Since August 2016, the National Security Agency has suffered a continual stream of devastating failures. Their internal hacking group, known as Tailored Access Operations (TAO), was breached 15 months ago by hackers calling themselves the “Shadow Brokers,” which has been dribbling out the contents of the NSA’s most prized hacking tools. The result has been a wave of internet crime — ransomware, lost files, and network attacks that disrupted businesses and cost hundreds of millions of dollars.
And as this New York Times story illustrates, the agency has been completely incapable of figuring out how the breach happened. Their computer networks could have been penetrated, or they could have someone on the inside leaking the tools. But after more than a year, they have not been able to plug the leak. It’s long past time the NSA was forced to stop hacking, and to start protecting the American people from the sort of tools they create.
At the time of the leak last year, I speculated that the NSA was exposing the American people to online attack, but I was not prepared for how bad it would be. Several huge ransomware attacks (in which a computer is infiltrated, its hard drive encrypted, and the de-encrypt key held for a bitcoin ransom) using NSA hacking tools have swept the globe, hitting companies like FedEx, Merck, and Mondelez International, as well as hospitals and telecoms in 99 countries.
Even NSA partisans admit that this leak is creating much worse problems than the Snowden revelations (which were, after all, carefully vetted by journalists before being published). And despite a months-long internal investigation, the NSA still isn’t even sure what sort of leaks these are, let alone how the hackers are doing it.
In theory, one could imagine a security trade-off between setting up a hacking program to spy on other countries, and a program to find and patch security vulnerabilities in American software and computer networks.
In practice, it’s now beyond question that the benefits of developing these hacking tools pale in comparison to the danger they pose simply by existing. The NSA might be able to hire the best computer scientists in the world, but they are manifestly incapable of keeping the tools they produce secure. (The Shadow Brokers are apparently associated with the Russian government, which, for whatever reason, is seemingly a lot better at hacking than the American one.)
Software …read more
Source:: The Week – Politics