Former Spies' Dubious Claim: Release Of NSA's Windows Exploits Has Seriously Harmed National Security

from the protesting-a-bit-much dept

The Shadow Brokers' attempted firesale of NSA exploits didn't go well. After early leaks failed to pique buyers' interest, SB decided to start handing over the agency's hacking tools to the general public.

The most recent dump was the most interesting. It contained a variety of remote access exploits -- several of them zero days -- that gave NSA operatives "God mode" control over compromised computers with fairly-recent versions of the Windows operating system.

But they were of limited use. The most recent exploitable version was Windows 8, and every version still supported by Microsoft was patched before the SB dump, most likely as the result of a belated tip from the NSA. However, older operating systems without Microsoft support are still exploitable, and will remain exploitable until those systems are updated.

Now that most of the stash is out in the open, the Intelligence Community is able to do two things:

1. Determine who is responsible for the leaked toolset.

2. Complain about it.

The latter appears to be what's happening now. A few (anonymous) former members of the Intelligence Community are talking up what a horrible blow this is to the NSA.

Although digital exploits are used for spying rather than destruction, they allow operators to break down invisible doors, pilfering information. Seeing these latest tools published online was “devastating,” the former cyber intelligence employee said.

Three recently retired intelligence employees who worked on hacking tools for the government requested anonymity in order to speak freely about sensitive matters and to protect ongoing work and employability.

“By my estimation, there’s not much left to burn,” another former intelligence official who worked for several three-letter agencies told Foreign Policy. “The tools that were released were pretty critical.

Supposedly, this set of tools was worth millions of dollars to the NSA. If market prices in Bitcoin are anything to go by, criminals and foreign espionage agencies didn't appear to feel they were worth much more than a few thousand dollars. Of course, potential buyers didn't know exactly what they were getting. Others probably figured the exploits would be patched into irrelevance by the time they got their hands on them.

The "sky is falling" narrative tends to follow every leak of national security documents, starting with Snowden's, which damaged the NSA so much it's in better shape than ever. There may have been some valuable tools in the SB stash, but the moment they ended up in someone other than the NSA's hands, they became relatively worthless to the agency.

But what was released, however powerful, was outdated. The stash appeared to be a 2013 vintage -- valuable in its prime, but no longer quite as useful after Microsoft's forced migration of Windows users to version 10. The NSA is undoubtedly sitting on a stash of current exploits far more valuable than what it lost when someone left a bunch of hacking tools behind in a compromised server.

The public gnashing of natsec teeth also serves another purpose: it hopefully encourages surveillance targets to let their guard down a bit. By projecting the image of an intelligence agency fumbling around in the dark, the agency can very likely obtain a few new intercepts from careless foes it catches relaxing.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 25 Apr 2017 @ 4:15am

    Slight problem with perceived value

    Value of the tools is presumed on only the NSA knowing about the vulnerabilities and having tools. One could argue that not notifying vendors of the vulnerabilities put American citizens at risk.

    reply to this | link to this | view in chronology ]

  • icon
    Peter (profile), 25 Apr 2017 @ 4:15am

    Two more things the Intelligence Community could do:

    1: Explain why they did not share details about secret security holes with software producers when the tools were stolen.
    2: Explain why they did not buy the tools back in the firesale, just to take them off the market.

    Any possible justification for keeping knowledge about security holes secret went out of the door the minute the tools were stolen!

    reply to this | link to this | view in chronology ]

    • icon
      PaulT (profile), 25 Apr 2017 @ 4:35am

      Re: Two more things the Intelligence Community could do:

      "2: Explain why they did not buy the tools back in the firesale, just to take them off the market. "

      How would buying digital tools from a digital marketplace take them off the market? Unless you mean bribing the leakers to take them off, but then how would you control the distribution of the tools by anyone who had already obtained them?

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Apr 2017 @ 10:52am

        Re: Re: Two more things the Intelligence Community could do:

        Exactly. It's like paying off a blackmailer. How do you know you have the last copies of the pictures?

        reply to this | link to this | view in chronology ]

  • icon
    PaulT (profile), 25 Apr 2017 @ 4:33am

    "The stash appeared to be a 2013 vintage -- valuable in its prime, but no longer quite as useful after Microsoft's forced migration of Windows users to version 10."

    I agree up to this point. MS may have forced a lot of people to "upgrade", but it was nowhere near 100%. A very large number of those people either reinstalled a pre-Windows 8 version or found ways to by pass the "upgrade", especially when it was forced on people who refused it during the "free" phase.

