Archive for the ‘NSA’ Category

Major Leak Suggests NSA Was Deep in Middle East … – WIRED

Slide: 1 / of 1. Caption: Caption: A woman walks past a branch of Noor Islamic Bank along Khalid Bin Al-Waleed Road in Dubai.Reuters

For eight months, the hacker group known as Shadow Brokers has trickled out an intermittent drip of highly classified NSA data. Now, just when it seemed like that trove of secrets might be exhausted, the group has spilled a new batch. The latest dump appears to show that the NSA has penetrated deep into the finance infrastructure of the Middle Easta revelation that could create new scandals for the worlds most well-resourced spy agency.

Friday morning, the Shadow Brokers published documents thatif legitimateshow just how thoroughly US intelligence has compromised elements of the global banking system. The new leak includes evidence that the NSA hacked into EastNets, a Dubai-based firm that oversees payments in the global SWIFT transaction system for dozens of client banks and other firms, particularly in the Middle East. The leak includes detailed lists of hacked or potentially targeted computers, including those belonging to firms in Qatar, Dubai, Abu Dhabi, Syria, Yemen, and the Palestinian territories. Also included in the data dump, as in previous Shadow Brokers releases, are a load of fresh hacking tools, this time targeting a slew of Windows versions.

Oh you thought that was it? the hacker group wrote in a typically grammar-challenged statement accompanying their leak. There was speculation prior to this mornings release that the group had finally published its full set of stolen documents, after a seemingly failed attempt to auction them for bitcoins. Too bad nobody deciding to be paying theshadowbrokers for just to shutup and going away.

The transaction protocol SWIFT has been increasingly targeted by hackers seeking to redirect millions of dollars from banks around the world, with recent efforts in India, Ecuador, and Bangladesh. Security researchers have even pointed to clues that a $81 million Bangladesh bank theft via SWIFT may have been the work of the North Korean government. But the Shadow Brokers latest leak offers new evidence that the NSA has also compromised SWIFT, albeit most likely for silent espionage rather than wholesale larceny.

EastNets has denied that it was hacked, writing on its Twitter account that theres no credibility to the online claim of a compromise of EastNets customer information on its SWIFT service bureau. But the Shadow Brokers leak seems to suggest otherwise: One spreadsheet in the release, for instance, lists computers by IP address, along with corresponding firms in the finance industry and beyond, including the Qatar First Investment Bank, Arab Petroleum Investments Corporation Bahrain, Dubai Gold and Commodities Exchange, Tadhamon International Islamic Bank, Noor Islamic Bank, Kuwait Petroleum Company, Qatar Telecom and others. A legend at the top of the spreadsheet notes that the 16 highlighted IP addresses mean, box has been implanted and we are collecting. That NSA jargon translates to a computer being successfully infected with its spyware.1

Those IP addresses dont actually correspond to the clients computers, says Dubai-based security researcher Matt Suiche, but rather to computers servicing those clients at EastNets, which is one of 120 service bureaus that form a portion of the SWIFT network and make transactions on behalf of customers. This is the equivalent of hacking all the banks in the region without having to hack them individually, says Suiche, founder of UAE-based incident response and forensics startup Comae Technologies. You have access to all their transactions.

While the Shadow Brokers releases have already included NSA exploits, todays leak is the first indication of targets of that sophisticated hacking in the global banking system. Unlike previous known hacks of the SWIFT financial network, nothing in the leaked documents suggests that the NSA used its access to EastNets SWIFT systems to actual alter transactions or steal funds. Instead, stealthily tracking the transactions within that network may have given the agency visibility into money flows in the regionincluding to potential terrorist, extremist, or insurgent groups.

If that sort of finance-focused espionage was in fact the NSAs goal, it would hardly deviate from the agencys core mission. But Suiche points out that confirmation of the operation would nonetheless lead to blowback for the NSA and the US governmentparticularly given that many of the listed targets are in US-friendly countries like Dubai and Qatar. A big shitstorm is to come, says Suiche. You can expect the leadership of key organizations like banks and governments are going to be quite irritated, and theyre going to react.

