US National Security Agency tools and operational data have been infiltrated by a group known as the Shadow Brokers, according to a November 13 New York Times report, which former Central Intelligence Agency director Leon E. Panetta called "incredibly damaging." But according a former high level NSA official, vulnerabilities have become a feature, not a bug, of the intelligence community.
"By creating all these weaknesses in systems — we're detecting them and not telling the producers of the systems where the weaknesses are so they can fix them — they leave everybody vulnerable," Bill Binney, former technical director at NSA, told Radio Sputnik's By Any Means Necessary Wednesday.
It boggles the mind why the intelligence community would fail to report such weaknesses internally, especially when they are so destructive, as Panetta points out.
According to Binney, the reason is straightforward, if extremely Orwellian. By not exposing fault lines in data collection and cyberwarfare capabilities, intelligence agents can exploit them on their own without their superiors knowing about it.
The intelligence community continues this practice to "go into whatever you're doing or saying, and read what you're doing, what you're up to," Binney said, "but in the process they don't fix problems."
Eventually, hackers or leakers find these problems and make them public. After 15 months of investigating the latest intrusion by the Shadow Brokers, the FBI has yet to ascertain whether an external agent, insider or both led to the information on how NSA itself goes about hacking other systems being made public.
Due to the so-called Vault 7 disclosure of US intelligence community tactics, anybody in the world has access to the Marble program once used by the CIA to allow the US agency to hack a system and make it appear as though China or Russia or anyone else had done it. So even if they discovered who appeared to have been culpable for the latest revelation, they could be reporting a false positive they'd had a hand in creating.
In order to verify culpability, "you have to trace the packets" of data being exfiltrated, Binney continued. According to him, NSA has "embedded trace-route programs" where the flow of data can be mapped. These programs track "billions of packets every day," he said.
The first person mentioned in the New York Times report, Jake Williams, a former hacker within the NSA itself, was stunned to learn the Shadow Brokers not only knew about his involvement with the NSA, which he told the Times he had never publicly disclosed, but also that the group was intimately familiar with the nature of his work. "They had operational insight that even most of my fellow operators at T.A.O. [Tailored Access Operations, the NSA's hacking team] did not have," Williams said. "It's a disaster on multiple levels."
Despite alleged reforms to scale back data collection following Edward Snowden's revelation that the US routinely collected metadata on Americans' phone and internet data usage, Binney said the intelligence community is still working to collect as much data as physically possible.
Citing a Cisco report, Binney said just one facility in Utah can store up to one zetabyte of information per year for one of the intelligence agencies. Since Cisco, as a contractor, has done this for five years, Binney calculates "that's five times 10^21 characters," or in other words, "more information than has ever been generated by mankind in the world."