Story image

'Leaker' behind massive NSA breach possibly still working at agency

15 Nov 2017

Around mid-2016 the United States National Security Agency (NSA) was breached – and it has been revealed the ‘leaker’ might still be at play.

The breach was reported as ‘catastrophic’ and even more damaging than Edward Snowden’s massive data leak.

Since August 2016, a group called the Shadow Brokers has been releasing information on NSA cyberweapons.

And now, former deputy and acting director of the CIA, Michael Morell says 15 months since the first leak occurred they don’t know what else the leakers might have or how the information got out of the NSA in the first place.

Morell says the scariest thing about the whole ordeal is that for all they know, the group could still be actively stealing information.

Head of Product Management at Huntsman Security, Piers Wilson says this news is truly astonishing.

“For a former director of the CIA to admit that, 15 months after the initial Shadow Brokers breach, the leaker might still be employed there is a stunning admission,” says Wilson.

“It once again highlights how incredibly difficult it can be to spot insider threats, since the majority of network security solutions are geared up to identify detectable, external dangers often based on publicised signatures and little more.”

Wilson says if the the leaker is still working for the NSA, they can bypass so many crucial lines of defence because they already have access to the network and systems – allowing them to compromise sensitive data without raising the alarm if they have knowledge of what controls are in place and how to subvert them.

In the wider corporate world these kind of breaches may not even involve any malicious intent – merely ignorance, negligence, or just plain carelessness.

“If insider threats are a problem at the NSA, one of the most security-conscious organisations on the planet, it just shows that security must focus on the early detection, investigation and verification of risks in the broadest sense - known and unknown, insider and out; creating baselines of ‘normal’ behaviour so that any anomalous activity can be identified,” says Wilson.

“This type of approach enables organisations to take the appropriate action to deal with any given threat, regardless of the source or motive. The alternative is more damaging security leaks like Shadow Brokers and last weeks’ Vault 8 revelations.”

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.