https://www.cyberscoop.com/nsa-exploits-reverse-engineering-vulnerabilities-equities-process-symantec/
By Shannon Vavra
CYBERSCOOP
May 14, 2019
U.S. military commanders say that when U.S. Cyber Command and the National
Security Agency use a capability against targets abroad, they understand it
might eventually be used by an adversary.
The threat of having the NSA's tools leaked has been an issue inside the agency
for years now -- former NSA contractor Edward Snowden brought it into the
public domain when he revealed a trove of NSA programs in 2013 -- but the risk
of having adversaries detect, obtain or reverse engineers NSA-used tools has
become especially salient in the last week. Researchers from cybersecurity firm
Symantec revealed that a Chinese-linked hacking group had repurposed tools
linked with the NSA as early as March of 2016 and used them to attack various
targets around the world.
Although Cyber Command's Director of Capabilities and Resource Integration,
Maj. Gen. Karl Gingrich, did not directly address this report, when asked how
Cyber Command protects tools from being used or acquired by adversaries, he
said safeguarding them is a "priority... but at the end of the day once you
have used the tool, it’s out there."
It is unclear how the group -- known as Buckeye -- obtained the tools, but
Symantec assesses it is possible it observed an NSA-linked attack, then
gathered enough info to repurpose the code. It is also possible Buckeye stole
the tools from an unsecured server or leaked the code to the group, although
Symantec said that was less likely.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
