SPONSORED:

Report: NSA operator left source code exposed before breach

Report: NSA operator left source code exposed before breach
© Getty Images

Investigators believe the apparent theft of NSA code for potent cyber weaponry was the fault of an operator accidentally leaving the tools exposed, reports Reuters, a mistake the NSA was aware of and chose to use for intelligence gathering purposes.

Last month, a previously unknown group calling itself “The Shadow Brokers” began circulating samples of code demonstrating sophisticated hacking techniques they claimed were stolen from the NSA.  

ADVERTISEMENT

The code included valuable, unpatched security vulnerabilities in Cisco and Fortinet network equipment described in documents leaked by former contractor Edward Snowden, along with a software identification code mentioned in previously unreleased Snowden files.

The Brokers claimed they were trying to drum up interest for an auction for the remaining code. 

There had been a number of theories as to how the Brokers got the code in the first place. Some speculated that there had been a Snowden-like inside leak. But that scenario seems unlikely because there were signs in the code it had been stolen within a few months of the Snowden leaks, when the agency had tightened security.

Reuters cited four people with knowledge of the investigation in reporting that was caused operator error outside NSA headquarters.

Reuters said the operator acknowledged the mistake to superiors. The NSA decided that, rather than notify the companies whose hardware was open to attack, the agency would instead wait to see who stole and used the NSA code, as an intelligence gathering operation. 

The Shadow Brokers appear to be the first to surface. 

"It is outrageous that the NSA would continue to keep affected companies in the dark even after learning that foreign hackers may have acquired these dangerous hacking tools,” said Denelle Dixon, chief legal and business officer for Mozilla, in a press release. 

Though Mozilla, maker of the Firefox web browser, was not targeted by the leaked NSA code, Dixon says the leak shows the potential harm caused by intelligence agencies hoarding security vulnerabilities. After the leak, despite Cisco and other hardware manufacturers scrambling to patch the holes exposed by the NSA code, not all hardware owners were able to update before hackers used methods from the code to launch unstoppable attacks. 

“This reckless move has potentially endangered the online security of millions,” Dixon said.

When the NSA did not find any foreign entity using its methods, Reuters reported, it decided to resume their use, assuming no harm had been done. 

The Obama administration installed protocols to determine on a case-by-case basis which security vulnerabilities intelligence and law enforcement agencies would be allowed to keep secret to use in investigations. The “vulnerability equity process” requires an agency to justify to a review panel why it does not want to immediately notify a company of a risk.