Aug 8, 2019

NSA's free malware research tool gains traction, 6 months on

Illustration: Rebecca Zisser/Axios

In March the National Security Agency released an internal malware research tool for free to the public, a first for the secretive agency. Six months later, by most indications, the release is an even bigger event than the NSA thought.

Why it matters: Some aspects of researching malware have long required expensive software. The release of Ghidra, the NSA tool, has profoundly changed the field, opening it up to students, part-timers and hobbyists who otherwise couldn't afford to participate.

It's been a good six months for Ghidra. The software has been downloaded more than 500,000 times from GitHub.

  • "We had a bet on how many downloads it would be," Brian Knighton, senior researcher at the NSA, told Axios. "We were off by quite a factor."
  • Ghidra also netted the NSA two nominations for "Pwnie" awards at the typically NSA-adverse DEF CON hacker conference this week.
  • The NSA was also pleasantly surprised with the number of outside developers modifying code and creating new features for the now open-source program.
  • The toolkit is popular enough that the NSA now offers touring classes on Ghidra for colleges and universities.

The big picture: It's still too early to judge Ghidra's success based on its use in published malware research or incidents in which hackers have been thwarted. But based on engagement of new and old researchers alike, that kind of evidence seems likely to follow.

The background: Ghidra is a reverse-engineering tool that allows researchers to translate computer-executable programs into human-readable programming language commands.

When Ghidra was released, observers speculated that the purpose of the release was to create a global research explosion to counter national threats.

  • That was certainly one NSA goal. But another that's been overlooked is cutting down the training time for NSA recruitment.
  • “Now we can hire someone who has already used Ghidra,” said Knighton.

Knighton will present an update on Ghidra at the Black Hat cybersecurity conference Thursday, including new NSA-developed features and answers to some of the lingering questions about the program.

  • “We’ll explain why we called it 'Ghidra',” said Knighton, which is still an open question, beyond the fact that King Ghidra is a formidable rival of Godzilla.
  • More practically, the conference talk will address the choice to design the program in Java, a programming language that some experts now view as cumbersome and dated.

Go deeper

Axios
Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 12 p.m. ET: 30,241,377 — Total deaths: 947,266— Total recoveries: 20,575,416Map.
  2. U.S.: Total confirmed cases as of 12 p.m. ET: 6,681,251 — Total deaths: 197,763 — Total recoveries: 2,540,334 — Total tests: 91,546,598Map.
  3. Politics: Trump vs. his own administration on virus response.
  4. Health: Massive USPS face mask operation called off The risks of moving too fast on a vaccine.
  5. Business: Unemployment drop-off reverses course 1 million mortgage-holders fall through safety netHow the pandemic has deepened Boeing's 737 MAX crunch.
  6. Education: At least 42% of school employees are vulnerable.
Go deeper (<1 min. read)Arrow
Joann Muller, author of Navigate
2 hours ago - Economy & Business

Anxious days for airline workers as mass layoffs loom

Sara Nelson, president of the Association of Flight Attendants, during a Sept. 9 protest outside the Capitol. Photo: Alex Wong/Getty Images

The clock is ticking for tens of thousands of anxious airline employees, who face mass reductions when the government's current payroll support program expires on Sept. 30.

Where it stands: Airline CEOs met Thursday with White House Chief of Staff Mark Meadows, who said President Trump would support an additional $25 billion from Congress to extend the current aid package through next March.

Go deeper (2 min. read)Arrow
Orion Rummler
2 hours ago - Politics & Policy

House Democrats ask DOJ watchdog to probe Durham's Trump-Russia investigation

Attorney General Bill Barr. Photo: Kamil Krzaczynsky/AFP via Getty Images

Four Democratic House committee chairs on Friday asked the Justice Department's inspector general to launch an "emergency investigation" into whether Attorney General Bill Barr and U.S. Attorney John Durham, his appointee, are taking actions that could "improperly influence the upcoming presidential election."

Catch up quick: Last year, Barr tapped Durham to conduct a sweeping investigation into the origins of the FBI's 2016 Russia probe, after he and President Trump claimed that it was unjustified and a "hoax."

Go deeper (1 min. read)Arrow