sb-eu logo
Story image

'Leaker' behind massive NSA breach possibly still working at agency

15 Nov 2017

Around mid-2016 the United States National Security Agency (NSA) was breached – and it has been revealed the ‘leaker’ might still be at play.

The breach was reported as ‘catastrophic’ and even more damaging than Edward Snowden’s massive data leak.

Since August 2016, a group called the Shadow Brokers has been releasing information on NSA cyberweapons.

And now, former deputy and acting director of the CIA, Michael Morell says 15 months since the first leak occurred they don’t know what else the leakers might have or how the information got out of the NSA in the first place.

Morell says the scariest thing about the whole ordeal is that for all they know, the group could still be actively stealing information.

Head of Product Management at Huntsman Security, Piers Wilson says this news is truly astonishing.

“For a former director of the CIA to admit that, 15 months after the initial Shadow Brokers breach, the leaker might still be employed there is a stunning admission,” says Wilson.

“It once again highlights how incredibly difficult it can be to spot insider threats, since the majority of network security solutions are geared up to identify detectable, external dangers often based on publicised signatures and little more.”

Wilson says if the the leaker is still working for the NSA, they can bypass so many crucial lines of defence because they already have access to the network and systems – allowing them to compromise sensitive data without raising the alarm if they have knowledge of what controls are in place and how to subvert them.

In the wider corporate world these kind of breaches may not even involve any malicious intent – merely ignorance, negligence, or just plain carelessness.

“If insider threats are a problem at the NSA, one of the most security-conscious organisations on the planet, it just shows that security must focus on the early detection, investigation and verification of risks in the broadest sense - known and unknown, insider and out; creating baselines of ‘normal’ behaviour so that any anomalous activity can be identified,” says Wilson.

“This type of approach enables organisations to take the appropriate action to deal with any given threat, regardless of the source or motive. The alternative is more damaging security leaks like Shadow Brokers and last weeks’ Vault 8 revelations.”

Story image
Intel creates 10th Gen vPro processors for 'next generation of business computing'
“Built for business, the Intel vPro platform is a comprehensive PC foundation for performance, hardware-enhanced security, manageability and stability,” says Intel.More
Story image
Developers using Firebase urged to check configuration after leak exposed
Firebase, a data storage solution for apps, is used by an estimated 30% of all apps on the Google Play store – and data from Comparitech’s study released today indicates that 4.8% of apps using Firebase are ‘not properly secured’.More
Story image
Zoom buys encryption startup in its first-ever acquisition
Zoom has today announced its first-ever acquisition in its nine year history, absorbing Keybase, a secure messaging platform in a bid to up its security game.More
Story image
DDoS attacks doubled in Q1 2020 as attackers target remote workers
Threat actors are clearly taking advantage of the great shift to remote working and learning incited by the outbreak of COVID-19, in which people are isolated and are therefore heavily reliant on digital resources. More
Story image
One in three ransomware attacks target business users
Ransomware has become a big challenge for many organisations, despite the attack method not being the most advanced threat.More
Story image
FireEye unveils Cloudvisory: A multicloud security control centre
FireEye has announced the availability of FireEye Cloudvisory - a control centre for cloud security management across any private, public or hybrid security environment.More