NSA’s Inability to Detect and Respond to Fabricated Cryptographic Keys and Certificates Allowed Exiled Attacker to Steal Thousands of Classified Documents and Intellectual Property
Salt Lake City, UT – November 12, 2013
Venafi, the leading cyber security company in Next-Generation Trust Protection, today announced the results of in-depth research by its Threat Center team into how Edward Snowden successfully breached the National Security Agency (NSA). After months of review, analysis and peer feedback, this research reveals that the contract worker leveraged valid credentials as a low-level system administrator to fabricate cryptographic keys and digital certificates, which he then used to access and steal classified information and US intellectual property. The NSA’s inability to detect or respond to anomalous key and certificate activity on its network allowed him to infiltrate systems and exfiltrate data without being detected.
“For more than a decade, we’ve been observing similar attacks at some of the most security-minded enterprises and agencies in the world. Based on all available evidence, we’ve concluded that fabricated SSH keys and self-signed certificates along with the agency’s inability to detect their presence and use is what led to the breach,” said Jeff Hudson, CEO, Venafi. “The NSA knows this is how the breach was accomplished, and we’re so confident in our analysis and conclusions that we’re comfortable challenging the NSA—or Edward Snowden—to prove us wrong.”
Cybercriminals and nation-backed operators have successfully used unsecured keys and certificates to breach trust on enterprise and government agency systems on repeated occasion. Most global organizations have no ability to detect anomalies or to respond to attacks on trust that leverage compromised, stolen or fabricated keys and certificates. Because of these deficiencies, enterprises are “sitting ducks” according to a recent Forrester Consulting report
In addition to Forrester’s conclusion, it is also well documented that some of the most famous computer breaches have been the result of abused keys and certificates, including the Flame, Duqu and Stuxnet attacks. Attackers and common cyber-criminals understand this well, which is why attackers increasingly use self-signed certificates and maliciously manipulated SSH and asymmetric keys to attack organizations in order to steal data and valuable intellectual property.
“As a leading organization responsible for contributing to U.S. national and global cyber defense, the NSA has a responsibility to disclose the truth behind the breach,” continued Hudson. “Until the agency openly admits what happened along with all of the steps it’s taken to correct the problem, all organizations that rely on keys and certificates to ensure trust will remain vulnerable to this attack vector.”
Following analysis and peer review of the information that has been publically reported, Venafi has identified the critical elements to piece together the full story of how Snowden attacked common trust mechanisms in order to breach the NSA, and has released its findings via multiple sources that outline in detail how the attack occurred:
- Venafi CEO Blog: Deciphering how Edward Snowden breached the NSA
- Video: NSA breach kill chain whiteboard
- Infographic: Breaching the NSA, how Snowden did it
- On-demand webinar: Breaching the NSA via an attack on trust
To access the content, visit: http://www.venafi.com/NSA
For even more information and to join the Snowden discussion:
- Post to our blog: http://www.venafi.com/about/blog/
- Follow Venafi on LinkedIn: http://www.linkedin.com/company/Venafi
- Contact the NSA via email: nsapao@nsa.gov
About Venafi
Venafi is the market leading cybersecurity company in Next-Generation Trust Protection. As a Gartner-recognized Cool Vendor, Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that every business and government depend on for secure communications, commerce, computing, and mobility. With little to no visibility into how the tens of thousands of keys and certificates in the average enterprise are used, no ability to enforce policy, and no ability to detect or respond to anomalies and increased threats, organizations that blindly trust keys and certificates are at increased risk of costly attacks, data breaches, audit failures and unplanned outages.
As part of any enterprise infrastructure protection strategy, Venafi Director helps organizations regain control over trust in the cloud, on mobile devices, applications, virtual machines and network devices by protecting Any Key. Any Certificate. Anywhere™. Venafi prevents attacks on trust with automated discovery and intelligent policy enforcement, detects and reports on anomalous activity, and remediates errors and attacks by automatically replacing misconfigured and compromised keys and certificates. Venafi Threat Center provides primary research and threat intelligence for trust-based attacks.
Selected as a 2013 FiReStarter and Red Herring Top 100 company, Venafi customers are among the world’s most demanding, security-conscious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, manufacturing, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.