The NSA Hack and the Sorry State of Cyber Security

In the hit USA Network series Mr. Robot, a rogue group of hacktivists target major corporations and the government. In a recent episode, the group enlists the help of a malicious insider to hack the FBI. Sound far-fetched? Maybe not: Around the same time this episode aired, an anonymous group of hackers known only as the “Shadow Brokers” leaked 300 megabytes of information from the U.S. National Security Agency (NSA). The NSA hack compromised highly sophisticated hacking tools used by the spy agency to conduct cyber espionage, including zero-day vulnerabilities that can be exploited to breach corporate firewalls. The Washington Post reports:

The file contained 300 megabytes of information, including several “exploits,” or tools for taking control of firewalls in order to control a network, and a number of implants that might, for instance, exfiltrate or modify information.

The exploits are not run-of-the-mill tools to target everyday individuals. They are expensive software used to take over firewalls, such as Cisco and Fortinet, that are used “in the largest and most critical commercial, educational and government agencies around the world,” said Blake Darche, another former TAO operator and now head of security research at Area 1 Security.

The NSA hack has rattled the nerves of cyber security professionals across the nation and around the globe. Not only was one of the most secure systems on the planet compromised, but the release of elite hacking tools and a list of existing vulnerabilities has put numerous private-sector corporations at risk – including at least two major cyber security providers.

It is widely believed that the Shadow Brokers are Russian nation-state hackers, but this theory has not been proven, nor does anyone know how they managed to get their hands on the NSA’s hacking toolbox. However, since nearly all data breaches result from the misuse of legitimate login credentials, the leak very well may have originated from within the NSA, either through a malicious insider (as portrayed in the Mr. Robot story arc) or through a careless or negligent employee clicking on a phishing link or sharing their password.

The NSA hack also has everyone asking, if a covert government spy agency’s data isn’t safe from hackers, what about everyone else’s? So far, 2016 has seen, among other major cyber security incidents:

• Numerous ransomware attacks on the healthcare industry, including the infamous Hollywood Presbyterian attack
• An epidemic of tax data spear phishing schemes, including one that compromised an NBA team
• The hijacking of the SWIFT Network bank messaging system by a team of international cyber bank robbers
• The Wendy’s POS data breach, which resulted in a class-action lawsuit against the fast-food chain
• A former St. Louis Cardinals employee being sentenced to prison for hacking the Houston Astros – using crude techniques to get past weak cyber security barriers
• Information security providers themselves being compromised due to the NSA hack

What’s next? It can be scary to think about. The hacks just keep coming, and both public and private sector organizations in all industries seem ill-prepared to defend against them.

However, now is not the time to panic. Instead, the NSA hack should be a wake-up call for organizations to reevaluate their information security procedures from top to bottom. A cyber security plan is never “finished.” It must be continuously reassessed and rewritten as new technologies and threats emerge. Further, a proactive approach is always better than reacting after a breach has happened. The NSA hack did not have to happen, and neither did any of the other hacks mentioned above. Proactive security measures, from employee training to network monitoring, could have prevented all of these hacks.