Pierluigi Paganini September 23, 2016

A US investigation into the leak of the NSA hacking tools used by the Agency is focusing on a theory that it was caused by a staffer mistake.

The hack of the NSA-linked group Equation Group and the leakage of the NSA hacking tools in its arsenal it probably one the most disconcerting events of the year.

Sources close to the investigation revealed that the NSA knew about the data breach for three years but it maintained the secret on the case.

The sources provided further elements on the alleged attack against the US Intelligence Agency, according to the Reuters the NSA itself wasn’t directly hacked by the Shadow Brokers group and the NSA hacking tools and exploits were not stolen by the popular whistleblower Edward Snowden.

According to the sources, it seems that an employee or a contractor mistakenly left the NSA hacking tools unattended on a remote server about three years ago during a cyber operation. The NSA was aware of the incident and did not inform the companies of the risks related to the exposure of the exploits.

The ShadowBrokers hackers then have discovered the server and raided it.

“But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews. NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said.” reported the Reuters.

“That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them.”

The staffer, who has since left the US Agency for other reasons, acknowledged the mistake shortly afterward.

Why did the NSA keep the secret?

According to the experts, the NSA was monitoring the Internet searching for evidence of the use of the tools with the intent to discover who was using the dangerous arsenal.

“After the discovery, the NSA tuned its sensors to detect use of any of the tools by other parties, especially foreign adversaries with strong cyber espionage operations, such as China and Russia.” reported the Reuters.

“That could have helped identify rival powers’ hacking targets, potentially leading them to be defended better. It might also have allowed U.S officials to see deeper into rival hacking operations while enabling the NSA itself to continue using the tools for its own operations.

Because the sensors did not detect foreign spies or criminals using the tools on U.S. or allied targets, the NSA did not feel obligated to immediately warn the U.S. manufacturers, an official and one other person familiar with the matter said.”

The circumstance is very serious and could have a serious impact on the security of companies and organizations worldwide.

According to documents obtained by the EFF, the NSA discloses 91% of bugs it finds but doesn’t say when it discloses them.

“The U.S. National Security Agency (NSA) revealed in a press release last month it discloses 91% of vulnerabilities it finds in software made and/or used in the U.S. to developers. But the NSA doesn’t say what it does before it discloses those vulnerabilities, or when it discloses them.” states a post published last year on Mashable.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Equation Group, NSA hacking tools)