The NSA’s inadvertent role in Petya, the cyberattack on Ukraine. – Slate Magazine
Should the NSA stop hacking computers out of concern that bad guys could steal its tools and use them for their own nefarious purposes?
Wikimedia Commons
Theres a moment in Dr. Strangelove, Stanley Kubricks dark Cold War comic masterpiece, when President Merkin Muffley (played by Peter Sellers) learns that an insane general has exploited a loophole in the militarys command-control system and launched a nuclear attack on Russia. Muffley turns angrily to Air Force Gen. Buck Turgidson (played by George C. Scott) and says, When you instituted the human reliability tests, you assured me there was no possibility of such a thing ever occurring. Turgidson gulps and replies, I dont think its quite fair to condemn a whole program because of a single slip-up.
The National Security Agency currently finds itself in a similar situation.
One of the NSAs beyondtop secret hacking tools has been stolen. And while the ensuing damage falls far short of an unauthorized nuclear strike, the thieves have wreaked cybermayhem around the world.
The mayhem was committed by a group called the Shadow Brokers, which in April announced that it had acquired the NSA tool (known as Eternal Blue) and published its exploit code online for any and all hackers to copy.* In May, some entitywidely believed to be North Koreansused the the exploit code to develop some malware, which became known as WannaCry, and launched a massive ransomware attack, which shut down 200,000 computers, including those of many hospitals and other critical facilities.
Then on June 27 came this latest attack, which was launched by the Shadow Brokers themselves. This struck some security analysts as odd, for two reasons. First, the Shadow Brokers are believed to be members ofor criminal hackers affiliated witha Russian intelligence agency, and Russians tend not to hack for mere cash. Second, the attack was slipshod: The ransoms were to be paid to a single email address, which security experts shut down in short order. If the Russians had decided to indulge in this mischief for money, it was a shock that they did it so poorly.
Now, however, several cybersecurity analysts are convinced that the ransomware was a brief ploy to distract attention from a devastating cyberattack on the infrastructure of Ukraine, through a prominent but vulnerable financial server.
Jake Williams, founder of Rendition InfoSec LLC (and a former NSA analyst), told me on Thursday, two days after the attack, The ransomware was a cover for disrupting Ukraine; we have very high confidence of that. This disruptive attack shut down computers running Ukrainian banks, metro systems, and government ministries. The virus then spread to factories, ports, and other facilities in 60 countriesthough Williams says its unclear whether this rippling effect was deliberate. (Because computers are connected to overlapping networks, malware sometimes infects systems far beyond a hackers intended targets.)
By the way, the attack left the ransomware victims, marginal as they were, completely screwed. Once the email address was disconnected, those who wanted to pay ransom had no place to send their bitcoins. Their computers remain frozen. Unless they had back-up drives, their files and data are irretrievable.
Its not yet clear how the Shadow Brokers obtained the hacking tool. One cybersecurity specialist involved in the probe told me that, at first, he and others figured that the theft had to be an inside job, committed by a second Snowden, but the forensics showed otherwise. One possibility, he now speculates, is that an unnamed NSA contractor, who was arrested last year for taking home files, either passed them onto the Russians or was hacked by the Russians himself. The other possibility is that the Russians hacked into classified NSA files. Its a toss-up which theory is more disturbing; the upshot of both is, it could happen again.
So should the NSA stop hacking computers out of concern that bad guys could steal its tools and use them for their own nefarious purposes? This remedy is probably unreasonable. After all, spy agencies spy, and the NSA spies by intercepting communications, including digital communications, and some of that involves hacking. In other words, the cyber equivalent of Gen. Turgidson would have a point if he told an angry superior its unfair to condemn a whole program for a single slip-up.
It may be time to view surfing the internet on computers as similar to the way we view driving cars on the highway.
Besides, the NSA doesnt do very many hacks of the sort that the Shadow Brokers stolehacks that involve zero-day exploits, the discovery and use of vulnerabilities (in software, hardware, servers, networks, and so forth) that no one has previously discovered. Zero-day exploits were once the crown jewels of the NSAs signals-intelligence shops. But theyre harder to come by now. Software companies continually test their products for security gaps and patch them right away. Hundreds of firms, many created by former intelligence analysts, specialize in finding zero-day vulnerabilities in commercial productsthen alerting the companies for handsome fees. Often, by the time the NSA develops an exploit for a zero-day vulnerability, someone in the private sector has also found it and already developed a patch.
