Tech Target, March 9, 2018, with comments by Satya Gupta
It might surprise most people to learn that their government actively spies on other nation state operations – and even breaks into private networks – to track advanced threat activity. In the US, the government agency doing this is the NSA, as revealed on March 9 at Kaspersky Security Analyst Summit.
The NSA - and other nation states - seek to learn information about advanced persistent threats (APTs) and the threat actors carrying them out in real time. Along the way, they may also observe confidential data that is targeted for theft by those threat actors.
Cyberthreats circling the globe in the last year have worsened considerably, thanks in large part to the Shadow Brokers stealing highly sophisticated hacking tools from the NSA and releasing into the Internet in 2016 for anyone to use. Much attention has been given to the stolen hacking tools, but much less attention paid to the collection of scripts and scanning tools also created by – and stolen from - the NSA, which were also released into the wild for anyone’s use. Their purpose is to detect the presence and actions of (i.e., spy on) nation-state hackers when they infect other machines and networks.
The objective behind these actions is that it’s better to know what your rivals and enemies are doing in real time in hopes of preempting a bad action rather than being blindsided later after the fact. The irony is that the Shadow Broker’s theft of these tools itself is precisely the type of event you’d have wanted to discover and preempt before the fact. Keeping your own expert spying tools out of your enemy’s hands would be priority one. But now, having all these tools at large greatly compromises the overall threat landscape in general. At the same time, and as a result, the ‘need to know’ has never been greater. Hence, the activity of cyberspying continues.
Satya Gupta, co-founder and CTO at Virsec, a cybersecurity company headquartered in San Jose, Calif., said this was evidence of "the eternal dilemma of spying."
"Staying undetected is critical to gathering ongoing intelligence, but if you don't act on the intelligence, there are risks of further damage. Given how elusive hackers are, it's understandable that [the NSA] didn't want to risk being exposed," Gupta told SearchSecurity. "This type of activity should not be a surprise and is likely widespread. The surprising part is how much detail continues to be exposed by the Shadow Brokers, which continues to be an intelligence disaster."
For more information about the NSA’s spying being discovered, and nation-state spying in general, see our Security News article for more detail.
Read full NSA watched foreign hackers in action article