Chinese Spies Intercepted NSA Malware Attack, Weaponized It Against Targets Around The World

from the fun-for-the-whole-IC-family! dept

You don't own the exploits you've created. That's the lesson the NSA has learned over the past few years as its hacking tools have made their way into the public domain via leaks. Of course, the harshest parts of this lesson have been felt by the general public, rather than the NSA, however. The leaked tools were swiftly repurposed to generate a new strain of ransomware, which took down dozens of businesses and government services around the world.

But it's not just a random assortment of internet baddies wreaking havoc with NSA hacking tools and exploits. It's also state-sponsored hackers making use of these tools. A report from Symantec shows other nations are more than willing to turn our state-sponsored attacks against us -- demonstrating the danger of engaging in a cyberwar using weaponized code.

Chinese intelligence agents acquired National Security Agency hacking tools and repurposed them in 2016 to attack American allies and private companies in Europe and Asia, a leading cybersecurity firm has discovered. The episode is the latest evidence that the United States has lost control of key parts of its cybersecurity arsenal.

Based on the timing of the attacks and clues in the computer code, researchers with the firm Symantec believe the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers — like a gunslinger who grabs an enemy’s rifle and starts blasting away.

So much for the theory the best defense against a bad guy with malware is a good guy with malware. The NSA's hacking tools were thwarted and rerouted to target US defense tech companies. This preceded the dumping of NSA malware and exploits by the Shadow Brokers by several months, indicating China's hackers are more than capable of detecting US-sponsored attacks as they're happening and skillful enough to turn our cyberweapons into their cyberweapons.

This isn't to say the NSA and other US agencies should not be utilizing exploits and engaging in cyberattacks on enemy targets. This is saying the NSA and others need to exercise far more responsibility when doing so. For years, the NSA has refused to honestly participate in the Vulnerability Equities Process, allowing security holes in software used by thousands of businesses and millions of US citizens to go unpatched for years.

Now that its own tools are being repurposed into weapons -- and, in this case, by one of its targets -- the Intelligence Community can no longer sit back and pretend sacrificing the security of computers users around the world is an acceptable trade-off for the security of the United States.

For starters, this report shows the NSA's attack of a Chinese target actually made the United States less secure. Furthermore, the report indicates the IC is not being honest with itself or its oversight about the risks its cyberweapons pose.

“We’ve learned that you cannot guarantee your tools will not get leaked and used against you and your allies,” said Eric Chien, a security director at Symantec.

Now that nation-state cyberweapons have been leaked, hacked and repurposed by American adversaries, Mr. Chien added, it is high time that nation states “bake that into” their analysis of the risk of using cyberweapons — and the very real possibility they will be reassembled and shot back at the United States or its allies.

Being a willing participant in the Vulnerability Equities Process would go a long way towards mitigating collateral damage. It may blunt the effectiveness of the NSA's exploits, but that may be the price the NSA has to pay to actually keep the country more secure. As it stands now, the NSA cannot honestly claim its tools won't leak or that its cyberweapons won't be detected and re-deployed against targets in the United States. But since it rarely pays a higher price than receiving the occasional angry letter from Congress, it has seen no reason to alter its tactics.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: china, cyber weapons, exploits, malware, nsa


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 8 May 2019 @ 10:54am

    Remind me again...

    Why the NSA isn't mandated to responsibly disclose vulnerabilities that they find using taxpayer money?

    link to this | view in thread ]

  2. identicon
    Annonymouse, 8 May 2019 @ 10:57am

    Security doublespeak

    Really the only way to get them to scream is to attack their budgets and personal finances .

    Hmm.

    That would solve the problems with a lot of the bad actors.

    link to this | view in thread ]

  3. icon
    FlatZOut (profile), 8 May 2019 @ 11:14am

    FYI: I Misread The Topic Title And Had The Wrong Idea

    It took me a while to realize you were talking about the NSA.

    This whole time I thought it said NASA. I guess I keep getting them confused too often. It’s a thing that happens to me way too often and it sucks!
    It’s like those posts I find where I have to go back up and reread it because the post said that I read the first one wrong, and then it happens to me twice in a row like a “Double Whammy”.
    I guess I learned a lesson from this: ”Never Let Your Eyes Read Faster Than Your Brain”

    link to this | view in thread ]

  4. identicon
    bob, 8 May 2019 @ 11:22am

    Re: Remind me again...

