SPLOIT: NSA Releases Open Source Network Security Tool for Linux

SPLOIT: NSA Releases Open Source Network Security Tool for Linux

Greetings My fellow hackers!.

Its been long since I last visited and I must say I'm very much impressed with the community's growth since I left. Its always nice to see new threads and members around making the forum live each passing minute. I think I should also mention, I sometimes check Null-Byte forum threads from my schools computer lab, just that I don't comment or give my opinion or help. You guys are really awesome in all your ways.

I am home for school break and I decided to check whats trending on the web.

Latest: NSA Releases Open Source Network Security Tool for Linux

Its kinda funny because the same National Security Agency ( NSA ), I mean our own NSA that wants its hands on our data now offers an open source tool. The network security tool is for the Government and the private sectors to help secure their networks against cyber attacks. Hehehe, Cyber Attacks.

The network tool dubbed Systems Integrity Management Platform (SIMP) makes it easier for government organizations and the private sector to "fortify their networks against cyber threats."

SIMP is a framework that aims to provide a reasonable combination of security compliance and operational flexibility.

The ultimate goal of the project is to provide a complete management environment focused on compliance with the various profiles in the SCAP Security Guide Project and industry best practice.

Though it is fully capable out of the box, the intent of SIMP is to be molded to your target environment in such a way that deviations are easily identifiable to both Operations Teams and Security Officers.

At this time, there are no commercial requirements for the use of SIMP outside of the purchase of Red Hat Enterprise Linux licenses as applicable.

Currently, SIMP supports operating systems including Red Hat Enterprise Linux (RHEL) Versions 6.6 and 7.1 as well as Community Enterprise Operating System (CentOS) Versions 6.6 and 7.1-1503-01.

A Reply From NSA

"By releasing SIMP, the agency seeks to reduce duplication of effort and promote greater collaboration within the community: The wheel would not have to be reinvented for every organization" - NSA.

Now The Real Question: Is the NSA's SIMP tool Backdoored

The question here is not how much security NSA's tool offers, but the question is: Should we trust NSA tool?

Until now, the entire world is aware of the NSA's Global surveillance practices. The internal data exposed by former contractor Edward Snowden shown the extent of surveillance and bulk data collection by NSA, which range from US citizens to leaders of allied governments.

Several US government officials, including the NSA Director Mike Rogers, outgoing US Attorney General Eric Holder, and the FBI director James Comey, have all suggested that major tech companies such as Apple and Google should provide law enforcement agencies special access to their users' encrypted data, demanding secret backdoors.

Knowing this, one must think twice before adopting NSA's latest SIMP tool. However, the security of a Linux is a massive subject and tools are used to provide additional security on a Linux computer. So, it is always important to choose a right tool.

Where's the code?!

For those out there that just want the goods, the actual code for the SIMP project is hosted under the SIMP GitHub Organization.

Discussion

Lets hear your views on the topic since I am really skeptical about the tool's genuineness. Thanks for reading.

# Sergeant

32 Responses

I personally won't trust anything with NSA or the government. Whether servers, data, company, security, devices or life. They have had enough already, Spying on everything we have. Whether it is open source or closed source. It is from NSA and for NSA's history I won't want to associate myself with it.

So to cut the matter short: F**k NSA. Thank-you

I have to agree, Joe. NSA goals are not the same as ours. They would not release anything that they did not have a backdoor to. It may make you more secure from cyber criminals, but not from the NSA.

No Thanks!

True !!! ... And I wonder how they got the gut to release the tool knowing perfectly how they are been noted for their various activities.

Oops !!! ... Funny though, OTW, I thought you would go with NSA on this one since you are the Linux, Network Security guy and this tool is for such. But its good to know your opinion.

( I have to say, Thanks for your response on my tutorials when I wasn't around, I really appreciate )

# Sergeant

Considering it's open-source, why not just wait and see how the audit will end ?

Also if their goal is to distribute it to the administrations, it can be good for global knowledge to understand how it work to know a specific defense line no ?

NSA ..... LOL !!! , Until i see and notice there are no problems with the tool. My suspicions are high. I have never heard or read NSA doing something good with our lives. So for this one, Am completely backing off and @Joe, I agree with you: F**k NSA

Thanks Birkhoff ... Seems we stand same on the issue. And for the guts part, I have to say, They truely got balls.

# Sergeant

Hi Sploit! It's great to see you back ;-)
Well done report about the topic.

