Mediaboss Marketing

It is hard to imagine more fitting names for code-gone-bad than WannaCry and Eternal Blue. Those are just some of the computer coding vulnerabilities pilfered from the National Security Agencys super-secret stockpile that have been used in two separate global cyber attacks in recent weeks. An attack on Tuesday featuring Eternal Blue was the second of these to use stolen NSA cyber toolsdisrupting everything from radiation monitoring at Chernobyl to shipping operations in India. Fort Meades trove of coding weaknesses is designed to give the NSA an edge. Instead, its giving the NSA heartburn. And its not going away any time soon.

As with most intelligence headlines, the story is complicated, filled with good intentions and unintended consequences. Home to the nations codebreakers and cyber spies, the NSA is paid to intercept communications of foreign adversaries. One way is by hunting for hidden vulnerabilities in the computer code powering Microsoft Windows and and all sorts of other products and services that connect us to the digital world. Its a rich hunting ground. The rule of thumb is that one vulnerability can be found in about every 2,500 lines of code. Given that an Android phone uses 12 million lines of code, were talking a lot of vulnerabilities. Some are easy to find. Others are really hard. Companies are so worried about vulnerabilities that manyincluding Facebook and Microsoftpay bug bounties to anyone who finds one and tells the company about it before alerting the world. Bug bounties can stretch into the hundreds of thousands of dollars.

Writing the Rules of Cyberwar

The NSA, which employs more mathematicians than any organization on Earth, has been collecting these vulnerabilities. The agency often shares the weaknesses they find with American manufacturers so they can be patched. But not always. As NSA Director Mike Rogers told a Stanford audience in 2014,the default setting is if we become aware of a vulnerability, we share it, but then added, There are some instances where we are not going to do that. Critics contend thats tantamount to saying, In most cases we administer our special snake bite anti-venom that saves the patient. But not always.

In this case, a shadowy group called the Shadow Brokers (really, you cant make these names up) posted part of the NSAs collection online, and now its O.K. Corral time in cyberspace. Tuesdays attacks are just the beginning. Once bad code is in the wild, it never really goes away. Generally speaking, the best approach is patching. But most of us are terrible about clicking on those updates, which means there are always victimslots of themfor cyber bad guys to shoot at.

WannaCry and Eternal Blue must be how folks inside the NSA are feeling these days. Americas secret-keepers are struggling to keep their secrets. For the National Security Agency, this new reality must hit especially hard. For years, the agency was so cloaked in secrecy, officials refused to acknowledge its existence. People inside the Beltway joked that NSA stood for No Such Agency. When I visited NSA headquarters shortly after the Snowden revelations, one public-affairs officer said the job used to entail watching the phones ring and not commenting to reporters.

Now, the NSA finds itself confronting two wicked problemsone technical, the other human. The technical problem boils down to this: Is it ever possible to design technologies to be secure against everyone who wants to breach them except the good guys? Many government officials say yes, or at least no, but In this view, weakening security just a smidge to give law-enforcement and intelligence officials an edge is worth it. Thats the basic idea behind the NSAs vulnerability collection: If we found a vulnerability, and we alone can use it, we get the advantage. Sounds good, except for the part about we alone can use it, which turns out to be, well, dead wrong.

Thats essentially what the FBI argued when it tried to force Apple to design a new way to breach its own products so that special agents could access the iPhone of Syed Rizwan Farook, the terrorist who, along with his wife, killed 14 people in San Bernardino. Law-enforcement and intelligence agencies always want an edge, and there is a public interest in letting them have it.

As former FBI Director James Comey put it, There will come a dayand it comes every day in this businesswhere it will matter a great deal to innocent people that we in law enforcement cant access certain types of data or information, even with legal authorization.

Many leading cryptographers (the geniuses who design secure communications systems) and some senior intelligence officials say that a technical backdoor for one is a backdoor for all. If theres a weakness in the security of a device or system, anyone can eventually exploit it. It may be hard, it may take time, it may take a team of crack hackers, but the math doesnt lie. Its nice to imagine that the FBI and NSA are the only ones who can exploit coding vulnerabilities for the good of the nation. Its also nice to imagine that Im the only person my teenage kids listen to. Nice isnt the same thing as true. Former NSA Director Mike Hayden publicly broke with many of his former colleagues last year. I disagree with Jim Comey, Hayden said. I know encryption represents a particular challenge for the FBI. ... But on balance, I actually think it creates greater security for the American nation than the alternative: a backdoor.