    Because they thought only they were smart enough to exploit the vulnerability and that the ability to exploit the vulnerability was more important than protecting the citizens of the USA.

    link to this | view in thread ]

  5. icon
    sehlat (profile), 8 May 2019 @ 11:31am

    Cyberwar

    Cyberwar is the first combat arena where the only way you can use your weapons is to give them intact to the enemy to examine and duplicate.

    link to this | view in thread ]

  6. icon
    FlatZOut (profile), 8 May 2019 @ 11:35am

    Re: Cyberwar

    It’s a whole different ball game than your typical Call of Duty game.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 8 May 2019 @ 11:47am

    Re: Cyberwar

    Exactly. The USA didn't "lose" control, they gave up control as soon as they used their "cyberweapon".

    link to this | view in thread ]

  8. icon
    Bamboo Harvester (profile), 8 May 2019 @ 12:13pm

    Breaking related news...

    ...Huawei systems are immune...

    /s

    link to this | view in thread ]

  9. identicon
    christenson, 8 May 2019 @ 12:15pm

    The only way to stop exploits from being turned on you...

    is to get the bugs patched that allow them in the first place!

    and then to do that for everyone, so your own people don't get pwned!

    link to this | view in thread ]

  10. identicon
    TDR, 8 May 2019 @ 12:18pm

    Re: The only way to stop exploits from being turned on you...

    Even better, the NSA shouldn't be making malware at all. If it has no malware to leak, there's nothing (at least from them) that can be turned back against us.

    link to this | view in thread ]

  11. icon
    Bamboo Harvester (profile), 8 May 2019 @ 1:13pm

    Re: Re: The only way to stop exploits from being turned on you..

    I'd be surprised if even 10% of NSA malware was written in-house. They usually purchase the stuff, then tweak to fit the target in mind.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 8 May 2019 @ 3:10pm

    NSA = antieVaxxers?

    link to this | view in thread ]

  13. identicon
    Bobvious, 8 May 2019 @ 3:15pm

    Re: FYI: I Misread The Topic Title And Had The Wrong Idea

    Out of my cold, dead, digits.

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 8 May 2019 @ 5:01pm

    Re: Re: Remind me again...

    Which is proof of how stupid they are.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 8 May 2019 @ 5:04pm

    Re:

    NSA = lazy wannabe hackers, totally incapable of reasoning

    link to this | view in thread ]

  16. icon
    Scary Devil Monastery (profile), 9 May 2019 @ 12:59am

    Re: Remind me again...

    "...Why the NSA isn't mandated to responsibly disclose vulnerabilities that they find using taxpayer money?"

    Because the NSA is primarily audited on their ability to find and penetrate targets, not for their ability to secure the citizenry as a whole.

    Hence they spend all their time writing hacking tools which, historically, have good odds of seeing first use by whatever criminal organization bothered to pay a group of russian hackers or "civilian consultants" to obtain them.

    This won't change until some far-seeing president lays down an executive order forcing the NSA to primarily invest effort to secure the exploits and vulnerabilities they find.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 9 May 2019 @ 3:24am

    NSA = behemoth organisation with lots of groups doing different things that are often at odds with what other groups are doing

    Just like the CIA.

    link to this | view in thread ]

  18. identicon
    mcinsand, 9 May 2019 @ 5:05am

    exploits and backdoors

    This is more proof that encryption backdoors are a brain-dead and stupid idea. If the NSA can't protect their exploits and toolkits, there's no way that they'll keep their keys to our data secure.

    link to this | view in thread ]

  19. icon
    Seegras (profile), 9 May 2019 @ 5:19am

    There are only two options: Either everyone can be safe, or nobody can.

    And as long as there are entities hoarding exploits, these very same exploits will be used against the allies of these entities.

    So the NSA actively endangers the US, including their army, hospitals, police, firefighters, electrical grid, power plants, industry, government agencies and finally, all citizens.

    And it doesn't help that the CIA, FBI and dozens of other agencies do the same. And all other countries and their agencies too.

    The only responsible thing to do is to publish each and every vulnerability; as soon as possible.

    link to this | view in thread ]

  20. identicon
    bob, 9 May 2019 @ 12:05pm

    Re:

    Exactly. If the aliens during Independence Day had just patched their systems then Earth wouldn't have been able to plant a virus into their mothership to disable the shields.

    link to this | view in thread ]

  21. icon
    FlatZOut (profile), 9 May 2019 @ 2:30pm

    Re: Re: FYI: I Misread The Topic Title And Had The Wrong Idea

    Lol it’s also what happens when I’m tired even when I get more than enough sleep.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.