Ciuffy:

Hey, Me too. I was about to send you a PM. For the report, I was just skeptical about NSA releasing a tool for a good course and wanted to hear your opinions on the matter. Its great to hear from you.

# Sergeant

Source code doesn't always go with backdooring. I mean, it's source code. As far as I know, I wouldn't even trust Metasploit Community edition neither Kali: signed means it has a scope, it's aiming at something. Try to ask "Why would NSA release an open source hacking tool?". I don't have the answer neither I want to sound like an expert, but this questione has no easy answer both sides. Humans can't make long termine predictions. Maybe it's part of a bigger picture, maybe not. Eeither way, it is open source. Take it and munch it 'till you can, scavenger, always play knowledge's sake game.

Unless I understand every line of code and can alter the code and can compile it myself and can build it from scratch and no other issues or notices from other users. I wouldn't try such a tool.

I still wont try it since its from NSA. I thought OTW would have gone with NSA on this one though :)

# Sergeant

I don't mean using it, but having a copy from stuff coming from NSA, good or bad, sounds like a good move. Just so you know you can say "I was there!" or "I told you all!"

Very True.

# Sergeant

Thanks for the article. I wouldn't use anything they gave me even if it was 'The Gibson'.

Hahaha Funny .... Ok .. then i think am not paranoid about this issue. I was like "Heavens Forbid" but it seems am not the only one. Good to know we 're on the same side.

As always you still haven't changed.

# Sergeant

YES, YOU'RE BACK!!!

well, i suppose you don't know me since i joined right at the moment you left. but i have been reading your articles a lot. especially your python tutorials are very informative!

anyway, good report. i agree with OTW, Joe and Birkhoff. it just wouldn't make sense if the NSA released something that wasn't backdoored by them. the weird thing is, if it is open source, people would be able to find the backdoor, am i right?

also, i think you forgot this picture you always put at the end of your post:

Image via wonderhowto.com

-Phoenix750

Hahhaha, It seems you studied my writing patterns.

  1. I 've known you from day 0 because I constantly check Null-Byte every Saturday afternoon during my leisure times.
  2. Thanks for your feedback on my articles. My mummy once told me : Sploit ( Yes she calls me dat ), Your articles are damn good you should become a journalist. I simply replied: "God forbid ... Am an IT Guy"
  3. Thanks am not the only one paranoid about this issue.
  4. For my picture, This is only a discussion not an how-to ... That is why I didn't include it buh thanks for noticing. You made me feel special.... Haha

# Sergeant

no one trusts the NSA anymore, that's a fact.

the weird thing is, how will they hide the backdoor in their source code, since SIMP is open source?

-Phoenix750

Thats the question on my mind too ... But don't be surprised when you don't understand a section of a code in the SIMP Program and you later compile it only to later give them a simple backdoor into your computer. With NSA, All things are possible.

# Sergeant

very true.

we will just have to wait for a whistleblower like edward i suppose.

-Phoenix750

"Project Structure

As you can probably tell, the master branch of this project is empty."

Back away slowly... (5 pages of confusion)

Yeah i noticed buh am surely its gonna be functional soon.

# Sergeant

Don't eat the yellow snow. Don't trust it. All it take is one hidden lib. Can anyone say CC.

Welcome back.

Also, I wouldn't touch anything that has an NSA stamp with a 10 ft pole. Sorry.

ghost_

Oh Ok ... so i guess nobody likes spying. I thought I was the only one.

# Sergeant

Superman going to the dark side huh?
It's simple, we don't trust NSA.

Image via sabinabecker.com

NSA is the modern day equivalent of the Nazi secret police hiding in a trojan horse.

Image via pinimg.com

basically White hats now have to fight Blk hats and Governments...nuff said.

But that would make us greyhats technically.

But you're right. As hackers, it is our job to keep the internet open and safe for everyone.

-Phoenix750

I don't think NSA would be using backdoors on this tool, it's not something like Metasploit or Aircrack. But I also don't think there is anything to stop themfrom doing so. Internal conflict.

I remember some similar defense tool being released by Mozilla. Forgot the name but found it somewhere on GitHub. They should create a page listing ALL their projects.

I think people should also get to spy NSA. After all, that's what democracy is about.

-The Joker

SHA is developed by NSA, and is one of the most popular family of digest functions that everyone use.

Share Your Thoughts

  • Hot
  • Active