Mediaboss Marketing

The WannaCry ransomware never could have escalated as far as it did without the Shadow Brokers. And the hacker group has just resurfaced.

Themalware has ensnared up to 300,000 computers in more than 150 countries, locking up devices in hospitals, schools and businesses unless they pay up. It's been able to spread quickly by sneaking through an infected computer's network, using an exploit in a standard sharing tool called Server Message Block found in outdated Windows computers.

Play Video

Microsoft knew about the software vulnerability that was exploited by a massive cyberattack over the weekend, and had released a fix in March. Bu...

The exploit, codenamed EternalBlue, was first discovered by the NSA, butleaked to the world after the Shadow Brokers stole the agency's hacking arsenal. The group, quiet since August, returned Tuesday with a warning for the National Security Agency and the rest of the world: There are going to be more leaked tools.

"In June, TheShadowBrokers is announcing 'TheShadowBrokers Data Dump of the Month' service," the group wrote in itsopen letter on the Steemit website Tuesday. "Is being like wine of month club."

The hacker group claims that it still has 75 percent of the the US's cyber arsenal, and could release tools that exploit browser, router and phone vulnerabilities, as well as compromised network data from Russia, China, Iran and North Korea.

The Shadow Brokers originally triedselling off the stolen tools in an auction, but backed down after receiving no bidders. In the Tuesday letter, they said they weren't "interested in stealing grandmothers' retirement money," but wanted to send a message to the Equation Group, ahacking group linked to the NSA.

The Shadow Brokers said they'll release more details about their monthly data dump in June, including how interested subscribers could sign up. And after the massive success of WannaCry's ransomware breach, there's certainly much more demand.

Play Video

Cybersecurity experts say North Korea may be to blame for the unprecedented global "ransomware" attack. The hacking has crippled computer systems...

"They've proven that these are highly effective tools in their possession, so people are going to be very interested in purchasing this, especially other criminals," Sean Dillon, a senior security analyst at RiskSense said. "They still have the government's tools, and they want to make money off of it."

It's alreadyearned the hackers behind WannaCry more than $70,000 in just four days. The same EternalBlue exploit has also been used to infect computers withAydlkuzz, malware thatstealthily enslaves your PC to mine for cryptocurrency, according to researchers at Proofpoint.

Once somebody gets the data dump from the Shadow Brokers, Dillon said, the exploits would most likely become public. At the end of the letter, the hacker group hinted the NSA could make all these problems go away if the agency paid up for the tools.

When the Shadow Brokers first put theleaked tools up for sale, they demanded 1 million bitcoins, which then translated to $580 million. Currently, that amount is worth $1.76 billion.

"They can't pay anywhere close to the mark," Dillon said.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.

Logging Out: Welcome to the crossroads of online life and the afterlife.

This article originally appeared on CNET.

2017 CBS Interactive Inc.. All Rights Reserved.

Go here to read the rest:
Shadow Brokers hacker group says more NSA leaks to come - CBS News

After the WannaCry cyberattack hit computer systems worldwide, Microsoft says governments should report software vulnerabilities instead of collecting them. Here, a ransom window announces the encryption of data on a transit display in eastern Germany on Friday. AFP/AFP/Getty Images hide caption

After the WannaCry cyberattack hit computer systems worldwide, Microsoft says governments should report software vulnerabilities instead of collecting them. Here, a ransom window announces the encryption of data on a transit display in eastern Germany on Friday.

When the National Security Agency lost control of the software behind the WannaCry cyberattack, it was like "the U.S. military having some of its Tomahawk missiles stolen," Microsoft President Brad Smith says, in a message about the malicious software that has created havoc on computer networks in more than 150 countries since Friday.

"This is an emerging pattern in 2017," Smith, who is also chief legal officer, says in a Microsoft company blog post. "We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage."

