NSA preps public release of cybersecurity tool

The National Security Agency is preparing to release to the public a powerful cybersecurity tool used within the spy agency to analyze computer viruses, winning outside praise and helping rehabilitate the agency’s reputation after years of controversy.

The secretive organization, once nicknamed “No Such Agency,” has struggled with its reputation — especially in the tech world — after leaks by Edward Snowden in 2013 documented NSA surveillance of computers, phones, and other communication devices.

As the firestorm receded from headlines, the NSA has worked to improve its reputation within the tech community, including sending a top official to a leading hacking conference in August.

Releasing the reverse engineering tool “GHIDRA” may be the biggest step yet.

GHIDRA is a Java-based tool that can analyze computer programs and reverse-engineer their underlying code, allowing users to examine the internal workings of viruses and malware. Its existence was first noted in the batch of leaked CIA documents known as “Vault 7,” published by WikiLeaks in March 2017.

[Also read: Former NSA employee gets 66 months in prison for keeping classified information at home]

An intelligence community official told the Washington Examiner that there are three reasons the agency decided on the release: to enhance national cybersecurity, to improve technology education, and to give prospective employees the opportunity to learn how to operate a program that is used in-house at the NSA.

“If they are coming into our workforce, they come in trained on a tool that is useful to our workforce,” the official said. “They are coming in with an advantage that, 10 years ago, a software engineer or developer didn’t have.”

“Educationally, this is such a great tool to learn on. Tools are expensive, especially reverse-engineering tools. We are putting this out for free,” the official said, describing GHIDRA as having “some features and functions that some other tools might not have, and if they do, they aren’t free.”

The release will coincide with a presentation by NSA senior adviser Robert Joyce in March at the RSA Conference, an annual event sponsored by Microsoft, Intel, and RSA Security. A conference spokeswoman said the NSA “sought out” this opportunity after participating in past conferences.

Nicholas Weaver, a computer security expert at the University of California, Berkeley, praised the upcoming release.

“It does sound like a very good thing,” Weaver said. “Reverse-engineering tools are very defensive. It is how you find out what malicious code does. Improving defense helps everyone, and the NSA has a specific mandate to improve security within the U.S.”

Reverse-engineering tools aren’t the same as conventional antivirus software, Weaver said.

“This is a tool to basically dissect malicious code,” he said. “So you’ve captured a virus or other piece of bad stuff on a computer. What does it do? What is it capable of? Are there design features that may indicate a specific group? Reverse-engineering tools help you figure this out.”

Steven Aftergood, an expert on spy agencies and transparency who directs the Project on Government Secrecy at the Federation of American Scientists, also praised the release.

“It's a very interesting development and something that would never have occurred to the NSA in the past,” Aftergood said.

“It seems like the agency has recognized that information sharing has to be a two-way street and that it needs to bring something to the table,” he said. “This kind of disclosure could help promote constructive relationships with outside tech experts and might diminish some suspicions on both sides.”

The release of GHIDRA follows other less heralded NSA giveaways. Since 2016, the agency’s GitHub page has distributed more than two dozen tools, including a program that tests HTTP and HTTPS connectivity issues. The agency separately licenses agency patents to private companies with its Technology Transfer Program.

Comments are closed.