Mediaboss Marketing

There is plenty of blame to go around for the WannaCry ransomware that spread throughout the Internet earlier this month, disrupting work at hospitals, factories, businesses, and universities. First, there are the writers of the malicious software, which blocks victims access to their computers until they pay a fee. Then there are the users who didnt install the Windows security patch that would have prevented an attack. A small portion of the blame falls on Microsoft, which wrote the insecure code in the first place. One could certainly condemn the Shadow Brokers, a group of hackers with links to Russia who stole and published the National Security Agency attack tools that included the exploit code used in the ransomware. But before all of this, there was the NSA, which found the vulnerability years ago and decided to exploit it rather than disclose it.

All software contains bugs or errors in the code. Some of these bugs have security implications, granting an attacker unauthorized access to or control of a computer. These vulnerabilities are rampant in the software we all use. A piece of software as large and complex as Microsoft Windows will contain hundreds of them, maybe more. These vulnerabilities have obvious criminal uses that can be neutralized if patched. Modern software is patched all the timeeither on a fixed schedule, such as once a month with Microsoft, or whenever required, as with the Chrome browser.

When the U.S. government discovers a vulnerability in a piece of software, however, it decides between two competing equities. It can keep it secret and use it offensively, to gather foreign intelligence, help execute search warrants, or deliver malware. Or it can alert the software vendor and see that the vulnerability is patched, protecting the countryand, for that matter, the worldfrom similar attacks by foreign governments and cybercriminals. Its an either-or choice. As former U.S. Assistant Attorney General Jack Goldsmith has said, Every offensive weapon is a (potential)

See the article here:
Why the NSA Makes Us More Vulnerable to Cyberattacks The Lessons of WannaCry - Foreign Affairs

A group of suspected National Security Agency (NSA) leakers known as the ShadowBrokers on Tuesday announced more details of their monthly subscription service to provide remaining documents from their NSA cache.

The group has been releasing files that appear to have been pilfered from the NSA in 2013 since last summer most notably releasing a suite of Windows hacking tools that were subsequently used in the Wanna Cry ransomware that induced a global panic earlier this month.

The ShadowBrokers on Tuesday posted instructions on how to join a "Wine of the Month" club for new NSA leaks. In the post, the group said interested parties should send 100 ZCash coins a digital currency akin to bitcoin to sign up for the service. Enrollment will begin June 1 and end June 30.

ZCash coins are currently worth over $230 apiece, making the sign-up cost more $23,000. Only available since October, ZCash is a relatively new entry into the digital currency market, something the ShadowBrokers address in a Q-and-A section of itspost:

"Q: Is Zcash safe and reliable?

"[Explitive] no! If you caring about loosing $20k+ Euro then not being for you. Monthly dump is being for high rollers, hackers, security companies, OEMs, and governments. Playing 'the game' is involving risks."

The post is written in the ShadowBrokers' trademark inconsistent broken English, widely believed to be an attempt to conceal the group's identity.

Little is known about the ShadowBrokers, including whether they are a group or individual, and hackers or NSA insiders leaking files. They first appeared in August trying to auction the complete set of tools, releasing an initial leak purportedly to drum up interest in the sale.

They returned in April to leak Windows tools in what the Brokers said was a protest of President Trump abandoning his hard-right positions for a more centrist view.

In an apparent attempt to capitalize on the notorietyof Wanna Cry, the ShadowBrokers announced their monthly leaking service just after Wanna Cry warranted international headlines.

The leaked documents appear to be at least in part genuine NSA documents. One of the hacking tools releasedby the group contained an identification code mentioned in a previously unreleased Edward Snowden file.

The ShadowBrokers claim they will not announce the contents of the monthlyleaks in advance.

"Q: What is going to be in the next dump?" ask the Brokers in the Monday post.

"TheShadowBrokers is not deciding yet. Something of value to someone. See theshadowbrokers previous posts... Peoples is seeing what happenings when theshadowbrokers is showing theshadowbrokers first. This is being wrong question. Question to be asking 'Can my organization afford not to be first to get access to theshadowbrokers dumps?'"

Link:
NSA leakers begin sign-ups for monthly leak subscription service - The Hill

I try not to jump on bandwagons, but with so much coverage of the worldwideWannaCrymess, I do have a few things to say that you may not have seen elsewhere.

There's beenplentyofmediacoverageso I'll just give a high level overview of what happened. Like many other nations, the USNational Security Agency(NSA) studies computer flaws and develops ways to attack them. TheShadowBrokersare a hacker group who started leaking some of these NSA-developed attacks in the second half of 2016. TheApril 2017 editionof their leaks included the code that enabled the WannaCry attack.

The attack that started on Thurs May 11 consisted of two parts. One would encrypt files so that the owner could not get access to their files (commonly called "CryptoWare"). The other part could get remote access to any vulnerable computer. This was a very powerful combination and this is the first time we've seen this kind of auto-spreading cryptoware. Once infected, the victim sees a screen that directs them to pay a ransom in Bitcoin so the whole attack is considered ransomware.