More and more, in recent years, the NSA chooses to tell companies about a problem and even help them fix it. This trend accelerated in December 2013, when a five-member commission, appointed by President Obama in the wake of the Snowden revelations, wrote a 300-page report proposing 46 reforms for U.S. intelligence agencies. One proposal was to bar the government from doing anything to subvert, undermine, weaken, or make vulnerable generally available commercial software. Specifically, if NSA analysts found a zero-day exploit, they should be required to patch the hole at once, except in rare instances when the government could briefly authorize the exploit for high-priority intelligence collection, though, even then, only after approval not by the NSA directorwho, in the past, made such decisionsbut rather in a senior interagency review involving all appropriate departments.
Obama approved this recommendation, and as a result his White House cybersecurity chief, Michael Daniel, drafted a list of questions that this senior review panel must ask before letting the NSA exploit, rather than patch, the zero-day discovery. The questions: Would this vulnerability, if left unpatched, pose risks to our own societys infrastructure? If adversaries or crime groups knew about the vulnerability, how much harm could they inflict? How badly do we need the intelligence that the exploit would provide? Are there other ways to get this intelligence? Could we exploit the vulnerability for just a short period of time, then disclose and patch it?
A 2016 article in Bloomberg News reported that, due in part to this new review process, the NSA keepsand exploits for offensive purposesonly about two of the roughly 100 zero-day vulnerabilities it finds in the course of a year.
The vulnerability exploited in the May ransomware attack was one of those zero-days that the NSA kept for a while. (It is not known for how long or what adversaries it allowed us to hack.) The vulnerability was in a Microsoft operating system. In March, the government notified Microsoft of the security gap. Microsoft quickly devised a patch and alerted users to install the software upgrade. Some users did; others didnt. The North Koreans were able to hack into the systems of those who didnt. Thats how the vast majority of hacks happenthrough carelessness.
It may be time to view surfing the internet on computers as similar to the way we view driving cars on the highway. Both are necessary for modern life, and both advance freedoms, but they also carry responsibilities and can do great harm if misused. It would be excessive to require the equivalent of drivers licenses to go online; a government that can take away such licenses for poor digital hygiene could also take them away for impertinent political speech. But its not outrageous to impose regulations on product liability, holding vendors responsible for malware-infected devices, just as car companies are for malfunctioning brakes. Its not outrageous to force government agencies and companies engaged in critical infrastructure (transportation, energy, finance, and so forth) to meet minimal cybersecurity standards or to hit them with heavy fines if they dont. Its not outrageous to require companies to program their computers or software to shut down if users dont change or randomize their passwords or if they dont install software upgrades after a certain amount of time. Or if this goes too far, the government could require companies to program their computers or software to emit a loud noise or flash a bright light on the screen until the users take these precautionsin much the same way that drivers hear ding-ding-ding until they fasten their seatbelts.
Some of these ideas have been kicking around for decades, a few at high levels of government, but theyve been crushed by lobbyists and sometimes by senior economic advisers who warned that regulations would impede technical progress and harm the competitive status of American industries. Resistance came easy because many of these measures were expensive and the dangers they were meant to prevent seemed theoretical. They are no longer theoretical. The cyberattack scenarios laid out in government reports decades ago, dismissed by many as alarmist and science fiction, are now the stuff of front-page news stories.
Cyberthreats will never disappear; cybervulnerabilities will never be solved. They are embedded in the technology, as its developed in the 50 years since the invention of the internet. But the problems can be managed and mitigated. Either we take serious steps now, through a mix of regulations and market-driven incentivesor we wait until a cybercatastrophe, after which far more brutal solutions will be slammed down our throats at far greater cost by every measure.
*Correction, June 30, 2017: This article originally misstated that the NSA tool stolen by the Shadow Brokers was called WannaCry. It was called Eternal Blue, and its code was used to create WannaCry. (Return.)
