A Group ‘Hacked’ the NSA’s Website to Demonstrate a Widespread Bug

malware3

A group of researchers only needed $104 and 8 hours of Amazon’s cloud computing power to hack the NSA’s website. And their feat was made possible by a bug that, ironically, was practically created by the NSA itself and its anti-encryption policies from 20 years ago.

The NSA’s site was just the guinea pig to demonstrate a newly-disclosed internet flaw called ​FREAK.

The bug, first ​disclosed on Monday by Akamai, allows an attacker to intercept a supposedly secure connection between people using Android or Apple devices and thousands, if not millions, of websites. This gives the hackers the chance to impersonate said website and steal confidential data like passwords and logins.

Now, as crypto expert Matthew Green correctly ​pointed out, this wasn’t really a “hack.” Mounting a man-in-the-middle attack against NSA.gov is not the same as hacking the NSA (as an always-appropriate XKCD cartoon illustrates).

The researchers were actually just trying to make a point, and to show how dangerous this new bug is. But the choice of the target wasn’t random.

“In the current climate, it felt like the appropriate website to mount a man-in-the-middle attack on,” Karthikeyan Bhargavan, one of the lead researchers who discovered the bug, told Motherboard.

Bhargavan was obviously referring to the Edward Snowden revelations, ​the current debate over encryption, but also to the so-called Crypto Wars of..

Read more