Strategically Windows is an insecure system because security was
never the Microsoft development priority. Also insecurity of Windows feeds multiple security companies
which often produce useless or harmful products. That includes some anti-virus vendors.
For example consumer version of Symantec anti-virus for some period of time when
I was involved with Windows security was considered by security specialists more
like a Trojan horse that a real security software (see also
Symantec Sued For Running Fake malware-scans).
Av software based on signature database can protect only from established
threats. That means that against new high volume, high penetration speed exploits AV
software is always late. Using PC for committing financial crimes including
creation of army of zombie computers that are remotely controlled by the
"master" of particular zombie network and used for spamming and other purposes
make elimination of malware really difficult as it is created by highly paid
professionals who analyze deeply internals of Windows. That limit usefulness
of security companies like McAfee, Kaspersky, etc as their opponent operates on
the same or higher level of technological sophistication as they are. Other
approaches are needed. At the same time to abandon Windows based on its
insecurity is an overreaction. Linux is probably more secure as installed but
relative absence of high profile exploits is mainly connected to the fact that
on desktop it is niche OS. Android might change that and there are already a
mess with Android security...
Facing those new generation of cyber-criminals even former security
professionals like myself feel insecure and start viewing their own PC as a snooping
device that is constantly on. I remember Italian film in which the guys who was
involved in reporting conversation using special directed microphones in the end
of the film became paranoid and crushes everything in his apartment trying to find
a hidden microphone. This is now the way I feel about PC :-).
Social sites is another problem. Some of them like Facebook are essentially
information collecting sites masquerading as social sites. In essence Facebook
and other services are collecting so much information on their users that you
can say privacy good
buy. It is privacy of crowded street with video cameras each ten yards.
not all people can close their Facebook accounts as for many (not me) they
represent essential services, a new reincarnation of AOL.
Even if you don't have Facebook account Facebook collects list of sites that you
visited if the site has "Like" button.
That means that you need to create a special architecture to make our PCs more secure.
Architectural approaches to increasing security are the most promising because
they fundamentally change the environment in which malware operated. And the law
of evolutions is that the more specialised organism is and the more adapted to
the current environment it becomes, the more disruptive are to it even small
changes in the environment. This is perfectly true about the malware which is a
highly specialised software that makes several implicit assumption about the way
PC operates.
Around architectural steps that increase Windows security are (in
the order of increasing complexity and return on investment):
Dual Partition
Windows configuration with periodic backups of system drive. Splitting
the "system" hard drive into smaller C partition (say
$100-120GB) and a larger Data partition is a very simple and logical step
that makes restoration of your OS from backup much more easier and your data
more secure and more easily recoverable. On desktops instead of shriking
system partition and creating an new one for data it is easy to install a
second harddrive, This
approach is also possible on laptops with replaceable media bay, for example Dell
Latitude Laptops -you can simnply replace DVD with the second harddrive and
use USB DVD when needed,
Not only this simple step makes both backup and reinstallation of Windows much simper.
It also permits using
Softpanorama Spyware
removal strategy. The key idea behind this strategy is that a good disk image creating program is worth
a dozen of anti-spyware, anti-virus tools.
It is very difficult to cleanly uninstall
sophisticated malware which was designed with one or several mechanisms of recreating
itself if some part is preserved after the cleanup. But by using an image restoration
you can defeat even the most sophisticated spyware. The only precaution is that you should
have multiple (for example daily) backups as the point of infection can be quite
remote in time from the point of detection. It also make sense to perform a full
backup of drive C before installation of any new programs. Windows 7 64 bit has
around 60GB on system partition (without user data).
Windows XP typically
has 50GB or less of data on the C drive if user data are stored on the different
partition. That will take about an hour to backup such a partition which is a minuscule amount
of time in comparison with the time usually spend in restoring Windows system after
the infection (two or three days are common). It also provides a baseline that gives you
an opportunity to understand
what changes the installation performed on your system. This is the simplest strategy and can be implemented
by all Windows Users.
Dual browser arrangement
and periodic cleaning of cookies. Using two browsers instead of one
can dramatically increase your security from Web exploits. For example, you
can use IE in high security mode that allow no script to be executed and
Firefox for trusted sites. You can also set IE to delete its temp cache when
you close the browser (it does this in "In private" browsing mode, and this
mode should be used as the most secure was to access "grey" sites. It's makes more challenging to infect IE8 or IE9 in
this mode -- malware authors need to exploit some third party
application like the standard Trojan horses of all PCs -- Adobe Acrobat and
Flash plug-in;-).
Also using IE in high security mode partially cuts "snoopers" like Facebook
(no cookies are allowed). In addition to Facebook many legitimate sites and programs now have snooping components and connect to "mothership"
periodically to transmit some information from your computer. So line between spyware
and legitimate programs gradually becomes more and more fuzzy. For example programs developed
by Goggle (Google toolbar, Chrome, etc) also have a huge appetite for
collecting information about your browsing activities, especially if you
login as Google user. It looks like Google business model is not that
different from Facebook and that's why that promote Google Groups++ as there
is no tomorrow.
