Source: Slides from RSAC 2020 presentation
Let’s say you want to pull off a seriously significant hacking caper against targets that are more than just a little bit sophisticated. As an accomplished hacker you have two choices. You can either crack open that case of Red Bull and toil away for weeks or months developing your own code or, you can hi-jack and repurpose someone else’s killer code and spend your free time however you like. It’s this lazy-man’s (smart man?) approach that former NSA hacker Patrick Wardle shared with the audience at this year’s RSA security conference.
Why Toil When Stealing is So Easy?
Wardle, who now specializes in macOS and iOS security at Jamf made the case for “borrowing” the code of others, especially well funded government sponsored hackers.
Wardle supported his premise by sharing with the audience how he altered 4 different Mac malwares that have successfully been used by others in recent years. With just a little effort he was able to alter the potent and proven code of others to report to his own command servers. Once hi-jacked he could install his own payloads to accomplish whatever goals he was interested in.
So Many Benefits, So Little Time
Repurposing the code of others is nothing new. WannaCry and its cousin NotPetya that rode roughshod across the globe a few years back were aided in their virality by incorporating EternalBlue, the NSA Window’s exploit that was stolen and later released by Shadow Brokers.
Recycling the great work of others brings many benefits:
- Quicker development time
- Proven effectiveness
- Let’s you use other’s code in hi-risk environments
- Masks your identity
- Implicates others if detected.
The CIA Has a Repurpose Library
According to an article on theintercept.com from 2017 which cites a tranche of Wikileaks documents, the CIA hacking resource known as UMBRAGE has created a repository of other group’s “techniques” that “can not only increase its total number of attack types, but also misdirect attribution by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from.” “The goal of this repository is to provide functional code snippets that can be rapidly combined into custom solutions.”
At Konsultek we create custom security solutions designed to keep your organization safe from even the most sophisticated attacks. For many organizations, perhaps yours, the biggest value contained in your network may not be personal information at all but rather commercial data such as specifications and trade secrets. We help organizations of all types protect their valuable information by developing and deploying custom solutions using the best technologies available on the planet. If you have concerns, we have solutions and the good news is we are just a phone call away!