See the rest here:
The NSA's inadvertent role in Petya, the cyberattack on Ukraine. - Slate Magazine
- Spymaster United States Joshua Rudd, US special forces officer nursing NSA back to health - Intelligence Online - July 7th, 2026 [July 7th, 2026]
- Capability, Not Compute: NSA Discretion in the Frontier AI EO - The Well News - July 7th, 2026 [July 7th, 2026]
- NSA partners with dog walking app to tackle livestock worrying - Agriland UK - July 1st, 2026 [July 1st, 2026]
- Youth Round Table Discussion: Youth round table discussion held at NSA - Myanmar International TV - July 1st, 2026 [July 1st, 2026]
- NSA welcomes Farming Roadmap 2050 and says farmers are ready to meet the challenge - Meat Management - July 1st, 2026 [July 1st, 2026]
- Crypto Executive Disputes Claims Anthropics Mythos Breached NSA Systems - Yahoo Tech - June 22nd, 2026 [June 22nd, 2026]
- Crypto Executive Disputes Claims Anthropics Mythos Breached NSA Systems - BeInCrypto - June 22nd, 2026 [June 22nd, 2026]
- Its more than Iran could have ever hoped for: Ex-US NSA John Bolton on US-Iran deal - Firstpost - June 22nd, 2026 [June 22nd, 2026]
- Manipur slaps NSA on youth already held under UAPA. Why HC quashed both cases, ordered his release - ThePrint - June 22nd, 2026 [June 22nd, 2026]
- Algorand Post-Quantum Security by 2027: 3 Years Ahead of NSA - The Cryptonomist - June 22nd, 2026 [June 22nd, 2026]
- China foreign minister set to attend Brics NSA meet in Delhi next week - The Times of India - June 22nd, 2026 [June 22nd, 2026]
- India to host BRICS NSA meet on June 2223: MEA - Awaz The Voice - June 22nd, 2026 [June 22nd, 2026]
- IDR Final Rule updates NSA dispute resolution | United States | Global law firm - Norton Rose Fulbright - June 16th, 2026 [June 16th, 2026]
- Where Is Edward Snowden Now? What to Know About the NSA Whistleblower's Life in Exile, 13 Years Later - People.com - June 16th, 2026 [June 16th, 2026]
- Former NSA official: 'Timing couldn't have been worse' for FISA 702 to expire - WBFF - June 16th, 2026 [June 16th, 2026]
- SHAREHOLDER ALERT: The M&A Class Action Firm Continues to Investigate the Merger--CZNL, NSA, CNBN, and ESQ - PR Newswire - June 16th, 2026 [June 16th, 2026]
- Training, teamwork, and quick action save a life at NSA Philadelphia - MilitaryNews.com - June 12th, 2026 [June 12th, 2026]
- NSA Insurance celebrates 100 years of selling a promise on the East End - The Suffolk Times - June 12th, 2026 [June 12th, 2026]
- Ex Pakistan NSA Moeed Yusuf says fixing ties with India key to economic revival, regional trade ambitions - ThePrint - June 12th, 2026 [June 12th, 2026]
- RSABI's Carol McLaren wins NSA Silver Salver for her work in the industry - The Scottish Farmer - June 12th, 2026 [June 12th, 2026]
- Anthropic's Mythos model is reportedly powering NSA offensive cyber ops against China and Iran - the-decoder.com - June 7th, 2026 [June 7th, 2026]
- NSA taps three officials for top cybersecurity positions - Nextgov/FCW - June 7th, 2026 [June 7th, 2026]
- Anthropic is blacklisted by the Pentagon and being used by the NSA at the same time - TechSpot - June 7th, 2026 [June 7th, 2026]
- NSA said to be readying Anthropics Mythos for use in cyber operations - TechCrunch - June 5th, 2026 [June 5th, 2026]
- Former NSA John Bolton to plead guilty to retaining classified info - MS NOW - June 5th, 2026 [June 5th, 2026]
- Trump executive order on AI gives central role to NSA - Breaking Defense - June 5th, 2026 [June 5th, 2026]
- Anthropic Is Helping the NSA Hack China. It Also Wants Everyone to Pause AI - Yahoo - June 5th, 2026 [June 5th, 2026]
