Hackers Stole 'Weapons-Grade' NSA Code (But Your Business Isn't Defenseless)
A recent hack of sophisticated "cyber weapons" is a stark reminder that companies must constantly assess and improve their cybersecurity.
In 2017, major news outlets reported on a potentially-explosive security breach: Hackers claimed to have infiltrated the Equation Group—widely believed to be an offshoot of the National Security Agency (NSA)—and stolen state “cyber weapons.” The group, which called itself the “Shadow Brokers,” offered to auction the NSA’s code to the highest bidder.
So, what had the hackers gotten their hands on exactly? In an interview with NPR, former Director of the National Counterterrorism Center Matthew Olsen, described the cache as “very sophisticated, very sensitive, high-end, really weapons-grade computer code. These are hacking tools that are used to get around firewalls, to defeat anti-virus, to get into computer systems.”
The stolen hacking tools may be as dangerous as they sound—if not more so, according to two cybersecurity experts: Joseph Steinberg (CEO of SecureMySocial) and Sreenivasan Rajagopal (Senior Director of Product Management and Strategy at CA Technologies). Both agreed that these weapons-grade NSA security tools could most likely be used to target zero-day vulnerabilities: security weaknesses that both manufacturers and the public are unaware of until the day these vulnerabilities are exploited.
“This is what makes these hacking tools orders of magnitude more dangerous,” says Steinberg. “As soon as the manufacturer of a technology such as a firewall is aware of a vulnerability, they will issue a patch and warn the public. By not knowing the vulnerability exists, both the manufacturer’s product and the public relying on the technology are at risk.”
Post-NSA Hack, How Can You Protect Your Tech?
As ominous as these cyber weapons may sound, don’t expect frequent or widespread use of them by hackers. “Despite the magnitude of this breach, the most-sophisticated weapons tend to be used sparingly,” Steinberg notes. “They can’t be used en masse because they lose their potency when the vendor fixes their product.”
But that doesn’t mean companies can afford to be complacent.
Businesses must continually assess and update their cybersecurity—Rajagopal and Steinberg advise companies to keep their eyes on two rapidly evolving technologies:
1. AI-Based Intrusion Detection Systems.
While intrusion detection systems have been around for much of the last 20 years, the challenge has been honing in on truly dangerous intrusions. “With machine learning capabilities, artificial intelligence can flag and even react to the real threats in real time and not be tripped up by slightly anomalous behavior of the company’s day-to-day activities,” says Steinberg.
Rajagopal is even more excited about AI’s deep learning capabilities: “Today’s artificial intelligence leverages deep learning to establish normalized and abnormal patterns, and then, in real-time, detects and responds to the correlation of threats.”
2. Blockchain’s Security Potential.
Despite the overwhelming hype around blockchain, recent foundational advances in blockchain technology have the potential to transform security and thwart hacks. By definition, data stored in a blockchain ledger is automatically encrypted through the latest cryptographic methods. That data is also only accessible via key-value mechanisms that validate a user’s identity before granting access. Implementing blockchain could greatly diminish hackers’ power, giving them no entrance points to steal information.
“The use of AI’s deep learning capabilities along with the foundational security of blockchain is an effective means for cybersecurity protection,” says Rajagopal. “The intersection of AI, blockchain and the Internet of Things could help counter these cyberthreats.”
A ‘Spy-Versus-Spy’ Cyber War
Despite these and other cybersecurity advances, don’t expect hackers to give up trying to find powerful new tools to exploit tech vulnerabilities—even if it means hacking the NSA.
“This is a spy-versus-spy arms race,” Steinberg says. “As hackers are thwarted by intrusion detection systems powered by AI, the hackers themselves will deploy their own AI to gain access. The more valuable the data assets, the more money hackers can make, and the higher their incentive to invest more time, money and technology resources to get them.”