Network Penetration Testing

How Classified NSA Exploit tools RADON and DEWSWEEPER Work

How Classified NSA Exploit tools RADON and DEWSWEEPER Work: Security expert Bruce Schneier is one of the most authoritative experts who revealed that the NSA has a wide-ranging arsenal of zero-day exploits to use for cyber operations. The revelation isn’t surprising, the security community is aware of the great effort spent by governments on cyber operations. Many intelligence agencies have created dedicated internal units, specialized in hacking for sabotage and cyber espionage. Almost every government is improving its cyber capabilities, in many cases they’re working in the development of cyber weapons.

The report recently published by the FireEye security firm, titled “World War C,” described cyberspace as the new battlefield, and it’s evident how state-sponsored attacks have intensified. Campaigns such as Moonlight Maze, and Titan Rain, or the destructive cyber strikes on Iran and Georgia mark the evolution of military doctrine.

“Cyberspace has become a full-blown war zone as governments across the globe clash for digital supremacy in a new, mostly invisible theater of operations. Once limited to opportunistic criminals, cyber attacks are becoming a key weapon for governments seeking to defend national sovereignty and project national power.”

Alongside conventional weapons, cyber tools such as DDoS tools, spyware and malware are assuming a role of greater importance in the arsenals of governments. But the principal element for nation-state driven cyber attacks is the knowledge of zero-day vulnerabilities to exploit.

The last collection of NSA documents leaked by Snowden reports that the Central Intelligence Agency implemented a collection of servers codenamed FoxAcid that exploit software vulnerabilities on targets’ machines.

“Here are the FoxAcid basics: By the time the NSA tricks a target into visiting one of those servers, it already knows exactly who that target is, who wants him eavesdropped on, and the expected value of the data it hopes to receive. Based on that information, the server can automatically decide what exploit to serve the target, taking into account the risks associated with attacking the target, as well as the benefits of a successful attack,” reported Schneier.