Last week, the cybersecurity community saw a friendlier NSA. The National Security Agency released Ghidra, an open-source software reverse engineering tool, for anti-malware analysts and threat intelligence researchers.
Ghidra takes software binaries and decompiles them, producing human-readable source code. Originally built for internal use at the Agency, it has now been open-sourced for free, making it a valuable alternative to many costly products on the market that do similar things.
Giving the tool away helps to lower the barrier to entry for security researchers, which indirectly helps organizations like the NSA. It also helps with its image, which has suffered in the six years since Snowden dropped his papers.
The release seems to be part of an NSA charm offensive. A couple of short decades ago, the Agency wouldn't even admit it existed. Last week, its deputy national manager for national security systems Marianne Bailey sat down with journalists to give friendly cyber-hygiene advice such as installing anti-virus software on all computers. Clearly, it wants to be a newer, nicer NSA than the one that squirmed under the Church Committee’s scrutiny in the mid-seventies.
It isn't the first time that the NSA has given software away, though. The Agency has been releasing software to the community since as far back as 2008, when it launched its Tokeneer high-assurance software engineering product. It also launched its own GitHub repository four years ago, the same year that it released a library of Puppet-based network security tools called the System Integrity Management Platform (SIMP). It even has a portfolio of open-source software releases.
The running joke in the technology press is, of course, that these products may not be safe to use. The worry is that the NSA, which is, after all, a spy agency, will have put backdoors into the software.
“There is no backdoor in Ghidra,” protested Rob Joyce, cybersecurity advisor to the NSA director, at RSA Conference 2019. “This is the last community you want to release something out to with a backdoor installed, to people who hunt for this stuff to tear apart.”
With the source code readily available in its repository, anyone can take a look for themselves.
The topic of Incident Response & Security Operations will be covered throughout the free-to-attend conference at Infosecurity Europe in London from 4-6 June. See all the talks on Incident Response & Security Operations here. Infosecurity Europe is the leading European event for information and cyber security; find out more and secure your free visitor badge.
