Wednesday, April 19, 2017

Shadow Brokers Hit NSA a Devastating Lick

Don't forget I told you cats about the NSA creep-tip two years ago, and gave you a concrete specific recommendation for shoring up your end-point game to protect at least a little something...,

FP |  Weaver believes that when the Shadow Brokers published a broad list of the tools in their possession in January, hoping to auction them off, the NSA moved quickly.

The NSA “did clearly, quietly tell Microsoft,” Weaver said, allowing the company to repair the holes before script kiddies and criminal hackers started figuring out the specifics of the exploits.
Microsoft published a massive patch exactly a month before the Shadow Brokers unleashed its trove.
Neither Microsoft nor the NSA immediately responded to a request for comment.

Before Microsoft revealed it had patched most of the holes, the Shadow Brokers’ release reignited the debate about when government agencies should be required to disclose vulnerabilities it finds in such major products as devices and browsers.

The White House’s Vulnerabilities Equities Process, which determines whether those flaws should be shared with the company in order to be repaired, or taken advantage of by intelligence agencies, was reinvigorated in 2014. The process involves several major agencies, which consider the likelihood that other nation states or criminal actors would come across the same flaws.

It’s unclear, however, which agencies are involved in the process and how those decisions are made. The agencies are not required to disclose vulnerabilities purchased or researched through government sponsorship. If the NSA told Microsoft about the tools, it was because the agency knew or suspected the vulnerabilities had been compromised.

Intelligence officials see the latest Shadow Brokers release as part of a larger erosion of capabilities that has been going on since 2013, when former NSA contractor Edward Snowden gave journalists internal NSA documents. Snowden’s leak kicked off a chain of damaging exposures that, while sparking an important worldwide debate about privacy, severely damaged U.S. intelligence capabilities, the former intelligence official argued.

One former TAO employee who spoke with Foreign Policy believes the release is “a bit dated,” because hacking tools to access more current Windows projects and other browsers weren’t included.
“It is a significant leak. … It gets harder to develop tools as defenses improve,” the former TAO employee said. “But it’s still entirely possible. There are many bugs to be found.”

But the intelligence community’s ability to keep those bugs secret for any amount of time continues to be questioned. In this latest leak, detailed NSA notes and work product were included in addition to technical details about the hacking tools — likely indicating deep-level access to TAO troves. “This should be on an NSA computer only,” Weaver told Foreign Policy.

The details the Shadow Brokers revealed are “scary,” the former cyberintelligence employee said, details that must be from internal emails, chat logs, or insider knowledge.

Only a handful of countries could have pilfered such sensitive material from the NSA remotely, the former TAO employee wrote, Russia and Israel the mostly likely among them.

“If it was an inside job like an operator [typically military] walking out with a thumb drive, then who knows,” the former TAO source wrote.

In recent years, the intelligence community has largely failed to detect insider threats and stem leaks from contractors. Thousands of private companies and their employees make up a massive percentage of the intelligence community’s workforce. As of a decade ago, about 70 percent of the intelligence community’s budget was spent on contracts, according to the Congressional Research Service.