The NSA has been in the news recently - here are two stories.
First - Softpedia:
Computer Science Professor Gives Failing Grade to Newly Leaked NSA Hacking Tool
Over the past weekend, a person or group named The Shadow Brokers published a set of hacking tools they claim to have stolen from the Equation Group, a name given by security vendors to a cyber-espionage group believed to be linked to the US National Security Agency (NSA).
And:
The most recent person who has taken a look at the code is Stephen Checkoway, who teaches Software Vulnerability Analysis and Advanced Computer Security at the University of Illinois, Chicago.
Prof. Checkoway put some hours aside to look at the source code of the BANANAGLEE exploit, which targets Juniper firewalls. The reason he analyzed this exploit is that he's familiar with Juniper devices, being the lead researcher for "A Systematic Analysis of the Juniper Dual EC Incident," a research paper set to be presented in October 2016, at the ACM Conference on Computer and Communications Security.
The good Prof's thoughts:
"This is ridiculous," Checkoway writes regarding the random key generation system.
And:
Prof. Checkoway was a little bit more impressed with the process of hiding the attack source through multiple IP redirections, which he called "kinda neat." But the praises stopped there. "[B]oth the code and the crypto are bad. Very bad," he says.
The article goes into a lot more detail.
Second - from TechDirt:
Did The NSA Continue To Stay Silent On Zero-Day Vulnerabilities Even After Discovering It Had Been Hacked?
The NSA's exploit stash is allegedly for sale. As mentioned earlier this week, an individual or a group calling themselves Shadow Brokers claims to be auctioning off parts of the NSA's Tailored Access Operations (TAO) toolkit, containing several zero days -- including one in Cisco's (a favorite NSA TAO target) Adaptive Security Appliance which allows for remote code execution.
The thing about these vulnerabilities is that they aren't new. The exploits being hawked by Shadow Brokers date back to 2013, suggesting the agency has been sitting on these exploits for awhile. The fact that companies affected by them don't know about these flaws means the NSA hasn't been passing on this information.
That is not good - if they can find the holes, other people can as well. Who is hacking whom here?
Leave a comment