Mediaboss Marketing

Enlarge / Part of a booby-trapped Microsoft Word document that was sent to multiple hotels. Once infected, computers would attempt to compromise other computers connected to the same network.

FireEye

A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday.

Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.

In the earlier attack, the APT 28 members used a hacking tool dubbed Responder to monitor and falsify NetBIOS communications passed over the infected networks.

"Responder masquerades as the sought-out resource and causes the victim computer to send the username and hashed password to the attacker-controlled machine," the FireEye researchers wrote. "APT 28 used this technique to steal usernames and hashed passwords that allowed escalation of privileges in the victim network." The researchers continued:

In the 2016 incident, the victim was compromised after connecting to a hotel Wi-Fi network. Twelve hours after the victim initially connected to the publicly available Wi-Fi network, APT28 logged into the machine with stolen credentials. These 12 hours could have been used to crack a hashed password offline. After successfully accessing the machine, the attacker deployed tools on the machine, spread laterally through the victim's network, and accessed the victim's OWA account. The login originated from a computer on the same subnet, indicating that the attacker machine was physically close to the victim and on the same Wi-Fi network.

We cannot confirm how the initial credentials were stolen in the 2016 incident; however, later in the intrusion, Responder was deployed. Since this tool allows an attacker to sniff passwords from network traffic, it could have been used on the hotel Wi-Fi network to obtain a users credentials.

The attack observed in July used a modified version of Eternal Blue that was created using the Python programming language and later made publicly available, Fire Eye researchers said in an e-mail. The Python implementation was then compiled into an executable file using the publicly available py2exe tool.

Fancy Bear used a spear phishing campaign to distribute a booby-trapped Microsoft Word document to several unnamed hotels, FireEye said. When the document was opened on computers that allowed Word macros to execute, the machines were infected by Fancy Bear malware known as Gamefish. Once a computer was infected, it attempted to infect other computers connected to the same Wi-Fi network.

See more here:
Russian group that hacked DNC used NSA attack code in attack on hotels - Ars Technica

Im beginning to wonder: Has Americas NSA has been too busy with spying on Americans to bother with North Korea and their nukes?

It was Bill Clinton, of course, who fixed the North Korean problem by paying them not to build nukes. Perhaps there was some language confusion, and they thought the money was to build nukes. That seems to be what happened. Maybe thats why Hillary was supposed to become president? To pay North Korea more to not build more nukes.

With the Obama administration, the NSA became fully weaponized as the tool of choice to conduct opposition research and provide the necessary blackmail evidence to destroy any non-elitist candidate who might still have thought that the NSAs targets were rogue regimes rattling nukes or stirring chemical weapons in other parts of the world.

Perhaps the real targets were always Americans; or rather, Americans with whom the reigning political party disagreed. As I asked at the beginning of Obamas reign of domestic terror, why would anyone expect Chicago politics to be any different once it moved from Chicago and into the White House?

The CIA and the FBI also wanted to get into the game of picking winners by destroying the competition. Both the CIA and the NSA had their entrails handed to them by their own leakers, who placed our software espionage tools Americans had paid billions of dollars to develop onto hacker sites worldwide. These organizations must be a complete joke among Russian, Chinese and probably North Korean intelligence agencies.

Or maybe the tools were intentionally released by NSA and CIA. Maybe those organizations wanted plausible deniability when variants of their tools were used to plant evidence on a political suspects computer. To change the texts or email contents. Whos to know who actually did the deed? The agency? The hackers? Or another agency battling for budgetary power against one with compromised code?

Maybe the FBI generates its warrants by using illegal intercepts from these agencies. Maybe they lie to the secret courts that issue the warrants. Is that where the FBIs warrants for Manafort came from? The Constitution is so burdensome by requiring evidence of a crime and descriptions of what is to be seized. Under constitutional law, it would be overly difficult for the administration in power to prevent a new one from winning the next election. Is that the real reason Hillary was convinced she couldnt lose?

If we had a Congress that was worth a penny on the dollar of what we actually pay for it, that congress would cancel its summer town-hall lovefests (its not an election year), go back to the Capitol and when they arrived begin discussing the amount of rope to buy and where to build the gallows. A coup is no less a coup because it is being conducted in secret. This behavior wont end until those perpetrating it are brought to justice.

Why are big media and the deep state so close together in the tank for this coup? Did they have something else in mind for America besides another election? Stop braying at the ideological idiots writing the news and the talking fools discussing it. The real problem is well above them in the organizations sponsoring this domestic terror. Its time for some housecleaning in the executive offices. These are publicly traded companies responsible to the public for their actions.