Periodic cleaning of cookies also helps to preserve your privacy and should
be scheduled as a weekly activity. It is also possible to preserved just
selected cookies for the sites you trust as cookies are often used to
simplify authentication to the site. At least this shows all those jerks who collect information
on you who is in control :-). Requires some discipline but can be implemented
by all Windows users.
Running "trusted computer" on one computer and Web browser
from the second computer (virtual or "real") with the "disposable" image.
The best way to create "disposable computer" on a real PC is to use The best way to achieve this is to
run Windows Disk Protection
on XP or emulate it on Windows 7. Windows 7 Professional and Ultimate allows
running XP-mode which can be used for his purpose. Requires some
qualification to setup the second computer as "disposable image computer".
See Windows Disk Protection
for more information.
Periodic reimaging of your computer from trusted image. This
method is often used at university labs and proved to be quite efficient as
for malware protection and especially from converting your PC into remotely
controlled zombie. On most PCs the set of installed applications is
nowadays quote static and that can be used for creating "trusted image" and then restoring
it when you are infected or need to perform some highly secure activities
like filing your annual tax return (it goes without saying that you
tax return should be copied from the harddrive to USB dives and backup
CR-ROM. Do not leave highly confidential data like you tax return on
your primary computer. You can also use a separate computer for highly
confidential activities. Many households have such
computers collecting dust in the closet. Reimage it once a year (tax
preparation) or each time you need to do something that needs additional security.
Do not use it for Internet browsing.
You
can use "brute force" approach and restore the image using Ghost-like
program ( for example Acronis
True Image ) or linux
live CD and Partimage. If your laptop has SSD this method is pretty fast,
with restore less then 20 min. In this case the "Windows
of opportunity" for malware is the
period between re-imaging of the computer. Moreover as image is static you
are better equipped for scanning dynamically registry, system and /Users
folders for new executables that entered the system.
This method is OK
mainly for advanced Windows users and IT professionals.
Using a separate Web proxy. This is a typical method used in
enterprise environment for protecting users. If you have a box with a
Web proxy (either real of virtual) you can point to it your Web browsers and
this does much more in increasing your security then is possible
just by using two browsers in different security modes. For home office and
small firms Squid can be used. For larger firms appliances like Blue coat
are typically used. This method can protect you from many threats as well as
excessive attention of Facebook and other information collecting monsters.
It also moved the definition of "trusted sites" to the proxy level.
For corporate environment it also can serve as anonimizer as all requests
are coming from a single IP address. That method requires some Linux qualification
and the desire to learn squid or other Web proxy configuration.
Tandem computing for users with one disposable computer possibly
firewalled from trusted computer. Using two computers with common SAMBA
partition: one disposable that is recreated from image on each reboot and used
for insecure services like Web browsing and one "trusted" that does not have
Web browser installed. The second "disposable computer can be either Linux
or Windows (this means that you will be limited to Firefox as your primary
and only browser). All Web browsing is done only via disposable computer to
which you connect either via Windows remote desktop or VNC. This
arrangement can be enhanced using firewall. Disposable computer can be either physical computer
or virtual instance. Windows 7 professional and higher allows running Windows
XP which can be you "disposable system" which permit using this
configuration on laptops. This method requires good understanding of networking
and ability to configure samba, remote desktop or VNC...
Introduction "on the fly" integrity checking and/or baseline
checking of registry and critical directories. With current laptops with
SSD drives and 3 GHz dual core CPUs scanning harddrive does not consume much
resources and if it is artificially slowed done it is not even noticeable.
The simplest way is to compare critical directories and critical parts of
registry with the baseline. This is the only method that detects critical
changes of configuration as soon as they occurred "in real time". But
this method require quit a bit of discipline in maintaining baseline and
installing/upgrading applications and OS on your computer. Typically
installation of applications and upgrade of OS should be done of a reference
computer on which there is no user activity. Individual user can create such
reference computer by buying second harddrive identical to the one that is
installed on the desktop/laptop for system image and replacing it each time
one need to install software. Without maintaining reference image is
difficult to sport the infection of you primary computer. In addition
existence of reference image simplifies verification that nobody run
anything in addition to what is installed on the computer. This is the way
images are created in corporate environment. Usually this method
requires existence of support personal who is at least part time are
responsible for the maintenance of the reference image. It is difficult to
implement for individual user. But this is the only method that allow you to
protect yourself from the compromise introduced by the insider who has
physical access to the computer. For example a corporate spy that tried to
install some programs on your computer. Althouth in modern PCs you can
install boot password making booting your computer without credentials much
more difficult).
Firewall traffic from the PCs prohibiting
any traffic to Internet outside Web proxy and handful of trusted sites and install your own DNS root servers.
Running your own DNS root server stops many attacks
cold as after infection they will be no able to figure out how to communicate
back to "mothership". Still they can do damage like deleting or modifying information
on the computer. Several major corporation use this approach for protecting
internal networks (not just DMZ but all internal network). This is a major
undertaking and requires good knowledge of DNS and analysis of typical activity
on the computer.