Now, Microsoft did release a patch in March to fix some of these problems, in particular, the remote access part. So no problem, right? Desktops and laptops are usually easier to patch, and you should always have your home systems set to automatically update. But servers need more testing to assure that applications continue to work as expected.

Patching was a critical part of the fix, but there was definitely more to it including things like new anti-virus signatures, whitelisting, intrusion prevention signatures and firewall rules.

One reason healthcare orgs seemed to be hit hard, including the BritishNational Health Service(NHS) is that healthcare often has many older systems and applications. These can be hard to update. With NHS, most of their desktop systems were running Windows XP!

But now ... who is actually to blame?

Inhispodcast, episode 21,Graham Cluleyasked this question. In particular, the question was, which of Microsoft, NSA, Shadow Brokers are to blame. You can listen to hear what they said.

Here's my opinion. There's one group to blame and then an additional area of concern.

The "blame" goes to those who carried out the exploit!

Yes, they took advantage of existing vulnerabilities and companies that didn't protect their systems, but that's beside the point. I mean, just because a bank has a welcome mat at the door doesn't mean you're allowed to rob it.

Now, what about these software vulnerabilities? Why do we keep having these problems? Someone has to write these in first place. I'm not picking on software developers. I've been one. It's a hard job. Code is very complex. This is something we call secure software engineering and it's not easy, but there are tools available to help us.

For additional reading, security expertMarcus Ranumwastalking about this wholecomplexity issue12 or more years ago.

And, not to pick on Microsoft, but why do we give everyone a computer with a general purpose operating system when most people only do specific things like email or word processing which can both be accomplished inside a browser? The more we can simplify the better off we'll be.

And then there's the correspondingmonocultureproblemwe were discussing 15-20 years ago: If everyone's computer is basically the same,then one problem can take them all out (thinkpotatoblight). And that seems to happen pretty regularly (to computers, not crops). The answer here is special purpose computing, and the more scaled down the better. I'm a big fan of "thin" systems like Chromebooks.

What can you do to protect yourself?

At home and at work: be careful with links and attachments.

At work: follow security policies and work with your IT team on all technology needs (if it uses electricity, it could pose a security issue).

At home: use the default for windows updates, useSecunia PSI, if you use Windows turn on the all the default protections and, of course,back up your data.

There are many good tools available for home backups includingCarboniteandCrashPlan, or even Microsoft OneDrive or Google Drive. And two good choices for encrypting data arebitlockerandveracrypt.

You need to take these kinds of steps now because we are going to see more new and bigger attacks coming in the future.

This post originally appeared on Barry Caplins Security and Coffeeblog.

Excerpt from:
Hackers, the NSA, Microsoft or Shadow Brokers: Who's really to blame for WannaCry? - Healthcare IT News (blog)

Recode

Secret court rebukes NSA for 5-year illegal surveillance of US citizens Miami Herald Parts of the ruling were redacted, including sections that give an indication of the extent of the illegal surveillance, which the NSA told the court in a Jan. 3 notice was partly the fault of human error and system design issues rather than ... The nation's top tech companies are asking Congress to reform a key NSA surveillance programRecode Tech giants to Congress: Please change how NSA spies on peopleCNET Facebook, Google (but not Apple) join in asking Congress to reform government surveillance programSilicon Valley Business Journal Liberty Nation (registration) (blog) -RT -CNNMoney all 17 news articles »

Go here to see the original:
Secret court rebukes NSA for 5-year illegal surveillance of US citizens - Miami Herald

Former head of the National Security Agency and CIA Michael Hayden said Jared Kushner's discussions about establishing a backchannel with the Kremlin were ignorant and naive, and said the notion he would do so because of distrust for the Obama administration suggests "we're in a really dark place as a society."

"Well, Michael, right now I'm going with naivete, and that's not particularly very comforting to me," Hayden said in an interview with CNN's Michael Smerconish on Saturday. "I mean what manner of ignorance, chaos, hubris, suspicion, contempt would you have to have to think that doing this with the Russian ambassador was a good or an appropriate idea?"

The Washington Post reported Friday that Kushner, President Trump's son-in-law and a senior adviser at the White House, and Russian Ambassador Sergey Kislyak discussed setting up a secret and secure communications channel between the Trump transition team and the Kremlin.

Kushner allegedly suggested using U.S.-based Russian diplomatic facilities for the communications to protect their discussions from any monitoring by the U.S. government, Kislyak said.

Hayden, whose career with the NSA and CIA spans three presidential administrations, said the notion that Kushner wanted to avoid monitoring suggests that Trump didn't trust the previous administration.

Actions borne out of that distrust "suggests we're in a really dark place as a society," Hayden said.

"Here you are willing to risk the perception of secret communications with your alleged co-conspirator because you feared the existing government so much," he said.

When asked what how he believed Kislyak responded to Kushner's suggestion of setting up backchannels, Hayden said the request "goes so far out of the norm that he was probably shocked."

Read the original:
Former NSA, CIA head: Kushner's attempts to set up backchannel with Russia ignorant, naive - Washington Examiner