Paging Congress paging Congress.

See the rest here:
North Korea, nukes and NSA - WND.com

August 11th, 2017 by StorageReview Enterprise Lab

We are in the process of upgrading our networking fabric;a major part of that includes moving to the NSA 3600 from the SonicWall Network Security Appliance (NSA) Midrange Firewall Series. Ideal for smallto medium-sized corporate environments, this firewall series is highlighted by its advanced automated threat-prevention technologies. Previously, we usedSonicwalls TZ500W, an easy-to-deploy, all-in-one SMB desktop firewall solution that is great for smaller-scale networks. Moving to an entry-enterprise rack platform, the NSA 3600 acts as a significant upgrade in our labs, offering 10G support with SFP+ ports and support for jumbo frames.

The NSA 3600 is powered by SonicOS, a comprehensive operating system that is simple to configure and easy to use. SonicOS helps to streamline management and offers admins substantial network control and versatility through features such as application intelligence and control, real-time visualization, and intrusion prevention system.

With its comprehensive control options, real-time visualization and WLAN management, we will be able to easily monitor activity across our entire network. Moreover, the NSA 3600 comes with SonicWalls Reassembly-Free Deep Packet Inspection technology, which scans traffic for all threats (both known and unknown) and eliminates them before they are able to infect a network. Capture Advanced Threat Protection Service also gives enterprises cloud-based, multi-engine sandboxing that blocks unknown and zero-day gateway attacks. This technology works by scanning all traffic in a wide range of file sizes and types, then extracting any suspicious code for further analysis.The SYN flood protection offers protection against DoS attacks through Layer 3 SYN proxy and Layer 2 SYN blacklisting technologies while defendingagainst DOS/DDoS using UDP/ICMP flood protection and connection rate limiting. This NSA Mid Range Series firewall also provides threat API, Stateful packet inspection, WAN load balancing, biometric authentication and more. Through all of these defense measures,the NSA 3600 is capable of delivering 3.4 Gbps, 1.1 Gbps, and 600 Mbps in Firewall, IPS, and Anti-malware throughput, respectively.

SonicWall NSA 3600 Specifications

Design and Build

The SonicWall NSA 3600 comes in a 1U rack form factor and has the same connectivity layout as the 4600 and 5600 models. On the left side of the front panel is the console port (which gives access to the SonicOS CLI when connected via an enclosed serial CLI cable), a SDHC port, two USB ports, and a SafeMode button (press until blinking to access). There are also four LED status Indicators: the Power LED, where blue means the power supply is operating normally and yellow means the power supply has been disconnected; the Test LED, which displays Initializing, Test, SafeMode statuses; the red Alarm LED; and the M0 LED, which shows expansion module 0 activity.

Next to the status indicators is the Management Port (1 GE), two X16-X17 (10 GE SFP+) hot-swappable ports, four X12-X15 (1 GE SFP) ports for high-speed fiber or copper Ethernet communication, and twelve X0-X11 (1 GE) High-speed copper Gigabit Ethernet ports.

The back panel is home to the expansion bay, which supports SonicWall-approved expansion modules, as well as dual auto-throttling fans and the power supply port/switch.

Upgrade Process

SonicWall makes the process of upgrading firewalls very simple. In our case to move from the TZ500W to the NSA 3600, we were able to take the saved configuration file from one and import it into the other, no additional conversion necessary. This was quite important for us, since while deploying the firewall is simple, manually adding in all of our existing firewall rules would be a time consuming process otherwise. In this case we had our networking environment swapped over to the NSA 3600 within a few minutes from the file import, once the NSA 3600 was upgraded to the same firmware version (or newer) than the TZ500W.

During the upgrade process we kept the same interface connections; connecting to the firewall over 1GbE. The main reason for the upgrade though is the SFP+ 10GbE ports the NSA 3600 offers, allowing us to uplink the firewall directly into our new 48-port 10G Dell S4048 or 32-port 100G Dell Z9100 switches as they come online. This upgrade is a large undertakingas we migrate off our 40GbE fabric over to 100G for next-gen storage and compute hardware. The NSA 3600 deployment was an easy first step in this process though as we work to modernize our network.

SonicWallNSA 3600 product page

Discuss This Story

Sign up for the StorageReview newsletter

Read more:
In the Lab: SonicWall NSA 3600 Firewall Upgrade - StorageReview.com

A new report states categorically that the Democratic National Committee (DNC) was not hacked by Russiansor anyone elseas frequently alleged by the mainstream media, liberal intelligentsia and anti-Trump politicians.

The Nations Patrick Lawrence wrote a lengthy review of the findings made by various computer experts formerly with the NSA. Published this week, the left-wing magazines report notes two bases for their conclusion: (1) hard science shows that a remote hack of the DNC servers resulting in the breach that actually occurred would have been technologically impossible; (2) forensic review of the initial Guccifer 2.0 documents proves that they are poorly-disguised cut-and-paste jobsforgeriesintended to finger Russia.

Lawrence, by way of the experts findings, concludes that the so-called hack was actually an inside job by someone with internal access to the DNCs computer network. In other words, the DNC has (or had) a leak.

The report mostly relies on the work ofVeteran Intelligence Professionals for Sanity (VIPS), which was founded in 2003 in order to push back against the false claims of Iraqi WMD emanating from the second Bush White House. Despite mostly being ignored by the media so far, VIPS diligently set to work on unraveling the cocoon of misinformation surrounding Russiagate and the DNC hack narrative.

Four members of VIPS are currently concentrating on the task. They are: (1) William Binney, the NSAs former technical leader who also designed many of the programs now in use by the agency; (2) Kirk Wiebe, a former senior analyst with the NSAs SIGINT Automation Research Center; (3) Edward Loomis, the former technical director at the NSAs Office of Signal Processing; and (4) Ray McGovern, former chief of the CIAs Soviet Foreign Policy Branch.

First, VIPS noted, the NSA has the technical prowess to root out exactly what happened because their publicly known programs alone are capable of capturing any and all electronic transfers of data. As VIPS noted,If NSA cannot produce such evidenceand quicklythis would probably mean it does not have any.

Thats a drum VIPS has been beating for awhile, but, of course, thats not hard evidence. There simply wasnt much of anyuntil very recently. Those recent documents undergird the reports first contentionthe technological impossibility of the DNC breach having been a long-distance hack. Lawrence describes the impossibility like this:

The metadata established several facts in this regard with granular precision: On the evening of July 5, 2016, 1,976 megabytes of data were downloaded from the DNCs server. The operation took 87 seconds. This yields a transfer rate of 22.7 megabytes per second. These statistics are matters of record and essential to disproving the hack theory. No Internet service provider, such as a hacker would have had to use in mid-2016, was capable of downloading data at this speed.

What is the top possible speed? Somewhere around 16 megabytes per second. According to Skip Folden, a former IBM program manager and independent analyst, 22.7 megabytes per second is beyond unlikely under the circumstancesunless youre downloading the files directly using a storage device like a USB drive. He said:

A speed of 22.7 megabytes is simply unobtainable, especially if we are talking about a transoceanic data transfer. Transfer rates of 23 MB/s are not just highly unlikely, but effectively impossible to accomplish when communicating over the Internet at any significant distance. Further, local copy speeds are measured, demonstrating that 23 MB/s is a typical transfer rate when using a USB2 flash device (thumb drive).

As to the reports second contentionthat the Guccifer 2.0 documents were tainted to cast curious eyes toward RussiaFolden notes that a simple peeling away of the documents top layer of metadata shows the sloppy and intentional misattribution.

The report is lengthy and doesnt stop there. Lawrence notes multiple additional problems with the now-broken narrative: CrowdStrike is essentially an arm of the DNC itself; Dmitri Alperovitch, CrowdStrikes co-founder and chief technology officer is consumed by Russophobia; the FBI has never once examined the DNCs servers by themselves; that famousIntelligence Community Assessment breathlessly reported as the cumulative work of 17 national security agencies was actually the work of three hand-picked analysts.

Lawrence even raises the possibility that Guccifer 2.0 was a whole-cloth creation of the DNC used to deflect away from the leaks contents and send everyone scrambling to find Russians underneath all the nations laptops and ashtrays.

That question, for now, will have to remain unanswered, but it looks like the official story is swiftly crumbling away.

[image via Shutterstock]

Follow Colin Kalmbacher on Twitter: @colinkalmbacher

Read the rest here:
BOMBSHELL: NSA Experts Say DNC 'Hack' Was Actually a Leak and Inside Job - LawNewz

Digital rights advocates asked the U.S. Supreme Court Thursday to review the case of an American convicted with evidence gathered under FISA Section 702 warrantless National Security Agency surveillance authority meant to spy on foreign nationals.

