Security experts are questioning the NSA about the recently disclosed Krack attack the allows an attacker to decrypt information included in protected WPA2 traffic.
Security experts believe that the National Security Agency was aware of the flaw and its arsenal included a specific exploit.
An NSA spokesperson did not comment the claims, this is normal for the US intelligence agencies, but according to ZDNet, rumors that it knew something about the vulnerability in the WPA2 protocol are circulating in the intelligence community.
In some cases, the US intelligence even is informed of a vulnerability doesn’t disclose it in the attempt to exploit it for intelligence operations.
According to a top secret document leaked by the Edward Snowden and dated back 2010, the NSA arsenal included a hacking tool called BADDECISION classified as an “802.11 CNE tool. that used a true Man-in-the-middle attack and frame injection technique to redirect a target client to a FOXACIDserver.”
The NSA exploit was designed to target wireless networks by using a man-in-the-middle attack within range of the network, according to the Top-Secret slides it works for WPA and WAP2 networks, this implies that BADDECISION could bypass the encryption.
The FOXACID platform allows NSA operators to automatically supply the best malware for a specific target.
The slide said the hacking tool “works for WPA/WPA2,” suggesting that BADDECISION could bypass the encryption.
Cue the conspiracy theories. No wonder some thought the hacking tool was an early NSA-only version of KRACK.
Is BADDECISION the Krack attack tool?
Difficult to say, but many security researchers believe BADDECISION doesn’t exploit the KRACK attack.
According to former NSA staffers cited by ZDNet the NSA BADDECISION exploit is a sort of Ettercap tool that conducts man-in-the-middle attacks to carry out address resolution protocol (ARP) spoofing or poisoning.
Anyway, even if NSA BADDECISION doesn’t rely on the Krack attack, it is impossible to totally exclude that the agency was not aware of the vulnerability recently disclosed.