Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Security Government United States

Hacks Raise Fear Over NSA's Hold on Cyberweapons (nytimes.com) 103

Nicole Perlroth, and David Sanger, writing for The New York Times: Twice in the past month, National Security Agency cyberweapons stolen from its arsenal have been turned against two very different partners of the United States -- Britain and Ukraine. The N.S.A. has kept quiet, not acknowledging its role in developing the weapons (alternative source). White House officials have deflected many questions, and responded to others by arguing that the focus should be on the attackers themselves, not the manufacturer of their weapons. But the silence is wearing thin for victims of the assaults, as a series of escalating attacks using N.S.A. cyberweapons have hit hospitals, a nuclear site and American businesses. Now there is growing concern that United States intelligence agencies have rushed to create digital weapons that they cannot keep safe from adversaries or disable once they fall into the wrong hands. On Wednesday, the calls for the agency to address its role in the latest attacks grew louder, as victims and technology companies cried foul. Representative Ted Lieu, a California Democrat and a former Air Force officer who serves on the House Judiciary and Foreign Affairs Committees, urged the N.S.A. to help stop the attacks and to stop hoarding knowledge of the computer vulnerabilities upon which these weapons rely.
This discussion has been archived. No new comments can be posted.

Hacks Raise Fear Over NSA's Hold on Cyberweapons

Comments Filter:
  • Cyber... (Score:4, Funny)

    by Frosty Piss ( 770223 ) * on Thursday June 29, 2017 @09:53AM (#54712395)

    Only my opinion, but I really dislike this ter, "cyberweapon". Actually, anything with "cyber" other than "cybersex" sets me off a bit...

    • by Anonymous Coward

      You should really try regular sex. Once you do, cybersex will seem just as distasteful and cyberweapons, cyberbullying, and cyberspace.

  • by Desler ( 1608317 ) on Thursday June 29, 2017 @09:58AM (#54712441)

    Even worse than that is they expect us to believe that they can securely escrow master keys to break all encryption. What a bunch of jokers.

  • by Gravis Zero ( 934156 ) on Thursday June 29, 2017 @10:01AM (#54712465)

    Never create a weapon that you wouldn't want to fall into the hands of your worst enemy.

    • And these are weapons that the enemy can just stumble upon anywhere out in the world. A cyberweapon is really just a secret, but it's a decent (if tortured) analogy to think of them as camouflaged, remote-detonatable explosives that are hiding all over the place. The world is almost made of these bombs just waiting for someone to figure out how to set them off, and if we identify them we can neutralize them all without much trouble. But if we keep secret the fact that a certain kind of tree will go off like

    • Never create a weapon that you wouldn't want to fall into the hands of your worst enemy.

      That's nonsensical. What advantage or tool would you want your worst enemy to have?

    • by houghi ( 78078 )

      To me it feels more like two brothers and one keeps yelling, while holding his hand and shouting "Stop hitting yourself. Stop hitting yourself."

    • ....or introduce security flaws that let the enemy use your own stock against you

    • by mi ( 197448 )

      Never create a weapon that you wouldn't want to fall into the hands of your worst enemy.

      So, like, no swords and no clubs either, huh?

  • by sjames ( 1099 ) on Thursday June 29, 2017 @10:38AM (#54712701) Homepage Journal

    The NSA. It pooped it's pants right there in the public square. And rather than trying to clean up, it just stands there yelling "MY SHIT DON'T STINK!" while continuing to make squeaky farts..

    This is probably go to a new school next year level public humiliation, but they apparently have no shame.

    If you should see someone who works for the NSA, hand them a roll of toilet paper.

    • Re: (Score:2, Insightful)

      by XXongo ( 3986865 )

      The NRA. It pooped its pants right there in the public square. And rather than trying to clean up, it just stands there yelling "MY SHIT DON'T STINK!" while continuing to make squeaky farts..

      This is probably go to a new school next year level public humiliation, but they apparently have no shame.

      If you should see someone who works for the NRA, hand them a roll of toilet paper.

      • by Anonymous Coward

        The NRA. It pooped its pants right there in the public square. And rather than trying to clean up, it just stands there yelling "MY SHIT DON'T STINK!" while continuing to make squeaky farts..

        This is probably go to a new school next year level public humiliation, but they apparently have no shame.

        If you should see someone who works for the NRA, hand them a roll of toilet paper.

        The NRA protects your right to use weapons for legitimate and legal purpose.

        The NSA creates weapons to be used any way they please, legal or otherwise.

        Kindly fuck off with your senseless analogies.

