You are the Weakest Link Part 1: Government Vulnerabilities and the NSA Ransomware Attack

0
nsa ransomware
Gennady Stetsenko | Shutterstock.com

Government intelligence systems grew along with human civilization until modern technology produced a massive growth spurt. Yet, when problems arise, the common denominator is human.

U.S. Government agencies like the NSA and CIA are notorious for mass surveillance programs, and have collected unimaginable amounts of data at home and abroad over the decades.

Just days before President Trump took office, former President Obama, under Executive Order 12333, allowed the NSA to share their network of 850 billion phone and Internet records unedited with other U.S. intelligence agencies like the FBI and the CIA.

Arguing for these changes, Robert Litt, a prominent intelligence community lawyer, asserted that this change in policy was a response to a lesson learned during the 9/11 attacks. That is, that intelligence should not be restricted among U.S. agencies; intelligence should be shared freely among them.

However, in light of the global NSA ransomware cyber attack last week, some wonder if a similar attack could affect sensitive or classified information, or if government agencies are vulnerable to an attack like this.


Those who worry do so because of quotes like this from the LO AND BEHOLD documentary interview with legend Kevin Mitnick: “people are the weakest link in security. Not technology, people.”

#Unpresidented

National Security Advisor H.R. McMaster stood up for President Trump twice last week, once regarding the President leaking classified information regarding ISIS to Russian foreign minister Sergei Lavrov.

According to McMaster, the President’s actions were appropriate.

“people are the weakest link in security. Not technology, people.” – Kevin Mitnick

The U.S. President can declassify classified intelligence, and can do so simply by casually discussing classified information. Yet, this power requires discretion and coordination. Just like Mitnick highlights, sometimes we are our own biggest security threats.

Aside from potentially compromising ourselves with a misstep, we are also constantly vulnerable to tactics we don’t even know others have.

The truth is, we make ourselves vulnerable not just by using the Internet, but also certain software.

The NSA Ransomware Attack

As you’ve probably read, the WannaCry cyber attack targeted over 75,000 entities in 99 countries on May 12th, 2017.

This attack was perpetrated by unknown actors utilizing NSA ransomware and malware leaked by the ShadowBrokers mid-2016.

Microsoft patched their still-supported operating systems against these vulnerabilities, so if you regularly patch your Windows 7 or newer system, you were protected.

Systems using Windows XP, which was reported to still be in use by 7% of computer systems around the world, were vulnerable.

Many of the businesses compromised by the WannaCry NSA ransomware attack simply did not update their systems despite having almost a year to protect themselves.

How possible is it for an attack like this to compromise the NSA, CIA, or other custodians of intelligence and national security?

How Government Agencies Protect Themselves

Since 1986, the Energy Sciences Network, or ESnet, has supplied a secure,  at least 100-gigabit-per-second Internet connection to government agencies including the White House and NASA. Think of it as a shadow network.

In fact, the Internet began as one of these smaller networks. Since the Internet began, it’s been called, “a kind of loose democracy of individual computers and LANs.

The tech that supports the Internet has advanced spectacularly, but the number of people with different levels of computer literacy and moral frameworks has swelled also.

The growing human threat to cyber security highlights the importance of backbones in sensitive data transmission, as NASA, other government agencies and large corporations pay huge sums to create and maintain these backbones.

These backbones form incredibly strong cyber security systems.

ESnet transatlantic R&E bandwidth runs at 740 Gbps.Click To Tweet

So, it is possible to have an internal infrastructure where information is stored physically on the device in a fixed physical location, and only individuals with access to that machine in that location would have access to the data. Also, it is possible to connect that internal infrastructure into a larger but still exclusive network (via LAN, regional, backbone, etc).

Of course, questionable actors with access to these networks could leak sensitive information, but these institutions also practice extreme vetting, making that less likely to happen than accidental negligence causing a vulnerability in the system. Something like a Google dork.

But ESnet is still connected across various geographic locations. There are also probably other shadow networks we aren’t aware of for obvious reasons.

From the 2014 Extremetech article: “Moving forward, I’m sure the ESnet’s 100-gigabits-per-second won’t be bleeding edge for much longer. Most of the world’s large research and education networks — such as the UK’s JANET and Europe’s GEANT — have had 100-gigabit backbones for a few years now. The IEEE is currently working on the next high-speed network standard — somewhere between 400Gbps and 1,000Gbps (1Tbps) — which should be ready by 2017.”

And the author was correct. As of now, the ESnet’s Transatlantic R&E is running at a record-breaking 740 Gbps.

Civilian Sector Protections

What updates do we as the average Internet users have? What about wifi? How does wifi make a person or organization more vulnerable to cyber attack?

Stay tuned for Part 2 of this series where we will consider the vulnerabilities of civilian network infrastructure.

banner ad to seo services page