Government grade cyber weapons with dramatic real world consequences like STUXNET not only exist but have long been feared by experts due to their ability to be acquired and repurposed by others. For example, a terrorist organization like ISIS, wielding a tool like STUXNET, could aim it at Western power grids or nuclear plants.
While STUXNET did actually leak un-intendedly to the public through a bug in the propagation code and some mis-guided upload tests to services like VirusTotal, it’s risk was mitigated by the fact that the source code did not leak. Even in this circumstance the leaked weapon posed a real threat, as it was quickly reverse engineered and new concepts taken, but was still very difficult to re-purpose or “weaponize” the tool to attack others. Fortunately, in the case of STUXNET, it was designed for one very specific purpose and thus it’s usage elsewhere was largely minimized . Now on the other hand, if the source code of a sophisticated cyber weapon ever leaked out to the public it could allow any group, including a terrorist one, to quickly weaponize and use it at their own will, significantly raising the stakes to alarming levels.
This leaked source code scenario described above would be a security risk to all, and unfortunately as of last week’s Shadow Brokers event leaking NSA hacking toolset, this potential “doomsday” event is now a reality. For the first time ever, government grade (multi-million dollar) cyber weapon has leaked in source code form to the general public giving dangerous groups control of said weapon…
What has been the fallout since some of the tools have leaked? What are the serious concerns of the leak? What shouldn’t we be concerned about related to the specific leak? Is this the cyber doomsday scenario experts have worried about??
The simple answer is: No.
Let me break down the “Why” for readers including what happened:
Last week a group calling itself The Shadow Brokers offered a leaked cache of files most professionals confirmed to be authentic source code of NSA Cyber Weapons. Here is a no-nonsense evaluation of the leak and its potential risks:
The good news:
The bad news:
What do you think about Shadow Brokers and Cyber Weapons? Reach out to us @jasklabs on twitter with your thoughts.
Article by Greg Martin, Co-Founder and CEO of JASK a Silicon Valley based startup building AI for Cyber Security. Follow him on Twitter: @gregcmartin