Hayden and others argue that digital security is good for everyone. If people dont trust their devices and systems, they just wont use them. And for all the talk that security improvements will lock out U.S. intelligence agencies, that hasnt happened in the 40 years of this raging debate. Thats right. 40 years. Back in 1976, during the first crypto war, one of my Stanford colleagues, Martin Hellman, nearly went to jail over this dispute. His crime: publishing his academic research that became the foundational technology used to protect electronic communications. Back then, some NSA officials feared that securing communications would make it harder for them to penetrate adversaries systems. They were right, of courseit did get harder. But instead of going dark, U.S. intelligence officials have been going smart, finding new ways to gather information about the capabilities and intentions of bad guys through electronic means.

The NSAs second wicked problem is humans. All the best security clearance procedures in the world cannot eliminate the risk of an insider threat. The digital era has supersized the damage that one person can inflict. Pre-internet, traitors had to sneak into files, snap pictures with hidden mini-cameras, and smuggle documents out of secure buildings in their pant legs or a tissue box. Edward Snowden could download millions of pages onto a thumb drive with some clicks and clever social engineering, all from the comfort of his own desktop.

There are no easy solutions to either the technical or human challenge the NSA now faces. Tuesdays global cyber attack is a sneak preview of the movie known as our lives forever after.

Talk about WannaCry.

Read the original:
The NSA Confronts a Problem of Its Own Making - The Atlantic

Enlarge / A computer screen displaying Eternalromance, one of the hacking tools dumped Friday by Shadow Brokers.

The people behind Tuesday's massive malware outbreak had access to two National Security Agency-developed exploits several weeks before they were published on the Internet, according to evidence unearthed by researchers from antivirus F-Secure.

On Thursday, F-Secure researchers said they have evidence that the still-unknown developers of Tuesday's NotPetya malware had access to EternalBlue and EternalRomance as early as February, when they finished work on the malware component that used the stolen NSA exploits. The timeline is all the more significant considering the quality of the component, which proved surprisingly adept in spreading the malware from computer to computer inside infected networks. The elegance lay in the way the component combined the NSA exploits with three off-the-shelf tools including Mimikatz, PSExec, and WMIC. The result: NotPetya could infect both patched and unpatched computers quickly. Code that complex and effective likely required weeks of development and testing prior to completion.

"February is many weeks before the exploits EternalBlue and EternalRomance (both of which this module utilizes) were released to the public (in April) by the Shadow Brokers," F-Secure researcher Andy Patel wrote in a blog post. "And those exploits fit this component like a glove."

Whereas the two other main components of NotPetyaan encryption component and a component for attacking a computer's master boot recordwere "pretty shoddy and seem kinda cobbled together," Patel said the spreading component seems "very sophisticated and well-tested." For developers to finish work on the spreader by February, they clearly had the NSA exploits in hand by then. By contrast, Patel added:

WannaCry clearly picked [the NSA] exploits up after the Shadow Brokers dumped them into the public domain in April. Also WannaCry didn't do the best job at implementing these exploits correctly.

By comparison, this "Petya" looks well-implemented, and seems to have seen plenty of testing. It's fully-baked.

The weeks leading up to February's completion of the NotPetya spreader was a particularly critical time for computer security. A month earlier, the Shadow Brokers advertised an auction that revealed some of the names of the exploits they had, including EternalBlue. NSA officials responded by warning Microsoft of the theft so that the company could patch the underlying vulnerabilities. In February, Microsoft abruptly canceled that month's Patch Tuesday. The unprecedented move was all the more odd because exploit code for an unpatched Windows 10 flaw was already in the wild and Microsoft gave no explanation for the cancellation.

