Government grade cyber weapons with dramatic real world consequences like STUXNET not only exist but have long been feared by experts due to their ability to be acquired and repurposed by others. For example, a terrorist organization like ISIS, wielding a tool like STUXNET, could aim it at Western power grids or nuclear plants.
While STUXNET did actually leak un-intendedly to the public through a bug in the propagation code and some mis-guided upload tests to services like VirusTotal, it’s risk was mitigated by the fact that the source code did not leak. Even in this circumstance the leaked weapon posed a real threat, as it was quickly reverse engineered and new concepts taken, but was still very difficult to re-purpose or “weaponize” the tool to attack others. Fortunately, in the case of STUXNET, it was designed for one very specific purpose and thus it’s usage elsewhere was largely minimized . Now on the other hand, if the source code of a sophisticated cyber weapon ever leaked out to the public it could allow any group, including a terrorist one, to quickly weaponize and use it at their own will, significantly raising the stakes to alarming levels.
This leaked source code scenario described above would be a security risk to all, and unfortunately as of last week’s Shadow Brokers event leaking NSA hacking toolset, this potential “doomsday” event is now a reality. For the first time ever, government grade (multi-million dollar) cyber weapon has leaked in source code form to the general public giving dangerous groups control of said weapon…
What has been the fallout since some of the tools have leaked? What are the serious concerns of the leak? What shouldn’t we be concerned about related to the specific leak? Is this the cyber doomsday scenario experts have worried about??
The simple answer is: No.
Let me break down the “Why” for readers including what happened:
Last week a group calling itself The Shadow Brokers offered a leaked cache of files most professionals confirmed to be authentic source code of NSA Cyber Weapons. Here is a no-nonsense evaluation of the leak and its potential risks:
The good news:
- The leaked data is approximately 3 years old, which in cyber security terms is ancient, as vulnerabilities are monitored closely, and software updates make older hacking tools less effective.
- The tools are not destructive in nature and instead are designed to give stealthy access to networks, thus becoming incapable of causing physical damage.
- The majority of the tools are purportedly still un-available to the public.
The bad news:
- Despite the age, at least 3 of the released tools are confirmed to still work and hard to fix (old versions of product that are widely used and hard to update and upkeep).
- The tools give “God” like access to many very popular routers and firewall devices giving them full control of the network.
- The tools could be turned into a destructive like worm disabling thousands or hundreds-of-thousands of networks.
- The tools could be used by almost anyone to “hack into” or leak sensitive information like conversations or emails from hundreds or thousands of organizations around the globe (this was the purpose of the tools after all)
- There are perhaps more tools that will be leaked out and can happen very soon.
- The tools are very simple to use, requiring very low technical sophistication to operate.
What do you think about Shadow Brokers and Cyber Weapons? Reach out to us @jasklabs on twitter with your thoughts.
Article by Greg Martin, Co-Founder and CEO of JASK a Silicon Valley based startup building AI for Cyber Security. Follow him on Twitter: @gregcmartin