Archive for the ‘NSA’ Category

Malware Case Is Major Blow for the NSA – New York Times


New York Times
Malware Case Is Major Blow for the NSA
New York Times
In 2013, Edward J. Snowden gave journalists hundreds of thousands of N.S.A. documents he had taken as a contractor, igniting a global debate over the agency's targeting of allies as well as foes. Last August, shortly after the Shadow Brokers' debut, ...
Watertown Daily Times | Ellen Nakashima & Craig Timberg: NSA ...WatertownDailyTimes.com
NSA officials worried about the day its potent hacking tool would get loose. Then it did.Washington Post
Hackers behind stolen NSA tool for WannaCry: More leaks comingCNET
Reuters -McClatchy Washington Bureau -Steemit -The Official Microsoft Blog - Microsoft
all 133 news articles »

Originally posted here:
Malware Case Is Major Blow for the NSA - New York Times

Legislative Proposal Wants to Force NSA to Disclose Tech Exploits Sooner – The Merkle

If there is one thing to take away from the entire WannaCry ransomware debacle, it is how the NSA is largely responsible for these problems. To be more specific, the intelligence agency successfully kept a Windows vulnerability hidden from the public. Although the agency reported said issue to Microsoft, it is doubtful they did so right away. That may come to change, thanks to a new legislative proposal.

It is not entirely surprising to learn the US government is not too happy with NSA exploits being used to shut down computers all over the world. The WannaCry ransomware attack makes use of the EternalBlue vulnerability affecting the Windows SMB protocol. The NSA was all too aware of this problem, and it is their exploit code which was distributed on the internet which facilitated this global attack. Moreover, it continues to fuel other ransomware attacks as well.

To put things in order, a new legislative proposal has been drafted by Democratic Texas Senator Brian Schatz. If his bill were to be approved, the NSA will be legally obligated to share cyber exploits with the manufacturer immediately. Disclosure of such undocumented attack vectors will allow for companies to patch security holes a lot quicker and keep enterprises and consumers safe.

Part of this legislative proposal revolves around establishing a Vulnerability Equities Review Board. This board is made up of heads of US security agencies and Presidential Cabinet members. Their goal would be to create new policies and regulations to determine when non-government entities will need to be informed regarding tech exploits. Doing so should eventually reduce the number of cyber attacks as a whole.

For the time being, it remains to be seen if this bill will gain any major support from other politicians. Its a public secret the NSA has a lot more sway among politicians than most people would like. Keeping the country safe at all times is a very demanding job, even though the NSA as overextended its legal powers numerous times in the past. It is due time something changes to address this problem.

Moreover, Microsoft publicly criticizes the existing US cybersecurity policies for allowing security agencies not to disclose these vulnerabilities in a timely manner. In fact, the NSA did the opposite, as they created an in-house developed exploit to take advantage of this weakness whenever they wanted. Stockpiling such powerful weapons is a very dangerous business, as is evident in this particular case.

Although it took a group of hackers stealing the NSA exploits to bring this information to light, it is evident the NSA is not always acting in the publics best interest. In a strange way, the entire world should be grateful for what The Shadow Brokers did, as they exposed some of the NSAs most powerful hacking tools known to date. Unfortunately, their publication of said exploits has been used for nefarious purposes.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

Read the original:
Legislative Proposal Wants to Force NSA to Disclose Tech Exploits Sooner - The Merkle

Don’t Blame NSA for Making the WannaCry Cyberattack Program – Newsweek

This article first appeared on the Council on Foreign Relations site.

When giving talks on cybersecurity, I often get asked what keeps me up at night.

My short and glib answer is my four-year-old (he really is a horrible sleeper). I certainly dont sit up at night worrying about a cyberattack on the power grid or the manipulation of the stock market by cybercriminals.

Subscribe to Newsweek from $1 per week

In fact, nothing I ever saw in classified channels about a cyber threat cost me a wink of sleep.

