lolloj - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

How intelligence data leaks caused collateral damage for infosec

Alvaka Networks' Kevin McDonald looks at the real-world damage caused by data leaks at the CIA and NSA, which have put dangerous government cyberweapons in the hands of hackers

WikiLeaks' CIA data dump shook a lot of regular folks because it showed that the U.S. government can allegedly monitor not only social media, but inside cars, offices and homes through a variety of electronics. PCs; Macs; and iOS, Android and Windows phones are all potential targets. It revealed that internet of things devices, smart TVs, cameras, routers, switches and maybe even refrigerators are all vulnerable.

But this is not news, and it should be a matter of general knowledge by now. The specific techniques are coming to light, but no one should be surprised that the U.S. intelligence community had these hacking capabilities. Many think it's great that this information has come out. I am not one of them.

The recent WannaCry ransomware attack is an example of the predictable damage to come from intelligence leaks. WannaCry leveraged a Microsoft Windows vulnerability and spread itself through the Server Message Block file-sharing protocol. Microsoft patched several of the zero-day vulnerabilities before the data was released by the Shadow Brokers. WannaCry provided a front-row view of what happens when organizations maintain and use zero-day vulnerabilities.

Why is WannaCry relevant to the NSA and CIA hacks? Because the vulnerability it leverages was attributed to the EternalBlue exploit released in a Shadow Brokers dump of alleged NSA exploits in May 2017.

The recent WannaCry ransomware attack is an example of the predictable damage to come from intelligence leaks.

This is just one example of what will likely be a tidal wave of advanced attacks as leaks continue from insider threats and outside hackers. I am confident that the NSA leaks and the massive amounts of CIA data released by WikiLeaks will impact American national security and global cybersecurity for some time. We do not know what the Shadow Brokers may still have of the CIA's and NSA's secret hacking information, but the group has pledged to sell these stolen cyberweapons via a monthly subscription service.

The additional public uncertainty of OS, networking and internet of things security raised by the leaks will delay operations and inject cost and caution where they did not exist previously. Operations all over the world have to be reconsidered with the leaks in mind. Billions will be spent defending governments, businesses and individuals from both the known and unknowable implications of these continued leaks.

The blowback from data leaks

There is much talk about the so-called data democratization of government information being leaked and the need to equalize the balance between secrecy and transparency in government. While we cannot have an out of control intelligence community, the absurdity of that statement is just painful; secrecy is, by definition, the antithesis of transparency.

Secrecy offers many benefits to the work of intelligence, criminal investigations, defense and even competition in the commercial sector. Without secrecy, there can be no advantage in anything that matters in any competition of wits. Secrecy in software and hardware design slows the illicit copying of intellectual property. Secrecy in military systems designs and capabilities enable many advantages against an enemy, such as the element of surprise.

The Snowden effect

I had the unique opportunity to interview a retired CIA officer with more than two decades in the field undercover in war zones and other hot spots. My source could not confirm or deny the most recent CIA data leaks, codenamed Vault 7, the largest release of confidential CIA documents to date. My source, however, did respond to the damage from the Snowden data dump and the massive potential for damage assuming that the Vault 7 leaks are, in fact, that of CIA data.

"I do not know what actual damage the most recent data leaks have caused. But I do know we leveraged a whole suite of tools that would allow us to penetrate and monitor systems needed to track an asset. If those tools were released, and even their specific existence were merely proven, there is no doubt that it has significantly compromised ongoing operations."

When I asked my source to be specific, he replied, "It is a dual-pronged effect. First, it causes bad guys -- terrorists, for example -- preparing for an attack to reconsider their plans. We know that top terror leaders are now using couriers and encrypted communications and apps to mask their actions after the Snowden leaks. Knowledge provided by these leaks causes them to change. They look more closely at everything, from participants in their activities to communications, operations, financing, logistics and recruiting. Terrorist and counterintelligence people learn; they adapt and overcome. The leakers are teaching our enemies."

As a result of the Snowden leaks, on July 11, 2013, then Lt. Gen. Michael Flynn established the Information Review Task Force 2, "to acquire, triage, analyze, and assess all Defense Intelligence Agency (DIA) and Department of Defense (DOD) compromised information." The resulting 2013 top-secret report, titled, "DoD Information Review Task Force-2: Initial Assessment, Impacts Resulting from the Compromise of Classified Material by a Former NSA Contractor," states, "The scope of the compromised knowledge related to U.S. intelligence capabilities is staggering."

Of course, people will argue the intelligence community would say this no matter what. The comments are imbedded in a top-secret report redacted from public consumption and, frankly, some of the direct impacts are pretty obvious to any honest and intelligent person without a political ax to grind. Is it possible the intelligence community injected this comment with the expectation it would likely be seen by the public some day? Sure, it's possible. Is it likely? Not in my opinion.

When I asked my source if he thought officers in the field were less safe, he replied, "Look, assuming we have lost field intelligence capability, then yes, the whole country is less safe. We will, if not already, see the injury and death of some who rely on the information or were somehow defended by its capability. At a minimum, our efforts led by field officers and foreign assets will be hampered in ways that are significant."

To offer some evidence of what happens when critical intelligence techniques are released, let's look closer at the NSA leaker and, yes, criminal Edward Snowden. Snowden, who was a trusted contractor, stole over a million pages of top-secret information from the NSA and the Joint Worldwide Intelligence Communications System. On June 6, 2013, the media began to publish stories that were based entirely on Snowden's leaks.

"There is no question that tactics, techniques and procedures discussed in the Snowden leaks were of great benefit to our foreign enemies," my source said. "Regardless of where you stand on the criminality of Snowden's leaks, there is no doubt that foreign intelligence services, international criminals and even jihadists have benefited from Snowden's actions." 

In The Art of War, Sun Tzu, the ancient Chinese general, military strategist and philosopher, wrote: "Hence that general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack." Secrecy stops technology from being obtained by the enemy and makes defense from its unknown capabilities difficult, if not impossible. Secrecy provides cover for activities that are vital to our national defense.

Those who advocate for the total destruction of government secrecy are advocates for the destruction of American supremacy. For more proof of what a loss of secrecy can do in a war, we need only look back at the compromise of the German Enigma machines and Japanese super-encipherment techniques during World War II. Both of these breaches in secrecy had heavy costs to these countries. If the Allies had not breached their enemies' secrecy, the outcome of the war could have been very different. Without secrecy, there is only defeat.

Muddying the attribution waters

Now let's address the elephant in the room: Attribution of an attacker. It is undeniable that cyber attribution has always been difficult. Whether a simple criminal matter or a nation-state attack, attributing and identifying who the attacker was with little doubt is critical to response, prosecution and future defense. This is especially true when a response can lead to criminal prosecution of Americans or, worse yet, potential acts of war in response to attacks.

According to a WikiLeaks post on March 31, 676 pieces of the source code files released were from the CIA's secret antiforensic group known as Marble Framework. The WikiLeaks' statement claimed, "Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, Trojans and hacking attacks to the CIA."

The release of these tools and techniques (if proven to be legitimate) casts new doubt on future investigations; claims of foreign cyber attribution for attacks, such as Russian involvement in our elections; crimes purportedly committed by political activists; and more. Any bright defense attorney or government spokesperson will be able to simply point to the release of these tools as evidence of potential alternate theories.

Now that these tools are in the wild for anyone to use, how can we ever really know who does what? Criminal convictions come from evidence beyond a reasonable doubt, and the ability to falsely attribute any action provides just that. This is one ugly result that supporters of these leaks fail to recognize.

For those who support leakers like Edward Snowden and these most recent data dumps, I hope you might consider some facts. We know for a fact that hundreds of thousands of computers were infected by the use of these NSA tools. That means that likely thousands will never see their data again. Whether it be personal pictures and financial information or business data, the loss of data is no joke and has real consequences.

We also know that this is just the beginning of potential attacks that will likely impact thousands, if not millions more in tangible ways -- not theoretical actions or violations of privacy, but real losses. I have no doubt lives have been lost where foreign organizations, who are enemies of the U.S., have eliminated those who they believed were potentially involved with the CIA based on the leaks.

While I am a huge advocate for privacy, the search for it cannot be a license to commit detrimental acts or treason against America and to cause real harm to individuals and businesses. There has to be a balance between the desperate and life-threatening need for secrecy and the need to protect the right to privacy and keeping government in check.