Beyond EastNets alone, Suiche points to references in the files to targeting the Panama-based firm Business Computer Group or BCG, although its not clear if the firm was actually compromised. Beyond its Twitter statement, EastNets didnt respond to WIREDs request for comment. WIRED also reached out to BCG and the NSA, but didnt get a response.

SWIFT aside, the leak also contains a cornucopia of NSA hacking tools or exploits, including what appear to be previously secret techniques for hacking PCs and servers running Windows. Matthew Hickey, the founder of the security firm Hacker House, analyzed the collection and believes there are more than 20 distinct exploits in the leak, about 15 of which are included in an automated hacking framework tool called FuzzBunch.

This is as big as it gets. Matthew Hickey, Hacker House

The attacks seem to target every recent version of Windows other than Windows 10, and several allow a remote hacker to gain the full ability to run their own code on a target machine. There are exploits here that are quite likely zero days that will let you hack into any number of servers on the internet, says Hickey. This is as big as it gets. Its internet God mode.

In a statement to WIRED, however, a Microsoft spokesperson wrote that the company had previously patched all the vulnerabilities in Windows that the hacking tools exploited. Weve investigated and confirmed that the exploits disclosed by the Shadow Brokers have already been addressed by previous updates to our supported products, the statement reads. In a blog post, the company clarified that several of the exploits do still work, but only on versions of Windows prior to Windows 7.2

But the Shadow Brokers hinted in their release that theyre not done creating trouble for the NSA yet. Maybe if all suviving [sic] WWIII theshadowbrokers be seeing you next week, the groups message concludes. Who knows what we having next time?

1Updated 4/14/2017 12:15 EST to include comments from EastNets.

2Updated 4/15/2017 3:50 EST to include a response from Microsoft.

More here:
Major Leak Suggests NSA Was Deep in Middle East ... - WIRED

US Cyber Bill Would Shift Power From Spy Agency – Fortune

The U.S. Capitol is seen in Washington, DC, April 28, 2017. Saul LoebAFP/Getty Images

A bill proposed in Congress on Wednesday would require the U.S. National Security Agency to inform representatives of other government agencies about security holes it finds in software like the one that allowed last week's "ransomware" attacks.

Under former President Barack Obama, the government created a similar inter-agency review, but it was not required by law and was administered by the NSA itself.

The new bill would mandate a review when a government agency discovers a security hole in a computer product and does not want to alert the manufacturer because it hopes to use the flaw to spy on rivals. It also calls for the review process to be chaired by the defense-oriented Department of Homeland Security rather than the NSA, which spends 90% of its budget on offensive capabilities and spying.

Republican Senator Ron Johnson of Wisconsin and Democratic Senator Brian Schatz of Hawaii introduced the legislation in the U.S. Senate Homeland Security and Governmental Affairs Committee.

et Data Sheet , Fortune's technology newsletter.

Striking the balance between U.S. national security and general cyber security is critical, but its not easy, said Senator Schatz in a statement. This bill strikes that balance.

Tech companies have long criticized the practice of withholding information about software flaws so they can be used by government intelligence agencies for attacks.

Hackers attacked 200,000 in more than 150 countries last week using a Microsoft Windows software vulnerability that had been developed by the NSA and later leaked online.

Microsoft president Brad Smith harshly criticized government practices on security flaws in the wake of the ransomware attacks. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," Smith wrote in a blog post.

Agencies like the NSA often have greater incentives to exploit any security holes they find for spying, instead of helping companies protect customers, cyber security experts say.

"Do you get to listen to the Chinese politburo chatting and get credit from the president?" said Richard Clayton a cyber-security researcher at the University of Cambridge. "Or do you notify the public to help defend everyone else and get less kudos?"

Susan Landau, a cyber security policy expert at Worcester Polytechnic Institute, said that in putting DHS in charge of the process, the new bill was an effort to put the process "into civilian control."

The new committee's meetings would still be secret. But once a year it would issue a public version of a secret annual report.

The NSA did not immediately respond to a request for comment.

Read more:
US Cyber Bill Would Shift Power From Spy Agency - Fortune

Why people are blaming the global cyberattack on the NSA – Politico

How the hacking tools escaped the National Security Agency is unknown. | AP Photo

This week's worldwide cybersecurity crisis is just the latest black eye for the National Security Agency and its practice of stockpiling secret means of snooping into computer systems.

Thats because whoever launched the global series of ransomware assaults is using a flaw in Microsoft Windows that the U.S. spy agency had apparently exploited for years until someone leaked the NSAs hacking tools online and allowed cyber criminals to copy them.

Story Continued Below

Now, critics ranging from Microsoft to Vladimir Putin to fugitive NSA leaker Edward Snowden are denouncing the agencys practice of stockpiling computer vulnerabilities for its own use instead of informing the developers or manufacturers so they can plug the holes. And some privacy advocates and technology experts want Congress to make the agency rein in the practice.

Heres POLITICOs summary of where that debate stands:

How did hackers get ahold of the NSAs tools?

Thats a good question. But the ransomware racing around the globe is based on a cache of apparent NSA hacking software and documents that a group calling itself the Shadow Brokers posted online on April 14. (Shadow Brokers first began making these kinds of dumps last year.) The Trump and former Obama administrations have refused to confirm that the NSA had lost control of its tools, but former intelligence officials say the leaked material is genuine.

How the hacking tools escaped the NSA is unknown. But there are three main possibilities: An NSA employee or contractor went rogue and stole the files; a sophisticated adversary such as the Russian government hacked into the spy agency and took them; or an NSA hacker accidentally left the files exposed on a server being used to stage a U.S. intelligence operation, and someone found them.

Contractors, who can lack the institutional loyalty of regular employees, have long been a source of heartache to the intelligence community, from the 2013 Snowden leaks to the arrest last year of Harold Martin, a Maryland man charged with stealing reams of classified files and hoarding them in his home.

Which NSA tool are the hackers using?

It appears to be a modified version of an NSA hacking tool, a software package dubbed ETERNALBLUE, that was buried in the Shadow Brokers leak.

The tool took advantage of a flaw in a part of Windows called the Server Message Block, or SMB, protocol, which connects computers on a shared network. In essence, the flaw allows malware to spread across networks of unpatched Windows computers, a dangerous prospect in the increasingly connected world.

After the cache leaked, cybersecurity researchers, realizing that the SMB vulnerability could expose organizations to massive hacks, reverse engineered the tool, checking how it worked and evaluating how to defeat it. These researchers posted their work online to crowdsource and accelerate the process.

But their work also helped digital thieves. At some point, the criminals behind the ransomware attack grabbed the reverse-engineered exploit and incorporated it into their malware.

This separated their attack tool from previous popular iterations of ransomware. Whereas normal ransomware locks down an infected computers files and stops there, this variant can jump from machine to machine, infecting entire businesses like the internets earliest computer worms.

What did the NSA do after learning of the theft?

The spy agency probably warned Microsoft about the vulnerability soon afterward. Microsoft released a patch for computer users to repair the flaw in March, a month before the Shadow Brokers leak.

But thats not good enough for civil liberties advocates, who want stricter limits on how long the government can hold onto vulnerabilities it discovers.

These attacks underscore the fact that vulnerabilities will be exploited not just by our security agencies, but by hackers and criminals around the world, said Patrick Toomey, a national security attorney at the American Civil Liberties Union, in a statement. Patching security holes immediately, not stockpiling them, is the best way to make everyones digital life safer.

The agencys defenders disagree. That nobody else discovered these vulnerabilities as far as we know suggests that it is right for the NSA to hold onto them if they have confidence that nobody else has a copy of their tools, Nicholas Weaver, a researcher at the University of California in Berkeley, told POLITICO. It actually is a problem that the NSA cant or wont claim credit for properly notifying Microsoft. The NSA did the right thing, and they arent getting the credit for it they deserve.

Is this a new controversy for the NSA?