"Meanwhile, 'friends of the Shadow Brokers' were busy finishing up development of a rather nifty network propagation component, utilizing these exploits," Patel wrote.

When Patch Tuesday resumed in March, Microsoft released a critical security update that fixed EternalBlue. As the WCry outbreak would later demonstrate, large numbers of computersmainly running Windows 7failed to install the updates, allowing the worm to spread widely.

If the timeline is correct, it would mean the NotPetya developers had some sort of tie to the Shadow Brokers, possibly as customers, colleagues, acquaintances, or friends. It would also make NotPetya the first piece of in-the-wild malware that had known early access to the NSA exploits. Patel didn't say how the NotPetya developers got hold of EternalBlue and EternalRomance prior to their public release in April.

Early speculation was that Shadow Brokers members acquired a small number of hacking tools that NSA personnel stored on one or more staging servers used to carry out operations. The volume and sensitivity of the exploits and documents released over the next several months slowly painted a much grimmer picture. It's now clear that the group has capitalized on what is likely the worst breach in NSA history. There's no indication the agency has identified how it lost control of such a large collection of advanced tools or that it knows much at all about the Shadow Brokers' membership. The group, meanwhile, continues to publish blog posts written in deliberately broken English, with the most recent one on Wednesday.

The F-Secure evidence adds a new unsettling entry on the Shadow Brokers' resume. The world already knew the group presided over a breach of unprecedented scope and leaked exploits to the world. Now, we know it also provided crucial private assistance in developing one of the most virulent worms in recent memory.

Go here to read the rest:
NotPetya developers obtained NSA exploits weeks before their public leak - Ars Technica

The Shadow Brokers have been relatively quiet over the past few weeks, which is never a good sign. It now appears the infamous hacker collective is looking to expose a former NSA hackers identity. That is a very troublesome development if true. Moreover, it appears the group is quite upbeat regarding their monthly dump service subscription, which has seen significant interest since it launched.

It is evident The Shadow Brokers are still on the right path to make media headlines. After remaining rather silent for a few weeks, the group has shared a new update. First of all, they mention how their monthly dump service is doing quite well, with plenty of customers signing up. Do keep in mind these reports always needto be taken with a grain of salt, as it is difficult to verify this information.

What is of bigger concern however, is how the hacker collective threatens to expose an NSA employee. Their blog postmentions how this individual used to be a hacker employed by the NSA. It appears The Shadow Brokers have had some beef with this person on Twitter, and are now prepared to take things to a whole new level. That is a very disturbing turn of events, to say the least.

According to the information shared with the world, this particular Twitter user was part of the Equation Group. It appears this group is one of the NSAs many hacking operations in recent years. The Shadow Brokers are convinced they know who this person is in real life, and how he or she built multiple tools to attack Chinese organizations on behalf of the NSA. Moreover, the collective claims this person is a co-founder of a new security firm, which recently received a significant injection of VC funding.

To make matters even more confusing, this person can effectively escape being exposed by The Shadow Brokers. All he or she has to do is sign up for the groups monthly dump service during the month of July. The person has to use a very specific email address, to do so, though. This appears to be a very strange marketing stunt, and it is doubtful the alleged NSA employee will follow these guidelines.

So far, the Twitter user in question is denying all of these allegations, which is not surprising. In fact, the user has even claimed to reveal his identity himself, which would thwart plans made by The Shadow Brokers. It is possible this is a case of misidentification. Then again, it is equally possible bigger things are at play here. We will probably never know the full truth, that much is evident at this stage.

Anyone can see The Shadow Brokers are playing a very dangerous game right now. The hacker collective seemingly has no scruples whatsoever. Threatening the safety of former and current NSA employees is very disturbing. Cyber warfare is scaling at an accelerated pace, which could be quite disastrous for everyone who gets swept up in the momentum. It will be interesting to see how this situation evolves over the coming weeks.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

View post:
The Shadow Brokers Threaten to Expose Alleged Former NSA Hacker - The Merkle