- NSA using Claude Mythos for 'offensive cyber operations,' report claims says 'half-a-dozen' Anthropic engineers embedded inside the agency - Tom's... - June 5th, 2026 [June 5th, 2026]
- NSA selects new leads for key cybersecurity posts - The Record from Recorded Future News - June 5th, 2026 [June 5th, 2026]
- NSA Joins CISA and Partners to Release Guidance on Hardening Automatic Tank Gauge Systems - National Security Agency (NSA) (.gov) - June 5th, 2026 [June 5th, 2026]
- FT: Anthropic staff helping the NSA use Mythos for offensive cyberattacks - Sherwood News - June 5th, 2026 [June 5th, 2026]
- Anthropic Is Helping the NSA Hack China. It Also Wants Everyone to Pause AI - Decrypt - June 5th, 2026 [June 5th, 2026]
- Anthropic Embeds Engineers at NSA to Deploy Mythos AI for Offensive Cyber Operations - MLQ.ai - June 5th, 2026 [June 5th, 2026]
- The NSA has all the equipment and technology needed to track bandits but lacks the political will to do so -Stephen alleges Watch full interview:... - June 5th, 2026 [June 5th, 2026]
- Anthropic aids NSA with Mythos to bolster offensive cyber operations - CHOSUNBIZ - Chosunbiz - June 5th, 2026 [June 5th, 2026]
- NSA warns that cybercriminals are targeting this one critical component that the energy, chemical, food, agriculture, and transportation sectors rely... - June 5th, 2026 [June 5th, 2026]
- Video | Ex-Trump NSA Adviser Pleads Guilty To Classified Info Leak | Zelenskyy Calls For Meet With Putin - NDTV - June 5th, 2026 [June 5th, 2026]
- Former Trump NSA John Bolton to plead guilty over retaining classified documents: Report - WION - June 5th, 2026 [June 5th, 2026]
- Anthropics Mythos being used by US NSA for cyber operations FT - Business Post - June 5th, 2026 [June 5th, 2026]
- This day, that year: From Robert F. Kennedys assassination to Edward Snowdens NSA revelations how June 5 shaped the world - The Times of India - June 5th, 2026 [June 5th, 2026]
- Strengthening the security architecture with NSA and HSA - The Guardian Nigeria News - June 5th, 2026 [June 5th, 2026]
- Ex-US NSA Bolton to plead guilty over mishandling classified documents: Report - ANI News - June 5th, 2026 [June 5th, 2026]
- The NSA, Mythos and the quiet emergence of AI cyber doctrine - csoonline.com - May 27th, 2026 [May 27th, 2026]
- NSA warning on AI automation protocol raises fresh testing concerns for banks - QA Financial - May 27th, 2026 [May 27th, 2026]
- Pentagon and NSA Form Joint AI Task Force to Deploy Frontier Hacking Models on Classified Networks - SOFX - May 27th, 2026 [May 27th, 2026]
- Marco Rubio meets NSA Doval, discusses defence, security and strategic tech cooperation including TRUST in - The Economic Times - May 27th, 2026 [May 27th, 2026]
- Two protesters detained under NSA to appear before advisory board in Lucknow today - The Times of India - May 27th, 2026 [May 27th, 2026]
- General Paul M. Nakasone Director National Security Agency and staff carry a wreath to the Memorial Wall. - National Security Agency (NSA) (.gov) - May 20th, 2026 [May 20th, 2026]
- NSA scandal: Court admits bank documents between Gifty Oware and ADB - Modern Ghana - May 20th, 2026 [May 20th, 2026]
- Wiretapping trial: NSA, ICPC boss acknowledge conversation cited by in El-Rufai TV Interview - Business News Nigeria - May 20th, 2026 [May 20th, 2026]
- NSA, ICPC El-Rufais Open Confession in Media Interview Witness Testifies - The Guardian Nigeria News - May 20th, 2026 [May 20th, 2026]
- NSA issues strong warning to sports bodies over governance compliance - GhanaWeb - May 20th, 2026 [May 20th, 2026]
- Witness: NSA confirmed wiretapped conversation referenced by el-Rufai was authentic - TheCable - May 20th, 2026 [May 20th, 2026]
- NSA wiretapping: El Rufai returned to DSS custody, awaits bail - Pointblank News - May 20th, 2026 [May 20th, 2026]
