Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Monday, 13 May 2019 03:51

Ex-NSA hackers come out firing after NYT criticises agency

Ex-NSA hackers come out firing after NYT criticises agency Image by 41330 from Pixabay

There are many things that one can say about America's premier spy agency, the NSA, but one can never accuse it of not instilling an incredible degree of loyalty among most of its employees, to the extent that those who left its portals decades ago still carry water for it when someone attacks the agency.

Exactly what prompts this loyalty? A security industry source says it is not unrelated to the fact that a lot of outsourced work from the NSA ends up being given to outfits run by – yes, you guessed it, ex-NSA spooks. And the NSA has a massive budget so these contracts are not trivial.

Last week, The New York Times ran a story based on a leak from security firm Symantec, claiming that Chinese spies had gained access to a number of NSA exploits and used them for attacks, well before they were leaked on the Web by a group known as the Shadow Brokers.

Symantec's contention was that a group called Buckeye, which appears to be a Chinese-affiliated group, had been using tools from the NSA — which Symantec referred to as the Equation Group, using nomenclature that has been employed by Kaspersky Lab — to gain persistent access to targets at least a year before the Shadow Brokers leaked a trove of exploits on the Web.

To date, there has been no indication as to the identity of the Brokers who first offered exploits for sale in 2016, and later, finding no takers, dumped said exploits which included DoublePulsar, EternalBlue, EternalRomance and EternalSynergy.

EternalBlue was used to craft the WannaCry ransomware which wreaked havoc on companies and organisations in May 2017.

News stories in the NYT always contain comment, and probably what irked the ex-NSA types was stuff like this: "The Chinese action shows how proliferating cyber conflict is creating a digital wild West with few rules or certainties, and how difficult it is for the United States to keep track of the malware it uses to break into foreign networks and attack adversaries’ infrastructure.

"The losses have touched off a debate within the intelligence community over whether the United States should continue to develop some of the world’s most high-tech, stealthy cyber weapons if it is unable to keep them under lock and key."

The theft of the exploits by the Brokers has given the NSA a considerable black eye: three years on from the first announcement, nobody is any the wiser as to the identities of the thieves.

The sideshow that took place after the NYT story was put online was infinitely more interesting than the NYT story itself; the only point of interest around these leaked NSA exploits is the identity of the Shadow Brokers. Some say they are Russian, others see it as more plausible that they are a homegrown unit.

But no matter that this article was all about a sideshow, ex-NSA spooks, one after another, lined up to take up cudgels for their former employer.

Among them was Dave Aitel, the chief of Immunity, a security company that was bought by Cyxtera Technologies in January. Aitel wrote a blog post, claiming, "I want to point out that Nicole Perlroth, David E. Sanger and Scott Shane (the authors of the NYT article) have, as usual, written an article... that is more advocacy than news.

"They say never to pick a fight with someone who buys ink by the barrel, but this article is pure nonsense. Let's let Rob Lee, who knows what he's talking about, say it succinctly."

Aitel inserted a tweet from Lee, also an NSA alumnus, which read: "My late night take: if we’re going to yell at the NSA for making an exploit that an adversary saw in an intrusion and learned from as an example of 'losing control of weapons' then we should just argue that no one should make exploits ever because they can all be lost in that way."

Aitel does not always spar with journalists; he is not averse to a bit of publicity himself and this writer interviewed him at length in 2005 when he was under pressure from proprietary software vendors and a senior researcher over the way he ran his company. At the time, Aitel and his researchers followed a business model of providing clients with inside knowledge of the vulnerabilities they found without ever informing the vendor of the software in question.

Recently, however, Aitel seems to have taken a dislike to those who call themselves journalists, banning media from the annual Infiltrate security conference that Immunity organises.

In another tweet, Lee, who runs his own security firm, Dragos, said: "I’m honestly confused by the coverage on this one and the outrage shown by some folks. I feel I must be missing something. If you lose control and things get leaked; that’s one thing. But proliferation and abuse through use? That’s not new nor unique to the NSA."

And referring to Aitel's blog post, Lee wrote: "Anyway – Dave’s blog had me thinking. Our intel professionals do amazing work far outside the scathing view of infosec. They should strive to do better but I’m also proud to have been part of the US IC and thank those still in doing the grind."

Jake Williams, an extremely well-known former NSA man who now runs his own infosec outfit, Rendition Infosec, and at times takes the middle ground, also defended his former employer, saying: "I've seen a lot of anti-NSA rants after the new @symantec report about EternalSynergy and DoublePulsar. Exploits serve an obvious purpose which we should all agree is valuable - gaining intelligence on those who wish us harm."

He followed up with another eight tweets, explaining why this case — that of the NSA exploits being stolen — was more a matter of faults in the Vulnerabilities Equities Process, a US government process that outlines when zero-day exploits can be kept hidden in order to craft exploits for attacking foreign enemies, and when they should be disclosed to vendors for patching.

Old loyalties it would appear die hard – especially when the wheels are greased well.

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News