Former Spies' Dubious Claim: Release Of NSA's Windows Exploits Has Seriously Harmed National Security

from the protesting-a-bit-much dept

The Shadow Brokers' attempted firesale of NSA exploits didn't go well. After early leaks failed to pique buyers' interest, SB decided to start handing over the agency's hacking tools to the general public.

The most recent dump was the most interesting. It contained a variety of remote access exploits -- several of them zero days -- that gave NSA operatives "God mode" control over compromised computers with fairly-recent versions of the Windows operating system.

But they were of limited use. The most recent exploitable version was Windows 8, and every version still supported by Microsoft was patched before the SB dump, most likely as the result of a belated tip from the NSA. However, older operating systems without Microsoft support are still exploitable, and will remain exploitable until those systems are updated.

Now that most of the stash is out in the open, the Intelligence Community is able to do two things:

1. Determine who is responsible for the leaked toolset.

2. Complain about it.

The latter appears to be what's happening now. A few (anonymous) former members of the Intelligence Community are talking up what a horrible blow this is to the NSA.

Although digital exploits are used for spying rather than destruction, they allow operators to break down invisible doors, pilfering information. Seeing these latest tools published online was “devastating,” the former cyber intelligence employee said.

Three recently retired intelligence employees who worked on hacking tools for the government requested anonymity in order to speak freely about sensitive matters and to protect ongoing work and employability.

“By my estimation, there’s not much left to burn,” another former intelligence official who worked for several three-letter agencies told Foreign Policy. “The tools that were released were pretty critical.

Supposedly, this set of tools was worth millions of dollars to the NSA. If market prices in Bitcoin are anything to go by, criminals and foreign espionage agencies didn't appear to feel they were worth much more than a few thousand dollars. Of course, potential buyers didn't know exactly what they were getting. Others probably figured the exploits would be patched into irrelevance by the time they got their hands on them.

The "sky is falling" narrative tends to follow every leak of national security documents, starting with Snowden's, which damaged the NSA so much it's in better shape than ever. There may have been some valuable tools in the SB stash, but the moment they ended up in someone other than the NSA's hands, they became relatively worthless to the agency.

But what was released, however powerful, was outdated. The stash appeared to be a 2013 vintage -- valuable in its prime, but no longer quite as useful after Microsoft's forced migration of Windows users to version 10. The NSA is undoubtedly sitting on a stash of current exploits far more valuable than what it lost when someone left a bunch of hacking tools behind in a compromised server.

The public gnashing of natsec teeth also serves another purpose: it hopefully encourages surveillance targets to let their guard down a bit. By projecting the image of an intelligence agency fumbling around in the dark, the agency can very likely obtain a few new intercepts from careless foes it catches relaxing.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: exploits, hacking tools, leaks, national security, nsa, surveillance

Reader Comments

Subscribe: RSS

View by: Thread

  1. identicon
    Anonymous Coward, 25 Apr 2017 @ 2:51pm

    Re: Re: Who is

    Recently, there seems to be a contingent of numbsculls (or maybe it's just you?) roaming around here on TD that have decide to necessarily equate the term "Deep State" with some sort of Alex Jones'ish, tin foil hat, conspiracy theory. Please stop, you're making fools of yourselves.

    While it's true that the term "Deep State" is often borrowed by conspiracy theorists to make some pretty dubious/unsupportable claims, the existence, mechanics, and motives of the "Deep State" itself is well discussed/documented/analyzed by some very reasonable and respected individuals (e.g., Mike Lofgren, C. Wright Mills, and Dwight Eisenhower). Not to mention, the Deep State operates in plain sight for all to readily observe if they care to look.

    To use Lofgren's definition, the Deep State is "a hybrid association of elements of government and parts of top-level finance and industry that is effectively able to govern the United States without reference to the consent of the governed as expressed through the formal political process." Or Mills observation (circa 1956), "American power had become concentrated into three major divisions; the military-industrial complex, Wall Street, and the Pentagon."

    So please do tell us, how does that not describe - nearly perfectly - exactly what we're seeing from our government and industry today?

    That's not conspiracy theory son, that just looking out your window.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat

Warning: include(/home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/ failed to open stream: No such file or directory in /home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/ on line 8

Warning: include(): Failed opening '/home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/' for inclusion (include_path='.:/usr/share/pear:/home/beta6/deploy/itasca_20201215-3691-c395:/home/beta6/deploy/itasca_20201215-3691-c395/..') in /home/beta6/deploy/itasca_20201215-3691-c395/includes/right_column/ on line 8
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.