The NSA’s inadvertent role in Petya, the cyberattack on Ukraine. – Slate Magazine
Should the NSA stop hacking computers out of concern that bad guys could steal its tools and use them for their own nefarious purposes?
Wikimedia Commons
Theres a moment in Dr. Strangelove, Stanley Kubricks dark Cold War comic masterpiece, when President Merkin Muffley (played by Peter Sellers) learns that an insane general has exploited a loophole in the militarys command-control system and launched a nuclear attack on Russia. Muffley turns angrily to Air Force Gen. Buck Turgidson (played by George C. Scott) and says, When you instituted the human reliability tests, you assured me there was no possibility of such a thing ever occurring. Turgidson gulps and replies, I dont think its quite fair to condemn a whole program because of a single slip-up.
The National Security Agency currently finds itself in a similar situation.
One of the NSAs beyondtop secret hacking tools has been stolen. And while the ensuing damage falls far short of an unauthorized nuclear strike, the thieves have wreaked cybermayhem around the world.
The mayhem was committed by a group called the Shadow Brokers, which in April announced that it had acquired the NSA tool (known as Eternal Blue) and published its exploit code online for any and all hackers to copy.* In May, some entitywidely believed to be North Koreansused the the exploit code to develop some malware, which became known as WannaCry, and launched a massive ransomware attack, which shut down 200,000 computers, including those of many hospitals and other critical facilities.
Then on June 27 came this latest attack, which was launched by the Shadow Brokers themselves. This struck some security analysts as odd, for two reasons. First, the Shadow Brokers are believed to be members ofor criminal hackers affiliated witha Russian intelligence agency, and Russians tend not to hack for mere cash. Second, the attack was slipshod: The ransoms were to be paid to a single email address, which security experts shut down in short order. If the Russians had decided to indulge in this mischief for money, it was a shock that they did it so poorly.
Now, however, several cybersecurity analysts are convinced that the ransomware was a brief ploy to distract attention from a devastating cyberattack on the infrastructure of Ukraine, through a prominent but vulnerable financial server.
Jake Williams, founder of Rendition InfoSec LLC (and a former NSA analyst), told me on Thursday, two days after the attack, The ransomware was a cover for disrupting Ukraine; we have very high confidence of that. This disruptive attack shut down computers running Ukrainian banks, metro systems, and government ministries. The virus then spread to factories, ports, and other facilities in 60 countriesthough Williams says its unclear whether this rippling effect was deliberate. (Because computers are connected to overlapping networks, malware sometimes infects systems far beyond a hackers intended targets.)
By the way, the attack left the ransomware victims, marginal as they were, completely screwed. Once the email address was disconnected, those who wanted to pay ransom had no place to send their bitcoins. Their computers remain frozen. Unless they had back-up drives, their files and data are irretrievable.
Its not yet clear how the Shadow Brokers obtained the hacking tool. One cybersecurity specialist involved in the probe told me that, at first, he and others figured that the theft had to be an inside job, committed by a second Snowden, but the forensics showed otherwise. One possibility, he now speculates, is that an unnamed NSA contractor, who was arrested last year for taking home files, either passed them onto the Russians or was hacked by the Russians himself. The other possibility is that the Russians hacked into classified NSA files. Its a toss-up which theory is more disturbing; the upshot of both is, it could happen again.
So should the NSA stop hacking computers out of concern that bad guys could steal its tools and use them for their own nefarious purposes? This remedy is probably unreasonable. After all, spy agencies spy, and the NSA spies by intercepting communications, including digital communications, and some of that involves hacking. In other words, the cyber equivalent of Gen. Turgidson would have a point if he told an angry superior its unfair to condemn a whole program for a single slip-up.
It may be time to view surfing the internet on computers as similar to the way we view driving cars on the highway.
