Chinese Spies Intercepted NSA Malware Attack, Weaponized It Against Targets Around The World

from the fun-for-the-whole-IC-family! dept

You don't own the exploits you've created. That's the lesson the NSA has learned over the past few years as its hacking tools have made their way into the public domain via leaks. Of course, the harshest parts of this lesson have been felt by the general public, rather than the NSA, however. The leaked tools were swiftly repurposed to generate a new strain of ransomware, which took down dozens of businesses and government services around the world.

But it's not just a random assortment of internet baddies wreaking havoc with NSA hacking tools and exploits. It's also state-sponsored hackers making use of these tools. A report from Symantec shows other nations are more than willing to turn our state-sponsored attacks against us -- demonstrating the danger of engaging in a cyberwar using weaponized code.

Chinese intelligence agents acquired National Security Agency hacking tools and repurposed them in 2016 to attack American allies and private companies in Europe and Asia, a leading cybersecurity firm has discovered. The episode is the latest evidence that the United States has lost control of key parts of its cybersecurity arsenal. Based on the timing of the attacks and clues in the computer code, researchers with the firm Symantec believe the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers — like a gunslinger who grabs an enemy’s rifle and starts blasting away.

So much for the theory the best defense against a bad guy with malware is a good guy with malware. The NSA's hacking tools were thwarted and rerouted to target US defense tech companies. This preceded the dumping of NSA malware and exploits by the Shadow Brokers by several months, indicating China's hackers are more than capable of detecting US-sponsored attacks as they're happening and skillful enough to turn our cyberweapons into their cyberweapons.

This isn't to say the NSA and other US agencies should not be utilizing exploits and engaging in cyberattacks on enemy targets. This is saying the NSA and others need to exercise far more responsibility when doing so. For years, the NSA has refused to honestly participate in the Vulnerability Equities Process, allowing security holes in software used by thousands of businesses and millions of US citizens to go unpatched for years.

Now that its own tools are being repurposed into weapons -- and, in this case, by one of its targets -- the Intelligence Community can no longer sit back and pretend sacrificing the security of computers users around the world is an acceptable trade-off for the security of the United States.

For starters, this report shows the NSA's attack of a Chinese target actually made the United States less secure. Furthermore, the report indicates the IC is not being honest with itself or its oversight about the risks its cyberweapons pose.

“We’ve learned that you cannot guarantee your tools will not get leaked and used against you and your allies,” said Eric Chien, a security director at Symantec. Now that nation-state cyberweapons have been leaked, hacked and repurposed by American adversaries, Mr. Chien added, it is high time that nation states “bake that into” their analysis of the risk of using cyberweapons — and the very real possibility they will be reassembled and shot back at the United States or its allies.

Being a willing participant in the Vulnerability Equities Process would go a long way towards mitigating collateral damage. It may blunt the effectiveness of the NSA's exploits, but that may be the price the NSA has to pay to actually keep the country more secure. As it stands now, the NSA cannot honestly claim its tools won't leak or that its cyberweapons won't be detected and re-deployed against targets in the United States. But since it rarely pays a higher price than receiving the occasional angry letter from Congress, it has seen no reason to alter its tactics.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: china, cyber weapons, exploits, malware, nsa