On affected computers, the WannaCry software encrypts files and displays a ransom message demanding $300 in bitcoin. It has attacked hundreds of thousands of computers, security experts say, from hospital systems in the U.K. and a telecom company in Spain to universities and large companies in Asia. And the software is already inspiring imitators, as the Bleeping Computer site reports.

The malware behind WannaCry (also called WannaCrypt, Wana Decryptor or WCry) was reported to have been stolen from the NSA in April. And while Microsoft said it had already released a security update to patch the vulnerability one month earlier, the sequence of events fed speculation that the NSA hadn't told the U.S. tech giant about the security risk until after it had been stolen.

With his new statement, Smith seems to be confirming that version of events.

Two months after Microsoft issued its security patch, thousands of computers remained vulnerable to the WannaCry attack. That prompted the company to issue another patch on Friday for older and unsupported operating systems such as Windows XP, allowing users to secure their systems without requiring an upgrade to the latest operating software.

Urging businesses and computer users to keep their systems current and updated, Smith says the WannaCry attack shows the importance of collective action to fight cybercrime.

But he aimed his sharpest criticisms at the U.S. and other nations.

The attack, Smith says, "represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today nation-state action and organized criminal action."

International standards should compel countries not to stockpile or exploit software vulnerabilities, Smith says. He adds that governments should report vulnerabilities like the one at the center of the WannaCry attack.

Governments "need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world," Smith says, urging agencies to "consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."

Smith's blog post did not address another factor in the ransomware's spread, one that hints at the difficulty of uniting against a hacking attack: Users of pirated Microsoft software are unable to download the security patch, forcing them to fend for themselves or rely on a third-party source for a solution.

Continue reading here:
is calling out the NSA

The particularly nasty computer program dubbed WannaCry that attacked hospitals, businesses and government agencies around the world this past weekend was like a cybercrime highlight reel, a compilation of by-now familiar elements conscience-free cybercriminals, an obscure vulnerability in Microsoft Windows, older and ill-maintained corporate computer networks and computer users tricked into opening booby-trapped email attachments that played out on an epic scale.

Whats different this time is that the hackers apparently had considerable help from the U.S. government. They used a stolen tool reportedly developed by the National Security Agency to exploit a hidden weakness in the Windows operating system and spread their ransomware far and wide. The tool was one of many linked to the NSA that were leaked online last year, then finally decrypted in April for use by anyone with the requisite coding skills.

Its tempting to howl at the NSA for not alerting companies like Microsoft when its researchers find vulnerabilities in their products. The reality, though, is that doing so would reduce the effectiveness of cybertools that have become an integral part of modern efforts by agencies like the NSA to fight terrorism, international criminal organizations and rogue states. Whats needed is a better effort to determine if and when a vulnerability discovered by the feds represents too great a threat to keep it secret from the potential victims. Thats a difficult balance to strike, and the decision shouldnt be made solely by the executive branch without the input of independent experts and, potentially, lawmakers.

The even more important lesson here is that years, even decades of warnings from security experts simply arent getting through to the public. WannaCry should not have reached disastrous proportions Microsoft released a patch that could close the vulnerability in March, well before the NSAs tool was decrypted. Yet tens of thousands of computers werent updated, allowing the malware the room it needed to spread.

The problem could easily get much, much worse as more routine devices become smart, Internet-connected ones. Evidently we need stronger incentives not just for companies to release more secure products, but also for users to keep them updated and protect their data with encryption and backups. Thats what the lawmakers and federal officials should be focusing on not on trying to discourage consumers from using encryption on their smartphones, or on building stockpiles of malware based on vulnerabilities they alone have found.

Follow the Opinion section on Twitter @latimesopinion and Facebook

Read the original post:
The 'WannaCry' malware: A public service announcement ...