Other intelligence did, though, about planned terrorist attacks and nuclear proliferation and other horrors managed by other directorates. During the year I spent working on counterterrorism at DHS before I went to work on cybersecurity at the White House, I spent many nights wondering if we had made the right decisions to counter some very dangerous threats.

So when it comes to WannaCry, I dont discount the possibility that the closure of hospital ERs and the rescheduling of operations may have cost lives.

Many pundits in the field seem to agree with Edward Snowden, who told the Guardian that the NSA should have disclosed the vulnerability exploited by the malware when they found it, not when they lost it.

Yet, even Snowden hedges on whether disclosure would have prevented the attack. If the NSA had disclosed the vulnerability earlier, the attack may not have happened (emphasis added).

Snowden hedges because no amount of warning would have been enough to get Windows XP out of hospitals, or get hospitals to install the latest patches in a timely manner. If NSA had disclosed the vulnerability years ago, it would likely still remain exploitable today.

But I am also attuned to the reality that the intelligence collected by NSA through exploiting this vulnerability likely saved lives, possibly many.

Contrary to prevailing sentiments in the privacy community, NSA does not exploit vulnerabilities for its own amusement. I dont know what intelligence NSA collected using this exploit kit. What I do know is that it is difficult to overstate the importance of signals intelligence to our national security.

This picture taken on November 3, 2016 shows on a A viruses list at the LHS (High Security Laboratory) of the INRIA (National Institute for Research in Computer Science and Automation) in Rennes, France, November 3 2016. Robert K. Knake writes that the NSA deserves blame for losing the exploit kit but not for developing it in the first place. DAMIEN MEYER/AFP/Getty

That vulnerability may have been exploited to gather intelligence vital to negotiating the Iranian nuclear deal, slowing North Koreas program, or, yes, stopping a terrorist attack.

NSA deserves blame for losing the exploit kit, not for developing it in the first place. I am deeply disturbed that seven years after the Manning leaks, and four years after the Snowden leaks, we still dont have good protections against insider threats within the defense and intelligence community.

But NSA is a spy agency. More specifically, it is a signals intelligence agency. In the 21st century, that means it will, for certain missions, need to develop and exploit zero day vulnerabilities and not release them to the public.

Contrary to what Microsoft President Brad Smith has written, this incident doesnt show the dangers of stockpiling vulnerabilities. There is no evidence that NSA was hoarding hundreds or thousands of vulnerabilities it was not using (stockpiling). Instead, it shows they were actively exploiting a small number of very useful vulnerabilities.

Smith is right that this incident is comparable to the U.S. military having some of its Tomahawk missiles stolen. To continue the analogy, his solution suggests that the theft of a Tomahawk missile should mean that the U.S. government should remove them from its arsenal instead of tightening security controls around them.

We can blame NSA for poor operational security (though we should applaud them for getting information to Microsoft so a patch could be issued two months ago).

We can blame the criminals behind WannaCry for targeting hospitals.

And we can blame hospital administrators for wanting the benefits brought with the IT revolution without taking on the costs of securing or updating those systems.

But we cant blame the NSA for spying. Thats what they do.

Robert K. Knake is the Whitney Shepardson senior fellow at the Council on Foreign Relations.

Here is the original post:
Don't Blame NSA for Making the WannaCry Cyberattack Program - Newsweek

After WannaCry, a new bill would force the NSA to justify its hacking tools – The Verge

After last weeks massive ransomware attack shut down machines around the world, the NSA, which knew of the exploit before it was public, became a target for criticism. Microsoft patched the problem before the attack, but its still raised questions about how, and when, the NSA decides to hold on to software vulnerabilities.

The Protecting Our Ability to Counter Hacking Act of 2017

A new bill would help bring accountability to how the NSA deals with those vulnerabilities. Introduced by Sen. Brian Schatz, the Protecting Our Ability to Counter Hacking Act of 2017, or PATCH Act, would establish a legal framework for the process, requiring federal agencies to establish policies on when to share vulnerabilities and, if unclassified, to make those policies widely available.

