Not Even NSA Can Keep Software Exploits Secret

1 minute read
| Editorial

FBI Guy and iPhoneTwice in two weeks we’ve gotten a solid reminder that exploits and legitimate software keys can be mishandled, even by experts. These events serve as practical certification that Apple was right in its theoretical stance to fight the FBI’s demand to create GovtOS.

A Tale of Two Bungles

The first of these two incidents was Microsoft accidentally releasing the keys to Secure Boot. Microsoft is one of the world’s top technology firms. It’s fair to call the company an expert in handling security matters relating to its software.

The second is an issue on a much different scale. A hacker group operating under the name Shadow Brokers claimed to have stolen a variety of malware and zero day exploits. It appears that these software tools were taken from Equation Group, a security firm with close ties to the NSA. Shadow Brokers plans to auction off these bits of software, raising all sorts of a ruckus.

Many people have been calling this an “NSA hack.” From what we know so far, that’s not at all accurate. The NSA wasn’t hacked. Equation Group might not have been hacked, either. Instead, Shadow Brokers could have stumbled on these tools just lying around on a router somewhere. No one who knows how it happened has explained it yet.

The Real Problem

It doesn’t matter where they got it, though. That’s not the point. The point is that tools like this can’t stay hidden 100% of the time. They can be misplaced, forgotten about, sloppily handled, deliberately leaked, stolen, hacked, etc.

This is the principle behind Apple’s stance that GovtOS—a version of iOS that could be sideloaded onto an iPhone to bypass security features—was too dangerous to create. No matter who you are, no matter how good you are at protecting secrets, bad things can happen.

And when those bad things do happen, it puts all of us at risk.

3
Leave a Reply

Please Login to comment
3 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
3 Comment authors
Paul GoodwinAlex Santosgeoduck Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Paul Goodwin
Member
Paul Goodwin

If Shadow Brokers auctions that stuff off, they will be muted permanently and likely never heard of again. The NSA can get right nasty and nobody would ever hear about what happened. It’s likely they’ve already been “taken care of”. We will probably never hear much more about this. And Equation Group will likely never be involved in any gov’t security work again.

Alex Santos
Member
Alex Santos

Great article.

Sadly, the United States government has a lot of trust building to do.

geoduck
Member
geoduck

I agree completely. But I’d like to fix one line.

The point is that tools like this can’t stay hidden 100% of the time.

should read

The point is that tools like this are eventually exposed 100% of the time.

A secret door is ALWAYS found.
A secure way in ALWAYS is exposed.
A private entrance ALWAYS becomes public.