A group of hackers called the Shadow Brokers has just released a new dump of data from the National Security Agency. This is plausibly the most extensive and important release of NSA hacking tools to date. It’s likely to prove awkward for the U.S. government, not only revealing top-secret information but also damaging the government’s relationships with U.S. allies and with big information technology firms. That is probably the motivation behind the leak: The Shadow Brokers are widely assumed to be connected with the Russian government. Here’s what the dump means.
What information has been released?
The release is only the most recent in a series of Shadow Broker dumps of information. However, it is by far the most substantial, providing two key forms of information. The first is a series of “zero-day exploits” for Microsoft Windows software. Zero-day exploits are attacks that take advantage of unknown vulnerabilities in a given software package. Exploits against commonly used software such as Windows are highly valuable — indeed, there is a clandestine international market where hackers sell exploits (sometimes through middlemen) to intelligence agencies and other interested parties, often for large sums of money. Intelligence services can then use these exploits to compromise the computers of their targets.
Second, information in the dump seems to show that the NSA has penetrated a service provider for SWIFT, an international financial messaging service. Specifically, it appears to have penetrated a SWIFT Service Bureau that provides support for a variety of banks in the Middle East.
Why are zero-day exploits important?
The leak of the zero-day exploits is important for three reasons. First, once the existence of a zero-day exploit is revealed, it rapidly loses a lot of its value. Zero-day exploits work reliably only when they are held secret. Now that Microsoft is aware of the existence of a number of zero-day exploits against its most important software product, it is surely already working overtime to complete and issue a “patch” to Windows that will make the exploit far less valuable to the NSA and anyone else who has it. Once Microsoft does so, only people who have not updated their software (some, perhaps because they have illegal copies of it) will be vulnerable to the exploit.
Second, it will probably take Microsoft some time to issue the patch. However fast the company works, the code will take time to implement and test. In the meantime, unscrupulous hackers are possibly going to be able to react more quickly, adapting the code that has been released and using the vulnerability to compromise computers before the patch is issued. In a worst-case scenario, there may be a period when it’s as if criminal hackers suddenly acquired super powers in an explosion, as in the TV show “The Flash,” and started using them for nefarious ends. Criminal hackers now have powerful tools, developed by the most sophisticated state-employed hackers in the world.
Third, and as a consequence, trust between the United States and big software companies will be gravely damaged. Some weeks ago, Adam Segal of the Council on Foreign Relations wrote a report talking about how the U.S. government needs to rebuild a relationship with Silicon Valley that had been badly damaged by the Edward Snowden revelations. Now, the damage is starting to mount up again.
Most people think of the NSA as a spying agency and do not realize that it has a second responsibility: It is also supposed to protect the security of communications by U.S. citizens and companies against foreign incursions. When the United States learns of a zero-day exploit against software used by Americans, it is supposed to engage in an “equities process,” in which the default choice should be to inform the software producer so that it can fix the vulnerability, keeping the zero-day secret only if a special case can be made for it. The revelation that the United States has kept its hands on so many vulnerabilities will further confirm the skepticism of many in the technology community, who believe that the equities process isn’t working. Technology firms will be especially angry because, as Marcy Wheeler notes, the NSA almost certainly knew for months that foreign hackers had stolen these zero-day exploits from them. Microsoft has made clear that the NSA never contacted it about the exploits so it could issue a fix. In a series of tweets, Facebook chief security officer Alex Stamos said the equities process is “broken” and that the U.S. government needs to consider taking away authority for defensive cybersecurity from the NSA and giving it to another agency instead.
Why is the information on SWIFT potentially politically explosive?
SWIFT, a financial cooperative based in Belgium, sounds like a boring organization with a boring job. It runs the financial messaging system that allows banks to transfer money back and forth. In fact, its role has been heavily politicized since shortly after Sept. 11, 2001. As Abraham Newman and I discussed in a recent academic article, the U.S. Treasury quickly realized that SWIFT provided an extraordinary resource for tracking flows of money across the world and began to secretly require it to provide data for U.S. intelligence analysis. The problem was that SWIFT is a European organization, subject to Belgian privacy law, which made it illegal to provide this kind of data, so SWIFT had to work in secret. When the New York Times revealed SWIFT’s secret relationship with the U.S. Treasury, that caused political uproar and a long series of difficult E.U.-U.S. negotiations, which culminated eventually in an agreement under which the United States could have access to SWIFT data under a series of formal safeguards.
Many European officials are unhappy with this agreement, because they think that the safeguards were formalities rather than real protections. Earlier data from the Snowden leaks provided some evidence that the NSA was extracting information from SWIFT outside the framework of the agreement. The new revelations indicate that the NSA sees SWIFT transactions as a key target and is looking to gather SWIFT-related data through other means than the agreement. It’s not clear why the NSA may have this. It could be that the NSA wants data on targets that would be hard to justify under the agreement. It could also be that the agency does not want European officials to know who its targets are. It could simply be that the NSA is doing it because the agency can, and because it is more useful or convenient to collect the information this way, or because there is other associated information it can gather.
Whatever the rationale, this is going to make many Europeans very unhappy. European allies of the United States, who put a lot of political capital into persuading reluctant officials and politicians to sign onto the agreement, will be very embarrassed. Skeptics in the European Parliament, the European Ombudsman’s Office (which has tried and failed to find out more about the consequences of the agreement for E.U. citizens) and the European Commission will be emboldened in their criticisms.
Worst of all for the United States and U.S. technology companies, the European Court of Justice is likely to soon consider a number of cases challenging information exchange with the United States. These include emerging challenges to the Privacy Shield arrangement, which European e-commerce companies rely on to send data across the Atlantic. U.S. officials have been trying to persuade European politicians and courts that the U.S. government is privacy friendly, and that it can be trusted to live up to the spirit as well as the letter of its agreements. The new dump provides evidence that is likely to be used against the United States in these proceedings and that might very possibly be compelling for a court that is probably disinclined to trust the Trump administration in the first place.
If, as many observers believe, the Shadow Brokers are a catspaw or false identity for the Russian government, it is interesting to speculate on why they released this information — and why now. It is not only damaging for the United States, but it is likely to prove enraging to many U.S. intelligence and security officials.
Read more here: http://www.washingtonpost.com/blogs/monkey-cage/wp/2017/04/15/shadowy-hackers-have-just-dumped-a-treasure-trove-of-nsa-data-heres-what-it-means/ by Henry Farrell Originally posted on http://www.washingtonpost.com/blogs/monkey-cage