After an unknown group came public with a cache of hacking tools from the National Security Agency earlier this week, some of the biggest tech companies in the world are in a hurry to fix their systems and software to protect themselves and customers from attacks.
The leak came from an anonymous group and is calling itself The Shadow Brokers. While the group’s beginnings and reasons for the leak are unknown, cybersecurity experts and former agency employees have authenticated the NSA hacking tools.
By exposing the custom-made malware online, the Shadow Brokers have made many of the systems American corporations rely on for security online more vulnerable to cyberattacks from criminals and spies.
Many cybersecurity pros are asking why the NSA would stockpile so many of these kinds of security vulnerabilities without telling the affected companies such as networking giants Cisco and the digital security firm Fortinet.
“The policy question we have to ask ourselves is what’s an acceptable amount of time for the NSA to keep these exploits exclusively, before being legally compelled to disclose them,” Jeremiah Grossman, head of security strategy at cybersecurity firm SentinelOne, said.
He also says that the “NSA needs some of the software exploits to spy on its adversaries and carry out digital missions, holding onto those flaws too long can be detrimental to American security. “
Cisco noted that it inspected the NSA cache and discovered at least two hacking tools targeting security flaws in its products. They said it did not know about the existence of one of the flaws until this week’s leak.
Even farther than Cisco and Fortinet, which discovered firewall vulnerabilities among the digital weapons, many other companies could be at risk.
The Shadow Brokers have released around 300 megabytes of data holding a total of over 50 attack tools that would let attackers bypass firewalls that organizations rely on to defend against outside attacks.
The leak also brings questions directed at the nature of nation-state hacking, and how much spy agencies know about flaws in software that they aren’t revealing to tech companies and the public.
“How many of these are the Russians and the Chinese sitting on?” asked Jason Healey, senior research scholar at Columbia University’s School of International and Public Affairs.
The US does have a process that forces the NSA to release all of it’s vulnerability finds to the White House National Security Council. “The idea is to ensure that security flaws with especially broad impact are disclosed to the relevant companies so they can fix them”, said Mr. Healey.
While that process may need to be updated in light of the NSA leaks, it is likely that other countries don’t have even this level of transparency.
“It is quite possible that their arsenals are even more significant than the US arsenal, which means there are a bunch more vulnerabilities we don’t know about,” he said. “It means the overall security of US infrastructure could be even worse than we thought.”
If you liked this article follow us on Twitter @themerklenews and make sure you subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.
