sb-nz logo
Story image

'Leaker' behind massive NSA breach possibly still working at agency

15 Nov 2017

Around mid-2016 the United States National Security Agency (NSA) was breached – and it has been revealed the ‘leaker’ might still be at play.

The breach was reported as ‘catastrophic’ and even more damaging than Edward Snowden’s massive data leak.

Since August 2016, a group called the Shadow Brokers has been releasing information on NSA cyberweapons.

And now, former deputy and acting director of the CIA, Michael Morell says 15 months since the first leak occurred they don’t know what else the leakers might have or how the information got out of the NSA in the first place.

Morell says the scariest thing about the whole ordeal is that for all they know, the group could still be actively stealing information.

Head of Product Management at Huntsman Security, Piers Wilson says this news is truly astonishing.

“For a former director of the CIA to admit that, 15 months after the initial Shadow Brokers breach, the leaker might still be employed there is a stunning admission,” says Wilson.

“It once again highlights how incredibly difficult it can be to spot insider threats, since the majority of network security solutions are geared up to identify detectable, external dangers often based on publicised signatures and little more.”

Wilson says if the the leaker is still working for the NSA, they can bypass so many crucial lines of defence because they already have access to the network and systems – allowing them to compromise sensitive data without raising the alarm if they have knowledge of what controls are in place and how to subvert them.

In the wider corporate world these kind of breaches may not even involve any malicious intent – merely ignorance, negligence, or just plain carelessness.

“If insider threats are a problem at the NSA, one of the most security-conscious organisations on the planet, it just shows that security must focus on the early detection, investigation and verification of risks in the broadest sense - known and unknown, insider and out; creating baselines of ‘normal’ behaviour so that any anomalous activity can be identified,” says Wilson.

“This type of approach enables organisations to take the appropriate action to deal with any given threat, regardless of the source or motive. The alternative is more damaging security leaks like Shadow Brokers and last weeks’ Vault 8 revelations.”

Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Link image
Software engineer backs metrics mindset in DevOps
Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
Metallic adds data management and GDPR compliance
Now GDPR compliant, additions to the portfolio include eDiscovery features and support for Microsoft Hyper-V and Azure Blob and File storage.More
Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More