Slide: 1 / of 1. Caption: Caption: A woman walks past a branch of Noor Islamic Bank along Khalid Bin Al-Waleed Road in Dubai.Reuters

For eight months, the hacker group known as Shadow Brokers has trickled out an intermittent drip of highly classified NSA data. Now, just when it seemed like that trove of secrets might be exhausted, the group has spilled a new batch. The latest dump appears to show that the NSA has penetrated deep into the finance infrastructure of the Middle Easta revelation that could create new scandals for the worlds most well-resourced spy agency.

Friday morning, the Shadow Brokers published documents thatif legitimateshow just how thoroughly US intelligence has compromised elements of the global banking system. The new leak includes evidence that the NSA hacked into EastNets, a Dubai-based firm that oversees payments in the global SWIFT transaction system for dozens of client banks and other firms, particularly in the Middle East. The leak includes detailed lists of hacked or potentially targeted computers, including those belonging to firms in Qatar, Dubai, Abu Dhabi, Syria, Yemen, and the Palestinian territories. Also included in the data dump, as in previous Shadow Brokers releases, are a load of fresh hacking tools, this time targeting a slew of Windows versions.

Oh you thought that was it? the hacker group wrote in a typically grammar-challenged statement accompanying their leak. There was speculation prior to this mornings release that the group had finally published its full set of stolen documents, after a seemingly failed attempt to auction them for bitcoins. Too bad nobody deciding to be paying theshadowbrokers for just to shutup and going away.

The transaction protocol SWIFT has been increasingly targeted by hackers seeking to redirect millions of dollars from banks around the world, with recent efforts in India, Ecuador, and Bangladesh. Security researchers have even pointed to clues that a $81 million Bangladesh bank theft via SWIFT may have been the work of the North Korean government. But the Shadow Brokers latest leak offers new evidence that the NSA has also compromised SWIFT, albeit most likely for silent espionage rather than wholesale larceny.

EastNets has denied that it was hacked, writing on its Twitter account that theres no credibility to the online claim of a compromise of EastNets customer information on its SWIFT service bureau. But the Shadow Brokers leak seems to suggest otherwise: One spreadsheet in the release, for instance, lists computers by IP address, along with corresponding firms in the finance industry and beyond, including the Qatar First Investment Bank, Arab Petroleum Investments Corporation Bahrain, Dubai Gold and Commodities Exchange, Tadhamon International Islamic Bank, Noor Islamic Bank, Kuwait Petroleum Company, Qatar Telecom and others. A legend at the top of the spreadsheet notes that the 16 highlighted IP addresses mean, box has been implanted and we are collecting. That NSA jargon translates to a computer being successfully infected with its spyware.1

Those IP addresses dont actually correspond to the clients computers, says Dubai-based security researcher Matt Suiche, but rather to computers servicing those clients at EastNets, which is one of 120 service bureaus that form a portion of the SWIFT network and make transactions on behalf of customers. This is the equivalent of hacking all the banks in the region without having to hack them individually, says Suiche, founder of UAE-based incident response and forensics startup Comae Technologies. You have access to all their transactions.

While the Shadow Brokers releases have already included NSA exploits, todays leak is the first indication of targets of that sophisticated hacking in the global banking system. Unlike previous known hacks of the SWIFT financial network, nothing in the leaked documents suggests that the NSA used its access to EastNets SWIFT systems to actual alter transactions or steal funds. Instead, stealthily tracking the transactions within that network may have given the agency visibility into money flows in the regionincluding to potential terrorist, extremist, or insurgent groups.

If that sort of finance-focused espionage was in fact the NSAs goal, it would hardly deviate from the agencys core mission. But Suiche points out that confirmation of the operation would nonetheless lead to blowback for the NSA and the US governmentparticularly given that many of the listed targets are in US-friendly countries like Dubai and Qatar. A big shitstorm is to come, says Suiche. You can expect the leadership of key organizations like banks and governments are going to be quite irritated, and theyre going to react.

