Security Market Segment LS
Sunday, 07 February 2021 22:29

Ex-NSA man Aitel again clashes with NYT over cyber attack article

Ex-NSA man Aitel again clashes with NYT over cyber attack article Pixabay

Former NSA hacker and ex-owner of security company Immunity, Dave Aitel, has once again criticised New York Times' cyber security reporter Nicole Perlroth, claiming that nearly every detail in a piece the journalist wrote to promote an upcoming book of hers is wrong.

Aitel made the comments on Twitter, also saying he had been mischaracterised as a former NSA analyst by Perlroth. Strangely, the NYT reporter did not name Aitel, though she claimed that Immunity at one stage trained the Turkish army in cyber techniques. "One contractor, Immunity Inc., founded by a former N.S.A. analyst, embarked on a slippier slope. First, employees say, Immunity trained consultants like Booz Allen, then defense contractor Raytheon, then the Dutch and the Norwegian governments. But soon the Turkish army came knocking," the article claims.

The article in question, published on 6 February, argues that the US has lost control of the global battle with state-controlled malicious attackers due to its hubris.

Its premise is probably best summed up by this paragraph: "Three decades ago, the United States spawned, then cornered, the market for hackers, their tradecraft, and their tools. But over the past decade, its lead has been slipping, and those same hacks have come boomeranging back on us."

Aitel also questioned Perlroth's claim that Stuxnet, malware which was built by the US and Israel to disable centrifuges at Iran's Natanz nuclear reactor, was spread through the use of seven zero-days, one of which had been previously disclosed but never patched.

One Twitter user, who responded to Aitel's tweet about Stuxnet, said that seven zero-days had not been used, "but 7 vulnerabilities patched in the immediate remediation following Stuxnet analysis matched codepaths exploited by Stuxnet".

In response to Aitel's criticism, Perlroth fired back: "Guess who was given ample opportunity to clarify his title in our fact checking conversations, or that he wasn’t training Turkish military? Dave Aitel.

"Instead, when asked, his answer was: 'I would never comment on my customers'. There’s a reason he is nitpicking now after years."

She added later: "And why he has tried to pre-empt and criticise my reporting. It’s because I fact-checked every single thing, down to his bumper stickers, with him. He knew exactly what was going to come out."

In a later tweet, Aitel said: "I critique this kind of reporting when I don't think it accurately represents the space. I'll have more after I read the book."

Aitel told this writer many years ago in his only detailed interview available online that he worked as a computer scientist with the NSA.

Asked for his impressions of the article, former NSA hacker Jake Williams said he had nothing to add to what he had already tweeted; his earlier tweets were a series of cyber offence vs cyber defence polls.

Another well-known security researcher, who posts as Thaddeus E. Grugq, also took issue with details in the article, pointing out that Aitel was an operator at the NSA, not an analyst.

He also contested Perlroth's claim that tools from the NSA were exfiltrated in 2017. Her reference was to the group known as the Shadow Brokers; the group released an initial list of what it claimed were NSA exploits in August 2016, seeking likely buyers. It then dumped the whole lot online in April 2017. One of these exploits, known as EternalBlue, was used to craft the ransomware known as WannaCry which wreaked havoc in many countries in May 2017.

The identity of the Shadow Brokers still remains unknown, with the NSA telling iTWire in September 2020, that it had no information to offer as to was behind the group, despite a probe that was reported to have been going on for 15 months in November 2017.

Grugq wrote: "You say 'tools were hacked in 2017'. There is no evidence to indicate when they were acquired, so even saying 2016 is dubious. Analyst vs operator are very different roles. Symantec analysis is not of the same calibre as @codelancer (who’s credited on one of the CVEs)."

He also questioned a claim made by Perlroth that the NSA had control over the market for hacking tools. The article claims: "As the market expanded outside the N.S.A.’s direct control, the agency’s focus stayed on offense. The N.S.A. knew the same vulnerabilities it was finding and exploiting elsewhere would, one day, blow back on Americans. Its answer to this dilemma was to boil American exceptionalism down to an acronym — NOBUS — which stands for “Nobody But Us.” If the agency found a vulnerability it believed only it could exploit, it hoarded it."

Grugq wrote: "This claim is that there was a single market and that it was controlled by NSA? That is not true. Even just the hacker underground trade in 0days, which is well documented, shows that there was no “the market” and NSA didn’t have direct control or even a monopsony."

Perlroth shot back: "You can keep screenshotting out of context, but really, I recommend fresh air."

This is not the first time that ex-NSA hackers have attacked Perlroth's reporting. In May 2019, she and two others, Scott Shane and David Sanger, came under fire after they wrote a yarn based on a leak from security firm Symantec, claiming that Chinese spies had gained access to a number of NSA exploits and used them for attacks, well before they were leaked by the Shadow Brokers.

On that occasion, Aitel was joined by another NSA alumnus, Robert M. Lee, and Williams in defending his former employer, the premier US spook agency..

But some of Aitel's peers took aim at him, pointing out that he had a conflict of interest. One, named Chad Loder, wrote: "You own a company in the exploit market that @nicoleperlroth has been asking hard questions about."

More recently, Williams took issue with a piece that Perlroth and Sanger wrote along with a third reporter, Julian Barnes, claiming that the wares of a software company known as JetBrains could have a connection to the supply chain incident involving SolarWinds' network management software known as Orion.

He blasted the authors for wasting the time of infosec practitioners who had to divert their attention from other tasks to check for compromises in JetBrains' software.

In September last year, Perlroth and Sanger were criticised in these columns over an article in which they tried to hype up the so-called Russian threat to the US ahead of the 2020 presidential poll.

Update, 8 February: Perlroth sent the graphic below which details the seven zero-days that she claims were used in crafting the Stuxnet malware. The information was credited to American security firm Symantec.


Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous