sb-nz logo
Story image

'Leaker' behind massive NSA breach possibly still working at agency

15 Nov 2017

Around mid-2016 the United States National Security Agency (NSA) was breached – and it has been revealed the ‘leaker’ might still be at play.

The breach was reported as ‘catastrophic’ and even more damaging than Edward Snowden’s massive data leak.

Since August 2016, a group called the Shadow Brokers has been releasing information on NSA cyberweapons.

And now, former deputy and acting director of the CIA, Michael Morell says 15 months since the first leak occurred they don’t know what else the leakers might have or how the information got out of the NSA in the first place.

Morell says the scariest thing about the whole ordeal is that for all they know, the group could still be actively stealing information.

Head of Product Management at Huntsman Security, Piers Wilson says this news is truly astonishing.

“For a former director of the CIA to admit that, 15 months after the initial Shadow Brokers breach, the leaker might still be employed there is a stunning admission,” says Wilson.

“It once again highlights how incredibly difficult it can be to spot insider threats, since the majority of network security solutions are geared up to identify detectable, external dangers often based on publicised signatures and little more.”

Wilson says if the the leaker is still working for the NSA, they can bypass so many crucial lines of defence because they already have access to the network and systems – allowing them to compromise sensitive data without raising the alarm if they have knowledge of what controls are in place and how to subvert them.

In the wider corporate world these kind of breaches may not even involve any malicious intent – merely ignorance, negligence, or just plain carelessness.

“If insider threats are a problem at the NSA, one of the most security-conscious organisations on the planet, it just shows that security must focus on the early detection, investigation and verification of risks in the broadest sense - known and unknown, insider and out; creating baselines of ‘normal’ behaviour so that any anomalous activity can be identified,” says Wilson.

“This type of approach enables organisations to take the appropriate action to deal with any given threat, regardless of the source or motive. The alternative is more damaging security leaks like Shadow Brokers and last weeks’ Vault 8 revelations.”

Story image
I, Technologist: Democratising data & technology for all employees
“We now have a once-in-a-generation opportunity to turn this moment of truth for technology into a moment of trust."More
Story image
Five things ANZ businesses should know about storing customers’ data
Businesses need to correlate events intelligently across multiple threat surfaces, application layers, and time spans to connect event A, to event B, to event C — even if they are months apart.More
Story image
Soft Solutions rolls out new WatchGuard billing system for NZ
"This flexible procurement model builds upon our partner first strategy, supports companies in their cloud transformation and allows them to benefit from increased protection and flexible, scalable IT infrastructure."More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Story image
Video: 10 Minute IT Jams - SonicWall VP on the cybersecurity lessons learned from the last 12 months
This is our seventh IT Jam with SonicWall, the cybersecurity company specialising in firewall, network security, cloud security and more.More
Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More