Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Monday, 13 May 2019 03:51

Ex-NSA hackers come out firing after NYT criticises agency

Ex-NSA hackers come out firing after NYT criticises agency Image by 41330 from Pixabay

There are many things that one can say about America's premier spy agency, the NSA, but one can never accuse it of not instilling an incredible degree of loyalty among most of its employees, to the extent that those who left its portals decades ago still carry water for it when someone attacks the agency.

Exactly what prompts this loyalty? A security industry source says it is not unrelated to the fact that a lot of outsourced work from the NSA ends up being given to outfits run by – yes, you guessed it, ex-NSA spooks. And the NSA has a massive budget so these contracts are not trivial.

Last week, The New York Times ran a story based on a leak from security firm Symantec, claiming that Chinese spies had gained access to a number of NSA exploits and used them for attacks, well before they were leaked on the Web by a group known as the Shadow Brokers.

Symantec's contention was that a group called Buckeye, which appears to be a Chinese-affiliated group, had been using tools from the NSA — which Symantec referred to as the Equation Group, using nomenclature that has been employed by Kaspersky Lab — to gain persistent access to targets at least a year before the Shadow Brokers leaked a trove of exploits on the Web.

To date, there has been no indication as to the identity of the Brokers who first offered exploits for sale in 2016, and later, finding no takers, dumped said exploits which included DoublePulsar, EternalBlue, EternalRomance and EternalSynergy.

EternalBlue was used to craft the WannaCry ransomware which wreaked havoc on companies and organisations in May 2017.

News stories in the NYT always contain comment, and probably what irked the ex-NSA types was stuff like this: "The Chinese action shows how proliferating cyber conflict is creating a digital wild West with few rules or certainties, and how difficult it is for the United States to keep track of the malware it uses to break into foreign networks and attack adversaries’ infrastructure.

"The losses have touched off a debate within the intelligence community over whether the United States should continue to develop some of the world’s most high-tech, stealthy cyber weapons if it is unable to keep them under lock and key."

The theft of the exploits by the Brokers has given the NSA a considerable black eye: three years on from the first announcement, nobody is any the wiser as to the identities of the thieves.

The sideshow that took place after the NYT story was put online was infinitely more interesting than the NYT story itself; the only point of interest around these leaked NSA exploits is the identity of the Shadow Brokers. Some say they are Russian, others see it as more plausible that they are a homegrown unit.

But no matter that this article was all about a sideshow, ex-NSA spooks, one after another, lined up to take up cudgels for their former employer.

Among them was Dave Aitel, the chief of Immunity, a security company that was bought by Cyxtera Technologies in January. Aitel wrote a blog post, claiming, "I want to point out that Nicole Perlroth, David E. Sanger and Scott Shane (the authors of the NYT article) have, as usual, written an article... that is more advocacy than news.

"They say never to pick a fight with someone who buys ink by the barrel, but this article is pure nonsense. Let's let Rob Lee, who knows what he's talking about, say it succinctly."

Aitel inserted a tweet from Lee, also an NSA alumnus, which read: "My late night take: if we’re going to yell at the NSA for making an exploit that an adversary saw in an intrusion and learned from as an example of 'losing control of weapons' then we should just argue that no one should make exploits ever because they can all be lost in that way."

Aitel does not always spar with journalists; he is not averse to a bit of publicity himself and this writer interviewed him at length in 2005 when he was under pressure from proprietary software vendors and a senior researcher over the way he ran his company. At the time, Aitel and his researchers followed a business model of providing clients with inside knowledge of the vulnerabilities they found without ever informing the vendor of the software in question.

Recently, however, Aitel seems to have taken a dislike to those who call themselves journalists, banning media from the annual Infiltrate security conference that Immunity organises.

In another tweet, Lee, who runs his own security firm, Dragos, said: "I’m honestly confused by the coverage on this one and the outrage shown by some folks. I feel I must be missing something. If you lose control and things get leaked; that’s one thing. But proliferation and abuse through use? That’s not new nor unique to the NSA."

And referring to Aitel's blog post, Lee wrote: "Anyway – Dave’s blog had me thinking. Our intel professionals do amazing work far outside the scathing view of infosec. They should strive to do better but I’m also proud to have been part of the US IC and thank those still in doing the grind."

Jake Williams, an extremely well-known former NSA man who now runs his own infosec outfit, Rendition Infosec, and at times takes the middle ground, also defended his former employer, saying: "I've seen a lot of anti-NSA rants after the new @symantec report about EternalSynergy and DoublePulsar. Exploits serve an obvious purpose which we should all agree is valuable - gaining intelligence on those who wish us harm."

He followed up with another eight tweets, explaining why this case — that of the NSA exploits being stolen — was more a matter of faults in the Vulnerabilities Equities Process, a US government process that outlines when zero-day exploits can be kept hidden in order to craft exploits for attacking foreign enemies, and when they should be disclosed to vendors for patching.

Old loyalties it would appear die hard – especially when the wheels are greased well.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments