Tag Archives: cyber warfare

The real roots of the worldwide ransomware outbreak: Militarism and greed

Source: The Intercept
by Sam Biddle

"The NSA did not create WannaCry. Rather, it discovered weaknesses in various versions of Windows and wrote programs that would allow American spies to penetrate computers running Microsoft’s operating system, and it was one of these programs, codenamed ETERNALBLUE and repurposed by still-unidentified hackers, that allowed WannaCry to spread as quickly and uncontrollably as it did last week. Whether or not you think the causal chain is such that the NSA is in some sense morally responsible, it’s undeniable that without the agency’s work, there is no ETERNALBLUE, and without ETERNALBLUE, there is no May 2017 WannaCry Crisis. In this sense, Microsoft is right–but the blame shouldn’t end there. Microsoft also did not create WannaCry. But it did create something something nearly as bad: Windows Vista, an operating system so horrendously bloated, broken, and altogether unpleasant to use that many PC users back in 2007 skipped upgrading altogether, opting instead to stick with the outdated Windows XP, a decision that has left many people on that decade-and-a-half-old operating system even today, years after Microsoft stopped updating it." (05/16/17)


WikiLeaks reveals two CIA malware frameworks

Source: Threatpost [Russia]

"WikiLeaks released details on what it claims are two frameworks for malware samples dubbed AfterMindnight and Assassin, both allegedly developed by the U.S. Central Intelligence Agency. The revelations come amid worldwide efforts to squelch variants of the WannaCry ransomware, an offensive hacking tool allegedly developed by the National Security Agency. The release is also the latest from WikiLeaks and part of its ongoing Vault 7 dump of leaks that began in March exposing CIA activities and capabilities. This latest release includes five documents that explain how agents might load and execute malware on targeted computers." (05/16/17)


Cyberwar is officially crossing over into the real world

Source: The Atlantic
by Adrienne LaFrance

"Hospitals, pharmacies, and major corporations like FedEx and the Spanish telecommunications giant Telefonica were among the 200,000 victims hobbled by a global ransomware attack on Friday, which locked people’s computers and demanded Bitcoin payment in exchange for access. In the United Kingdom, some hospitals canceled procedures and other appointments as a result. The software security firm Symantec found that people paid ransoms totaling about $54,000 in the attack, though officials strongly caution against paying such ransoms. Among the many questions prompted by the fallout of the attack is an increasingly urgent one: At what point will a cyberattack prompt a more traditional form of retaliation? More importantly: When should it?" (05/16/17)


Government is the cause of — not the solution to — the latest hacking outbreak

Source: Reason
by Scott Shackford

"Privacy and cybersecurity experts and activists have been warning for ages that governments have their priorities all wrong. National security interests (not just in America but other countries as well) comparatively spend much more time and money attempting to breach the security systems of other countries and potential enemies than they do bolstering their own defenses. Reuters determined, with the information from intelligence officials, that the United States spends $9 on cybersurveillance and government hacking for every $1 it sends on defending its network systems. The 'WannaCry' Malware attack that spooled out over the end of last week and into the weekend, implicates both sides of this problem. The ransomware, first of all, allegedly originated from vulnerabilities and infiltration tools developed by the National Security Agency (NSA) they had been hoarding and keeping secret from technology companies whose defenses they were breaching. All of this secrecy was to facilitate the NSA's ability to engage in cyberespionage and to prevent technology companies from building defenses that would have inhibited government surveillance. The NSA lost control of these infiltration tools and they were publicly exposed by the hacker group known as the 'Shadow Brokers' last month." (05/15/17)


"WannaCry" cyberattack slows, but threat remains, experts say

Source: NBC News

"The massive malware cyberattack that has struck an estimated 300,000 computers worldwide showed signs of slowing down Monday. But cybersecurity experts cautioned that new versions of the virus could still emerge. Thousands more were impacted by the virus on Monday, many in Asia, where businesses were originally closed when the ransomware first began to spread like wildfire across 150 countries on Friday. John Miller, a manager of threat intelligence cybersecurity company FireEye, told NBC News the company was detecting new versions." (05/15/17)


NSA's leaked malware is being weaponized by criminals

Source: Bitcoin.com
by Wendy McElroy

"What’s worse than a government agency (CIA) committed to violating privacy rights through weaponized malware? A bumbling one that hands your computer over to more common criminals who want banking information, tax refunds and anything else from which they can profit. What’s worse than an agency with weaponized malware blowing in the wind? Two agencies (NSA)." (05/12/17)


How an accidental "kill switch" slowed Friday's massive ransomware attack

Source: Wired

"Amid a desperate situation Friday in which hundred of thousands of ransomware attacks pelted computers in nearly 100 countries, one stroke of good fortune hit, too. As the malware analysis expert who calls himself MalwareTech rushed to examine the so-called WannaCry strain, he stumbled on a way to stop it from locking computers and slow its spread. All it took was ten bucks, and a little luck. WannaCry swept Europe and Asia quickly yesterday, locking up critical systems like the UK’s National Health Service, a large telecom in Spain, and other businesses and institutions around the world, all in record time. Once infected, a victim’s computer denies access, and instead displays a message that demands the equivalent of around $300 in bitcoin. … As he worked to reverse-engineer samples of WannaCry on Friday, MalwareTech discovered that the ransomware’s programmers had built it to check whether a certain gibberish URL led to a live web page. Curious why the ransomware would look for that domain, MalwareTech registered it himself. As it turns out, that $10.69 investment was enough to shut the whole thing down — for now, at least." (05/13/17)


Snowden points blame at NSA for not preventing NHS cyber attack

Source: Telegraph [UK]

"Edward Snowden, the former NSA contractor who in 2013 leaked details of America's surveillance programs, has blamed the intelligence agency for not preventing the global cyber attack on Friday. Hacking tools believed to belong to the US National Security Agency that were leaked online last month appear to be the root cause of the hack that crippled the [UK's National Health Service] and spread across the world. Some cyber security experts and privacy advocates said the massive attack reflected a flawed approach by the United States to dedicate more cyber resources to offence rather than defence, a practice they argued makes the internet less secure." (05/13/17)


FCC claims it was hit by DDoS attack after John Oliver segment

Source: Gizmodo

"Last night, John Oliver told his viewers to go to the FCC via a domain they bought, gofccyourself.com, and submit comments in favor of net neutrality. It was funny. A larf. A light-hearted jape with a serious point. Even funnier: Not long after the segment aired, the FCC’s website crashed. Many believed that the Oliver segment was to blame—not an unreasonable thought, given what happened last time the British comedian covered net neutrality. But now, the FCC is claiming it was the target of multiple distributed denial of service (DDoS) attacks." (05/08/17)


Microsoft mysteriously fixed security gaps allegedly used by US spies a month before they leaked

Source: Quartz

"On Friday, a cache of hacking tools allegedly developed by the US National Security Agency was dumped online. The news was explosive in the digital security community because the tools contained methods to hack computers running Windows, meaning millions of machines could be at risk. Security experts who tested the tools, leaked by a group called the Shadow Brokers, found that they worked. … But just hours later, Microsoft announced that many of the vulnerabilities were addressed in a security update released a month ago." (04/16/17)