In a reflection of how difficult it is to spot insider threats, the former CIA director Michael Morell has admitted that the employee linked with the NSA Shadow Brokers leak last year might still be working at the organisation.
Morell says that fifteen months after the incident, the NSA is yet to find out how much information hackers stole last year and how the information got out.
In August last year, a hacker group known as the Shadow Brokers offered a large number of secret NSA documents for sale for a million Bitcoins (£438 million) on the web. These documents detailed a number of NSA hacking tools that could be used to target major organisations as well as foreign governments.
Following the leak, NSA whistleblower Edward Snowden said that the leak ould pose significant foreign policy consequences for the United States, especially if NSA’s own tools were used to target US allies.
Fifteen months after the leak took place, Michael Morell, a former acting director at the CIA, says that the NSA is yet to find out how much information hackers stole last year and how the information got out. Because of the lack of progress in the investigation, an employee who was linked to the disastrous leak is still working at the organisation.
‘We don’t know what else the leakers may have, and most important… we don’t know how this information got out of the National Security Agency. And that’s 15 months after the first leak occurred,’ Morell said on “CBS This Morning” on Monday.
‘That’s what’s most scary to me because that says we don’t know the totality of this, and more important, we don’t know if they’re stealing information as we sit here right now,’ he added.
Morell also admitted that the leaked NSA hacking tools were used to collect intelligence on the United States’ adversaries to protect the country and that the leak could be an inside job of a disgruntled employee.
Commenting on the revelation, Piers Wilson, Head of Product Management at Huntsman Security, says that the fact that NSA has yet been unable to pinpoint the villains of last year’s leak points to the fact that they have not focussed on ‘the early detection, investigation, and verification of risks in the broadest sense – known and unknown, insider and out.’
‘If the leaker is still working for the NSA, they can bypass so many crucial lines of defence because they already have access to the network and systems – allowing them to compromise sensitive data without raising the alarm if they have knowledge of what controls are in place and how to subvert them. In the wider corporate world, these kind of breaches may not even involve any malicious intent – merely ignorance, negligence, or just plain carelessness.’
Wilson adds that early detection, investigation, and verification of risks enables organisations to take the appropriate action to deal with any given threat, regardless of the source or motive.