Chinese Spies Intercepted NSA Malware Attack, Weaponized It Against Targets Around The World

from the fun-for-the-whole-IC-family! dept

You don't own the exploits you've created. That's the lesson the NSA has learned over the past few years as its hacking tools have made their way into the public domain via leaks. Of course, the harshest parts of this lesson have been felt by the general public, rather than the NSA, however. The leaked tools were swiftly repurposed to generate a new strain of ransomware, which took down dozens of businesses and government services around the world.

But it's not just a random assortment of internet baddies wreaking havoc with NSA hacking tools and exploits. It's also state-sponsored hackers making use of these tools. A report from Symantec shows other nations are more than willing to turn our state-sponsored attacks against us -- demonstrating the danger of engaging in a cyberwar using weaponized code.

Chinese intelligence agents acquired National Security Agency hacking tools and repurposed them in 2016 to attack American allies and private companies in Europe and Asia, a leading cybersecurity firm has discovered. The episode is the latest evidence that the United States has lost control of key parts of its cybersecurity arsenal.

Based on the timing of the attacks and clues in the computer code, researchers with the firm Symantec believe the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers — like a gunslinger who grabs an enemy’s rifle and starts blasting away.

So much for the theory the best defense against a bad guy with malware is a good guy with malware. The NSA's hacking tools were thwarted and rerouted to target US defense tech companies. This preceded the dumping of NSA malware and exploits by the Shadow Brokers by several months, indicating China's hackers are more than capable of detecting US-sponsored attacks as they're happening and skillful enough to turn our cyberweapons into their cyberweapons.

This isn't to say the NSA and other US agencies should not be utilizing exploits and engaging in cyberattacks on enemy targets. This is saying the NSA and others need to exercise far more responsibility when doing so. For years, the NSA has refused to honestly participate in the Vulnerability Equities Process, allowing security holes in software used by thousands of businesses and millions of US citizens to go unpatched for years.

Now that its own tools are being repurposed into weapons -- and, in this case, by one of its targets -- the Intelligence Community can no longer sit back and pretend sacrificing the security of computers users around the world is an acceptable trade-off for the security of the United States.

For starters, this report shows the NSA's attack of a Chinese target actually made the United States less secure. Furthermore, the report indicates the IC is not being honest with itself or its oversight about the risks its cyberweapons pose.

“We’ve learned that you cannot guarantee your tools will not get leaked and used against you and your allies,” said Eric Chien, a security director at Symantec.

Now that nation-state cyberweapons have been leaked, hacked and repurposed by American adversaries, Mr. Chien added, it is high time that nation states “bake that into” their analysis of the risk of using cyberweapons — and the very real possibility they will be reassembled and shot back at the United States or its allies.

Being a willing participant in the Vulnerability Equities Process would go a long way towards mitigating collateral damage. It may blunt the effectiveness of the NSA's exploits, but that may be the price the NSA has to pay to actually keep the country more secure. As it stands now, the NSA cannot honestly claim its tools won't leak or that its cyberweapons won't be detected and re-deployed against targets in the United States. But since it rarely pays a higher price than receiving the occasional angry letter from Congress, it has seen no reason to alter its tactics.

Filed Under: china, cyber weapons, exploits, malware, nsa


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 8 May 2019 @ 10:54am

    Remind me again...

    Why the NSA isn't mandated to responsibly disclose vulnerabilities that they find using taxpayer money?

    reply to this | link to this | view in chronology ]

    • identicon
      bob, 8 May 2019 @ 11:22am

      Re: Remind me again...

      Because they thought only they were smart enough to exploit the vulnerability and that the ability to exploit the vulnerability was more important than protecting the citizens of the USA.

      reply to this | link to this | view in chronology ]

    • icon
      Scary Devil Monastery (profile), 9 May 2019 @ 12:59am

      Re: Remind me again...

      "...Why the NSA isn't mandated to responsibly disclose vulnerabilities that they find using taxpayer money?"

