Opinion

The NSA is running amok

The National Security Agency needs to stop recklessly undermining computer security

The National Security Agency (NSA) is supposed to protect American citizens from high-tech threats. But who will protect Americans from their screw-ups?

Last week, countries around the world reeled as a virulent piece of ransomware (which forcibly encrypted local data, then demanded payment in bitcoins to release the files) spread through tens of thousands of computer systems, including in banks and hospitals. Russia was worst hit, but the U.K. suffered serious damage as well, with its National Health Service suffering serious disruptions to medical services.

The story got much more infuriating when experts figured out that the computer worm was a slightly modified version of an exploit built by the NSA — one stolen by the "Shadow Brokers" and leaked over the internet. Luckily, a 22-year-old British researcher accidentally tripped the worm's off switch, containing the damage — at least for now. Different versions have already cropped up without that off-switch, though none as yet has spread to the same degree.

It's time for American security agencies to actually start securing the safety of American computer networks — and the first step is to stop building and stockpiling computer security exploits.

As Charles Stross explains, neither the worm nor the ransomware adaptation of it were exactly masterpieces of cyber crime. The worm only worked on older Windows computers which hadn't disabled legacy file-sharing. What's more, when the Shadow Brokers leaked all the NSA tools, Microsoft had actually already released updates to patch most of its vulnerabilities (suggesting someone had tipped them off about what had been hacked).

Additionally, the ransomware's off-switch was simply a long gobbledygook domain name that was hard-coded into the program. It turned out the worm checked to see if the domain was active before it delivered its payload, so when the security researcher stumbled across it and registered it out of curiosity, he accidentally stopped the spread of the worm.

However, it turns out there are tons and tons of computers still running outdated version of Windows, and tons and tons of people who procrastinate about annoying software updates — or don't even know how to do them. Even a poorly designed, weak piece of malware can do terrible damage when directed at the most outdated computer networks.

This brings me back to the NSA. If you ask why they are building and stockpiling security exploits for the most common operating systems, they will say it's for espionage operations against foreign enemies.

But the actual benefits of such things are highly questionable. Probably the most successful one ever was the fearsome Stuxnet worm, which did moderate damage to Iranian uranium enrichment facilities back in 2009. But the damage was quickly repaired, and did not do nearly as much to control the Iranian nuclear program as the diplomatic agreement signed under President Obama.

Conversely, as we are seeing today, the damage from building and piling up malware is potentially catastrophic. The NSA obviously cannot secure its own networks, and so any such weapon is one misstep away from falling into the hands of foreign governments, gangsters, or terrorists. And again, this worm was rather amateurish, and built from known materials — thus giving Microsoft a bit of a head start for patches. But suppose some real professionals secretly hacked unknown NSA zero-day exploits, and built a worm designed to attack American financial systems or critical infrastructure?

If we had any sense, we would be dedicating at least the majority of our computer security spending to, you know, security: investigating, upgrading, and maintaining American computer systems to defend them against attack. (In reality, it's roughly 90 percent offense, 10 percent defense.) The NSA could probe commercial software for vulnerabilities, and then quietly inform the developer so they could be patched, as Microsoft President Brad Smith argues. Second, instead of trying to coerce tech companies to build back doors into their devices and software, the government could help them with security, particularly user-friendly end-to-end encryption. They could help support open-source software ecosystems, which are part of many pieces of critical internet infrastructure.

Perhaps most importantly, the government could help keep older operating systems secure (like Windows XP, which Microsoft was forced to update this week after abandoning it three years ago), and help people upgrade their equipment and software.

Of course, the NSA will do nothing of the sort. They helplessly define "national security" in a way that excludes their own failures enabling crime and terrorism. But if we had a lick of sense, we'd just abolish the NSA and start a new agency with a more sensible definition.

More From...

Picture of Ryan CooperRyan Cooper
Read All
Democrats' mini-nuke option to stave off economic collapse
Joe Manchin and Kyrsten Sinema.
Opinion

Democrats' mini-nuke option to stave off economic collapse

The case for medical price fixing
Pills.
Opinion

The case for medical price fixing

Tigray and the shredding of international law
A Tigray child.
Opinion

Tigray and the shredding of international law

The only way to save Biden's agenda
President Biden and Krysten Sinema.
Opinion

The only way to save Biden's agenda

Recommended

Biden's immigration bind
President Biden.
Picture of W. James Antle IIIW. James Antle III

Biden's immigration bind

The Haitian migrant surge, explained
Haitian migrants.
Briefing

The Haitian migrant surge, explained

'Distinctive navy-blue shoes' helped the FBI arrest Jan. 6 Capitol riot suspect
Blue shoes
Capitol Riot Aftermath

'Distinctive navy-blue shoes' helped the FBI arrest Jan. 6 Capitol riot suspect

Drafts of audit report confirm Biden defeated Trump in Maricopa County
Arizona Cyber Ninjas audit.
millions of dollars later...

Drafts of audit report confirm Biden defeated Trump in Maricopa County

Most Popular

Jimmy Fallon and Nicole Kidman almost make it through interview without awkwardness
Jimmy Fallon and Nicole Kidman
Last Night on Late Night

Jimmy Fallon and Nicole Kidman almost make it through interview without awkwardness

7 cartoons about America's vaccine fights
Editorial Cartoon.
Feature

7 cartoons about America's vaccine fights

Democrats are governing like Republicans
A donkey.
Picture of W. James Antle IIIW. James Antle III

Democrats are governing like Republicans