    I'd actually argue that if anything has decreased the US's national security due to these leaks, it's Microsoft's horrific handling of the Metro interface that's caused so many to avoid and reject its newer products. Few would have complained about the patching and security of Windows if it hadn't been so closely tied with the mandatory use of an interface so many people dislike.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2017 @ 5:19am

      Re:

      Don't forget Windows 10's dial home spy feature/bug.

      reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 25 Apr 2017 @ 5:55am

        Re: Re:

        Sadly, I think that the number of people who care deeply enough about Microsoft's continuous trust and security issues to make a difference is significantly lower than the number of people who pitched a fit because they suddenly had to use a different user interface.

        reply to this | link to this | view in chronology ]

    • icon
      JoeCool (profile), 25 Apr 2017 @ 9:30am

      Re:

      Forcing everyone to "upgrade" (and I use the term loosely) to Windows 10 DECREASES security SIGNIFICANTLY. Now instead of several targets for hackers, they only need to concentrate on ONE - Windows 10. It's much more profitable - for hackers - since everyone is using the same OS.

      reply to this | link to this | view in chronology ]

      • icon
        PaulT (profile), 26 Apr 2017 @ 12:45am

        Re: Re:

        Yes and no. I see your point, but if the forced upgrade is to the single copy of the OS where they've bothered to patch a known vulnerability and every other copy is vulnerable, that's the thing in reverse.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2017 @ 4:41am

    Of course it harms national security... when those exploits start being used by anyone and everyone.

    https://arstechnica.com/security/2017/04/10000-windows-computers-may-be-infected-by-advance d-nsa-backdoor/

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2017 @ 5:45am

    Who is "The Nation"?

    So who does NSA define as the Nation when they say they are protecting National security? Is it the people, the government or themselves and their deep state buddies?

    Because fundamentally if National Security is not about protecting the people, why is it that we keep funding the security theater? FISA, TSA, Homeland Security, militarizing the police, encryption back doors, the Patriot Act, the Patriot Act's younger brother the USA Freedom Act, etc, etc. None of this seems aimed at security for the people but more security and secrecy for the government and it's deep state allies to protect themselves from oversight and for self enrichment.

    There was a law recently enacted (and repealed, unfortunately) that required Stock Brokers to work in the interest of their customers. We need something like that for Congress and all of the other branches of government and their agencies, that they be required to work in the interest of the people. Right now they are just working for themselves.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2017 @ 8:04am

      Re: Who is

      You lost me when you brought up that deep state nonsense

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Apr 2017 @ 2:51pm

        Re: Re: Who is

        Recently, there seems to be a contingent of numbsculls (or maybe it's just you?) roaming around here on TD that have decide to necessarily equate the term "Deep State" with some sort of Alex Jones'ish, tin foil hat, conspiracy theory. Please stop, you're making fools of yourselves.

        While it's true that the term "Deep State" is often borrowed by conspiracy theorists to make some pretty dubious/unsupportable claims, the existence, mechanics, and motives of the "Deep State" itself is well discussed/documented/analyzed by some very reasonable and respected individuals (e.g., Mike Lofgren, C. Wright Mills, and Dwight Eisenhower). Not to mention, the Deep State operates in plain sight for all to readily observe if they care to look.

        To use Lofgren's definition, the Deep State is "a hybrid association of elements of government and parts of top-level finance and industry that is effectively able to govern the United States without reference to the consent of the governed as expressed through the formal political process." Or Mills observation (circa 1956), "American power had become concentrated into three major divisions; the military-industrial complex, Wall Street, and the Pentagon."

        So please do tell us, how does that not describe - nearly perfectly - exactly what we're seeing from our government and industry today?

        That's not conspiracy theory son, that just looking out your window.

        reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 25 Apr 2017 @ 6:12am

    Damaged National Security

    Doesn't making vulnerabilities public IMPROVE national security? Not damage it?

    Once the vulnerabilities are known, the vendors / providers of affected software can patch those vulnerabilities making their software, and our nation more secure against hackers, including other nation states.

    Given two conflicting goals, I would rather that our systems be more secure than our adversaries systems be less secure. Both would be nice, but if I can't have both, I would rather our systems be more secure.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2017 @ 7:57am

      Re: Damaged National Security

      Once the vulnerabilities are known, the vendors / providers of affected software can patch those vulnerabilities making their software, and our nation more secure against hackers, including other nation states.

