CSE Releases Malware Analysis Tool
The Communications Security Establishment of Canada—basically, Canada’s version of the NSA—has released a suite of malware analysis tools:
Assemblyline is described by CSE as akin to a conveyor belt: files go in, and a handful of small helper applications automatically comb through each one in search of malicious clues. On the way out, every file is given a score, which lets analysts sort old, familiar threats from the new and novel attacks that typically require a closer, more manual approach to analysis.
hmm • October 25, 2017 6:19 AM
The possibility that CSE’s own tool could be used to detect spy software of its own design, or that of its partners, is not lost upon the agency.
“Whatever it detects, whether it be cybercrime or [nation] states, or anybody else that are doing things — well that’s a good thing, because it’s made the community smarter in terms of defence,” said Jones.
Nor does he believe that releasing Assemblyline to the public will make it easier for adversaries to harm the government, or understand how CSE hunts for threats — quite the opposite, in fact.
“We believe that the benefits far outweigh any risks and that we can still use this to be ahead of the threat that’s out there.”
We’ll all be sure to download and run this, won’t we?
I have nothing to hide, but what’s the advertised upside here?
Scan your system for “anything” and send the results to an intelligence agency? Where do I sign?