Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Monday, 13 May 2019 03:51

Ex-NSA hackers come out firing after NYT criticises agency

Ex-NSA hackers come out firing after NYT criticises agency Image by 41330 from Pixabay

There are many things that one can say about America's premier spy agency, the NSA, but one can never accuse it of not instilling an incredible degree of loyalty among most of its employees, to the extent that those who left its portals decades ago still carry water for it when someone attacks the agency.

Exactly what prompts this loyalty? A security industry source says it is not unrelated to the fact that a lot of outsourced work from the NSA ends up being given to outfits run by – yes, you guessed it, ex-NSA spooks. And the NSA has a massive budget so these contracts are not trivial.

Last week, The New York Times ran a story based on a leak from security firm Symantec, claiming that Chinese spies had gained access to a number of NSA exploits and used them for attacks, well before they were leaked on the Web by a group known as the Shadow Brokers.

Symantec's contention was that a group called Buckeye, which appears to be a Chinese-affiliated group, had been using tools from the NSA — which Symantec referred to as the Equation Group, using nomenclature that has been employed by Kaspersky Lab — to gain persistent access to targets at least a year before the Shadow Brokers leaked a trove of exploits on the Web.

To date, there has been no indication as to the identity of the Brokers who first offered exploits for sale in 2016, and later, finding no takers, dumped said exploits which included DoublePulsar, EternalBlue, EternalRomance and EternalSynergy.

EternalBlue was used to craft the WannaCry ransomware which wreaked havoc on companies and organisations in May 2017.

News stories in the NYT always contain comment, and probably what irked the ex-NSA types was stuff like this: "The Chinese action shows how proliferating cyber conflict is creating a digital wild West with few rules or certainties, and how difficult it is for the United States to keep track of the malware it uses to break into foreign networks and attack adversaries’ infrastructure.

"The losses have touched off a debate within the intelligence community over whether the United States should continue to develop some of the world’s most high-tech, stealthy cyber weapons if it is unable to keep them under lock and key."

The theft of the exploits by the Brokers has given the NSA a considerable black eye: three years on from the first announcement, nobody is any the wiser as to the identities of the thieves.

The sideshow that took place after the NYT story was put online was infinitely more interesting than the NYT story itself; the only point of interest around these leaked NSA exploits is the identity of the Shadow Brokers. Some say they are Russian, others see it as more plausible that they are a homegrown unit.

But no matter that this article was all about a sideshow, ex-NSA spooks, one after another, lined up to take up cudgels for their former employer.

Among them was Dave Aitel, the chief of Immunity, a security company that was bought by Cyxtera Technologies in January. Aitel wrote a blog post, claiming, "I want to point out that Nicole Perlroth, David E. Sanger and Scott Shane (the authors of the NYT article) have, as usual, written an article... that is more advocacy than news.

"They say never to pick a fight with someone who buys ink by the barrel, but this article is pure nonsense. Let's let Rob Lee, who knows what he's talking about, say it succinctly."

Aitel inserted a tweet from Lee, also an NSA alumnus, which read: "My late night take: if we’re going to yell at the NSA for making an exploit that an adversary saw in an intrusion and learned from as an example of 'losing control of weapons' then we should just argue that no one should make exploits ever because they can all be lost in that way."

Aitel does not always spar with journalists; he is not averse to a bit of publicity himself and this writer interviewed him at length in 2005 when he was under pressure from proprietary software vendors and a senior researcher over the way he ran his company. At the time, Aitel and his researchers followed a business model of providing clients with inside knowledge of the vulnerabilities they found without ever informing the vendor of the software in question.

Recently, however, Aitel seems to have taken a dislike to those who call themselves journalists, banning media from the annual Infiltrate security conference that Immunity organises.

In another tweet, Lee, who runs his own security firm, Dragos, said: "I’m honestly confused by the coverage on this one and the outrage shown by some folks. I feel I must be missing something. If you lose control and things get leaked; that’s one thing. But proliferation and abuse through use? That’s not new nor unique to the NSA."

And referring to Aitel's blog post, Lee wrote: "Anyway – Dave’s blog had me thinking. Our intel professionals do amazing work far outside the scathing view of infosec. They should strive to do better but I’m also proud to have been part of the US IC and thank those still in doing the grind."

Jake Williams, an extremely well-known former NSA man who now runs his own infosec outfit, Rendition Infosec, and at times takes the middle ground, also defended his former employer, saying: "I've seen a lot of anti-NSA rants after the new @symantec report about EternalSynergy and DoublePulsar. Exploits serve an obvious purpose which we should all agree is valuable - gaining intelligence on those who wish us harm."

He followed up with another eight tweets, explaining why this case — that of the NSA exploits being stolen — was more a matter of faults in the Vulnerabilities Equities Process, a US government process that outlines when zero-day exploits can be kept hidden in order to craft exploits for attacking foreign enemies, and when they should be disclosed to vendors for patching.

Old loyalties it would appear die hard – especially when the wheels are greased well.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments