In somewhat of a surprise, the National Security Agency announced the release of Ghidra, a free and open source software reverse engineering toolkit, at the RSA security convention. Ghidra is what the NSA has been using for years, though it is not clear if the public release is the exact same version that it uses internally.
So, why release something like this to the public? It is not to encourage black hat hacking. Instead, NSA director Rob Joyce said he hopes it will lead to better research in software security. He also assured attendees that there is nothing sinister going on, and specifically said Ghidra does not contain a backdoor.
"There is no backdoor in Ghidra. This is the last community you want to release something out to with a backdoor installed, to people who hunt for this stuff to tear apart," Joyce said, according to The Register.
He makes a valid point, though it is understandable why some might be skeptical of the NSA's intentions. It was only a few years ago when NSA contractor Edward Snowden blew the whistle on the organization's PRISM program and the extent that it spies on people. In addition, Wikileaks has made available numerous documents of the tools the NSA uses, a collection that is known as Vault 7.
It is important to note that Ghidra is not itself a hacking tool. It is a reverse engineering platform, which allows users to decompile software. This is handy for evaluating malware and other cybersecurity intelligence research, such as knowing what a malware sample is fully capable of and where it might have come from.
"If you’ve done software reverse engineering what you’ve found out is it’s both art and science, there’s not a hard path from the beginning to the end," Joyce said, according to Wired. "Ghidra is a software reverse engineering tool built for our internal use at NSA. We're not claiming that this is the one that’s going to be replacing everything out there—it's not. But it helped us address some things in our work flow."
The NSA has made available Ghidra through a dedicated website. It is also planning to dump the source code on GitHub and has set up a placeholder on the open source repository.