NSA opened an account on GitHub

    The National Security Agency, an American intelligence agency that has traditionally operated in secrecy, has finally joined GitHub and launched the official page: github.com/nationalsecurityagency . There, the NSA will publish the source code for its programs. There is a peculiar irony in this, since a lot of NSA software has previously leaked to open access, that is, it has become de facto free, without any assistance from the NSA. Like the same EternalBlue tool that the Shadow Brokers hacker group merged among other NSA tools in April 2017 , and later a WannaCry worm and crypto ransomware were developed on its basis.

    But of course, the office is not going to voluntarily publish its secret tools here, which are used for espionage and intelligence. But they have a lot to share with the community safely.

    After all, the NSA employs hundreds of high-class, ingenious programmers and top mathematicians. These are good guys, they attend hacker conferences and other computer conferences, including programming, and maintain contact with colleagues "on the other hand." All have common interests and areas of knowledge. It is unlikely that NSA employees have the opportunity to hide their place of work.

    Traditionally, the NSA was considered a secret organization and did not say anything about its activities. However, after the leaks of Edward Snowden in 2013, it began to slowly and gradually open to the world. Even then, the NSA opened a Twitter account, and now - a repository on GitHub. The agency also launched https://nationalsecurityagency.github.io/ . In total, the NSA is ready to share 32 different projects with the world, all of which are part of the NSA Technology Transfer Program ( TTP ). Although some of the projects are not yet fully operational, they are marked 'coming soon'.

    The TTP page indicates that this program is working with "agency innovators who wish to use this collaborative model to transfer their technology to the commercial market."

    The NSA lists the benefits of open source software and a free license. It is indicated that such a model stimulates the widespread use of software and its widespread installation. Society benefits from the use of such programs, their changes and the commercialization of software. In turn, the government benefits from the open source community making improvements to the programs.

    Many of the projects that the NSA has uploaded are already very old and have long been available to the community. For example, the SELinux security engine has long been included in the Linux kernel. But now we know that it was developed at the NSA, so Linux users can be proud - the NSA code runs on their computers.

    Other NSA projects are also of some interest. Here is some of them:

    • Certificate Authority Situational Awareness (CASA) : A simple tool that identifies unexpected and forbidden certificate authority certificates on Windows computers.
    • Control Flow Integrity : A hardware-based technique to prevent exploits that exploit memory corruption.
    • DCP : a program that reduces the time it takes to make a copy of a hard disk for analysis in forensic examination.
    • FEMTO : indexing and search system for requests for byte sequences. Provides extremely high speed search on data in arbitrary formats.
    • goSecure : an easy-to-use portable VPN built on Linux and Raspberry Pi.
    • GRASSMARLIN : provides IP network awareness for ICS and SCADA networks with support for network security.
    • Open Attestation : a project for remote acquisition and verification of system integrity using the Trusted Platform Module (TPM).
    • RedhawkSDR : software-defined radio (SDR) framework that provides tools for developing, deploying and managing real-time software radio applications.
    • OZONE Widget Framework (OWF) : This is a web application that runs in a browser. It allows users to create lightweight widgets and get convenient access to all their online tools from one place.

    Also popular now: