Home Open Sauce ASD keeps vulnerability details to itself at times. How is this news?

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

ASD keeps vulnerability details to itself at times. How is this news? Image by Steve Buissinne from Pixabay

Nearly three years after a leak of NSA exploits by a group calling itself the Shadow Brokers disclosed the open secret that the agency keeps knowledge of vulnerabilities to itself, the Australian Signals Directorate, the equivalent agency Down Under, has posted a document indicating that it, too, does not disclose all vulnerabilities it finds, but retains some for offensive purposes.

So what's new about this? The ASD follows the NSA in this respect and it has been known for a long time that what it knows is private knowledge first, and public knowledge a very poor second.

Does this indicate that a leak of exploits from the ASD is forthcoming and the agency is publishing this undated document to cover its backside? One never knows.

To people who practise "access journalism" — where one paints government/official handouts in the best possible light in order to keep receiving this stream of information, often in advance of others — this kind of "news" it is certainly a matter to crow about. It would only evoke cynical laughter from a journalist.

To anyone who has been reporting about security in the technology field for a while, the ASD statement is no news.

Spy agencies would love it if people believed that they were open and dedicated only to protecting the country in which they are based. But such is very rarely the case, as has been exemplified by all the details about the NSA's blanket surveillance which was revealed by whistle-blower Edward Snowden.

There are security companies which also obtain details of vulnerabilities and then keep them secret, using them as a means to market their own wares. One such firm is Immunity, an American outfit run by ex-NSA employee Dave Aitel and bought by Cyxtera Technologies last year.

There are plenty of others who buy vulnerabilities from every grade of hacker — white hat, black hat, grey hat and even so-called blue hats — and use them to create tools for governments to break into devices. One such Australian outfit, Sydney-based Azimuth, headed by Mark Dowd, was again bought by am American company, L3 Intelligence, last year.

Doubtless the ASD has put this information online to push the myth that it is an open organisation. But then one wonders why it pushes false information – as it has done by claiming that there is no separation between the core and the radio access network when it comes to 5G.

This myth has been pedalled by the ASD's director Mike Burgess and repeated by others who parrot anything that serves their cause, two good examples being former prime minister Malcolm Turnbull and Nigel Phair, director of UNSW Canberra Cyber.

5G edge separation between the core and the radio network was demonstrated in New Zealand in 2018 by the telco Spark, using the Cisco evolved packet core and Huawei 5G NR and radio access network.

Burgess was quoted by The Australian in October last year as saying: "The distinction between core and edge collapses in 5G networks. That means that a potential threat anywhere in the network will be a threat to the whole network."

When iTWire queried this statement, the ASD claimed that Burgess was referring to "mature" and "far more capable 5G network architectures". This has also been found to be incorrect as was pointed out in a 3GPP panel discussion in September last year.

If the ASD claims to be so open, perhaps it could fess up about spreading this misinformation. Then its claims about "making Australia the safest place to connect online" would, perhaps, have a little more heft to them.

FREE SEMINAR

Site24x7 Seminars

Deliver Better User Experience in Today's Era of Digital Transformation

Some IT problems are better solved from the cloud

Join us as we discuss how DevOps in combination with AIOps can assure a seamless user experience, and assist you in monitoring all your individual IT components—including your websites, services, network infrastructure, and private or public clouds—from a single, cloud-based dashboard.

Sydney 7th May 2019

Melbourne 09 May 2019

Don’t miss out! Register Today!

REGISTER HERE!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications

 

Guest Opinion

 

Sponsored News

 

 

 

 

Connect