A number of international papers
report today on the Israeli hacking company NSO which sells snooping software to various
regimes. The software is then used to hijack the phones of regime enemies, political
competition or obnoxious journalists. All of that was already well known but the story has
new legs as several hundreds of people who were spied on can now be named.
The phones appeared on a list of more than 50,000 numbers that are concentrated in
countries known to engage in surveillance of their citizens and also known to have been
clients of the Israeli firm, NSO Group, a worldwide leader in the growing and largely
unregulated private spyware industry, the investigation found.
The list does not identify who put the numbers on it, or why, and it is unknown how many
of the phones were targeted or surveilled. But forensic analysis of the 37 smartphones
shows that many display a tight correlation between time stamps associated with a number on
the list and the initiation of surveillance, in some cases as brief as a few seconds.
Forbidden Stories, a Paris-based journalism nonprofit, and Amnesty International, a
human rights group, had access to the list and shared it with the news organizations, which
did further research and analysis. Amnesty's Security Lab did the forensic analyses on the
smartphones.
The numbers on the list are unattributed, but reporters were able to identify more than
1,000 people spanning more than 50 countries through research and interviews on four
continents.
Who might have made such a list and who would give it to Amnesty and Forbidden
Stories?
NSO is one of the Israeli companies that is used to monetize the work of the Israel's
military intelligence unit 8200. 'Former' members of 8200 move to NSO to produce spy tools
which are then sold to foreign governments. The license price is $7 to 8 million per 50
phones to be snooped at. It is a shady but lucrative business for the company and for the
state of Israel.
NSO denies the allegations that its software is used for harmful proposes with
a lot of bullshittery :
The report by Forbidden Stories is full of wrong assumptions and uncorroborated theories
that raise serious doubts about the reliability and interests of the sources. It seems like
the "unidentified sources" have supplied information that has no factual basis and are far
from reality.
After checking their claims, we firmly deny the false allegations made in their report.
Their sources have supplied them with information which has no factual basis, as evident by
the lack of supporting documentation for many of their claims. In fact, these allegations
are so outrageous and far from reality, that NSO is considering a defamation lawsuit.
The reports make, for example, the claim that the Indian government under Prime Minister
Narendra Modi has used the NSO software to spy on the
leader of the opposition party Rahul Gandhi.
How could NSO deny that allegation? It can't.
Further down in the NSO's statement the company
contradicts itself on the issues:
How do you explain the
suspiciously-timed, and simultaneous, Five Eyes denunciation of China for alleged hacking of
Microsoft? Is it a way of deflecting too much wrath on Israel? Or, is b wrong and the China
story serves as real distraction.
thanks b.. it is an interesting development which seems to pit the usa against israel... i am
having a hard time appreciating this... maybe... interesting conundrum snowden paints himself
into... @ 1 prof... there are plenty of distractions to go around.. hard to know...
In our day-and-age, all "Spectacular Stories" serve as distractions, although some are
genuine scoops illuminating criminal behavior involving state actors. Ultimately, this scoop
provides much more leverage for Putin's ongoing insistence that an International Treaty
dealing with all things Cyber including Cyber-crime be convened ASAP.
"Who has an interest in shutting NSO down or to at least make its business more
difficult?
The competition I'd say. And the only real one in that field is the National Security Agency
of the United States."
There is at least one other possibility.
The leak could be from a highly sophisticated state actor that needs to "blind" US and
especially Israeli intelligence services temporarily.
That could very easily be China, Russia or even Iran. Some of their assets could be on the
list.
Exposing the service weakens, or possibly destroys, it until another workaround is
found.
China might do this to push customers towards some of their cellphones that are supposedly
immune to this.
Russia and Iran might need to blind Mossad, NSA and CIA or upcoming operations in Syria,
Iraq and possibly Afghanistan.
Weird to have the US burn an Israeli spy operation (I'd be surprised if they didn't build
back doors into their own software) in such a public manner.
The only reason I can think of for the US to shut NSO down is if they refused to share
information they had gathered with the NSA and so they were put out of business.
Snowden didn't have a problem with the NSA et al spying on foreign adversaries. He had a
problem when the NSA was spying illegally on US citizens.
The 'West' could be using it as a weapon to rein in Israel, which it sees as getting more
and more out of control. Netanyahu might be gone but the policies that he represents will not
just disappear.
The mass media didn't like Israel's destruction of the building in Gaza where the
Associated Press had its offices. How are the media supposed to publish reports from places
where they don't have anywhere to work?
Western governments are exasperated that Israel doesn't even pretend to have any respect
for international law and human rights. Nobody in power in the West cares about those things
either, and they really want to support Israel, but doing that is a lot harder when Israel
makes it so obvious that it is a colonial aggressor.
As the Guardian reported yesterday, "The Israeli minister of defence closely regulates
NSO, granting individual export licences before its surveillance technology can be sold to a
new country."
The attack on NSO looks like a message to the Israeli state.
I think you are very wrong in your assessment that this is about business and getting rid
of the competition. Information isn`t about money. It is about power.
The people at MoA might not have noticed it because of ideological bias but Netanyahu and
Biden (and before him Obama) were quite hostile towards each other. To a degree they were
almost waging a kind of undercover cold war against each other (culminating in United Nations
Security Council Resolution 2334).
In this context I don`t believe the "former" Israelis spies at NSO are just Isrealis. They
are a specific kind of Israelis. Namely extreme-right Israelis/Likud loyalists. Netanyahu
created his own private unit 8200 - outside of the Israeli state. The profit that NSO made
were just the "former" spies regular payment.
The USA - with the consent and probably active assistance of the new Israeli government -
took Netanyahus private intelligence service down.
The US has found out that the NSO spyware can be used BY the "other regimes" against US
leaders. Or at least against US assets.
The Israelis would sell their wares to anyone with a buck (or shekel, as the buck is
getting rather uncertain as a money).
IE. Saudi buys a section of numbers and then decides to track and eliminate "opposants".
BUT if there are CIA personnel implanted with a good cover story, then OOOPS, "another one
bites the dust".
What laws exist in your nation to prevent illegal snooping?
How about profiling by the digital companies? Nations need to pass laws making it a
CRIMINAL offense to conduct snooping or hacking without a warrant. What happened to Apple's
claims about its devices' superior security and privacy?
Let's see what sanctions or criminal ACTIONS are taken against NSO, its executives and
other companies. Is any of the information captured by NSO shared with Israel &/or Five
Eyes? Are their financial accounts frozen? Let's see how they're treated compared to
Huawei.
Are Dark web sites linked to the REvil ransomware gang operating? Shutdown all illegal
snooping and cyber crimes entities.
A rule or law isn't just and fair if it doesn't applies to everyone, and they can't be
applied at the whims of powerful. Laws and rules applied unequally have no credibility and
legitimacy.
"Injustice anywhere is a threat to justice everywhere."
– Martin Luther King Jr.
"A rule or law isn't just and fair if it doesn't applies to everyone, and they can't be
applied at the whims of powerful. Laws and rules applied unequally have no credibility and
legitimacy."
Max, are you sure you have got your feet on this planet earth? If there is one factor that
is common to his era, is that "Justice" is no longer blindfolded, but is looking out for the
best interests of "friends".
Can you name a few countries where your ideal is the norm?
*****
PS. Don't bother, as I won't reply, I'm off to bed to dream of a perfect world. Much easier,
and I can do it lying down.
Another possible scenario is that the NSO has been poaching people and/or techniques from US
intel agencies for use in its for-profit schemes.
That is one thing which is guaranteed to get a negative reaction - regardless of who is doing
it and which party is in power.
We do know that NSO has been very active on the exploit buying dark webs since their
inception...
The above article also notes that NSO was acquired by Francisco Partners in 2010...
Thus maybe all this is purely a capability play: The US is falling behind and so wants to
bring in house, more capability. One way is to squeeze an existing successful player so that
they have to cooperate/sell out...
All I can be sure of, is that none of the present foofaraw has anything to do with the
truth.
"In fact, these allegations are so outrageous and far from reality, that NSO is
considering a defamation lawsuit."
Ya..Right. That's not remotely gonna happen!
The NSO 'Group" would have to provide a substantial amount of their very sensitive
'operational' & 'proprietary' internal documents - which would most certainly be
requested in discovery - to any of the possible defendants should NSO be stupid/arrogant
enough to actually file a formal suit of "defamation" in a any US court.
Talk about a "defamation" legal case that would get shut down faster than Mueller's show
indictment of 13 'Russian' agents and their related businesses that were reportedly part of
the now infamous "Guccifer 2.0" "Hack"
When these "Russian" hackers simply countered by producing a surprise Washington based
legal team that publically agreed to call Mueller's bluff and have the all of the 'indicted'
defendants actually appear in court, they immediately "requested" - via the discovery process
- all relevant documents that the Mueller team purportedly had that confirmed that their was
any actual or attempted (hacking) criminality.
VIA POLITICO:
The 13 people charged in the high-profile indictment in February are considered unlikely to
ever appear in a U.S. court. The three businesses accused of facilitating the alleged
Russian troll farm operation -- the Internet Research Agency, Concord Management, and
Concord Catering -- were also expected to simply ignore the American criminal proceedings.
Last month, however, a pair of Washington-area lawyers suddenly surfaced in the case,
notifying the court that they represent Concord Management. POLITICO reported at the time
that the move appeared to be a bid to force Mueller's team to turn over relevant evidence
to the Russian firm and perhaps even to bait prosecutors into an embarrassing dismissal in
order to avoid disclosing sensitive information.
The NSO Group is never going to even considering this "defamation" route, but their
threatening legal bluster is pure... Hutzpa!
In a world in which this can be done, the worst of governments will do it, and in the worst
ways.
The US and other governments have promoted this. Their own intelligence services use it.
They actively oppose efforts to block it, as happened with private encryption ideas.
We can't both make it possible and prevent the bad guys from doing it.
We have deliberately made it possible, and opposed serious efforts to protect private life
against it. Now we are surprised?
@ Stonebird (#17), you missed the pun in those words. Maybe you're sleeping while reading.
The Financial Empire and its lackeys want a "rules-based international order" and
China-Russia... want a "rule of international laws". Both are meaningless and worthless as
they're applied unequally. I am awake and in sync with REALITY. Just playing with these two
ideas. We have the law of the jungle. However, Orcs (individuals without conscience –
dark souls) are worse than animals in greed, deceits and killing.
"The Black Speech of Mordor need to be heard in every corner of the world!"
Interesting story but I agree that the hype is overblown because nothing much will change
even if this NSO outfit has a harder time flogging its spyware to all and sundry.
The NSA, CIA, MI5/6, Mossad and the 5 Lies spies will continue spying on friend and foe
alike and tech companies like Amazon, Facebook and Google will likewise continue their
unethical surveillance practices and will keep passing on private citizen's data to
government spy agencies. So it goes.
For a dissident Snowden is a lightweight. His beef wasn't, as b points out, with the NSA
itself, he just didn't like them spying on Americans within the USA. He had no problem spying
on people in other countries as long as the proper 'rules' were followed. That, almost by
definition, makes him a limited hangout.
The AI report notes that this software was abandoned in 2018 for cloud implementations to
help hide responsibility;
Having Amazon AWS dump services naming NSO probably has no effect at all, as NSO will just
use other names;
" However, Orcs (individuals without conscience – dark souls) are worse than animals
in greed, deceits and killing."
Non-human animals operate on a genetically programmed autopilot and are not responsible
for their actions.
Humans are partially engineered by genetics but unlike the "lower" animals they have the
power to choose which actions they will take and they are therefore responsible for their
choices.
A bear or a mountain lion will attack a human when it is injured or when protecting its
young, but one can't blame these animals for exercising their survival instincts.
Human beings are the only mammal, indeed the only animal, that is capable of evil, i.e.
deliberately choosing to harm or kill other humans for profit or personal gain.
On this subject, I suggest barflies read the excellent post on the previous MoA Week in
Review thread by:
Posted by: Debsisdead | Jul 19 2021 1:36 utc | 71
My reply @167 and Uncle T's further comment.
The book on this criminal conduct is called 'Murdoch's Pirates.' The detestable Amazon
have it at 'unavailable' however it is available at Australian bookseller Booktopia.
How do you explain the suspiciously-timed, and simultaneous, Five Eyes denunciation of
China for alleged hacking of Microsoft? Is it a way of deflecting too much wrath on Israel?
Or, is b wrong and the China story serves as real distraction.
Posted by: Prof | Jul 19 2021 18:09 utc | 1
If the US navy were to purchase leaky boats would it not be absurd for it to then blame
Russia or China for the influx of water?
If the US government, and US industry, purchase software full of holes is it not equally
absurd for them to blame a foreign entity for any resulting leaks?
In answering these questions it is worthwhile to remember that US government entities
support the insertion of backdoors in US commercial software. Such backdoors can be
identified and exploited by 3rd parties.
If this somewhat limp-wristed takedown of NSO did not have the support of apartheid Israel's
intelligence services, the graun would not be pushing the story.
It is that simple, the guardian is run by rabid zionists such as Jonathon Freedland deputy
editor, who retains editorial control from the second seat rather than #1 simply because the
zionist board wanted to stroke the fishwrap's woke credentials by having a female editor.
Foreign news and england news all have many zionist journos.
Now even the sports desk features stories by a bloke called Jacob Steinberg 'n sport is not
generally an interest of jews.
Also if NSO a corporation born to advance particular media interests were in fact a tool of
apartheid israel's intelligence establishment, it is unlikely that it would have tried to
sue the graun back in 2019.
None of that precludes Mossad plants working at NSO, in fact the move against it would
suggest that zionist intelligence has wrung the organisation dry.
This 'takedown' suggests to me that these services will continue, but not for everyone as
before. ME governments will never again gain full access, no matter how friendly they may
claim to be. All future contracts with whatever entity follows will only proceed if permitted
by FukUSi.
div> Since the software is licensed by the number of phones it's installed
on, NSO must have a means of determining the device ID/phone number of each phone (You wouldn't
trust some shady third-world regime to be honest, would you?
Since the software is licensed by the number of phones it's installed on, NSO must have a
means of determining the device ID/phone number of each phone (You wouldn't trust some shady
third-world regime to be honest, would you?
The Israeli connection just read an account on AC by Rod Dreher and so far, writers
are downplaying the connection to Israel. If it was a Chinese or Russian company we would be
blaming Putin.
We blame Putin for every criminal in Russia but I don't see anyone blaming Israel for a
product they they authorized for export. Wow.
It does take two to tango, so I do understand talking about the clients who bought the
product but if they have the export version of the spyware the it's obvious that Israel has
the super-duper lethal version but that's okay. No biggie. But Iran having any weapons to
defend their own country is a scandal.