      Can patch, yes. Will patch, not necessarily. As noted in the Techdirt article, and in some of the comments upthread, although Microsoft has released free patches to address these vulnerabilities on certain newer Windows OSes, they have not and will not address the vulnerabilities on older Windows that they deem to be "out of support" / "end of life." Additionally, Microsoft's general approach to patching is that if you want anything, you will take what they give you when they deign to give it, including any unwanted changes that they decide to pack along for the ride. You cannot get just spot fixes for vulnerabilities and keep everything else unchanged.

      reply to this | link to this | view in chronology ]

  • identicon
    Capt ICE Enforcer, 25 Apr 2017 @ 6:17am

    2nd letter

    Maybe the NSA should focus on the "S" in NSA.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2017 @ 7:02am

    Dear NSA and American Congress

    You have damaged National Security in a reckless and dangerous pursuit of power more than any single release of classified information or hacking tools.

    You constantly hide and play in the shadows. You constantly make secret interpretations of law and emphatically and consistently disregard the Constitution in pursuit of your power & control.

    As per the natural cycle there will come a time when citizens have grown tired of the lies, deceit, decadence, and disrespect. When that happens, your greatest enemy will be your own, you already know this because you are already preparing for it. And your preparations for it, will only ensure that it comes. As you tighten that grip, more will only slip through your grasp!

    The ONLY lesson learned from history, is that no one learns from it! Especially Governments!

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 25 Apr 2017 @ 8:15am

    How convenient

    My sneaking suspicion is that this is a smoke screen release of mostly outdated or soon to be outdated exploits with a few juicy tidbits thrown in. A good way to get "the other side" to believe your capabilities have been diminished.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2017 @ 8:23am

    hum

    I saw an article yesterday from Hacker news I think it was saying 1000s of machine got infected, by something from this release. That it was moded and running on all versions of windows im pretty sure

    reply to this | link to this | view in chronology ]

  • icon
    JustMe (profile), 25 Apr 2017 @ 9:34am

    How about not creating (or paying to create) cyberweapons in the first place?

    Lest you escalate the computer arms race against other nation states, much like the cold war. Worse, you are also escalating against hackers - people who, by definition, have much less at risk and are mostly free from retaliation.

    reply to this | link to this | view in chronology ]

    • icon
      orbitalinsertion (profile), 25 Apr 2017 @ 8:28pm

      Re: How about not creating (or paying to create) cyberweapons in the first place?

      They loved the Cold War model then, and have been trying to replicate it ever since.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2017 @ 11:23am

    It should be noted that many business softwares are still running XP. An OS no longer supported by Microsoft. Therefore no patch will be issued. Microsoft has also ended support for Vista and Win 7, many are still using those OSes. Especially given the spyware mania Microsoft has been on.

    Something else not noted and carefully stepped around, is when Vista first came out, the hardware vendors could not come up to snuff on the requirements that Vista needed to run everything. Instead Microsoft downgraded early Vista to allow a "Vista Capable" that would run Vista at bare minimums.

    I have one of those early machines. I've tried a couple of times to upgrade it to Vista II, only to have it lock up on reboot and never complete the booting sequence. Without Vista II you can not get the protection needed against these NSA tools.

    So in essence, this article is correct. Much of the computing world isn't running Win 8 nor Win 10. The nation is at risk due solely to NSA's developing these tools and then when stolen did not notify the software makers to patch their holes. In this NSA is at fault more than anyone else.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 25 Apr 2017 @ 12:10pm

    Here's a thought...

    Maybe if they were so concerned about protecting the public they would have informed MS about the vulnerabilities immediately, as soon as they found them, so that they could be patched, rather than waiting years to do so, only when they realized that someone else had rooted through their toys.

    Spare me the crocodile tears, the NSA doesn't give a damn about the impact on the public here, the only thing it cares about is that some of the toys it has are now less useful for it to exploit.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2017 @ 6:16pm

    public disclosure of exact tools does hit nsa, like it or not. so, yes, they are correct.

    reply to this | link to this | view in chronology ]

  • identicon
    GNU/Linux guy, 25 Apr 2017 @ 7:19pm

    Yeah, "terrorists" only use Windows. Ban it. :P

    reply to this | link to this | view in chronology ]

  • identicon
    Châu, 25 Apr 2017 @ 7:44pm

    Another reason use freedom software OS

    Because have source code for old Linux, can fix even ancient version. But old Micro$oft Windoze version never share source code, people much money for cripple ware.

    reply to this | link to this | view in chronology ]

  • icon
    Lady Gwyneth (profile), 26 Apr 2017 @ 7:38am

    Why am I so certain the most useful hack "stolen" from the NSA was "shut down button turns off computer"

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories

Close

Email This

This feature is only available to registered users. Register or sign in to use it.