Leaked NSA Hacking Tools, Tactics, In Focus

  /     /     /  
Publicated : 22/11/2024   Category : security


Leaked NSA Hacking Tools, Tactics, In Focus


Enterprises worry about NSA copycat spying scenarios



The NSAs catalog of custom hacking tools for popular networking and consumer products recently leaked by former contractor Edward Snowden provided a rare glimpse at the arsenal at the fingertips of the spy agencys hackers.
But the tools were not unlike many techniques and weapons employed by criminals or other espionage cyberattackers, experts say. Take
DROPOUT JEEP
, the NSA-built hacking tool included in its recently published catalog in 2008 that hacks iPhones. DROPOUT JEEP is technically a remote access Trojan or RAT, says Lucas Zaichkowsky, enterprise defense architect at incident response and forensics firm AccessData.
Zaichkowsky says based on the leaked information and diagrams, NSA hackers are operating the RAT backdoor for their intelligence-gathering operations. The RAT backdoor likely has a small footprint and can be updated with plugins for various functions, he says.
Theyre just jailbreaking the iPhone, Zaichkowsky says. Its a remote administrative tool ... it can take pictures, do keystroke recording, not unlike other RATs, he says.
The version leaked by Snowden is for attacks that require close proximity to the target, but the NSAs description of the tool says a remote installation capability was on the horizon. The documents were published late last month by Der Spiegel, exposing the NSAs elite hacking team, called the Tailored NSAs Tailored Access Operations (TAO) Group, and the agencys homegrown hacking tools.
Apple has reportedly denied providing the NSA with any backdoors to its products. Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone. Additionally, we have been unaware of this alleged NSA program targeting our products, the company said in
statement
. We will continue to use our resources to stay ahead of malicious hackers and defend our customers from security attacks, regardless of who’s behind them.
My initial thought was that Apple didnt give them [access], Zaichkowsky says. [The NSA] may have found some network-based exploits and sent specially crafted packets over the network, he says. If there isnt proper input validation, then you end up jailbreaking the iPhone, exploiting it, and getting kernel-mode or root access on the targeted iPhone, he says.
[Treasure trove of tools created and used by NSA hackers for planting backdoors via Cisco, Juniper, Apple products unveiled in latest document leaks. See
NSA Elite Hacking Team Operations Exposed
.]
The actual damage these NSA operations revelations have had -- and will have -- on security has been debated within the security community since the Snowden leaks began this past summer. While the scope of the NSAs operations is under scrutiny, the agency is basically doing its own bug-hunting not unlike an advanced attacker would do, experts say.
Any attacker could be finding zero-days. Its less bad if we know our people know what those exploits are and are keeping an eye out, instead of having no clue those exploits exist, Zaichkowsky says. NSA needs more external checks and balances surrounding its operations, however, he says.
But the fallout has already been felt not only within the U.S. as vendors have expressed concerns about the NSAs operations, but also overseas.
Ron Gula, CEO and CTO of Tenable, says he has seen European and Asian markets going sour on U.S.-based cloud firms in the wake of the NSA revelations. That has actually boosted Tenables business, he says. Since our stuff is inside the network, we have been able to switch out with some of our competitors who are cloud-based, he says. But thats only a temporary trend, he says.
The bigger worry of most enterprises in the wake of the leaked NSA documents outlining some controversial and widespread spying operations, as well as backdoors in popular products, is copycat scenarios, Gula says. More organizations are going to be interested in becoming NSA, he says. There are technologies out there that take a movie of your desktop and play it later. That has dramatic ramifications for HR and IT security, with competitive intel [at risk].
Most enterprises are just as worried about their top researchers being hired away, and being attacked by APTs, he says.
Not much is likely to change at NSA until any legal proceedings occur, says privacy expert Mark Weinstein, CEO of Sgrouples. Its business as usual right now, Weinstein says. This really has to work through our court systems. The courts are going to have to redefine what the Fourth Amendment means ... and its going to take a couple of years to hash out, he says.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ New threat discovered: Mobile phone ownership compromised. ◂
Discovered: 23/12/2024
Category: security

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Leaked NSA Hacking Tools, Tactics, In Focus