- Alleged Security Breach: NSA Confirmed Conversation Referenced By El-Rufai Was Authentic Witness - Channels Television - May 20th, 2026 [May 20th, 2026]
- El-Rufai: NSA, ICPC chair confirmed tapped conversation Witness - Punch Newspapers - May 20th, 2026 [May 20th, 2026]
- Imran Khan coup: 'US message to Pakistan was clear ...' says Tilak Devasher, frmr NSA board - The Economic Times - May 20th, 2026 [May 20th, 2026]
- NSA Lady Saints two wins from claiming seventh consecutive V... - The Suffolk News-Herald - May 16th, 2026 [May 16th, 2026]
- The imposition of NSA on Satyam Verma and Aakriti Chaudhary is a conspiracy to keep them in jail - Countercurrents - May 16th, 2026 [May 16th, 2026]
- 'No Sailor Lives Afloat' Initiative: NSA Naples Moves 54 Sailors from Shipboard Berthing to Shore - DVIDS - May 16th, 2026 [May 16th, 2026]
- Workers protest: Day after invoking NSA, police say 1 cr transactions found in banks accounts of one accused | Hindustan Times - Hindustan Times - May 16th, 2026 [May 16th, 2026]
- Press Club of India urges Uttar Pradesh govt. to withdraw NSA against journalist Satyam Verma - The Hindu - May 16th, 2026 [May 16th, 2026]
- Uttar Pradesh police invoke NSA against two accused held during workers protest in Noida - The Hindu - May 16th, 2026 [May 16th, 2026]
- Illegal Mining: FG Hands Over Foreign Terror Suspects To NSA - Channels Television - May 16th, 2026 [May 16th, 2026]
- Noida Violence: NSA invoked against Satyam Verma and Aakriti Choudhary over alleged role in labour protest - Organiser - May 16th, 2026 [May 16th, 2026]
- NSA invoked against two accused in Noida labour unrest case - Awaz The Voice - May 16th, 2026 [May 16th, 2026]
- NSA invoked against two in April 13 workers stir in Noida - The New Indian Express - May 16th, 2026 [May 16th, 2026]
- Homeland Security: Replace NSA Ribadu if you lack confidence in him ADC to Tinubu - Daily Post Nigeria - May 16th, 2026 [May 16th, 2026]
- NSA sweeps Cape Henry for TCIS baseball and softball titles - The Suffolk News-Herald - May 9th, 2026 [May 9th, 2026]
- News - NSA Naples Sailor Named Navy Military Fire Officer of the Year - DVIDS - May 9th, 2026 [May 9th, 2026]
- Bergen's solo homerun lifts NSA into the TCIS Final - The Suffolk News-Herald - May 9th, 2026 [May 9th, 2026]
- NSA members bring sheep farming into the classroom - Farmers Guardian - May 9th, 2026 [May 9th, 2026]
- Amritpals mother confronts Mann: His NSA over, why arent you bringing him to Punjab? - The Indian Express - May 9th, 2026 [May 9th, 2026]
- They Said They Were From NSA Ribadus Office, Seized My Husband In Abuja Hotel: Woman Cries Out Over Alleged Disappearance - Sahara Reporters - May 9th, 2026 [May 9th, 2026]
- NSA Ajit Doval, Vietnam President discuss strengthening strategic partnership - The Sentinel - of this Land, for its People - May 9th, 2026 [May 9th, 2026]
- Cyber Command, NSA chief warns foreign adversaries likely to target midterms - The Record from Recorded Future News - April 29th, 2026 [April 29th, 2026]
- CISA flags data-theft bug in NSA-built OT networking tool - theregister.com - April 29th, 2026 [April 29th, 2026]
- Decades-old pre-Stuxnet cyber sabotage tool breaks cover, NSA listed it as 'nothing to see here' fast16 targeted nuclear reactors, dam design, and... - April 29th, 2026 [April 29th, 2026]
- The NSA Just Warned Everyone to Reboot Their Routers What to Do Right Now - National Cybersecurity Alliance - April 29th, 2026 [April 29th, 2026]
- Former NSA Science Chief Warns Humanity May Be Missing Something 'Huge' About UFO Phenomena - International Business Times UK - April 29th, 2026 [April 29th, 2026]