Archive for the ‘NSA’ Category

Ransomware That Hit Europe’s Computers Did Not Come From NSA Leak – NBCNews.com

Some media reports about the ransomware -- called WannaCry -- that rocked the UK health system, Spain's telecom industry, and other targets in Europe Friday say that hackers pulled it from a leaked NSA tool kit.

That's not really accurate.

Instead, computing experts say and a review of the computing code shows, the leaked NSA tool kit demonstrated to the hackers how they could attack these systems. The hackers didn't use NSA code, but they did copy something from the tool kit.

"WannaCry ransomware uses one of the exploitsreleased recently by Shadowbrokers in the leaked NSA tools archive," said Andrew Komarov, chief intelligence officer for the cybersecurity firm InfoArmor. "This is pretty normal practice, where cybercriminals are using the latest vulnerabilities in order to increase the efficiency of their malware."

The name of the NSA tool that the hackers drew on to develop the new ransomware is called "Eternalblue".

The software fix for the vulnerability that the ransomware exploits came out in March, before the Shadowbrokers leak, so experts say there was theoretically time to patch systems in advance of an attack.

Komarov said there was no indication that WannaCry or Friday's attack had anything to do with the NSA "or any other state-sponsored cyber offensive activities."

The FBI is warning that unknown hackers have launched cyberattack with 'destructive malware' in the U.S. Kacper Pempel

The Agency announced late Tuesday that it has established a "Korea Mission Center" to "harness the full resources, capabilities, and authorities of the Agency in addressing the nuclear and ballistic missile threat posed by North Korea." The CIA also announced that Director Mike Pompeo has named a "veteran intelligence officer" to run the center but declined to name the officer for security reasons.

Both publicly and privately, the agency has said North Korea has been one of, if not the most, difficult of intelligence targets.

"Creating the Korea Mission Center allows us to more purposefully integrate and direct CIA efforts against the serious threats to the United States and its allies emanating from North Korea," said Pompeo. "It also reflects the dynamism and agility that CIA brings to evolving national security challenges."

Oregon Democrat Ron Wyden says he will block the nomination of Donald Trumps pick to be the top Treasury intelligence official until Treasurys anti-money-laundering agency produces documents requested by the Senate Intelligence Committee related to Trump.

Sen. Wyden says he will maintain a hold on the nomination of Sigal Mandelker to be under secretary of the Treasury for terrorism and financial intelligence until the documents are produced.

This week, Intelligence Committee Ranking Member Sen. Mark Warner, D-Virginia, announced that the committee had asked the Treasury Departments Financial Crimes Enforcement Network (FinCEN) for records relating to President Trump and his associates.

"I have stated repeatedly that we have to follow the money if we are going to get to the bottom of how Russia has attacked our democracy," Wyden said. "That means thoroughly review any information that relates to financial connections between Russia and President Trump and his associates, whether direct or laundered through hidden or illicit transactions. The office which Ms. Mandelker has been nominated to head is responsible for much of this information."

Wyden-0702508-18401- 0010

Three senior defense officials report that Iran test-fired a high-speed torpedo near the Strait of Hormuz on Sunday.

The Hoot torpedo is still in the testing phase, the officials report, but once it is fully operational it should be able to travel about12,000 yards (approximately six nautical miles) at a speed of about 200 knots per hour (approximately 250 miles per hour). None of the officials couldsay whether the test was successful or not.

The USS George HW Bush strike group is in the Gulf right now but all three officials said the test did not pose a threat to U.S. shipsor assets in the region.

Two of the officials said that the Iranian military last tested this torpedo in February 2015.

The ACLU is suing four federal agencies for records related to the Jan. 29 raid in Yemen that killed a Navy SEAL and civilians, including children.

The civil liberties organization filed a freedom of information request for documents in March and then filed a lawsuit in Manhattan federal court on Monday to force the government to respond.

"After conducting an internal investigation, the government released little information about the circumstances surrounding the Raid, the legal or factual justifications for it, and its consequences," the suit said.

Among the information the ACLU wants is an accounting of the civilians killed in the raid, which erupted in a deadly firefight after, as one senior U.S. intelligence official told NBC News, "almost everything went wrong."

The head of U.S. Central Command told Congress between four and 12 civilians were killed, but Human Rights Watch and others have put the toll higher.

The Trump administration has characterized the raid as a huge success. However, NBC News has reported in March that none of the intelligence gleaned from the operation so far has proven actionable or vital.