      • you are one stupid douchebag
    • The NSA. It pooped it's pants right there in the public square. And rather than trying to clean up, it just stands there yelling "MY SHIT DON'T STINK!" while continuing to make squeaky farts..

      This is probably go to a new school next year level public humiliation, but they apparently have no shame.

      If you should see someone who works for the NSA, hand them a roll of toilet paper.

      OMG I wish this would become a thing!

      Order toilet paper sent to NSA HQ! Bury them in literally tons and tons of shit-paper every single day! Photos of piles of rolls at their doors and trucks lined up to unload more making the rounds on social media, the news cycle, etc!

      Let's make it possible for drivers to see a new sign along the highways in Virginia; "See The World's Largest Mountain Of Toilet Paper! Visit NSA HQ Alexandria Next Exit!"

      Destroy them with laughter! Make them such a worldwide joke (I know, t

  • The market would be tanking.

    How can anyone innovate, compete, and do business when everything they make can be destroyed 'with a click of a button'?

    This situation is enforcing the status quo to a hideous degree. The time is long past for violent revolt.

  • But the silence is wearing thin for victims of the assaults, as a series of escalating attacks using N.S.A. cyberweapons have hit hospitals, a nuclear site and American businesses.

    IMHO it's just getting started. The source code to a whole BUNCH of their tools has gotten out - a treasure trove for the bad guys. Now they don't have to design this stuff themselves - it's all there, ready to be customized. We're just seeing the leading edge from the early adopters.

    Now there is growing concern that United States intelligence agencies have rushed to create digital weapons that they cannot keep safe from adversaries or disable once they fall into the wrong hands.

    Well, DUH! If you've got the source it's anywhere from reasonably easy to trivial to disable or change any kill switch. Changing vulnerable mechanisms key to the operation are more difficult, but still doable. So even if they did spend extra engineer time to build in the equivalent of "gun smart chips" - and they worked - it would, at best, be initially mitigating but ultimately futile.

    • by PraiseBob ( 1923958 ) on Thursday June 29, 2017 @12:24PM (#54713657)
      One other aspect to keep in mind- For YEARS now, the intelligence services of the USA have been pouring millions of dollars a year into the Black Hat Black Markets, where these vulnerabilities are traded and sold. They aren't some bit player, occasionally picking up a new trick, they are the primary source of funding to many of these marketplaces.

      The bugs would still exist either way, but the government has been intentionally funding organized crime into developing these vulnerabilities, and making the situation much worse. Since they are the primary entity putting money into this marketplace, they are playing the key role to allow black hats to quit their day job and focus on writing exploits.
      • Re: (Score:3, Insightful)

        by Anonymous Coward

        [citation needed]

  • The thing about vulnerabilities is one single entity can't find everything. If you're then disclosing those to get everything patched you are harming your offensive capabilities. It may impact another party's offensive capabilities as well, but it's very likely they have vulnerabilities that you don't know about. So then you have a double edged sword. Do you keep the exploit to use offensively and risk the undisclosed exploit being used against you, or disclose it and still risk another undisclosed exploit
    • by AHuxley ( 892839 )
      The problem is the automated side of a lot of the gov backed malware.
      Visit a site get gov malware. Have wifi on at a location, get gov malware.
      "A reachable known target can be implanted with a non-replicating tool."
      That was seen with "The Inside Story of How British Spies Hacked Belgium’s Largest Telco"
      https://theintercept.com/2014/... [theintercept.com]
      "The hack would remain undetected for two years, until the spring of 2013."
      Re "This is also a double edged sword as putting in limitations to spreading also g
  • If a couple 0dayz (+ a month or two) can cause this kind of a mess. Then how many guys worldwide are actively writing exploits? I think the skill should have at least a few thousand practitioners, so where is the daily chaos?

    I do see to some extent the frustration the NSA must have over this. If the abusers weren't dropping ransom ware everywhere this wouldn't have had such a huge impact.

    Nasty 0days come out every week.

  • It was alleged (and since debunked) that during WW II Churchill sacrificed Coventry to mask the fact that the British had compromised German military ciphers. Does the sequestering of these exploits really serve the greater good? By its actions, the NSA has failed in what SHOULD be it's primary goal to preserve the life, liberty, and property of the citizens of our nation and our allies.
  • Soon enough these exploits will be patched.

    The NSA would be insane to get involved.

  • Seriously as long as you don't use Microsoft Windows on the Intel chip set you should be safe. And who exactly had their fear raised over this. What I would like to know is what retard made the decision to store all his hacking tools on the Internet.

To do two things at once is to do neither. -- Publilius Syrus

Working...