Slashdot Mirror

← Back to Stories (view on slashdot.org)

Probe Of Leaked US NSA Hacking Tools Examines Operative's Mistake (reuters.com)

Posted by msmash on from the new-wrinkle dept.

Joseph Menn and John Walcott, reporting for Reuters: A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters. The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers. The public release of the tools coincided with U.S. officials saying they had concluded that Russia or its proxies were responsible for hacking political party organizations in the run-up to the Nov. 8 presidential election. On Thursday, lawmakers accused Russia of being responsible. Various explanations have been floated by officials in Washington as to how the tools were stolen. Some feared it was the work of a leaker similar to former agency contractor Edward Snowden, while others suspected the Russians might have hacked into NSA headquarters in Fort Meade, Maryland.

3 of 57 comments (clear)

  1. Dual_EC_DRBG by Anonymous Coward · · Score: 5, Insightful

    Bigger picture: you saw how Snowden easily accessed all the NSA secret documents. You read how Dual_EC_DRBG, was an encryption random number generator with a backdoor key that let them strip encryption with as little as 32 bytes of a message.

    If they couldn't keep their own tools secret, and couldn't keep their own staff from access to everything (2 million plus US contractors security cleared), then that backdoor key will also have been stolen.

    Which means every password sent over networks protected by that encryption are also compromised. But hey, lets not give Snowden a pardon, lets give General Alexander a fat lucrative contract instead.... because...merika!

    1. Re:Dual_EC_DRBG by 93+Escort+Wagon · · Score: 4, Insightful

      Yup, this is exactly why a government-held "master encryption key for all US-based transactions" must never, ever be allowed to happen. Even the NSA can make mistakes.

      --
      #DeleteChrome
  2. The tools, which enable hackers to exploit... by Narcocide · · Score: 3, Insightful

    The tools, which enable [salaried government employees] (who don't understand how they work) to exploit software flaws in computer and communications systems (which they also don't fundamentally understand), from [American companies] such as Cisco Systems and Fortinet Inc, (whose customers and reputations and overall integrity they also don't care about), were dumped onto public websites last month by a group calling itself Shadow Brokers.

    There, FTFY.