This is just a set of thoughts referring to a recent security incident called the ‘NSA Hack,’ which in my view profoundly impacted the privacy on a global scale.
CNN Money (2017), reported on 15th of April 2017, that some of the National Security Agency (NSA) most powerful Windows hacking tools leaked online. The statement said that a hacking group called The Shadow Brokers (TSB) is responsible for releasing a collection of spy applications supposedly used by the NSA. BBC News (2017) later specified that the tools were essentially exploiting vulnerabilities found in Microsoft products, enterprise firewalls & antivirus solutions, and according to TSB were also used by NSA to spy on money transfers.
What was done to remedy the issue? As per Yahoo News (2017), Microsoft patched all Windows flows contained in the ‘NSA Hack,’ before the set of tools leaked online.
Do I think the solution is effective? Unfortunately, the people are slow to update their Windows computers with Microsoft critical updates. The issue was recently (21st of April 2017) pointed out by The Register magazine, who downplayed the effectiveness of Microsoft fix from March 2017 saying that the script kiddies continue hacking thousands of Windows computers using NSA hack tools (DOUBLEPULSAR and ETERNALBLUE) leaked by TSB. As per The Register, there is currently 41,000 infected hosts, and the number will continue to increase.
What would I do differently? In my view, if TSB’s claim is correct and the set of hacking tools was stolen from National Security Agency, we have an ethical question to ask ourselves. While we may justify the need for U.S. government agencies to spy on their citizens under the pretenses of protecting the security of United States, do we also agree that NSA should be above the law when it comes to intruding on our privacy? According to American Civil Liberties Union (2017), the Communications Assistance For Law Enforcement Act gives the government an unprecedented ability to monitor the activities of citizens; and warns that with increased spying on citizens we can easily end up in a mass surveillance society.
In my opinion, while I do not need to know the particular exact methods used by the hacking tools that protect the country and its citizens through spying programs. I would argue that the general public, should always be informed about government actions that have a potential to compromise the privacy and are of questionable ethics. In my view, the citizens of the country should always be notified of such actions, and able to vote on such decisions.
We live in times in which the news of hacking attacks, security threats, and issues have become a daily occurrence.
The enterprises, as well as public sector, should profoundly improve their ability to monitor attacks as well as their capacity to alert of the possibility of an attack pro-actively. According to The Guardian (2016), there is an enormous rise in hack attacks, and cybercriminals have also started to target the small businesses now. There is no doubt that we are experiencing widening security gap between our ability to detect cyber safety issues and efficiently act on resolving such issues. So, I am asking. If the trends show that consumers are not able to prevent such issues, shouldn’t it be the Internet ISPs, hardware providers and software companies working together to create platforms and frameworks that pro-actively prevent the issues?
Luckily, an urgent need for a dedicated real-time visibility into global cyber-attacks is recognized, and new enterprises are shaped to provide such precise live attack intelligence. For instance, the U.S. based Norse Inc. has built what the largest dedicated threat discovery system in the world. One of the fascinating functions of their system is a publicly accessible visual view ‘Threat Attack Map,’ which is a DEFCON-like chart (Figure 1) that allows anyone to monitor hacking and penetration attempts in real time globally.
Figure 1 – Norse Attack Map – Map.norsecorp.com. (2017)
Inquirer, T., chaos, K., Latest, I. and read, M. (2017) Kids hack for kicks and kewls not for cash and chaos | TheINQUIRER . [online] http://www.theinquirer.net. Available at: http://www.theinquirer.net/inquirer/news/3008781/kids-hack-for-kicks-and-kewls-not-for-cash-and-chaos [Accessed 21 Apr. 2017].
BBC News. (2017) Microsoft patched ‘NSA hack’ Windows flaws before leak – BBC News. [online] Available at: http://www.bbc.com/news/technology-39620534 [Accessed 21 Apr. 2017].
Larson, S. (2017) NSA’s powerful Windows hacking tools leaked online. [online] CNNMoney. Available at: http://money.cnn.com/2017/04/14/technology/windows-exploits-shadow-brokers/ [Accessed 21 Apr. 2017].
Chacos, B. (2017) Watch the web get hacked in real time on this mesmerizing map. [online] PCWorld. Available at: http://www.pcworld.com/article/2367662/watch-the-web-get-hacked-in-real-time-on-this-mesmerizing-map.html [Accessed 21 Apr. 2017].
Map.norsecorp.com. (2017) Norse Attack Map. [online] Available at: http://map.norsecorp.com/#/ [Accessed 21 Apr. 2017].
The Guardian (2016). Huge rise in hack attacks as cyber-criminals target small businesses. [online] the Guardian. Available at: https://www.theguardian.com/small-business-network/2016/feb/08/huge-rise-hack-attacks-cyber-criminals-target-small-businesses [Accessed 22 Apr. 2017].
BBC News (2017). Microsoft patched ‘NSA hack’ Windows flaws before leak – BBC News. [online] Available at: http://www.bbc.com/news/technology-39620534 [Accessed 22 Apr. 2017].
CNN Money (2017). NSA’s powerful Windows hacking tools leaked online. [online] CNNMoney. Available at: http://money.cnn.com/2017/04/14/technology/windows-exploits-shadow-brokers/ [Accessed 22 Apr. 2017].
Yahoo News (2017). Microsoft patched ‘NSA hack’ Windows flaws before leak. [online] Yahoo.com. Available at: https://www.yahoo.com/news/m/9a64ae02-5444-3d9c-885c-5952aa478848/microsoft-patched-%27nsa-hack%27.html [Accessed 22 Apr. 2017].
American Civil Liberties Union. (2017). Bigger Monster, Weaker Chains: The Growth of an American Surveillance Society. [online] Available at: https://www.aclu.org/report/bigger-monster-weaker-chains-growth-american-surveillance-society?redirect=technology-and-liberty/bigger-monster-weaker-chains-growth-american-surveillance-society [Accessed 22 Apr. 2017].