Besides, the NSA doesnt do very many hacks of the sort that the Shadow Brokers stolehacks that involve zero-day exploits, the discovery and use of vulnerabilities (in software, hardware, servers, networks, and so forth) that no one has previously discovered. Zero-day exploits were once the crown jewels of the NSAs signals-intelligence shops. But theyre harder to come by now. Software companies continually test their products for security gaps and patch them right away. Hundreds of firms, many created by former intelligence analysts, specialize in finding zero-day vulnerabilities in commercial productsthen alerting the companies for handsome fees. Often, by the time the NSA develops an exploit for a zero-day vulnerability, someone in the private sector has also found it and already developed a patch.
More and more, in recent years, the NSA chooses to tell companies about a problem and even help them fix it. This trend accelerated in December 2013, when a five-member commission, appointed by President Obama in the wake of the Snowden revelations, wrote a 300-page report proposing 46 reforms for U.S. intelligence agencies. One proposal was to bar the government from doing anything to subvert, undermine, weaken, or make vulnerable generally available commercial software. Specifically, if NSA analysts found a zero-day exploit, they should be required to patch the hole at once, except in rare instances when the government could briefly authorize the exploit for high-priority intelligence collection, though, even then, only after approval not by the NSA directorwho, in the past, made such decisionsbut rather in a senior interagency review involving all appropriate departments.
Obama approved this recommendation, and as a result his White House cybersecurity chief, Michael Daniel, drafted a list of questions that this senior review panel must ask before letting the NSA exploit, rather than patch, the zero-day discovery. The questions: Would this vulnerability, if left unpatched, pose risks to our own societys infrastructure? If adversaries or crime groups knew about the vulnerability, how much harm could they inflict? How badly do we need the intelligence that the exploit would provide? Are there other ways to get this intelligence? Could we exploit the vulnerability for just a short period of time, then disclose and patch it?
A 2016 article in Bloomberg News reported that, due in part to this new review process, the NSA keepsand exploits for offensive purposesonly about two of the roughly 100 zero-day vulnerabilities it finds in the course of a year.
The vulnerability exploited in the May ransomware attack was one of those zero-days that the NSA kept for a while. (It is not known for how long or what adversaries it allowed us to hack.) The vulnerability was in a Microsoft operating system. In March, the government notified Microsoft of the security gap. Microsoft quickly devised a patch and alerted users to install the software upgrade. Some users did; others didnt. The North Koreans were able to hack into the systems of those who didnt. Thats how the vast majority of hacks happenthrough carelessness.
It may be time to view surfing the internet on computers as similar to the way we view driving cars on the highway. Both are necessary for modern life, and both advance freedoms, but they also carry responsibilities and can do great harm if misused. It would be excessive to require the equivalent of drivers licenses to go online; a government that can take away such licenses for poor digital hygiene could also take them away for impertinent political speech. But its not outrageous to impose regulations on product liability, holding vendors responsible for malware-infected devices, just as car companies are for malfunctioning brakes. Its not outrageous to force government agencies and companies engaged in critical infrastructure (transportation, energy, finance, and so forth) to meet minimal cybersecurity standards or to hit them with heavy fines if they dont. Its not outrageous to require companies to program their computers or software to shut down if users dont change or randomize their passwords or if they dont install software upgrades after a certain amount of time. Or if this goes too far, the government could require companies to program their computers or software to emit a loud noise or flash a bright light on the screen until the users take these precautionsin much the same way that drivers hear ding-ding-ding until they fasten their seatbelts.
Some of these ideas have been kicking around for decades, a few at high levels of government, but theyve been crushed by lobbyists and sometimes by senior economic advisers who warned that regulations would impede technical progress and harm the competitive status of American industries. Resistance came easy because many of these measures were expensive and the dangers they were meant to prevent seemed theoretical. They are no longer theoretical. The cyberattack scenarios laid out in government reports decades ago, dismissed by many as alarmist and science fiction, are now the stuff of front-page news stories.
Cyberthreats will never disappear; cybervulnerabilities will never be solved. They are embedded in the technology, as its developed in the 50 years since the invention of the internet. But the problems can be managed and mitigated. Either we take serious steps now, through a mix of regulations and market-driven incentivesor we wait until a cybercatastrophe, after which far more brutal solutions will be slammed down our throats at far greater cost by every measure.
