Archive for the ‘NSA’ Category

The hacking group that leaked NSA secrets claims it has data on foreign nuclear programs – Washington Post

A massive cyberattack hit tens of thousands of computers in dozens of nations. Reports of the attack first surfaced in Britain, where the National Health Service described serious problems. (Sarah Parnass/The Washington Post)

The hacking group that leaked the bugs that enabled last week's global ransomware attack is threatening to make public even more computer vulnerabilities in the coming weeks potentially including compromised network data pertaining to the nuclear or missile programs of China, Iran, North Korea and Russia, as well as vulnerabilities affecting Windows 10, which is run by millions of computers worldwide.

A spokesperson for the group, which calls itself the Shadow Brokers, claimed in a blog postTuesdaythat some of those computer bugs may be released on a monthly basis as part of a new subscription-based business model that attempts to mimic what has proved successful for companies such as Spotify, Netflix, Blue Apron and many more.

[Clues point to possible North Korean involvement in massive cyberattack]

Is being like wine of month club, readthe blog post, which is written in broken English. "Each month peoples can be paying membership fee, then getting members only data dump each month."

The moveshows the growing commercial sophistication of groups such as the Shadow Brokers, which already has demonstrateda fearsome technical ability to compromise the world's top intelligence agencies. And it underscoresthe waymuch of theunderground trade forcomputer bugs resembles a real-world commercial market.

Security experts have been analyzing the blog post for clues aboutthe Shadow Brokers' intentions and capabilities.

[How to protect yourself from the global ransomware attack]

Marcy Wheeler, a longtime independent researcher, said in a blog post Tuesday that the Shadow Brokers' postbrings the hammer down both on Microsoft, whose products could be affected by any further leaks, and the U.S. National Security Agency, whose information the Shadow Brokers leaked in April. That leakled indirectly to the creation of WannaCry and the subsequent crisis,security experts say.

Simply by threatening another leak after leaking two sets of Microsoft exploits, Shadow Brokers will ratchet up the hostility between Microsoft and the government, Wheeler wrote.

Microsoft didn't immediately respond to a request for comment. On Sunday, the company criticized the NSA for stockpiling digital weapons. The tech industry opposes efforts by the government to weaken the security of its products, while national security advocates say it could help combat terrorism.

[Russia warns against intimidating North Korea after its latest missile launch]

Although experts say the Shadow Brokers do not appear to have been directly involved in the WannaCry attack, leaking the exploitin the first place was a major step toward facilitating the cyberattack.

The group's new claim that it possesses information on the nuclear programs of state governments is extremely worrisome, said Joseph Lorenzo Hall, chief technologist for the Center for Democracy and Technology, a Washington think tank."While they don't seem to have the most amazing PR department," he said, "they've already proved that they had some pretty serious access. The nuke facility stuff is particularly concerning, [speaking] as a former physicist.

Previously, the group had sought to sell its hacking tools to the highest bidder. Few buyers came forward, the group said in its blog post. But now, the monthly subscription model might mean the bugs will find their way into the hands of more people, spreading far and wide, Hall said.

Go here to see the original:
The hacking group that leaked NSA secrets claims it has data on foreign nuclear programs - Washington Post

Congress Introduces Bill Requiring NSA To Share Its Secrets – The Daily Caller

A bipartisan bill introduced Wednesday in Congress would force the NSA to share any security vulnerabilities it finds in software with other government agencies.

Known as the PATCH Act (Protecting Our Ability To Counter Hacking), the legislation mandates a larger review when a federalagency discovers a security hole in a computer system.

The government sometimes coordinates with tech companies and creators of technology vendors, but in certain instances it chooses to keep the exploits for itselfand use them for national security purposes.

Such a policy would essentially compel the U.S. governments top spying agency to turn over its arsenal of cyber weapons and hacking tools, seemingly sacrificing offense for the prospect of better defense.

Do you get to listen to the Chinese politburo chatting and get credit from the president? said Richard Clayton, a cyber-security researcher at the University of Cambridge, according to Reuters. Or do you notify the public to help defend everyone else and get less kudos?

While co-sponsors of the bill at least partially agree that it can be difficult to find a middle ground, they apparently want the equilibrium shifted more towards domestic virtual security. (RELATED: The Internet Has Officially Become A Domain Of Warfare)

Striking the balance between U.S. national security and general cybersecurity is critical, but its not easy, Hawaiian Sen. Brian Schatzsaid in an official statement. This bill strikes that balance.

The review meetings would reportedly still be a secret, and only data pursuant to the law would be made public once eachyear.

The latest global ransomware attack revealed the importance of locating and patching vulnerabilities before malicious actors can attack our most critical systems, saysSen. Cory Gardner of Colorado, one of the original sponsors of the bill, referring to the recent incident that allegedlyaffected more than 150 countries. (RELATED: Massive Cyber Attack Reportedly Hits 16 British Health Facilities, Causing Chaos In Emergency Rooms)

DemocraticRep. Ted Lieu of California, Republican Rep. Blake Farenthold of Texas, and Republican Sen. Ron Johnson of Wisconsin co-sponsored the bill with Schatz and Gardner.

This legislation ensures the American public has greater transparency into how vulnerabilities and threats are shared between federal government actors, intelligence organizations, and the private sector, Gardner concludes.

Follow Eric on Twitter

Send tips to [emailprotected].

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact [emailprotected].

See original here:
Congress Introduces Bill Requiring NSA To Share Its Secrets - The Daily Caller

Microsoft’s President Reflects On Cyberattack, Helping Pirates And The NSA – NPR

Microsoft President Brad Smith speaks at the annual Microsoft shareholders meeting on Nov. 30, 2016, in Bellevue, Wash. Elaine Thompson/AP hide caption

Microsoft President Brad Smith speaks at the annual Microsoft shareholders meeting on Nov. 30, 2016, in Bellevue, Wash.

Microsoft has had a whirlwind last few days. The company's operating system, Windows, was the target of a massive cyberattack that took down hundreds of thousands of computers across 150 countries. While it's too soon to say the worst is over there could be another wave the president of the company does have two big takeaways.

One takeaway is sexy, edgy. The other is boring, plain vanilla but no less important to Brad Smith, president of Microsoft.

Let's start there.

Simple maintenance would solve a lot of problems

"We need to make it as easy as we can for people to patch their systems, and then customers have to apply those patches," Smith says.

Patching! That's it. Instead of hitting "ignore, ignore" when a pop-up on your screen asks, "Do you want to install a critical update and reboot?" You should just do it. Two months ago, Microsoft released the patch that could have prevented the outbreak. But because so many companies didn't apply it, the so-called WannaCry attack spread like cholera.

Some victims were using computers that run on Windows XP, a 16-year-old operating system. In digital years, that's old.

"It's worth remembering Windows XP not only came out six years before first iPhone. It came out two months before the very first iPod. Think about how antiquated that feels to us today," Smith says.

Because this attack is so contagious it self-propagates, slithering from computer to computer without any human help Microsoft decided it had to build a patch for that antique system too. Microsoft also found itself giving tech support to one more unusual group: thieves, people who used pirated, illegal copies of Windows.

Smith does not want to make a habit of that, but he says, "It was the right thing to do for this particular incident."

Microsoft calls for a "Digital Geneva Convention"

The Microsoft president's second takeaway is not about what businesses of every size need to do. It's about what intelligence agencies, like the CIA and the NSA, need to do.

"A lot has changed in the world just in the last 12 months," Smith says. "We've seen a huge focus on nation-state hacking by other countries including Russia and North Korea."

According to a New York Times report, North Korea may be behind this recent attack. And according to many security researchers, the attack method was first developed inside the NSA. Criminals got a hold of it and tweaked it.

Many countries are racing to create more cyber weapons. Smith says there's a real risk that criminals will steal them. He'd like governments to limit the creation of cyber weapons, just like they did for nuclear weapons. Microsoft wants a "Digital Geneva Convention" he explains, "something that would commit governments to do less hoarding of exploits and vulnerabilities, do more to work with software vendors so that we can all keep systems secure."

Meaning, as he wrote in a blog post this past weekend, agencies like that NSA should have a "new requirement" to report vulnerabilities they find to software makers like Microsoft, instead of stockpiling or selling or exploiting them.

"This is not a conversation that has even begun, at least with the general public," Smith says.

McAfee's Grobman counters Smith's position

Steve Grobman, chief technology officer at McAfee, which makes the popular antivirus software, disagrees with Smith. "Microsoft has a very strong position that is an absolute, whereas my position is a little bit more balanced," he says.

Grobman says governments should stockpile cyber weapons in some instances. For example, we're fighting a war and our military needs to take down a power plant, and there are only two options: "to drop a bomb on it, or to use a cyberattack to temporarily disable it. The cyberattack can in many cases limit the amount of loss of life."

Clearly, there is a difference of opinion among tech leaders. Though Grobman agrees with his colleague at Microsoft: These last few days, battling the WannaCry attack, have been very long.

Read the rest here:
Microsoft's President Reflects On Cyberattack, Helping Pirates And The NSA - NPR

Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry – Ars Technica

Enlarge / A cryptocurrency mining farm.

On Friday, Ransomware called WannaCry used leaked hacking tools stolen from the National Security Agency to attack an estimated 200,000 computers in 150 countries. On Monday, researchers said the same weapons-grade attack kit was used in a much earlier and possibly larger-scale hack that made infected computers part of a botnet that mined cryptocurrency.

Like WannaCry, this earlier, previously unknown attack used an exploit codenamed EternalBlue and a backdoor called DoublePulsar, both of which were NSA-developed hacking tools leaked in mid April by a group calling itself Shadow Brokers. But instead of installing ransomware, the campaign pushed cryptocurrency mining software known as Adylkuzz. WannaCry, which gets its name from a password hard-coded into the exploit, is also known as WCry.

Kafeine, a well-known researcher at security firm Proofpoint, said the attack started no later than May 2 and may have begun as early as April 24. He said the campaign was surprisingly effective at compromising Internet-connected computers that have yet to install updates Microsoft released in early March to patch the critical vulnerabilities in the Windows implementation of the Server Message Block protocol. In a blog post published Monday afternoon Kafeine wrote:

In the course of researching the WannaCry campaign, we exposed a lab machine vulnerable to the EternalBlue attack. While we expected to see WannaCry, the lab machine was actually infected with an unexpected and less noisy guest: the cryptocurrency miner Adylkuzz. We repeated the operation several times with the same result: within 20 minutes of exposing a vulnerable machine to the open web, it was enrolled in an Adylkuzz mining botnet.

The attack is launched from several virtual private servers which are massively scanning the Internet on TCP port 445 for potential targets.

Upon successful exploitation via EternalBlue, machines are infected with DoublePulsar. The DoublePulsar backdoor then downloads and runs Adylkuzz from another host. Once running, Adylkuzz will first stop any potential instances of itself already running and block SMB communication to avoid further infection. It then determines the public IP address of the victim and download the mining instructions, cryptominer, and cleanup tools.

It appears that at any given time there are multiple Adylkuzz command and control (C&C) servers hosting the cryptominer binaries and mining instructions.

Figure 2 shows the post-infection traffic generated by Adylkuzz in this attack.

Symptoms of the attack include a loss of access to networked resources and system sluggishness. Kafeine said that some people who thought their systems were infected in the WannaCry outbreak were in fact hit by the Adylkuzz attack. The researcher went on to say this overlooked attack may have limited the spread of WannaCry by shutting down SMB networking to prevent the compromised machines from falling into the hands of competing botnets.

Proofpoint researchers have identified more than 20 hosts set up to scan the Internet and infect vulnerable machines they find. The researchers are aware of more than a dozen active Adylkuzz control servers. The botnet then mined Monero, a cryptocurrency that bills itself as being fully anonymous, as opposed to Bitcoin, in which all transactions are traceable.

Monday's report came the same day that a security researcher who works for Google found digital fingerprints tying a version of WCry from February to Lazarus Group, a hacking operation with links to North Korea. In a report published last month, Kaspersky Lab researchers said Bluenoroff, a Lazarus Group offshoot responsible for financial profit, installed cryptocurrency-mining software on computers it hacked to generate Monero coins. "The software so intensely consumed system resources that the system became unresponsive and froze," Kaspersky Lab researchers wrote.

Assembling a botnet the size of the one that managed WannaCry and keeping it under wraps for two to three weeks is a major coup. Monday's revelation raises the possibility that other botnets have been built on the shoulders of the NSA but have yet to be identified.

Continue reading here:
Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry - Ars Technica

Microsoft Just Took A Swipe At NSA Over The WannaCry Ransomware Nightmare – Forbes


Forbes
Microsoft Just Took A Swipe At NSA Over The WannaCry Ransomware Nightmare
Forbes
After software vulnerabilities exploited and leaked by the NSA were used by cybercriminals to infect as many as 200,000 Windows PCs with ransomware over the last three days, Microsoft has criticized government agencies for hoarding those flaws and ...
Microsoft Blasts the CIA and NSA for 'Stockpiling' Software VulnerabilitiesTheStreet.com
A large-scale cyber attack highlights the structural dilemma of the NSAThe Economist

all 2,140 news articles »

Original post:
Microsoft Just Took A Swipe At NSA Over The WannaCry Ransomware Nightmare - Forbes