Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Monday, 18 March 2019 06:27

ASD keeps vulnerability details to itself at times. How is this news?

ASD keeps vulnerability details to itself at times. How is this news? Image by Steve Buissinne from Pixabay

Nearly three years after a leak of NSA exploits by a group calling itself the Shadow Brokers disclosed the open secret that the agency keeps knowledge of vulnerabilities to itself, the Australian Signals Directorate, the equivalent agency Down Under, has posted a document indicating that it, too, does not disclose all vulnerabilities it finds, but retains some for offensive purposes.

So what's new about this? The ASD follows the NSA in this respect and it has been known for a long time that what it knows is private knowledge first, and public knowledge a very poor second.

Does this indicate that a leak of exploits from the ASD is forthcoming and the agency is publishing this undated document to cover its backside? One never knows.

To people who practise "access journalism" — where one paints government/official handouts in the best possible light in order to keep receiving this stream of information, often in advance of others — this kind of "news" it is certainly a matter to crow about. It would only evoke cynical laughter from a journalist.

To anyone who has been reporting about security in the technology field for a while, the ASD statement is no news.

Spy agencies would love it if people believed that they were open and dedicated only to protecting the country in which they are based. But such is very rarely the case, as has been exemplified by all the details about the NSA's blanket surveillance which was revealed by whistle-blower Edward Snowden.

There are security companies which also obtain details of vulnerabilities and then keep them secret, using them as a means to market their own wares. One such firm is Immunity, an American outfit run by ex-NSA employee Dave Aitel and bought by Cyxtera Technologies last year.

There are plenty of others who buy vulnerabilities from every grade of hacker — white hat, black hat, grey hat and even so-called blue hats — and use them to create tools for governments to break into devices. One such Australian outfit, Sydney-based Azimuth, headed by Mark Dowd, was again bought by am American company, L3 Intelligence, last year.

Doubtless the ASD has put this information online to push the myth that it is an open organisation. But then one wonders why it pushes false information – as it has done by claiming that there is no separation between the core and the radio access network when it comes to 5G.

This myth has been pedalled by the ASD's director Mike Burgess and repeated by others who parrot anything that serves their cause, two good examples being former prime minister Malcolm Turnbull and Nigel Phair, director of UNSW Canberra Cyber.

5G edge separation between the core and the radio network was demonstrated in New Zealand in 2018 by the telco Spark, using the Cisco evolved packet core and Huawei 5G NR and radio access network.

Burgess was quoted by The Australian in October last year as saying: "The distinction between core and edge collapses in 5G networks. That means that a potential threat anywhere in the network will be a threat to the whole network."

When iTWire queried this statement, the ASD claimed that Burgess was referring to "mature" and "far more capable 5G network architectures". This has also been found to be incorrect as was pointed out in a 3GPP panel discussion in September last year.

If the ASD claims to be so open, perhaps it could fess up about spreading this misinformation. Then its claims about "making Australia the safest place to connect online" would, perhaps, have a little more heft to them.


Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.



Some of the most important records are paper-based documents that are slow to issue, easy to fake and expensive to verify.

Digital licenses and certificates, identity documents and private citizen immunity passports can help you deliver security and mobility for citizens’ information.

Join our webinar: Thursday 4th June 12 midday East Australian time


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments