NSA uploaded network security utility on GitHub



    The US National Security Agency (NSA) has released an open-source tool to ensure the network security of government organizations and commercial companies. The system is called SIMP (Systems Integrity Management Platform), its code is located in the NSA repository on GitHub .

    The official press release of the department said that this tool is designed to help companies protect their networks from hacker attacks.

    SIMP is a framework that provides a combination of compliance with security standards and operational flexibility. The main objective of the project is to provide a management environment aimed at compliance with standards and best practices of information security.

    The text of the press release especially notes that by issuing an open tool, the NSA wants to establish a trusting relationship with the information security community in order to combine security efforts (“each company does not need to invent its own wheel”).

    SIMP currently supports Red Hat Enterprise Linux (RHEL) operating systems version 6.6 and 7.1, as well as CentOS version 6.6 and 7.1-1503-01.

    Despite the stated goal of the NSA, it will not be easy to achieve trust from representatives of IT and information security communities. Profiled media are already wondering if the SIMP utility contains any backdoors aimed at collecting data? This topic is also discussed in the Linux user forums.

    After the revelations of a former NSA employee, Edward Snowden, the world learned that the US National Security Agency was following citizens of different countries, including using “bookmarks” in software that its developers inserted into the code at the request of US intelligence agencies.



    In our blog, we already talked about how NSA mobile surveillance works, published a study of the vulnerabilities of mobile networks based on SS7, and held a corresponding contest during the Positive Hack Days information security forum.

    Scandals related to wiretapping of citizens periodically arise not only in the United States. Recently, we wrote that the South Korean intelligence service purchased spyware from the hacker group Hacking Team to gain accessto messages in popular instant messengers (for example, Kakao Talk).

    In addition, in the summer of 2014, the media widely discussed the story of wiretapping of Ukrainian mobile phones, allegedly carried out from the territory of Russia. In our blog we published the technical details of the implementation of such an attack.

    Also popular now: