Archive for the ‘NSA’ Category

Edward Snowden Slams NSA Over Ransomware Attack – Newsweek

The U.S. National Security Agency could have headed off the global ransomware attack that has crippled hospitals, train stations and other infrastructure around the world, according to Edward Snowden, the former CIA contractor and whistleblower.

They knew about this flaw in U.S. software, U.S. infrastructure, hospitals around the world, these auto plants and so on and so forth, but they did not report it to Microsoft until after the NSA learned that that flaw had been stolen by some outside group, Snowden said Monday.

Related: What is ransomware? Computers around the world infected by malware demanding money

Subscribe to Newsweek from $1 per week

The fugitive former private security contractor made his remarks during a speech on privacy and security delivered via satellite from Moscow to a Washington, D.C., conference on big data. The conference, organized by a former Google executive, Travis Jarae, founder and CEO of One World Identity, has drawn 800 industry experts from data collection and cybersecurity firms, as well as government lawyers, to discuss questions about online identity, security and privacy.

Snowden in 2013 downloaded and then publicized an estimated 1.7 million documents related to global and domestic U.S. surveillance programs, which the Pentagon has said is the largest trove of American secrets ever purloined. Federal prosecutors subsequently charged him with theft and Espionage Act violations. Since 2013, he has been living in Moscow.

Beamed by satellite onto huge screens in the Ronald Reagan Building and International Trade Center, a federal building a few blocks from the White House, Snowden blamed the NSA for the unprecedented power of the so-called wannacry virus, which is being blamed for the worlds biggest cyberattack, affecting 150 countries so far. Among the affected in the U.S. have been Fedex and Nissan; in China, colleges and gas stations; in India, the state police; in Russia, the Central Bank, Russian railways and the Interior Ministry; and in the U.K., at least 16 National Health System hospitals.

It is still unclear who released the virus or exactly why.

Had the NSA not waited until our enemies already had this exploit to tell Microsoft, [so that] Microsoft could begin the patch cycle, we would have had years to prepare hospital networks for this attack rather than a month or two, which is what we actually ended up with, Snowden said.

Members of the audience submitted questions to the 33-year-old. One asked for his number one piece of advice for balancing privacy and security. Snowden said companies should opt for the bare minimum in determining what information they harvest and save about customer behavior, and urged them provide users with an opt-out from data collection upfront. He accused companies that say they are collecting data to improve products and services of using a legal fiction to collect data in order to monetize it, generating an extra source of revenue.

He compared the psychological effects of unchecked mass data collection to an errant high school kid being threatened that certain behavior would remain on his or her record. In a world of mass tracking and commercial and government data collection, he said, you have a permanent record that can never be erased.

A child thats born in this world wont have the same benefit you had of saying something stupid that they can move on from, he said. When people can be tracked and have no way to live outside this chain of records, what we have become is a quantified spiderweb. Its a very negative thing for a free and open society. Now, everybody in the world will think twice before they even open their mouth. That is a very, very dark future. But its not inevitable. You should reflect: Is that something we can do? Or should do?

See the original post here:
Edward Snowden Slams NSA Over Ransomware Attack - Newsweek

Microsoft Just Took A Swipe At NSA Over The WannaCry Ransomware Nightmare – Forbes


Forbes
Microsoft Just Took A Swipe At NSA Over The WannaCry Ransomware Nightmare
Forbes
After software vulnerabilities exploited and leaked by the NSA were used by cybercriminals to infect as many as 200,000 Windows PCs with ransomware over the last three days, Microsoft has criticized government agencies for hoarding those flaws and ...
Microsoft Blasts the CIA and NSA for 'Stockpiling' Software VulnerabilitiesTheStreet.com
A large-scale cyber attack highlights the structural dilemma of the NSAThe Economist

all 2,140 news articles »

Original post:
Microsoft Just Took A Swipe At NSA Over The WannaCry Ransomware Nightmare - Forbes

Microsoft’s president blames NSA for WannaCry attack – New York Post

A top Microsoft executive partly blamed the US government for the WannaCry ransomware attack, saying hackers found a crucial Windows vulnerability in data that had been stockpiled by the NSA.