Privacy and digital rights groups including the Electronic Frontier Foundation (EFF) filed a petition Thursday with the nations highest court seeking review of the case ofMohammed Mohamud, an American citizen who was charged in 2012 with planning to car-bomb a Christmas tree lighting ceremony in Portland, Oregon. Information used to prosecute Mohamud was gathered using Section 702 of the 2008 Foreign Intelligence Surveillance Amendments Act.

Section 702 authorizes NSA to tap the physical infrastructure of internet service providers, like fiber connections, to intercept foreign emails, instant messages, and other communications belonging to foreign nationals as they exit and enter the U.S. But according to NSA, the program also incidentally sweeps up the communications of Americans corresponding with, and until recently, merely even mentioning foreign targets.

NSA is legally barred from searching through Americans communications without a warrant, but that wasnt the case with Mohamud. His emails were intercepted specifically by a program dubbed PRISM, the existence of which was leaked to the press by former NSA contractor Edward Snowden in 2013. PRISMgives NSA access to communications transmitted over internet edge services like Google, Yahoo, or Facebook.

Mohamud learned after his conviction that his emails were gathered under Section 702 and sought to suppress the evidence, arguing its gathering violated his Fourth Amendment rights against search and seizure without a warrant. The U.S. Court of Appeals for the Ninth Circuit noted the governments conduct was quite aggressive at times but upheld the search, a move EFF, the Center for Democracy and Technology and New Americas Open Technology Institute call dangerous and unprecedented.

The ruling provides an end-run around the Fourth Amendment, converting sweeping warrantless surveillance directed at foreigners into a tool for spying on Americans, Mark Rumold, a staff attorney for EFF, said Thursday. Section 702 is unlike any surveillance law in our countrys history, it is unconstitutional, and the Supreme Court should take this case to put a stop to this surveillance.

The groups add weight to a Supreme Court petition filed by Mohamuds attorneys in July, and join a long list of battles from the courts to Congress over the legality of Section 702. Wikimedia and the ACLU are suing the government over the use of Section 702 in theFourth Circuit Court of Appeals, and Congress has held several hearings this year to debate the laws renewal ahead of its expiration at the end of December.

Section 702 is at the heart of a dispute between Oregon Democratic Sen. Ron Wyden and Director of National Intelligence Dan Coats, the nations top spy chief. Wyden has pressed Coats and his predecessor to provide an estimate of the number of Americans incidentally swept up in Section 702 that both claim is impossible to produce. The senator has further suggested the authority could be used to warrantlessly target Americans directly.

Congresss concerns over Section 702 have become a point of rare bipartisanship for some. Kentucky Republican Sen. Rand Paul has fought alongside Wyden to peel back the curtain on Section 702. South Carolina Republican Sen. Lindsay Graham is grilling intelligence officials for information about what Section 702 gathers on lawmakers and other members of government, and if those intercepts can and are used to politically target government officials like former National Security Adviser Michael Flynn.

In testimony to Congress intelligence chiefs including NSA Director Mike Rogers have admitted Section 702 programs have a history of compliance issues, some highlighted by the Foreign Intelligence Surveillance Court, which approves more than 99 percent of the governments secret surveillance requests.

The typically intel-friendly court chastised the government for an institutional lack of candor on a very serious Fourth Amendment issue. One such opinion said NSA has engaged in significant overcollection . . . including the content of communications of non-target U.S. persons and persons in the U.S.

As a result, NSA in April suspended a Section 702 practice known as about collection when NSA sweeps up American emails and text messages exchanged with overseas users that simply mention search terms like an email address belonging to a target but isnt to or from a target.

The agency recently told Congress its working on a technical solution to reengage about collection.

All of the pushback comes as intelligence leaders pressure Congress not just to renew Section 702 but implement it permanently. Top Republicans and Democrats have endorsed the idea, including Senate Majority Whip John Cornyn of Texas and Intelligence Committee Ranking Member Dianne Feinstein of California.

In a recent interview, Snowden said using Section 702 to surveil Americans requires the agency to engage in little more than word games. Privacy advocates suspect the loophole created by Section 702 likelyamounts to millions or even hundreds of millions of warrantless interceptionsbelonging to Americans.

Follow Giuseppe on Twitter

Read more:
Supreme Court Asked to Look at Warrantless NSA Spying Powers - InsideSources