Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

NSA Discovered a Serious Microsoft Software Vulnerability – and Told Microsoft

February 27, 2020

The NSA has a reputation for weaponizing software vulnerabilities so it can utilize the vulnerabilities itself. But bully for the NSA – not this time.

The Washington Post (sub.req.) reported last month that the National Security Agency had discovered a major flaw in Microsoft's Windows operating system — one that could expose computer users to significant breaches, surveillance or disruption — and alerted the firm about the problem rather than turning it into a hacking weapon.

This is a major shift, with NASA, choosing to put computer security ahead of building up its arsenal of hacking tools that allow the agency to spy on adversaries' networks.

"This is . . . a change in approach . . . by NSA of working to share, working to lean forward and then working to really share the data as part of building trust," said Anne Neuberger, director of the NSA's Cybersecurity Directorate, which was launched in October. "As soon as we learned about [the flaw], we turned it over to Microsoft."

Security experts applauded the move. "Big kudos to NSA for voluntarily disclosing to Microsoft," computer security expert Dmitri Alperovitch said in a tweet. "This is the type of [vulnerability] I am sure the [NSA hackers] would have loved to use for years to come."

The NSA's action may help restore the agency's image, which was tarnished after it lost control of a powerful hacking tool it called EternalBlue. One former agency hacker said using EternalBlue was like "fishing with dynamite" because the intelligence yields were so bountiful.

The NSA built that weapon by exploiting a software flaw in some Microsoft Windows operating systems and used it for at least five years without telling the company. But when the agency learned that the tool had been obtained by others, it alerted Microsoft, which issued a patch in early 2017. About a month later, Shadow Brokers, a suspected Russian hacking group, released the NSA tool online.

Despite the patch, Russian and North Korean hackers were able to turn the tool to their own purposes, launching destructive attacks such as NotPetya and WannaCry that created global havoc and costly damage to businesses and other organizations.

It is great to see the NSA rebuilding its reputation and sharing software vulnerabilities with companies rather than weaponizing them.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson