The NSA employs genius-level coders and brightest mathematicians, who continually work to break codes, gather intelligence on everyone, and develop hacking tools like EternalBlue that was leaked by the Shadow Brokers in April and abused by the WannaCry ransomware last month to wreak havoc worldwide.
The intelligence agency mostly works in secret, but after Edward Snowden leaks in 2013, the NSA has started (slowly) opening itself to the world. It joined Twitter in the same year after Snowden leaks and now opened a Github account.
GitHub is an online service designed for sharing code amongst programmers and open source community, and so far, the NSA is sharing 32 different projects as part of the NSA Technology Transfer Program (TTP), while some of these are 'coming soon.'
"The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace," the agency wrote on the program's page.
"OSS invites the cooperative development of technology, encouraging broad use and adoption. The public benefits by adopting, enhancing, adapting, or commercializing the software. The government benefits from the open source community's enhancements to the technology."Many of the projects the agency listed are years old that have been available on the Internet for some time. For example, SELinux (Security-Enhanced Linux) has been part of the Linux kernel for years.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
Some of the NSA's open source projects are listed below:
- Certificate Authority Situational Awareness (CASA): A Simple tool that Identifies unexpected and prohibited certificate authority certificates on Windows systems.
- Control Flow Integrity: A hardware-based technique to prevent memory corruption exploitations.
- GRASSMARLIN: It provides IP network situational awareness of ICS and SCADA networks to support network security.
- Open Attestation: A project to remotely retrieve and verify system integrity using Trusted Platform Module (TPM).
- RedhawkSDR: It is a software-defined radio (SDR) framework that provides tools to develop, deploy, and manage software radio applications in real-time.
- OZONE Widget Framework (OWF): It is basically a web application, which runs in your browser, allows users to create lightweight widgets and easily access all their online tools from one location.
You can check out the full list of NSA's projects here.