NSA recognized the possibility of using zero-day exploits for cyber attacks
The NSA published data about the vulnerabilities they discovered in various software products. From these data, it is clear that 91% of such vulnerabilities in the software are sent to vendors for analysis to release updates to products, and the remaining 9% are reserved for the special services "in order to ensure national security." Reuters points out that the reason for the publication of data was the accusations of the NSA that the concealment of data on vulnerabilities undermines immunity to cyber attacks for the US companies themselves using this software.
The data of a runaway NSA agent Edward Snowden, as well as studies of some families of malware by various antivirus companies, show that the intelligence service used various backdoors to obtain the necessary information, and 0day the exploits to hide them. Stuxnet and Regin are those malware that is most actively speculated about their affiliation with the NSA.
')
Malicious software Stuxnet, for the automatic installation of which several zero-day exploits were used, was used by the United States for political purposes to suspend work on the Iranian nuclear program. Most likely, the exploits themselves were obtained from the hands of the NSA or the security firms for which they worked, since the development of Stuxnet in the USA was recognized as an official. level It can be assumed that the vulnerabilities for Stuxnet are among the 9% mentioned above.
In order to limit the activities of security companies that can develop new exploits and sell them to special services of various countries, the Wassenaar Arrangement, which we wrote earlier , was developed. Thus, the customer (state or military bloc) can be confident that this company works only in the interests of the desired ally. The data leakage of the Hacking Team earlier showed that the company itself can sell exploits or purchase them from any country, regardless of the policy or instructions of the country in which the company itself is located.
The similarity of both of the above mentioned malware families is the fact that they were somehow found in large companies or departments. Stuxnet as an offensive cyber weapon was found on computers critical to Iran’s infrastructure, and the Regin spy tool on computers of Angela Merkel’s office staff. In addition, the code base of the malicious programs themselves, as well as the functions they perform, indicate that the development of this type of malware was carried out by special structures.
The data of a runaway NSA agent Edward Snowden, as well as studies of some families of malware by various antivirus companies, show that the intelligence service used various backdoors to obtain the necessary information, and 0day the exploits to hide them. Stuxnet and Regin are those malware that is most actively speculated about their affiliation with the NSA.
')
Malicious software Stuxnet, for the automatic installation of which several zero-day exploits were used, was used by the United States for political purposes to suspend work on the Iranian nuclear program. Most likely, the exploits themselves were obtained from the hands of the NSA or the security firms for which they worked, since the development of Stuxnet in the USA was recognized as an official. level It can be assumed that the vulnerabilities for Stuxnet are among the 9% mentioned above.
In order to limit the activities of security companies that can develop new exploits and sell them to special services of various countries, the Wassenaar Arrangement, which we wrote earlier , was developed. Thus, the customer (state or military bloc) can be confident that this company works only in the interests of the desired ally. The data leakage of the Hacking Team earlier showed that the company itself can sell exploits or purchase them from any country, regardless of the policy or instructions of the country in which the company itself is located.
The similarity of both of the above mentioned malware families is the fact that they were somehow found in large companies or departments. Stuxnet as an offensive cyber weapon was found on computers critical to Iran’s infrastructure, and the Regin spy tool on computers of Angela Merkel’s office staff. In addition, the code base of the malicious programs themselves, as well as the functions they perform, indicate that the development of this type of malware was carried out by special structures.
Source: https://habr.com/ru/post/270387/
All Articles