US taxpayers subsidize the Israeli military industry. The zionists then developed tools which
they use against palestinians and their adversaries. The same technologies are later sold at
a profit to various United states security agencies. A wonderful self licking ice cream cone
of christian zionism, so much winning... Paying up the wazoo for our own eslavement. Last I
checked, the chosen one's were never held accountable for their role prior to 911 operations.
The Amerikastani Con-serve-ative manages to write a whole article about this without
mentioning the name of the "country" that created and exported this software.
This same Amerikastani Con-serve-ative pretends to champion free speech but doesn't permit
the slightest criticism of this same "nation", the racist fascist apartheid zionist settler
colony in Occupied Palestine. In fact the very mention of the word "zionist" will get your
comment removed.
I'm of the school of thought that Snowden is still an active CIA asset used to assist in
discrediting government agencies, such as the NSA, to allow private corporations to take
their place in data collection and dissemination. Alphabet, and it's AI/quantum computers
should not be ignored in this particular scenario
Human beings with conscience are INNER directed. Those without strong conscience (Orcs)
are OUTER directed and thereby easily captured, corrupted and controlled. Human beings with
great conscience (soul/spirit), strong mind and healthy body are PARAGONS.
Orcs were once elves. They got programmed by the dark forces of Saruman & Sauron
(Sin). Sauron's EYE is for intimidation. Seeing it sends fear into the hearts of people and
sucks away their courage. "When did we let evil become stronger than us?" Communicate
reality, truth and expose power freely!
There is still light to defeat the darkness. May your light light others
🕯🕯🕯
Ultimately, this scoop provides much more leverage for Putin's ongoing insistence that an
International Treaty dealing with all things Cyber including Cyber-crime be convened ASAP.
Israel and the UK will never sign such a protocol. The USA? only if it is worthless.
Mar man #4
The leak could be from a highly sophisticated state actor that needs to "blind" US and
especially Israeli intelligence services temporarily.
That could very easily be China, Russia or even Iran. Some of their assets could be on
the list.
"Snowden's opinion on this is kind of strange". Snowden's task, almost a decade ago now,
was to facilitate the passage of CISPA. Greenwald was the PR guy. Remember Obama saying we
need to have a conversation about privacy versus security? Well, Snowden and Greewald helped
him to have the conversation on his terms. And the media giants will be forever grateful.
Greenwald even got his own website. So no, nothing strange about what Snowden said. It was in
his script. Was, is and always will be an asset.
In a broader context:
"In a corporatist system of government, where there is no separation between corporate power
and state power, corporate censorship is state censorship. The actual government as it
actually exists is censoring the speech not just of its own people, but people around the
world. If US law had placed as much emphasis on the separation of corporation and state as it
had on the separation of church and state, the country would be unrecognizably different from
what we see today."
"It's A Private Company So It's Not Censorship"
Sanctions? Sanctions, did anybody mention sanctions for those carrying out Cyber attacks?
(Particularly ones that target "Freedom of speech" and Journalists.)
Apple is also zionist controlled, so not surprising that NSO had all internal details to
hack their iPhones, via tribal leakers or approved connections. So is Amazon, so their cloud
service for NSO continues under other cover.
Those in danger should not use Apple or Amazon-based or other zionist-controlled products
or services. A catalog of those might help.
I don't buy it. It doesn't sound plausible to me as presented.
One possibility is that it is a camouflaged operation to take down non-attributably spy
software that has fallen into the wrong hands, and thereby contrary to US interests. For
example, the new Myanmar government is sure to be using the software to observe the
US-sponsored miscreants from the Aung San Su Kyi regime who are bombing schools, hospitals
and government offices, and to seek out wanted criminals in hiding. The NSO take-down could
be an operation to take those licences out of operation. In that scenario those NSO customers
who are not anti-US might get support to continue operations as usual. As another example it
could also be used as a warning to the Saudis not to get too close to the Russians and
Chinese or ditch the US dollar, and not to accommodate to Iran.
Or maybe NSO just had the wrong political connections in the USA.
Whatever it may seem on the surface, that is what it surely is not.
div> I certainly can't compete on tech savvy as I have none, but doesn't
this perhaps line up with the summit decision between Putin and Biden to cooperate in terms of
policing cybercrime? Maybe that's too obvious, but I don't see that Snowden is contradicting
his own positions in that case. And of course, b, you are correct that the main culprit on
these matters is the US. Throwing the spotlight elsewhere however, doesn't mean it can't circle
around. Spotlights have a way of doing that.
I certainly can't compete on tech savvy as I have none, but doesn't this perhaps line up with
the summit decision between Putin and Biden to cooperate in terms of policing cybercrime?
Maybe that's too obvious, but I don't see that Snowden is contradicting his own positions in
that case. And of course, b, you are correct that the main culprit on these matters is the
US. Throwing the spotlight elsewhere however, doesn't mean it can't circle around. Spotlights
have a way of doing that.
