The NSA (and its army of expert hackers) has once again been hoist upon its own petard. And this time, it's not a shadowy group of hackers using aliases like "the Shadow Brokers" that's stealing the agency's code. It's the Chinese government, and its massive security apparatus.
According to Reuters, Chinese spies managed to hijack code first developed by the NSA to support the agency's hacking operations, the latest example of how malicious software developed by the US federal government has been used against the US, or its allies. Chinese spies reportedly first used the code developed by the NSA to support their own operations.
The revelations were first shared by a team of Israeli researchers called Check Point Software Technologies, which issued a report noting that some features in a piece of China-linked malware it calls "Jian" were so similar they could only have been stolen from a cache of NSA hacking tools that was leaked to the web back in 2017. Some of these tools were later repurposed for the "WannaCry" corporate ransomware hacks which happened that year. And authorities have never been clear about what, exactly, may have been stolen.
Apparently, the US is only just learning the worst-case scenario: many of these weapons have fallen into the hands of Beijing.
The "Jian" exploit was described by the Israelis as "a Chinese replica" of NSA-made US tools.
Tel Aviv-based Check Point Software Technologies issued a report noting that some features in a piece of China-linked malware it dubs “Jian” were so similar they could only have been stolen from some of the National Security Agency break-in tools leaked to the internet in 2017.
Yaniv Balmas, Checkpoint’s head of research, called Jian “kind of a copycat, a Chinese replica.”
One of Reuters' sources said Lockheed Martin (which is credited as having identified the vulnerability exploited by Jian in 2017) discovered the vulnerability on the network of an unidentified third party. In a statement, the company said it "routinely evaluates third-party software and technologies to identify vulnerabilities."
Countries around the world develop malware that breaks into their rivals’ devices by taking advantage of flaws in the software that runs them. Every time spies discover a new flaw, they must decide whether to try to exploit it, or help to fix it. Some say that this latest evidence of the NSA's tools being used against it is another reason for the agency to consider fixing more vulnerabilities instead of exploiting them.
Checkpoint’s research is thorough and “looks legit,” said Costin Raiu, a researcher with Moscow-based antivirus firm Kaspersky Lab, which has helped dissect some of the NSA’s malware.
Balmas said a possible takeaway from his company’s report was for spymasters weighing whether to keep software flaws secret to think twice about using a vulnerability for their own ends.
“Maybe it’s more important to patch this thing and save the world,” Balmas said. “It might be used against you."
Some might see this as karmic justice, after former NSA contractor Edward Snowden first exposed several of the NSA's illegal domestic surveillance programs back in 2013. But will this latest scandal change anything?