A pared-down version of President Trumps travel ban took effect Thursday night, barring immigrants and refugees from six majority-Muslim countries from entering the United States unless they can prove a relationship with a U.S. citizen or entity; late adjustments to the administrations rules included fiancs but not grandparents and other extended family. In an emergency filing, the state of Hawaii asked a federal court to clarify the scope of the ban, saying the governments latest restrictions go further than the Supreme Court allowed. [Tony Romm / Recode]

This weeks international malware attack has raised concerns that the National Security Agency has rushed to create digital weapons that it cannot keep safe or disable. [The New York Times]

Airbnb is launching a new service for luxury vacation rentals at mega-homes, mansions and penthouses. Airbnb Lux will begin testing in some markets at the end of the year. [Bloomberg]

Meal-kit delivery company Blue Apron raised $300 million in its first day of trading on the New York Stock Exchange, opening at about $10 a share. The five-year-old New York City-based company slashed its IPO price amid questions about the long-term feasibility of its model. [Jason Del Rey / Recode]

Blue Apron CEO Matt Salzberg will join Bonobos CEO Andy Dunn and Williams-Sonoma CEO Laura Amber at Septembers Code Commerce event in New York City, where retail and commerce industry leaders will explore the convergence of digital and physical in the realm of buying and selling stuff. [Jason Del Rey / Recode]

No single device will have as much impact as the iPhone in the next 10 years. Heres a look at which products in the market today might have a comparable effect over the next decade. [Jan Dawson / Recode]

A former Binary Capital employee is suing Justin Caldbeck and the VC firm.

Ann Lai alleges defamation and other claims.

Facebooks internet-beaming drone completed its second test flight and landed perfectly.

Its first Aquila flight ended in a crash landing.

A new drone route is now open in Malawi.

Drones can soar over roads in the flood-prone region to help deliver supplies to remote areas.

This new movie about an Instagram stalker looks both hilarious and terrifying.

Remember: People can see your public social media posts.

Google is still mostly white and male.

Thats according to the latest diversity report.

Kids these days.

On the latest Too Embarassed to Ask, Kara Swisher and Lauren Goode talk with The Verges Casey Newton and Karas older son, Louie Swisher, about how teens are using (or not using) apps like Instagram, Snapchat, Musical.ly and more.

Nice day for a Crunchwrap Supreme wedding

This lucky couple won a glamorous, all-expenses-paid wedding at Taco Bells chic Las Vegas Cantina location, catered with Doubledillas, Gorditas and a hot-sauce-packet bouquet. They werent the first; the fast-food company is now offering anyone the chance to get married at the Vegas franchise for $600. [Eric Vilas-Boas / Thrillist]

More:
Recode Daily: Trump's 'travel ban' goes into effect, and can the NSA control the cyber weapons it creates? - Recode

In January, Shelby rejected an attempt by the Department of Justice to dismiss the case.

In late May, a declaration by former NSA official Thomas A. Drake, affirming the allegations, was forwarded by Anderson to Justice Department attorneys.

Drake's statement contradicted assertions by Michael Hayden, the former director of the NSA, that said neither the President's Surveillance Program (PSP) nor any other NSA intelligence-gathering activity was involved in indiscriminate and wholesale surveillance in Salt Lake City or other Olympic venues during the 2002 Winter Games.

"I have reviewed the declaration of Michael V. Hayden dated March 8, 2017," Drake's statement said. "As a result of personal knowledge I gained as a long-time contractor and then senior executive (1989-2008) of the NSA, I know the statements made by Hayden in that declaration are false or, if not literally false, substantially misleading."

The NSA has the capability to seize and store electronic communications passing through U.S. intercept centers, according to the statement from Drake.

After Sept. 11, 2001, "the NSA's new approach was that the president had the authority to override the Foreign Intelligence Surveillance Act (FISA) and the Bill of Rights, and the NSA worked under the authority of the president," Drake said. "The new mantra to intercepting intelligence was 'just get it' regardless of the law."

Additional information on the NSA's intelligence-gathering came to light in 2013 when Edward Snowden, a contractor working for the agency, revealed to the Guardian newspaper the scope of U.S. and British global surveillance programs.

csmart@sltrib.com

See more here:
Utah judge orders NSA to provide documents and data on 2002 ... - Salt Lake Tribune