The interesting backdrop to all this is that Israel has a *huge* presence in all things
associated with cybersecurity and have for years. The IDF's Talpiot plan no doubt enviously
eyed the NSA tapping into everyone's internet/cellphone traffic and wanted a piece of the
action. The financial intelligence alone would make it hugely valuable, not to mention
blackmail opportunities and the means to exercise political control.
I wonder if the Intel's Haifa design bureau was behind the infamous "management engine"
installed on *every* Intel chip since 2008 (to, of course, "make administration easier")?
The discover of this "feature" precipitated a huge scandal not too many years back if you
recall...
This "feature" gave anyone who could access it the ability to snoop or change the code
running on the main CPU... anyone want to guess whether the Mossad knows how to get to
it?
@Simplicius | Jul 20 2021 15:15 utc | 57
"I wonder if the Intel's Haifa design bureau was behind the infamous "management engine"
installed on *every* Intel chip since 2008 (to, of course, "make administration easier")?"
I remember 30 years ago there was controversy over the NSA requiring hardware backdoors in
all phones. At the time, it was called the "Clipper chip". Reportedly, the program failed and
was never adopted. Apparently, as this article exposed, that is false and something like it
is installed in all phones and possibly computers manufactured for sale in the western
world.
Supposedly, the real story behind Huawei sanctions and kidnapping of their executive, is
Huawei phones have no NSA backdoor since the Chinese flatly refuse to cooperate with NSA.
Turns out the Microsoft hacking accusation against China wasn't a distraction against the
NSO scandal, but a capitalist reaction against the CPC's growing containment of their own big
tech capitalists:
For people who don't know: this Kara Swisher is clearly an USG asset (or behaves exactly
like one). Every column she writes is an unashamed apology to all the USG policies on big
tech and on all decisions of American big tech.
@ vk (#59), Your conclusion about Kara Swisher is good one. However, cast the net wider to
understand the NETWORK that she represents and find additional media
Orcs. Most likely she is an asset of the Global Financial Syndicate, acting as a
gatekeeper/porter/lobbyist in the technology arena. Her mentor Walter Mossberg was an asset
too? It is easy to identify Orcs!
Work Experience: WSJ, The Washington Post, New York Times, ... Who did she sell Recode to?
Who are financiers of Vox Media?
Education: Georgetown, Columbia University (many assets come from here)
While the theory from m at #13 about it being a personal tiff between Biden and Netanyahu has
some appeal I tend to believe it is more complex than that.
While Dems could accumulate some grudges against Netanyahu, they can be pretty thick
skinned on that. On the other hand, if Netanyahu used his budget to dig the dirt against his
opponents like Bennet, with NSO as the took, the grudge against NSO could be very strong on
the side of the current government of Israel. Internal strife between Likudniks is intense.
And the mantle of the ruler of Israel comes with perks, like the ability to plant stories in
WP and NYT.
The Government said the reform was needed as the existing acts, with the last update in
1989, are no longer enough to fight the "discernible and very real threat posed by state
threats".
The Home Office said it does "not consider that there is necessarily a distinction in
severity between espionage and the most serious unauthorised disclosures, in the same way
that there was in 1989".
[More at the link.]
If it was Russia or Iran that was selling such spyware, would FUKUS react with measures
against the press or with sanctions and efforts to protect the press?
On the other hand, if Netanyahu used his budget to dig the dirt against his opponents like
Bennet, with NSO as the took, the grudge against NSO could be very strong on the side of the
current government of Israel. Internal strife between Likudniks is intense. And the mantle of
the ruler of Israel comes with perks, like the ability to plant stories in WP and NYT.
Posted by: Piotr Berman | Jul 20 2021 19:05 utc | 64
@64 Piotr Berman
This goes much deeper than just personal animosity.
For several years now there had been some kind of cultural war waging in Israel with the
populist leader - Netanyahu - on the one side and and most of the Israeli establishment - the
Mossad, the generals and the High Court - against him. The generals eventually acted by
founding their own party (with the former TV presenter Lapid at it`s head) and deposed
Netanyahu.
This cultural war in Israel is not only very similar to the cultural war in the USA. The
two countries are so intervened with one another that both conflicts have kind of merged.
"This cultural war in Israel is not only very similar to the cultural war in the USA.
The two countries are so intervened with one another that both conflicts have kind of
merged."
Posted by: m | Jul 21 2021 9:41 utc | 67
Yes, not unrelated to the purge Biden seems to be planning here. Bibi made a big mistake
getting so cozy with Trump. I would wager Trump is going to be in the crosshairs too. And
that is likely to be divisive, in both places.
A smartphone is a spying device from which one also can make phone calls. After Prism is
should be clear to anybody that goverments intercepts your email messages and record your phone
calls just because they can.
"..reporters identified more than 1,000 people spanning more than 50 countries. They included
several Arab royal family members, at least 65 business executives, 85 human rights activists,
189 journalists and more than 600 politicians and government officials – including several
heads of state and prime ministers." -- and all those idiots use plain vanilla Anroid or IOS.
Nice. They probably have no money to buy a basic phone for $14 or so. That does not save from
wiretapping but at least saves from such malware.
