On two occasions this month, cyber weapons have been stolen from the  National Security Agency and have been used against U.S. allies Britain and Ukraine.

The N.S.A. has not acknowledged its role in the creation of these cyber weapons while the White House has deflected inquiries on why the N.S.A. was creating such weapons. They insist that the focus should be on finding who has attacked the N.S.A.

The cyberattacks have targeted hospitals, a nuclear site, and American businesses. There is concern that the N.S.A. has created cyberweapons that they do not know how to keep safe and out of attackers hands.

Democratic Representative Ted Lieu of California, a former Air Force officer, called upon the N.S.A. to stop hoarding knowledge of the cyberweapons so that companies can prepare themselves against attacks.

Michael Anton, a spokesman for the National Security Council stated that the government, “employs a disciplined, high-level interagency decision-making process for disclosure of known vulnerabilities” in software, “unlike any other country in the world.” He also stated that the Trump administration “is committed to responsibly balancing national security interests and public safety and security,” but did not comment “on the origin of any of the code making up this malware.

The Department of Homeland Security said it had evidence North Korea was responsible for the stealing the cyberweapons. However, the attacks made last Tuesday in the Ukraine seemed to be the work of Russian hackers, but these allegations have not been confirmed.

Leon E. Panetta, the former defense secretary, stated, “whether it’s North Korea, Russia, China, Iran or ISIS, almost all of the flash points out there now involve a cyber element. I’m not sure we understand the full capability of what can happen, that these sophisticated viruses can suddenly mutate into other areas you didn’t intend, more and more. That’s the threat we’re going to face in the near future.

In both cases, the attackers used hacking tools that exploited vulnerabilities in Microsoft software. A group called the Shadow Brokers made them stolen tools from the N.S.A. public in April and started offering N.S.A. weapons for sale in August. The ground offered new N.S.A. information to monthly subscribers. The identities of the Shadow Brokers remain a mystery.

Brad Smith, the president of Microsoft, said the N.S.A. was the source of the “vulnerabilities” and called on them to “consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”

We now have actors, like North Korea and segments of the Islamic State, who have access to N.S.A. tools who don’t care about economic and other ties between nation states,” said Jon Wellinghoff, the former chairman of the Federal Energy Regulatory Commission. Mr. Panetta agreed with Mr. Wellinghoff’s statement. Panetta stated, “when these viruses fall into the wrong hands, people can use them for financial gain, or whatever incentive they have — and the greatest fear is one of miscalculation, that something unintended can happen.”

Despite such push back, security experts say the N.S.A. is unlikely to stop hoarding software vulnerabilities any time soon.

 

Featured Image via Wikimedia