whole.

Hence they spend all their time writing hacking tools which, historically, have good odds of seeing first use by whatever criminal organization bothered to pay a group of russian hackers or "civilian consultants" to obtain them.

This won’t change until some far-seeing president lays down an executive order forcing the NSA to primarily invest effort to secure the exploits and vulnerabilities they find.

FlatZOut (profile) says:

FYI: I Misread The Topic Title And Had The Wrong Idea

It took me a while to realize you were talking about the NSA.

This whole time I thought it said NASA. I guess I keep getting them confused too often. It’s a thing that happens to me way too often and it sucks!
It’s like those posts I find where I have to go back up and reread it because the post said that I read the first one wrong, and then it happens to me twice in a row like a “Double Whammy”.
I guess I learned a lesson from this: ”Never Let Your Eyes Read Faster Than Your Brain”

Seegras (profile) says:

There are only two options: Either everyone can be safe, or nobody can.

And as long as there are entities hoarding exploits, these very same exploits will be used against the allies of these entities.

So the NSA actively endangers the US, including their army, hospitals, police, firefighters, electrical grid, power plants, industry, government agencies and finally, all citizens.

And it doesn’t help that the CIA, FBI and dozens of other agencies do the same. And all other countries and their agencies too.

The only responsible thing to do is to publish each and every vulnerability; as soon as possible.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...