      Because the NSA is primarily audited on their ability to find and penetrate targets, not for their ability to secure the citizenry as a whole.

      Hence they spend all their time writing hacking tools which, historically, have good odds of seeing first use by whatever criminal organization bothered to pay a group of russian hackers or "civilian consultants" to obtain them.

      This won't change until some far-seeing president lays down an executive order forcing the NSA to primarily invest effort to secure the exploits and vulnerabilities they find.

      reply to this | link to this | view in chronology ]

  • identicon
    Annonymouse, 8 May 2019 @ 10:57am

    Security doublespeak

    Really the only way to get them to scream is to attack their budgets and personal finances .

    Hmm.

    That would solve the problems with a lot of the bad actors.

    reply to this | link to this | view in chronology ]

  • icon
    FlatZOut (profile), 8 May 2019 @ 11:14am

    FYI: I Misread The Topic Title And Had The Wrong Idea

    It took me a while to realize you were talking about the NSA.

    This whole time I thought it said NASA. I guess I keep getting them confused too often. It’s a thing that happens to me way too often and it sucks!
    It’s like those posts I find where I have to go back up and reread it because the post said that I read the first one wrong, and then it happens to me twice in a row like a “Double Whammy”.
    I guess I learned a lesson from this: ”Never Let Your Eyes Read Faster Than Your Brain”

    reply to this | link to this | view in chronology ]

  • icon
    sehlat (profile), 8 May 2019 @ 11:31am

    Cyberwar

    Cyberwar is the first combat arena where the only way you can use your weapons is to give them intact to the enemy to examine and duplicate.

    reply to this | link to this | view in chronology ]

  • icon
    Bamboo Harvester (profile), 8 May 2019 @ 12:13pm

    Breaking related news...

    ...Huawei systems are immune...

    /s

    reply to this | link to this | view in chronology ]

  • identicon
    christenson, 8 May 2019 @ 12:15pm

    The only way to stop exploits from being turned on you...

    is to get the bugs patched that allow them in the first place!

    and then to do that for everyone, so your own people don't get pwned!

    reply to this | link to this | view in chronology ]

    • identicon
      TDR, 8 May 2019 @ 12:18pm

      Re: The only way to stop exploits from being turned on you...

      Even better, the NSA shouldn't be making malware at all. If it has no malware to leak, there's nothing (at least from them) that can be turned back against us.

      reply to this | link to this | view in chronology ]

      • icon
        Bamboo Harvester (profile), 8 May 2019 @ 1:13pm

        Re: Re: The only way to stop exploits from being turned on you..

        I'd be surprised if even 10% of NSA malware was written in-house. They usually purchase the stuff, then tweak to fit the target in mind.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 8 May 2019 @ 3:10pm

    NSA = antieVaxxers?

    reply to this | link to this | view in chronology ]

  • identicon
    mcinsand, 9 May 2019 @ 5:05am

    exploits and backdoors

    This is more proof that encryption backdoors are a brain-dead and stupid idea. If the NSA can't protect their exploits and toolkits, there's no way that they'll keep their keys to our data secure.

    reply to this | link to this | view in chronology ]

  • icon
    Seegras (profile), 9 May 2019 @ 5:19am

    There are only two options: Either everyone can be safe, or nobody can.

    And as long as there are entities hoarding exploits, these very same exploits will be used against the allies of these entities.

    So the NSA actively endangers the US, including their army, hospitals, police, firefighters, electrical grid, power plants, industry, government agencies and finally, all citizens.

    And it doesn't help that the CIA, FBI and dozens of other agencies do the same. And all other countries and their agencies too.

    The only responsible thing to do is to publish each and every vulnerability; as soon as possible.

    reply to this | link to this | view in chronology ]

    • identicon
      bob, 9 May 2019 @ 12:05pm

      Re:

      Exactly. If the aliens during Independence Day had just patched their systems then Earth wouldn't have been able to plant a virus into their mothership to disable the shields.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.