Not Even NSA Can Keep Software Exploits Secret

| Editorial

FBI Guy and iPhoneTwice in two weeks we’ve gotten a solid reminder that exploits and legitimate software keys can be mishandled, even by experts. These events serve as practical certification that Apple was right in its theoretical stance to fight the FBI’s demand to create GovtOS.

A Tale of Two Bungles

The first of these two incidents was Microsoft accidentally releasing the keys to Secure Boot. Microsoft is one of the world’s top technology firms. It’s fair to call the company an expert in handling security matters relating to its software.

The second is an issue on a much different scale. A hacker group operating under the name Shadow Brokers claimed to have stolen a variety of malware and zero day exploits. It appears that these software tools were taken from Equation Group, a security firm with close ties to the NSA. Shadow Brokers plans to auction off these bits of software, raising all sorts of a ruckus.

Many people have been calling this an “NSA hack.” From what we know so far, that’s not at all accurate. The NSA wasn’t hacked. Equation Group might not have been hacked, either. Instead, Shadow Brokers could have stumbled on these tools just lying around on a router somewhere. No one who knows how it happened has explained it yet.

The Real Problem

It doesn’t matter where they got it, though. That’s not the point. The point is that tools like this can’t stay hidden 100% of the time. They can be misplaced, forgotten about, sloppily handled, deliberately leaked, stolen, hacked, etc.

This is the principle behind Apple’s stance that GovtOS—a version of iOS that could be sideloaded onto an iPhone to bypass security features—was too dangerous to create. No matter who you are, no matter how good you are at protecting secrets, bad things can happen.

And when those bad things do happen, it puts all of us at risk.

3 Comments Add a comment

  1. I agree completely. But I’d like to fix one line.

    The point is that tools like this can’t stay hidden 100% of the time.

    should read

    The point is that tools like this are eventually exposed 100% of the time.

    A secret door is ALWAYS found.
    A secure way in ALWAYS is exposed.
    A private entrance ALWAYS becomes public.

  2. Paul Goodwin

    If Shadow Brokers auctions that stuff off, they will be muted permanently and likely never heard of again. The NSA can get right nasty and nobody would ever hear about what happened. It’s likely they’ve already been “taken care of”. We will probably never hear much more about this. And Equation Group will likely never be involved in any gov’t security work again.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account