The law would also legally establish a review board with high-ranking members of the federal government. The board would be chaired by the secretary of homeland security and include agency directors from the intelligence community as well as the secretary of commerce. The law would also require annual reports to Congress on the boards activities.

A version of the governments process, known as "vulnerabilities equities process," has been in place for some time, although its exact details are unclear. A version of the board already exists, but some have criticized the process as opaque, and a law would go some way toward binding the federal government to the system.

The NSA most famously faced criticism for its exploit process in 2014, when Bloomberg reported that the agency had exploited the Heartbleed bug, which exposed vulnerabilities in devices around the world. (The agency denied the report.) Microsoft obliquely criticized the US after the WannaCry ransomware attack last week, calling the incident a wake-up call about vulnerability hoarding.

See the article here:
After WannaCry, a new bill would force the NSA to justify its hacking tools - The Verge

Shadow Brokers hacker group says more NSA leaks to come – CBS News

The WannaCry ransomware never could have escalated as far as it did without the Shadow Brokers. And the hacker group has just resurfaced.

Themalware has ensnared up to 300,000 computers in more than 150 countries, locking up devices in hospitals, schools and businesses unless they pay up. It's been able to spread quickly by sneaking through an infected computer's network, using an exploit in a standard sharing tool called Server Message Block found in outdated Windows computers.

Play Video

Microsoft knew about the software vulnerability that was exploited by a massive cyberattack over the weekend, and had released a fix in March. Bu...

The exploit, codenamed EternalBlue, was first discovered by the NSA, butleaked to the world after the Shadow Brokers stole the agency's hacking arsenal. The group, quiet since August, returned Tuesday with a warning for the National Security Agency and the rest of the world: There are going to be more leaked tools.

"In June, TheShadowBrokers is announcing 'TheShadowBrokers Data Dump of the Month' service," the group wrote in itsopen letter on the Steemit website Tuesday. "Is being like wine of month club."

The hacker group claims that it still has 75 percent of the the US's cyber arsenal, and could release tools that exploit browser, router and phone vulnerabilities, as well as compromised network data from Russia, China, Iran and North Korea.

The Shadow Brokers originally triedselling off the stolen tools in an auction, but backed down after receiving no bidders. In the Tuesday letter, they said they weren't "interested in stealing grandmothers' retirement money," but wanted to send a message to the Equation Group, ahacking group linked to the NSA.

The Shadow Brokers said they'll release more details about their monthly data dump in June, including how interested subscribers could sign up. And after the massive success of WannaCry's ransomware breach, there's certainly much more demand.

Play Video

Cybersecurity experts say North Korea may be to blame for the unprecedented global "ransomware" attack. The hacking has crippled computer systems...

"They've proven that these are highly effective tools in their possession, so people are going to be very interested in purchasing this, especially other criminals," Sean Dillon, a senior security analyst at RiskSense said. "They still have the government's tools, and they want to make money off of it."

It's alreadyearned the hackers behind WannaCry more than $70,000 in just four days. The same EternalBlue exploit has also been used to infect computers withAydlkuzz, malware thatstealthily enslaves your PC to mine for cryptocurrency, according to researchers at Proofpoint.

Once somebody gets the data dump from the Shadow Brokers, Dillon said, the exploits would most likely become public. At the end of the letter, the hacker group hinted the NSA could make all these problems go away if the agency paid up for the tools.

When the Shadow Brokers first put theleaked tools up for sale, they demanded 1 million bitcoins, which then translated to $580 million. Currently, that amount is worth $1.76 billion.

"They can't pay anywhere close to the mark," Dillon said.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.

Logging Out: Welcome to the crossroads of online life and the afterlife.

This article originally appeared on CNET.

2017 CBS Interactive Inc.. All Rights Reserved.

Go here to read the rest:
Shadow Brokers hacker group says more NSA leaks to come - CBS News