NSA Opens Github Account

The National Security Agency (NSA) — the United States intelligence agency which is known for its secrecy and likes to keep its work private, has now gone public with a handful of their projects through its own official GitHub page (GitHub is an online service used to share code amongst programmers).

https://github.com/NationalSecurityAgency

The first time it made its public presence feel was when it opened its own Twitter account in December 2013 following Edward Snowden’s revelation about its surveillance programs. Since then, NSA has been openly sharing the news about its projects through social media, thereby increasing its presence with the general public.

NSA’s GitHub account has listed 32 different open-source projects written by its developers whose code repositories have been shared under the NSA Technology Transfer Program (TTP) across two accounts, were developed within the National Security Agency (NSA) and are now available to the public via Open Source Software (OSS). Some projects have been available on the Internet for some time, for example, SELinux (Security-Enhanced Linux) has been part of the Linux kernel for years. The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace. OSS invites cooperative development of technology, encouraging broad use and adoption. The public benefits by adopting, enhancing, adapting, or commercializing the software. The government benefits from the open source community’s enhancements to the technology.

Some of the NSA's open source projects are listed below can be found here: https://nationalsecurityagency.github.io/

• Certificate Authority Situational Awareness (CASA): A Simple tool that Identifies unexpected and prohibited certificate authority certificates on Windows systems.
• Control Flow Integrity: A hardware-based technique to prevent memory corruption exploitations.
• GRASSMARLIN: It provides IP network situational awareness of ICS and SCADA networks to support network security.
• Open Attestation: A project to remotely retrieve and verify system integrity using Trusted Platform Module (TPM).
• RedhawkSDR: It is a software-defined radio (SDR) framework that provides tools to develop, deploy, and manage software radio applications in real-time.
• OZONE Widget Framework (OWF): It is basically a web application, which runs in your browser, allows users to create lightweight widgets and easily access all their online tools from one location.

This is not the first time that the NSA has been involved with GitHub. The agency has been running a technology transfer program for years, which overtly aims to move code developed in-house to the software community at large. Its Information Assurance Directorate also established a GitHub page in 2013.

Then, there is code that has been stolen from the NSA and shared online, often through GitHub. Using the site, the Shadow Brokers group originally tried to sell its hacked tools, like EternalBlue, although GitHub took the repository down, which is against the site's standard operating procedure.

The NSA opens up the opportunity for them to interact and potentially recruit talent. The Central Intelligence Agency (CIA) which is another American Intelligence agency uses Twitter to connect with the general masses (with #covfefe tags).