No. But the crisis that began on Friday is giving it prominence like never before.

Privacy advocates and tech companies have long criticized the U.S. spy agencies for keeping knowledge of security flaws a secret and building hacking tools to exploit them. And they say its especially bad when the government cant keep its secret exploits out of the hands of cyber criminals.

When [a] U.S. nuclear weapon is stolen, its called an empty quiver, tweeted Snowden, whose 2013 leaks exposed the vast underbelly of the government's spying capacity. This weekend, [the NSAs] tools attacked hospitals.

Microsoft President Brad Smith also denounced the NSAs inability to secure its tools. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen, he wrote in a weekend blog post.

Putin later picked up that theme, telling reporters in Beijing that U.S. intelligence agencies were clearly the initial source of the virus.

Once they're let out of the lamp, genies of this kind, especially those created by intelligence services, can later do damage to their authors and creators," the Russian leader said.

But former national security officials say the government needs to build hacking tools to keep the U.S. safe. And White House homeland security adviser Tom Bossert downplayed the possible origin of the code Monday.

Regardless of the provenance of the exploit here used, he told ABC, who is culpable are the criminals that distributed it and the criminals that weaponized it, added additional details to it, and turned this into something that is holding ransom data but also putting at risk lives and hospitals.

A daily briefing on politics and cybersecurity weekday mornings, in your inbox.

By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time.

Whats Congress doing?

The government uses a system called the Vulnerability Equities Process to determine whether and when agencies must tell companies about code flaws they discover. Following recent spy agency leaks, former government officials, cyber experts and tech companies have proposed changes to the VEP that would limit the intelligence communitys ability to hoard vulnerabilities.

Some are calling for Congress to act.

Those include Rep. Ted Lieu, a California Democrat with a computer science degree, who has led the charge to reform the VEP.

Lieu, a leading congressional voice on cybersecurity, called the process not transparent in a statement Friday, saying few people understand how the government makes these critical decisions. The ransomware campaign, he added, shows what can happen when the NSA or CIA write malware instead of disclosing the vulnerability to the software manufacturer.

But Lieus bill is unlikely to become law. Not only does the intelligence community have numerous defenders in Congress, but politicians simply arent paying much attention to the issue. Lawmakers haven't rushed to join Lieu in calling for VEP changes. There have only been a few hearings on ransomware in recent years, and no pending legislation mentions either ransomware or the VEP.

Martin Matishak contributed to this report.

Missing out on the latest scoops? Sign up for POLITICO Playbook and get the latest news, every morning in your inbox.

Original post:
Why people are blaming the global cyberattack on the NSA - Politico

After WannaCry, ex-NSA director defends agencies holding exploits – TechCrunch


TechCrunch
After WannaCry, ex-NSA director defends agencies holding exploits
TechCrunch
There's not much more topical than cyber security right now. And who better to talk about it than former director of the NSA and ex-chief of the Central Security Service, general Keith Alexander? On stage here at TechCrunch Disrupt New York, Alexander ...
NSA warned Microsoft about vulnerability connected to 'Wanna Cry': reportThe Hill
Don't Blame NSA for Making the WannaCry Cyberattack ProgramNewsweek
Blame the 'WannaCry' ransomware attack on our own NSALos Angeles Times
Defense One -Bloomberg -NPR -TechNet - Microsoft
all 2,458 news articles »

Read more:
After WannaCry, ex-NSA director defends agencies holding exploits - TechCrunch

Hacker group that leaked NSA spy tools likely includes a U.S. insider, experts say – McClatchy Washington Bureau


McClatchy Washington Bureau
Hacker group that leaked NSA spy tools likely includes a U.S. insider, experts say
McClatchy Washington Bureau
One of those leaked NSA tools allowed extortionists to spark havoc last Friday by encrypting the hard drives of more than 200,000 computers in 150 countries, the largest such cyberattack ever to hit the globe. The attackers demanded $300 or more to ...

and more »

Read more from the original source:
Hacker group that leaked NSA spy tools likely includes a U.S. insider, experts say - McClatchy Washington Bureau