So FireEye is a big cybersecurity company. They were hacked and got all of their offensive hacking tools stolen. Both their statements and the FBI says that the hacker was probably a foreign government because it was a really sophisticated attack, but they never publicly says it was Russia. Some of the articles about this don't even mention Russia (https://www.cnn.com/2020/12/08/tech/fireeye-cyberattack/index.html).
The NYT says, with no discernible sources, that:
" The hack raises the possibility that Russian intelligence agencies saw an advantage in mounting the attack while American attention — including FireEye’s — was focused on securing the presidential election system. At a moment that the nation’s public and private intelligence systems were seeking out breaches of voter registration systems or voting machines, it may have a been a good time for those Russian agencies, which were involved in the 2016 election breaches, to turn their sights on other targets."
Yeah but last time this happened (to the NSA) the NHS almost got destroyed as a result
deleted by creator
Ok so cyberattacks are usually very hard to investigate because a good hacker will delete all of the evidence from the systems they've hacked, and also because it's easy to throw in false evidence. For instance, if you're a Chinese hacker you can write your code with a bunch of Russian names and comments, and then people will think you're Russia. One known hacking group is the "Equation Group", which is a part of the NSA.
In 2016 the Equation Group got hacked by some guys called the Shadow Brokers. No one knows who the Shadow Brokers are, but they're probably either rogue NSA employees or an American rival like Russia. They stole a bunch of attacking tools from the NSA, and then started releasing the source code for these tools to the public, one at a time. I think originally they were trying to blackmail NSA, but when NSA wouldn't negotiate the Shadow Brokers released all of the attacking tools at once. These tools included "zero days", which for our purposes are a really powerful kind of hacking tool. North Korean hackers went ahead and used these newly available zero days to create a worm, which is a malicious program that can spread itself. The work was called WannaCry, and it quickly spread out of control. One of the organizations hit hardest by it was the NHS, because their computers were on the older side (thanks Tory budget cuts). Basically every NHS computer stopped working at the same time, leaving hospitals in chaos. A bunch of procedures got delayed.
So it's kind of like if the US airforce got an f35 fighter jet stolen by Iran (which would be pretty funny), but then that jet was used to bomb a random city (not so funny). I don't think FireEye's hacking tools are as powerful as Equation Group's, but randomly releasing cyber weapons to the public can have bad consequences for everyone.
deleted by creator
Agreed. A responsible government might pay security researchers to find 0 days, but then they would turn around and make sure their citizens were safe from them. The NSA is more interested in attacking other countries then protecting US citizens or allies.
But if they disclose zero-days and they are fixed, the NSA loses a hacking method from their toolbox. I'm sure they are constantly evaluating if hacks can provide more "good" (in terms of the state's interest) than potential harm. They aren't whitehats and we shouldn't expect them to be
deleted by creator
deleted by creator
deleted by creator
deleted by creator