*Correction, June 30, 2017: This article originally misstated that the NSA tool stolen by the Shadow Brokers was called WannaCry. It was called Eternal Blue, and its code was used to create WannaCry. (Return.)
See the rest here:
The NSA's inadvertent role in Petya, the cyberattack on Ukraine. - Slate Magazine
- NSA to cut up to 2,000 civilian roles - The Hill - May 10th, 2025 [May 10th, 2025]
- NSA Ajit Doval speaks with US Secretary of State 'shortly after' Indian strikes on Pak - Deccan Herald - May 10th, 2025 [May 10th, 2025]
- NSA to cut up to 2,000 civilian roles as part of intel community downsizing - The Record from Recorded Future News - May 10th, 2025 [May 10th, 2025]
- Operation Sindoor: NSA Doval engages with counterparts from US, UK, China, and Russia - Social News XYZ - May 10th, 2025 [May 10th, 2025]
- CIA, NSA to face major layoffs as Trump pushes intelligence reform - Times of India - May 5th, 2025 [May 5th, 2025]
- Dont see a major war with India, but have to be ready: Pakistan ex-NSA - Al Jazeera - May 5th, 2025 [May 5th, 2025]
- Donald Trump set to axe thousands of jobs at CIA, NSA and other agencies - Daily Mail - May 5th, 2025 [May 5th, 2025]
- 757Teamz softball Top 15: NSA moves up as Hickory perseveres to remain No. 1 - The Virginian-Pilot - May 5th, 2025 [May 5th, 2025]
- NSA head Mike Waltz and his deputy Alex Wong to exit Trump admin amid Signal chat fiasco - The Economic Times - May 5th, 2025 [May 5th, 2025]
- Trump speaks out on NSA shakeup, addresses third term talk - Fox News - May 5th, 2025 [May 5th, 2025]
- Mike Waltz, Alex Wong to resign: Here's who may replace NSA head and deputy - Hindustan Times - May 5th, 2025 [May 5th, 2025]
- A Lot of People Want the Job: Trump Says Hell Choose Waltzs NSA Replacement in Next 6 Months - The Daily Signal - May 5th, 2025 [May 5th, 2025]
- Will Steve Witkoff replace Mike Waltz as Donald Trump's new NSA? - Times of India - May 5th, 2025 [May 5th, 2025]
- Beavercreek native recognized for NSA Codebreaker achievement - Fairborn Daily Herald - May 5th, 2025 [May 5th, 2025]
- Marco Rubio to serve as acting NSA; Mike Waltz removed by President Trump - FOX 35 Orlando - May 5th, 2025 [May 5th, 2025]
- Trump says he will name new NSA within 6 months - LiveNOW from FOX - May 5th, 2025 [May 5th, 2025]
- Mike Waltz out as NSA, Rubio to serve in the interim - LiveNOW from FOX - May 5th, 2025 [May 5th, 2025]
- Mike Waltz Leaves White House for UN Witkoff Tipped as Trumps Next NSA - Hungarian Conservative - May 5th, 2025 [May 5th, 2025]
- McConnell calls out Trump for hiring amateur isolationists at Pentagon, firing NSA director - The Hill - April 8th, 2025 [April 8th, 2025]
- Trumps firing of NSA chief is rolling out the red carpet for cyber attacks - Politico - April 8th, 2025 [April 8th, 2025]
- A conspiracy theorist convinced Trump to fire the NSA director - Vox - April 8th, 2025 [April 8th, 2025]
- William Hartman Named Acting NSA Director Following Dismissal of Top Officials - ExecutiveGov - April 8th, 2025 [April 8th, 2025]
- NSA and partners Issue Guidance on Fast Flux as a National Security Threat - National Security Agency (NSA) (.gov) - April 8th, 2025 [April 8th, 2025]
- Security News This Week: NSA Chief Ousted Amid Trump Loyalty Firing Spree - WIRED - April 8th, 2025 [April 8th, 2025]
- Head of NSA and US Cyber Command reportedly fired - Cybersecurity Dive - April 8th, 2025 [April 8th, 2025]
- Trump fires Gen. Timothy Haugh from leadership of Cyber Command and NSA - DefenseScoop - April 8th, 2025 [April 8th, 2025]
- Gen. Timothy Haugh, head of NSA and Cyber Command, is fired - CBS News - April 8th, 2025 [April 8th, 2025]
- Trump's mixed tariff messaging and NSA director and deputy fired: Morning Rundown - NBC News - April 8th, 2025 [April 8th, 2025]
- NSA Director and Deputy Reportedly Dismissed: What We Know - Newsweek - April 8th, 2025 [April 8th, 2025]
- Haugh fired from leadership of NSA, Cyber Command - The Record from Recorded Future News - April 8th, 2025 [April 8th, 2025]
- Trump administration fires head of NSA and U.S. Cyber Command, along with other top officials - CBS News - April 8th, 2025 [April 8th, 2025]
- US Cyber Command, NSA Chief Gen. Timothy Haugh ousted by Trump admin - Breaking Defense - April 8th, 2025 [April 8th, 2025]
- Face the Facts: Rep. Himes talks about firing of two top NSA officials - NBC Connecticut - April 8th, 2025 [April 8th, 2025]
- NSA Issues Advisory on Fast Flux Cyberthreat - ExecutiveGov - April 8th, 2025 [April 8th, 2025]
- Loomer, far-right activist, urged Trump to remove NSA director and others: Sources - ABC News - April 8th, 2025 [April 8th, 2025]
- The NSA Sounds Security Alarm For Billions Of iPhone And Android Phones - HotHardware - April 8th, 2025 [April 8th, 2025]
- NSA director fired after Trumps meeting with right-wing influencer Laura Loomer - The Verge - April 8th, 2025 [April 8th, 2025]
- Trump fires head of NSA and Cyber Command - Nextgov - April 8th, 2025 [April 8th, 2025]
- What are the national security concerns of Trump firing the NSA, Cyber Command head? - CBS News - April 8th, 2025 [April 8th, 2025]
- Who is Timothy Haugh? The NSA chief fired amid cyber security concerns - Times of India - April 8th, 2025 [April 8th, 2025]
- NSA, CISA, FBI, and International Partners Release Cybersecurity Advisory on Fast Flux, a National Security Threat - Hstoday - April 8th, 2025 [April 8th, 2025]
- Senator King Responds to Reported Firing of NSA Director General Timothy Haugh - WAGM - April 8th, 2025 [April 8th, 2025]
- NSA warned of vulnerabilities in Signal app a month before Houthi strike chat - CBS News - March 26th, 2025 [March 26th, 2025]
- Trump said poised to fire NSA Mike Waltz for including journalist in top secret war chat - The Times of Israel - March 26th, 2025 [March 26th, 2025]
- Not the last Waltz: Trump defends NSA after security breach - The Times of India - March 26th, 2025 [March 26th, 2025]
- NSA warned about vulnerabilities in Signal prior to White House group chat fiasco - SiliconANGLE News - March 26th, 2025 [March 26th, 2025]
- NSA warned the Signal app was vulnerable last month - WTIC - March 26th, 2025 [March 26th, 2025]
- Codebreakers and Covert Agents: The Women Behind the NSA and CIA heads to Illinois State Museum - WAND - March 26th, 2025 [March 26th, 2025]
- NSA warned about using Signal a month before leak of Houthi strike chat - CBS News - March 26th, 2025 [March 26th, 2025]
- 'Putin is giddy': NSA knew Signal was vulnerable to Russian hackers before security breach - AlterNet - March 26th, 2025 [March 26th, 2025]
- RAW: NSA MIKE WALTZ EXPECTED TO VISIT GREENLAND - Local 3 News - March 26th, 2025 [March 26th, 2025]
- US NSA likely to visit India in third week of April - Hindustan Times - March 26th, 2025 [March 26th, 2025]
- Statement from Secretary Rubio and NSA Waltz on Call with Zelenskyy - Department of State - March 22nd, 2025 [March 22nd, 2025]
- Europe must invest more in defence amid global shifts: Greeces NSA Ntokos - Firstpost - March 22nd, 2025 [March 22nd, 2025]