Next Steps

Read more on how the WannaCry ransomware worm exposed enterprise security holes

Find out why spotting a data breach requires defensive and offensive measures

Discover how mobile application assessments can benefit enterprise security

This was last published in June 2017

Dig Deeper on Data security strategies and governance

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

How should the U.S. government address the ongoing problem of intelligence leaks?
Here in lies the irony of this article. It seems that it is fine for the faceless spy community to breach all laws of decency and spy on its neighbours, fellow Americans, American allies and anyone else they choose, in breach of American laws and its constitution yet the person who exposed their illicit deeds is the criminal. How on Earth does that work? The United States of America is not lauded as the hero around the world any longer, it has become the villain and is just not trusted by Australians, the British, the Germans etc ....its allies are starting to see it for what it is, a fear mongering , war mongering bully.
You start out by saying that a SPY Agency is spying on its neighbors, allies, etc. Yes, with the exception of their own citizens, that is exactly what spy agencies are supposed to do. There were many ways to address what the government was doing illegally that did not involve the release of a million pages of highly sensitive security and operational information unrelated to those privacy violations. By your measure, if the government breaks the law to catch an American breaking the law, that should be fine because of course the ends justify the means right? I am sorry but I cannot equate the two. The potential and real loss of life and future defense posture (not to mention the untoldcyber security damage now being done with the release of these tools) caused by the release of this information far out ways privacy concerns you state. The same results could have been achieved by releasing far less information or better yet going to the Congressional committee responsible for oversight and saying, “I have all of this information, you better do something. Oh and I have a secret stash in case something happens to me.” To equate an intelligence agent US or US sponsored being compromised or a critical operation that is needed to defend America from our enemies (ones that want to do real harm, not listen to our phone calls) with the gathering of phone meta data or other privacy issues just doesn't compute. Every time one of our military or other personnel has to go into an operation blinded and at far greater risk or failure, death and injury now because the techniques no longer work is on Snowden and other criminals releasing this information. If you think that every one of our allies is not working every waking moment to do exactly the same thing you rail against here, you are kidding yourself. If the Germans could get Trump’s phone calls, do you honestly think for one second they wouldn’t? Give me a break. As far as the diatribe about how much our allies hate us now, they hate us until they need us.
You are not serious. Whistle blowers are ostracised, made out to be liars and are forced into hiding for exposing the filth within these secret organisations. Frankly I am tired of the USA interfering in my countries elections. I am tired of the USA interfering in other countries elections. I am tired of the USA murdering innocent people in the name of American interests. The NSA , CIA , FBI and Lord knows how many other agencies treat the American people with contempt.The "secret government" that Kennedy wanted to dismantle never killed it's young and has grown out of control.I would have liked to think that America had no cause to spy on Great Britain and Australia but I am evidently naive. 

Trouble is that your military goes into operations that it has no right going into and to defend these illicit actions you will lie through your teeth. The Vietnam war is a classic example of just how far your government will go to engage in war with people who have never, and were never likely to harm a single solitary American. Your government lied to your people and 54,000 odd Americans perished on a lie.

 You kid yourself, your allies detest your stuck up pretension that you are civilised and good people . Individually most people are good people but as far as the USA government and its secret society goes you are wicked to the core. There is no defence to being bad and it is sad that a once great nation which minded its own business, worked hard and became prosperous now thinks it rules the world.
I repeat, Snowden and Assange are not the criminals here .

You clearly have an agenda that is based in a personal hatred for America so your opinion does not mean much to me. You are not dealing with the issues in the article that relate to the negative internal and international impacts of these leaks regardless of the entities that are the source of the leaks. Our "allies" are not allied but rather dependent on our defense, our fighting for their interests as they support our actions through the UN and NATO votes without backing it up and paying their agreed to funds, then stand by and act like it is America on its own doing these things. Our "allies" do not pay their own way and are self righteous until they come looking for help yet again as Russia crawls to their borders. Our allies (with the exception of those countries we have been to war with ironically such as Vietnam and Japan) come demanding American help whenever their own lack of investment in defense and spine causes them to find themselves in a position of weakness and often having been occupied by foreign armies yet again. You can repeat yourself as often as you like, but it does not change the core positions taken in this article. The one kidding himself in this dialogue is you. You believe that your government is somehow pure and clean of these actions for the past 40 years (I do not believe that of mine or yours). Not one major military action of the past several decades has gone forward without the support of most if not all of the major EU and other associated countries. I don't even know where you are from but venture to guess from your use of and spelling in English. I am confident that your government has been in some way involved. Iraq was fronted by the US, British, Australians, Poland and Spain with support from dozens of other countries. Vietnam was generations ago and the vast majority of America agrees it was wrong so your point is moot. I think removing the Iraqi government was one of the worst moves this nation ever made, again has NOTHING to do with the article.  
WikiLeaks published more CIA Vault 7 data in the form of a tool suite used by the CIA for Microsoft Windows to attack "closed networks by air gap jumping using thumb drives, mainly implemented in enterprises and critical infrastructures."