A man stands on the rubble of a house destroyed by a Saudi-led airstrike in the outskirts of Sanaa, Yemen, Feb. 16, 2017. At least one Saudi-led airstrike near Yemen's rebel-held capital killed at least five people on Wednesday, the country's Houthi rebels and medical officials said. Hani Mohammed / AP

Gregory Lepsky appeared in a New Jersey federal courtroom Friday to face charges that he planned to detonate a pressure cooker bomb in New York City in the name of ISIS.

Seamus Hughes of George Washington's Program on Extremism pulled this inventory of the defendant's internet search history from the case file.

Eight men accused of plotting to attack the 2016 Olympic Games in Rio de Janeiro on behalf of ISIS were sentenced Thursday.

The men were found guilty in a Brazilian court of recruiting and promoting terrorism and face sentences that range from five to 15 years in prison. They were arrested in a series of raids in late July 2016, several weeks before the Games.

They had all pledged allegiance to an ISIS offshoot, authorities said, anddiscussed a plan to contaminate one of Rio de Janeiro's water reservoirs.

"All of the accused were dedicated to promoting the terrorist organization called the Islamic State through the social networks Facebook, Twitter and Instagram," said the judge in the case, Marcos Josegrei da Silva.

The suspects, all Brazilian citizens, discussed plans in email threads, and via messaging apps like Telegram and WhatsApp, according to court documents reviewed by NBC News.

Some celebrated other terrorist attacks, like the shooting at the Orlando nightclub.

It doesn't appear any of them knew each other aside from conversations online and messaging apps.

The convictions are the first under Brazil's new anti-terrorism law. Previously, terrorism was not clearly defined in Brazil and was treated like any other crime; now an individual can face up to 22 years in jail if found guilty of preparing terrorist acts.

One of the men sentenced under Brazil's new terrorism law for a plot against the 2016 Olympic Games in Rio. Court Documents

The newest issue of the ISIS magazine Rumiyah includes instructions for would-be terrorists about how to kill pedestrians with trucks. In infographic form, the instructions list the characteristics of the ideal vehicles ("slightly raised chassis and bumper"), where to buy, steal or rent the trucks, and the ideal targets.

The latest installment of the magazine's "Just Terror Tactics" feature comes as the U.S. Transportation Security Administration has just sent a warning about truck attacks to law enforcement agencies across the U.S.

Truck Attacks Poster Propaganda

We've got a bad feeling about this.

The Russian government jumped on the "May the 4th Be With You" bandwagon by tweeting the message "Come to our side" over a photo of a key Star Wars character.

Han Solo? Nope.

Luke Skywalker? Nah.

Yoda, you ask? Nyet.

The Russian Embassy in the U.K. chose a photo of Darth Vader, a villain bent on galactic domination, to personify itself on what's come to be known as Star Wars Day.

Hopefully it's just a snarky joke from a Twitter account known for trolling. Otherwise, someone tell the Pentagon to fire up the Millennium Falcon.

See more here:
Ransomware That Hit Europe's Computers Did Not Come From NSA Leak - NBCNews.com

A Stolen NSA Tool Is Being Used in a Global Cyberattack – The Atlantic

The shadow of ousted FBI director James Comey hung over the Senate Intelligence committees worldwide threat hearing yesterday. Like Banquos ghost in Macbeth, the presence of Comeys absence was everywhere. But it wasnt the most surreal aspect of the day. Here was a hearing on external threats at a moment when internal threats are growing more serious and scary than any time in recent memory. Just 24 hours later, the magnitude of that danger came into sharp focus as cyber attacks using stolen NSA tools hit an estimated 45,000 computers in more than 70 countries, disrupting Britains health system and sending officials from Moscow to Madrid back to paper and pens.

Global Ransomware Attack Stuns Systems in Up to 74 Countries

Insider threats are not new but the speed and scale of their destructive impact are. In 2001, Robert Philip Hanssen, a 25-year veteran of the FBI, was caught hiding a garbage bag full of classified documents in a dead drop under a Virginia park bridge. His arrest ended a 15-year mole hunt for one of the most damaging traitors in American history. Hanssen was found to have passed a few thousand highly classified documents to the Soviets over two decades, including the names of dozens of American agents. Several were killed as a result of his treachery.

Today, trusted insiders can steal and release classified information in terabytes, not trash bags, all in a matter of days, not decades. Chelsea Manning downloaded the contents of more than 250,000 State Department cables on a fake Lady Gaga CD, lip syncing to Lady Gaga's Telephone as he exfiltrated the data. Former NSA contractor Edward Snowden stole an estimated 1.5 million documents, including information about some of the most highly classified programs in the U.S. governmentand not just by copying what he happened to see on his desktop.

A bipartisan review by the House Intelligence Committee found that Snowden deliberately sought access to classified programs by tricking coworkers into giving him their security credentials and by searching their network drives without their permission, downloading away. The vast majority of the documents he stole, the report concludes, have nothing to do with programs impacting individual privacy intereststhey instead pertain to military, defense, and intelligence programs of great interest to Americas adversaries. Snowdens operation took just 10 months before he high-tailed it to Hong Kong.

And for all the efforts to glue shut thumb drives and call for better procedures to detect when trusted officials become untrustworthy, the breaches just keep coming. In the past year, press reports have made public another wave of breaches believed to have been perpetrated by insiders at both the NSA and CIA that stole and released some of nations most sophisticated cyber hacking tools, including the WannaCry ransomware used today. In February, a second former NSA contractor, Hal Martin, was indicted for stealing classified documents. How many exactly? The Justice Department believes it could be as much as 50 terabytesthats the equivalent of 500 million pages.

At yesterday's hearing, Director of National Intelligence Dan Coats delivered a 28-page threat assessment about the dangers confronting the United States. Two lines look awfully ominous today: Trusted insiders who disclose sensitive or classified US Government information without authorization will remain a significant threat in 2017 and beyond. The sophistication and availability of information technology that increases the scope and impact of unauthorized disclosures exacerbate this threat.

See the article here:
A Stolen NSA Tool Is Being Used in a Global Cyberattack - The Atlantic

NSA Tools, Built Despite Warnings, Used in Global Cyber Attack – Common Dreams


Common Dreams
NSA Tools, Built Despite Warnings, Used in Global Cyber Attack
Common Dreams
Apparent National Security Agency (NSA) malware has been used in a global cyber-attack, including on British hospitals, in what whistleblower Edward Snowden described as the repercussion of the NSA's reckless decision to build the tools. "Despite ...
NHS cyber attack: Edward Snowden says NSA should have prevented cyber attackThe Independent
Edward Snowden: Congress needs to grill NSA on hospital software ...Washington Examiner
Edward Snowden points blame at NSA for not preventing NHS cyber ...Telegraph.co.uk
Sputnik International -India Today -International Business Times UK
all 9 news articles »

Continued here:
NSA Tools, Built Despite Warnings, Used in Global Cyber Attack - Common Dreams

Hackers breach computers in several countries worldwide using … – ThinkProgress

Patrick Ward, 47, a sales director at Purbeck Ice Cream, from Dorset in England, poses for photographs after giving media interviews after his heart operation scheduled today was cancelled because of a cyberattack, outside St Bartholomews Hospital in London, Friday, May 12, 2017. A large cyberattack crippled computer systems at hospitals across England on Friday, with appointments canceled, phone lines down and patients turned away. CREDIT: AP Photo/Matt Dunham

Employees and patients across multiple UK National Health Service facilities were displaced on Friday thanks to a large-scale cyberattack on network computers across Eurasia, including Great Britain, Portugal, Spain, Russia, Turkey, Vietnam, the Philippines, and Japan.

Doctors and hospital staff were locked out of patient files and forced to relocate emergency patients, the Guardian reported. The attack made use of ransomware, a type of malware that restricts file and system access by encrypting data. The hackers then demand payment in exchange for decrypting the data and restoring access. Patient records, emails, schedules, and phone lines were all ensnared in the attack.

British health officials said its systems were not the target of the attack. But security experts believe the vulnerability exploited during the attack was discovered by the NSA, and was included among the many cyber tools previously stolen from the American intelligence community earlier this year, the New York Times reported. The ransomware was distributed via email.

Hospitals and telecom companies in western Europe, Russia, and Asia were also affected, the MalwareHunterTeam told the New York Times.

The hackers demanded each user pay $300 in bitcoin to a specific bitcoin account in the next three days, potentially totaling thousands of dollars worth of bitcoin. The ransom doubles if payments arent made in that time, according to the hackers message obtained by the Guardian, and files will be kept restricted forever if payment isnt received in seven days.

Ransomware attacks arent a new occurrence, and they often work. U.S. hospital systems were recently victimized by similar attacks. A Los Angeles hospital systemHollywood Presbyterian Medical Centerpaid a $17,000 bitcoin ransom in February 2016 after patient files and data were held hostage for two weeks. The systems CEO Allen Stefanek said paying was in the best interest of restoring normal operations.

Medstar, a Washington, D.C. area hospital system, was attacked the following month and had to turn away patients. Hackers gave the hospital system, which treats 30,000 people across 10 hospitals and 250 outpatient centers, 10 days to pay $19,000 in bitcoin, the Washington Post reported.

The FBI investigated both attacks, and previously reported an uptick in ransomware hacks in recent years.

See the article here:
Hackers breach computers in several countries worldwide using ... - ThinkProgress

NSA chief explains ‘discrepancy’ over claim that Russia …

NSA Director Adm. Mike Rogers cast a dash of doubt Tuesday on the intelligence community's conclusion that Russia-tied hackers sought to help Donald Trump in the 2016 election, explaining for the first time in public testimony why his agency had only "moderate confidence" in that judgment.

Testifying before a Senate Armed Services Committee hearing, Rogers affirmed he and the NSA were highly confident the Russians sought to hurt Hillary Clinton in the election. But Sen. Tom Cotton, R-Ark., asked Rogers who also heads U.S. Cyber Command -- why the NSA differed on the related conclusion about Trump in the Jan. 6 intelligence report on alleged Russian interference in the election.

That conclusion stated that the Russian government aspired to help President-elect Trumps election chances when possible by discrediting Secretary Clinton and publicly contrasting her unfavorably to him.

The FBI and CIA backed that with high confidence, but the NSA only held that judgment with moderate confidence.

Cotton noted that fellow Sen. Elizabeth Warren, D-Mass., during the hearing called Trump Russias preferred candidate and asked Rogers to explain the discrepancy.

I wouldnt call it a discrepancy, Id call it an honest difference of opinion between three different organizations and in the end I made that call, Rogers said.

He added that when he looked at the data, for each of the other judgments there were multiple sources and he could exclude every other alternative rationale. But for this particular conclusion, it didnt have the same level of sourcing and the same level of multiple sources, he said.

He noted that he still agreed with the judgment, but he wasnt at the same confidence level as CIA Director John Brennan and FBI Director James Comey.

Probed further by Sen. Tim Kaine, D-Va. -- who was Clintons running mate Rogers clarified that while he was highly confident the Russians wanted to prevent Clinton from winning, and to undercut her effectiveness if she did win, he was only moderately confident the Russians actively wanted Trump to win.

The FBI, CIA and NSA were all in complete agreement about the Clinton-related conclusion in the report, which stated: Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election. Russias goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.

Earlier at Monday's hearing, Rogers also testified that there has been no reduction in Russian efforts to affect the outcome of other countries' elections, and warned about the dangers of state and non-state actors moving from data "extraction" to data "manipulation."

Chairman John McCain, R-Ariz., asked Rogers if he had seen a reduction in Russian efforts to meddle in elections and pointed toward alleged interference in Sundays French presidential race.

No I have not, Rogers said, adding that U.S. needs to publicly out Russian behavior.

They need to know we will publicly identify this behavior, he said.

Emmanuel Macron, the eventual winner of the French election, was hit by a hack Friday which revealed a number of his campaign team's emails. It was not clear who was behind the hack, but it was reminiscent of hacks that hit the 2016 U.S. election that exposed Democratic National Committee staff emails, and the private emails of Clinton campaign Chairman John Podesta. Both the Clinton campaign and the Obama administration have blamed Russia for those hacks.

Rogers was also asked by lawmakers to lay out his worst-case scenario for future cyber attacks. Rogers said he was concerned about outright destructive activity on critical infrastructure as well as cyberattacks moving from the obtaining and revealing data to data manipulation on a massive scale.

Such as changing voter rolls? asked McCain.

Yes, said Rogers. Thats a very different kind of challenge for us.

He also warned about a possible situation in which, as the effectiveness of cyberattacks becomes clearer, non-state actors decide cyber is an attractive weapon with which to destroy the status quo.

During further questioning, Rogers said the National Security Agency became aware of Russian attempts to interfere with political institutions in the summer of 2015.

He said that when he came aware of Russian actions, he informed the FBI, and also in his role as head of the U.S. Cyber Command, informed the Pentagon to make sure its systems were optimized in order to be able to withstand such an attack.

Adam Shaw is a Politics Reporter and occasional Opinion writer for FoxNews.com. He can be reached here or on Twitter: @AdamShawNY.

See the rest here:
NSA chief explains 'discrepancy' over claim that Russia ...