- NSA Bahrain, NAVCENT Hold First-of-its-Kind Exercise Vigilant Resolve - navy.mil - March 22nd, 2025 [March 22nd, 2025]
- Former NSA boss Osei Assibey Antwi picked up by NIB - GhanaWeb - March 22nd, 2025 [March 22nd, 2025]
- WHAT THE TECH? NSA recommending weekly smartphone restarts & how it improves performance - Local 3 News - March 9th, 2025 [March 9th, 2025]
- Ex-NSA cyber chief warns of devastating impact of potential DOGE-inspired firings - Breaking Defense - March 9th, 2025 [March 9th, 2025]
- Former top NSA cyber official: Probationary firings devastating to cyber, national security - CyberScoop - March 9th, 2025 [March 9th, 2025]
- Prime Targets Martha Plimpton On Her NSA Character & Why This Political Thriller Works: Never Trust People In Charge - Deadline - March 9th, 2025 [March 9th, 2025]
- Former NSA Dep. Director, Gifty Oware-Mensah will see NIB over 80k ghost names allegations - GhanaWeb - March 5th, 2025 [March 5th, 2025]
- Zelensky is not ready for peace talks, US NSA says - Mehr News Agency - English Version - March 3rd, 2025 [March 3rd, 2025]
- More Than 100 Intelligence Staffers Will Be Fired Over Sexually Explicit Texts In NSA Chatrooms, Gabbard Says - Forbes - March 1st, 2025 [March 1st, 2025]
- NSA says it is investigating potential misuse of chat platform - The Record from Recorded Future News - March 1st, 2025 [March 1st, 2025]
- 100-plus spies fired after NSA internal chat board used for kinky sex talk - The Register - March 1st, 2025 [March 1st, 2025]
- Tulsi Gabbard says more than 100 intelligence officers will be fired for sexually explicit NSA chat messages - CNN - March 1st, 2025 [March 1st, 2025]
- Elon Asked What Government Workers Did. The NSA Overshared - Schiff Sovereign - March 1st, 2025 [March 1st, 2025]
- Tulsi Gabbard Fires 100 Intelligence Officers for Sex Chats on NSA-Hosted Tool - The Daily Beast - March 1st, 2025 [March 1st, 2025]
- Elon Musk reacts to leaked chat alleging NSA, CIA officials discussed raising intersex babies as non-bina - The Times of India - March 1st, 2025 [March 1st, 2025]
- What NSA, DIA agents said about Libs of TikTok, Ben Shapiro in leaked messages - The Times of India - March 1st, 2025 [March 1st, 2025]
- NSA staff accused of lurid sex chats at work they were just discussing LGBTQ+ issues - PinkNews - March 1st, 2025 [March 1st, 2025]
- Sen. Tom Cotton reacts to lewd NSA chats: 'We don't want these people anywhere near classified information' - Fox News - March 1st, 2025 [March 1st, 2025]
- At least 100 NSA staffers to be fired for explicit chats during work hours - WDRB - March 1st, 2025 [March 1st, 2025]
- Gifty Oware-Mensah on the run as NIB investigates NSA scandal - GhanaWeb - February 25th, 2025 [February 25th, 2025]
- Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace - CyberScoop - February 25th, 2025 [February 25th, 2025]
- NSA emphasizes strong defensive posture as it responds to report it hacked China - Washington Times - February 25th, 2025 [February 25th, 2025]
- How the NSA Head of Accounts was undermined by his deputy for eight months after appointment - GhanaWeb - February 25th, 2025 [February 25th, 2025]
- What Is Proteus in Zero Day? How the NSA Weapon Changes Everything - Collider - February 25th, 2025 [February 25th, 2025]
- 'Zelenskyy will sign the minerals deal, no matter': US NSA Mike Waltz on Trump's Ukraine plan - The Economic Times - February 25th, 2025 [February 25th, 2025]
- EXCLUSIVE: Clearcover launches Illinois-based reciprocal exchange to jumpstart entry into NSA - Re-Insurance.com - February 12th, 2025 [February 12th, 2025]