Beyond EastNets alone, Suiche points to references in the files to targeting the Panama-based firm Business Computer Group or BCG, although its not clear if the firm was actually compromised. Beyond its Twitter statement, EastNets didnt respond to WIREDs request for comment. WIRED also reached out to BCG and the NSA, but didnt get a response.

SWIFT aside, the leak also contains a cornucopia of NSA hacking tools or exploits, including what appear to be previously secret techniques for hacking PCs and servers running Windows. Matthew Hickey, the founder of the security firm Hacker House, analyzed the collection and believes there are more than 20 distinct exploits in the leak, about 15 of which are included in an automated hacking framework tool called FuzzBunch.

This is as big as it gets. Matthew Hickey, Hacker House

The attacks seem to target every recent version of Windows other than Windows 10, and several allow a remote hacker to gain the full ability to run their own code on a target machine. There are exploits here that are quite likely zero days that will let you hack into any number of servers on the internet, says Hickey. This is as big as it gets. Its internet God mode.

In a statement to WIRED, however, a Microsoft spokesperson wrote that the company had previously patched all the vulnerabilities in Windows that the hacking tools exploited. Weve investigated and confirmed that the exploits disclosed by the Shadow Brokers have already been addressed by previous updates to our supported products, the statement reads. In a blog post, the company clarified that several of the exploits do still work, but only on versions of Windows prior to Windows 7.2

But the Shadow Brokers hinted in their release that theyre not done creating trouble for the NSA yet. Maybe if all suviving [sic] WWIII theshadowbrokers be seeing you next week, the groups message concludes. Who knows what we having next time?

1Updated 4/14/2017 12:15 EST to include comments from EastNets.

2Updated 4/15/2017 3:50 EST to include a response from Microsoft.

More here:
Major Leak Suggests NSA Was Deep in Middle East ... - WIRED

The U.S. Capitol is seen in Washington, DC, April 28, 2017. Saul LoebAFP/Getty Images

A bill proposed in Congress on Wednesday would require the U.S. National Security Agency to inform representatives of other government agencies about security holes it finds in software like the one that allowed last week's "ransomware" attacks.

Under former President Barack Obama, the government created a similar inter-agency review, but it was not required by law and was administered by the NSA itself.

The new bill would mandate a review when a government agency discovers a security hole in a computer product and does not want to alert the manufacturer because it hopes to use the flaw to spy on rivals. It also calls for the review process to be chaired by the defense-oriented Department of Homeland Security rather than the NSA, which spends 90% of its budget on offensive capabilities and spying.

Republican Senator Ron Johnson of Wisconsin and Democratic Senator Brian Schatz of Hawaii introduced the legislation in the U.S. Senate Homeland Security and Governmental Affairs Committee.

et Data Sheet , Fortune's technology newsletter.

Striking the balance between U.S. national security and general cyber security is critical, but its not easy, said Senator Schatz in a statement. This bill strikes that balance.

Tech companies have long criticized the practice of withholding information about software flaws so they can be used by government intelligence agencies for attacks.

Hackers attacked 200,000 in more than 150 countries last week using a Microsoft Windows software vulnerability that had been developed by the NSA and later leaked online.

Microsoft president Brad Smith harshly criticized government practices on security flaws in the wake of the ransomware attacks. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," Smith wrote in a blog post.

Agencies like the NSA often have greater incentives to exploit any security holes they find for spying, instead of helping companies protect customers, cyber security experts say.

"Do you get to listen to the Chinese politburo chatting and get credit from the president?" said Richard Clayton a cyber-security researcher at the University of Cambridge. "Or do you notify the public to help defend everyone else and get less kudos?"

Susan Landau, a cyber security policy expert at Worcester Polytechnic Institute, said that in putting DHS in charge of the process, the new bill was an effort to put the process "into civilian control."

The new committee's meetings would still be secret. But once a year it would issue a public version of a secret annual report.

The NSA did not immediately respond to a request for comment.

Read more:
US Cyber Bill Would Shift Power From Spy Agency - Fortune