NSA Malware Goes Undetected in Test for 0-Day Test Platform
The Register is reporting the U.S. National Security Agency (NSA) is now publicly working with at least one network testing vendor to develop a 0-day test platform. The test used small sample sizes but the quality of code difference was pronounced:
The ultra-secretive US spy agency supplied network testing firm Iometrix with eight worms as part of its plans to develop what it describes as the industry's first Zero-day Attack Test Platform.Richard Dagnell, VP of sales and marketing at Iometrix, said the six month project also featured tests involving two worm samples developed by a convicted hacker. The potency of the malware supplied by the NSA far exceeded that created by the hacker.
In what sounds a lot like the kind of hubris that does in heroes of Greek tragedies, a senior technology consultant remarked:
"You don't need to write viruses to test security technologies. There's no shortage of new malware. Also you examine existing stuff and study techniques," said Graham Cluley, senior technology consultant at Sophos. ®
Where do you get the existing stuff? Is your source of data biased? Does it represent the full spectrum of malware that is being developed? I doubt if you are scanning traffic with existing AV techniques and luring with honeypots you are going to find the worst of the worst malware. That would be created by entities with large resources (like the NSA and major cybercrime operations) for use at specific targets. Of course we should test with malware from the NSA. Chances are they are not just reusing techniques passed around hacker chat rooms.
Put a lid on the hubris, it didn't do much good for the characters in Greek tragedies.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
