US government’s hacking tools may end up with criminals

Electronic spying tools used by the US government could end up in the hands of organised criminals and hackers, further eroding internet security, warned industry leaders who called for new restrictions and oversight of government activity.

"It is a big worry" that the methods will spread, said Andrew France, former deputy director of Britain's NSA equivalent, GCHQ, and now chief executive of security start-up Darktrace.

The government habit of purchasing information about undisclosed holes in software was also "really troublesome", said former White House cybersecurity adviser Howard Schmidt. "There's collateral damage."

Both France and Schmidt were speaking at the annual RSA Conference, the world's largest cybersecurity gathering, in San Francisco last week. RSA is the security division of electronic storage company EMC.

Security researchers say that secret state tools tend to fall into the hands of mobsters and eventually lone hackers. That trend could worsen after former NSA contractor Edward Snowden disclosed NSA capabilities for breaking into Cisco Systems routers, Dell computer servers and all kinds of personal computers and smartphones, industry leaders and experts warned at the RSA conference and two smaller gatherings in San Francisco convened partly to discuss RSA's government deals.

Both the US and the security industry itself came under fire at the various assemblies.

Previously faulted mainly for their inability to stem the tide of attacks, security providers such as RSA have become frontline victims themselves. Hackers tied to China breached RSA in 2011 in order to falsify credentials used by employees at US defence contractors.