Former Spies' Dubious Claim: Release Of NSA's Windows Exploits Has Seriously Harmed National Security

from the protesting-a-bit-much dept

The Shadow Brokers' attempted firesale of NSA exploits didn't go well. After early leaks failed to pique buyers' interest, SB decided to start handing over the agency's hacking tools to the general public.

The most recent dump was the most interesting. It contained a variety of remote access exploits -- several of them zero days -- that gave NSA operatives "God mode" control over compromised computers with fairly-recent versions of the Windows operating system.

But they were of limited use. The most recent exploitable version was Windows 8, and every version still supported by Microsoft was patched before the SB dump, most likely as the result of a belated tip from the NSA. However, older operating systems without Microsoft support are still exploitable, and will remain exploitable until those systems are updated.

Now that most of the stash is out in the open, the Intelligence Community is able to do two things:

1. Determine who is responsible for the leaked toolset.

2. Complain about it.

The latter appears to be what's happening now. A few (anonymous) former members of the Intelligence Community are talking up what a horrible blow this is to the NSA.

Although digital exploits are used for spying rather than destruction, they allow operators to break down invisible doors, pilfering information. Seeing these latest tools published online was “devastating,” the former cyber intelligence employee said.

Three recently retired intelligence employees who worked on hacking tools for the government requested anonymity in order to speak freely about sensitive matters and to protect ongoing work and employability.

“By my estimation, there’s not much left to burn,” another former intelligence official who worked for several three-letter agencies told Foreign Policy. “The tools that were released were pretty critical.

Supposedly, this set of tools was worth millions of dollars to the NSA. If market prices in Bitcoin are anything to go by, criminals and foreign espionage agencies didn't appear to feel they were worth much more than a few thousand dollars. Of course, potential buyers didn't know exactly what they were getting. Others probably figured the exploits would be patched into irrelevance by the time they got their hands on them.

The "sky is falling" narrative tends to follow every leak of national security documents, starting with Snowden's, which damaged the NSA so much it's in better shape than ever. There may have been some valuable tools in the SB stash, but the moment they ended up in someone other than the NSA's hands, they became relatively worthless to the agency.

But what was released, however powerful, was outdated. The stash appeared to be a 2013 vintage -- valuable in its prime, but no longer quite as useful after Microsoft's forced migration of Windows users to version 10. The NSA is undoubtedly sitting on a stash of current exploits far more valuable than what it lost when someone left a bunch of hacking tools behind in a compromised server.

The public gnashing of natsec teeth also serves another purpose: it hopefully encourages surveillance targets to let their guard down a bit. By projecting the image of an intelligence agency fumbling around in the dark, the agency can very likely obtain a few new intercepts from careless foes it catches relaxing.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: exploits, hacking tools, leaks, national security, nsa, surveillance


Reader Comments

Subscribe: RSS

View by: Thread


  1. identicon
    Pixelation, 25 Apr 2017 @ 8:15am

    How convenient

    My sneaking suspicion is that this is a smoke screen release of mostly outdated or soon to be outdated exploits with a few juicy tidbits thrown in. A good way to get "the other side" to believe your capabilities have been diminished.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat

Warning: include(/home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_promo_discord_chat.inc): failed to open stream: No such file or directory in /home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_module_promo.inc on line 8

Warning: include(): Failed opening '/home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_promo_discord_chat.inc' for inclusion (include_path='.:/usr/share/pear:/home/beta6/deploy/itasca_20201215-3691-c395:/home/beta6/deploy/itasca_20201215-3691-c395/..') in /home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/rc_module_promo.inc on line 8
Recent Stories
.

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.