First noticed on Friday, the WannaCry attack has affected at least 200,000 computers in more than 150 countries, with attackers locking people out of their computers while demanding a Bitcoin ransom.

This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem, Microsoft President Brad Smith wrote in a Sunday blog post.

At the same time, Smith tried to deflect criticism of Microsoft in the disaster, noting that the software giant issued a patch for the vulnerability earlier this year that many organizations ignored.

Smith said the crisis is a wake-up call, and that Microsoft has been working around the clock to assist affected customers, including those on older versions of Windows that are no longer supported.

We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world, Smith griped.

Some security experts expect a fresh wave of attacks will begin Monday, as employees arrive at work and turn on affected computers. The WannaCry attack is particularly powerful because it doesnt necessarily require users to click a link or download software to spread.

Governments worldwide need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world, Smith said. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.

Go here to see the original:
Microsoft's president blames NSA for WannaCry attack - New York Post

Microsoft Comes out Swinging at NSA Over WannaCry Hack Attack – NBCNews.com

A programmer shows a sample of decrypting source code in Taipei, Taiwan, on May 13, 2017. Ritchie B. Tongo / EPA

Related:

"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017," Smith said in a

He likened the situation to what would happen - hypothetically - if the U.S. military had some of its Tomahawk missiles stolen.

"The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits," he said.

Microsoft called for a "Digital Geneva Convention" in February, asking for governments to report vulnerabilities to vendors, rather than stockpiling, selling or even using them.

Jeremiah Grossman, chief of security strategy at SentinelOne, told NBC News this instance may serve as a huge lesson in driving the conversation.

"Effectively, what Microsoft is saying is they don't want any government hoarding zero days because of situations like this," Grossman told NBC News. "We have to protect the nation and have to protect people first, but they had a leak."

Related:

While it looked to Grossman like Smith, of Microsoft, "came out swinging" at the National Security Agency, he said we shouldn't expect to hear anything concrete from the highly secretive group.

"We are not going to get a response unless it is in their best interest, and in this case, I can't imagine a narrative where it is," Grossman said.

Josh Feinblum, vice president of information security at cyber security firm Rapid7, told NBC News the WannaCry debacle speaks to a "broader industry challenge."

"I think that this exploit would have existed whether the NSA had discovered it or not," Feinblum said. "It's easy to want to pass blame, but I think it is a cost of operating in such a highly technological society and we just have to do a better job in figuring out how to get our environment secure."

Original post:
Microsoft Comes out Swinging at NSA Over WannaCry Hack Attack - NBCNews.com

Stolen NSA tools used in international cyberattack – Salon

An international cyberattack that occurred during the weekend is believedto have been perpetrated with tools that were stolen from the National Security Agency.

The so-called ransomware attack impacted more than 200,000 computers in more than 150 countries by freezing hard drives and servers until a ransom was paid, according to a report by The Week. The main victim was theRussian cybersecurity firm Kaspersky Lab, which has caused consternation among many Russian officials.

As Frants Klintsevich, a high-ranking official in the Russian Senates defense committee, told the state-run news agency Tass, Humanity is dealing here with cyberterrorism. Its an alarming signal, and not just a signal but a direct threat to the normal functioning of society, and important life-support systems.

Russian officials are divided as to whether the United States government was responsible for the attack. Some claim that it was retaliation for the alleged Russian meddling in the 2016 presidential election (which the Russian government denies), while others argue that the United States wouldnt engage in actions that would so clearly be considered an act of war.

Either way, the perpetrator of the attacks is believed to have used NSA tools that were stolen from the American agency. Most of the damage inflicted by the cyberattacks occurred in Europe and Asia.

The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits, said Europol in a statement. The Joint Cybercrime Action Taskforce (JCAT), at EC3 is a group of specialist international cyber investigators and is specially designed to assist in such investigations and will play an important role in supporting the investigation.

Here is the original post:
Stolen NSA tools used in international cyberattack - Salon