The NSA Releases A Cybersecurity Tool, Open Source
The National Security Agency (as known as NSA) is going to release a software reverse engineering tool for free public use in March. The tool, known as GHIDRA is designed to help researchers and security pros understand and analyze malware etc to discover the effects on their networks and harden them. GHIDRA is built in Java, features a graphical user interface and runs on Linux, Mac and Windows operating systems. It can be used for both offense and defense.
Reverse engineering is a vital process for malware analysts and threat intelligence researchers, because it allows them to work backward from software they discover in the wild – like malware being used to carry out attacks – to understand how it works, what its capabilities are, and who wrote it or where it came from. It is also an important way for defenders to check their own code for weaknesses, and confirm that it works as intended. Therefore, Reverse engineering tools are usually expensive. It costs in the hundreds or thousands of dollars to license. Any group releasing a free, high-quality tool democratizes research into how cyberattacks are waged. But the NSA isn’t just any group. Spy agencies typically keep their tech close to the vest, and sharing it in this way changes the dynamic of the NSA’s relationship with the American and global public.
GHIDRA will become an open source project, meaning any software developer can use it, modify it and contribute code to help improve the product. Also, the GHIDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed.
Releasing GHIDRA for the public is an interesting move from the NSA as it would help the agency in improving the software and make it at par with tools like the IDA.