Southfront reports that an Israeli company's spyware was used in attempted and successful
hacks of 37 smartphones belonging to journalists, government officials and human rights
activists around the world, according to an investigation by 17 media organizations, published
on July 18th.
https://imasdk.googleapis.com/js/core/bridge3.472.0_en.html#goog_621104237 12 Retailers
Where Plastic Bags May Disappear Soon NOW PLAYING MLB All-Star Game: Best Home Run Props To
Target UP NEXT Boeing Finds Flaws in 787 Dreamliners, Cuts Delivery Target Big Tech, Earnings,
Meme Stock Momentum – On TheStreet Monday Target, Walgreens close early due to thefts in
California stores Rose McGowan supports Britney Spears' over conservatorship Rose McGowan is
"brutally angry" about Britney Spears' conservatorship How To Check if You're Actually Getting
a Good Deal on Prime Day
One of the organizations, The Washington Post, said the Pegasus spyware licensed by
Israel-based NSO Group also was used to target phones belonging to two women close to Jamal
Khashoggi, a Post columnist murdered at a Saudi consulate in Turkey in 2018.
One of them was his fiancee, and she and the other woman were targeted both before and after
his death.
The Guardian, another of the media outlets, said the investigation suggested "widespread and
continuing abuse" of NSO's hacking software , described as malware that infects smartphones to
enable the extraction of messages, photos and emails; record calls; and secretly activate
microphones.
The investigation highlights widespread and continuing abuse of NSO's hacking spyware called
'Pegasus' which the company confirms is only intended for use against terrorist groups, drug
and human traffickers, and criminals.
Pegasus is a very advanced malware that infects iOS and Android devices to allow operators
of the spyware to copy messages, photos, calls and other data, including secretly activate
microphones and cameras.
Based on the investigation, the leak contains a list of 50,000 phone numbers that have been
identified as those of people of interest by clients of NSO since 2016.
The list includes many close family members of one country's ruler, suggesting he might have
instructed the country's intelligence agencies to explore the possibility of tracking and
spying on their own relatives.
anti-bolshevik 8 hours ago (Edited)
Two articles from Motherboard Vice:
Is Israel EXEMPT from the ' rules-based order ' that Biden / Blinken / Yellen constantly
affirm?
Any incoming Sanctions? Any Treasury asset-seziures?
Motherboard uncovered more evidence that NSO Group ran hacking infrastructure in
the United States.
A former NSO employee provided Motherboard with the IP address of a server setup to
infect phones with NSO's Pegasus hacking tool. Motherboard granted the source anonymity
to protect them from retaliation from the company.
The licensor of software is not the user of the software. An Israeli company developed
it and may have used it.
In weapons terms, an Israeli company was the arms developer.
However, there are the licensees and users of the software. The factions and individuals
who actually used this weapon of war and political coercion.
In weapons terms, there are others, like the US and other country intelligence
communities who will be the ones who pulled the trigger.
The "trigger pullers include the Bolshevik Democrat party and the Biden campaign, which
used it to control citizens through intelligence gathering (remember Judge Roberts?) and
extract political donations from corporations and rich individuals. Don't forget the
Globalist GOP RINOs and Tech monopolists, who have used this weapon to control and subvert
anyone that they need to subjugate.
Bye bye Apple, Xiomi and Google Android. You just lost your market of brainwashed sheep
for new mobile phones. Even the unwashed Joe Six-Packs of this world now know they are
being manipulated with the phones that are so expensive.
MASTER OF UNIVERSE 11 hours ago
I've spent many years studying Experimental Psychology & Personality Theory and can
honestly state that malware can't determine appropriate behavioural signals intelligence
enough to act responsibly, or judiciously.
Algos are dependent upon Behavioural Science & human analytics. They are crude tools
that employ hit & miss techniques that hardly ever work accurately.
Israeli intelligence tries to look state of the art, but they are just as dimwitted as
the CIA.
WorkingClassMan 10 hours ago
They might be dimwitted and hamfisted but like an elephant with a lobotomy they can
still do a lot of damage flailing around. Worst part about it is them not caring about the
consequences.
NAV 10 hours ago remove link
It's amazing how the "dimwits" control the entire apparatus of the most powerful Empire
in the world and the entire world media.
2banana 12 hours ago (Edited)
It's not just some politicians and journalists.
It's everyone.
Your phone spys on you in every possible way.
Pegasus is a very advanced malware that infects iOS and Android devices to allow
operators of the spyware to copy messages, photos, calls and other data, including
secretly activate microphones and cameras.
gregga777 12 hours ago (Edited)
It's been widely for at least a decade that carrying a smart phone is really like wiring
oneself up for 24/7/365 audio and/or video surveillance. They only have themselves to blame
if they've been spied upon by the world's so-called secret intelligence agencies.
[Ed. The next time in a crowded public space, turn on Wi-Fi and count the number of
unlocked phones under the "Other Networks" menu.]
truth or go home 12 hours ago
If you have no phone, and no facebook, then you are likely immune from prosecution. My
neighbor the Fed agent told me 10 years ago that these two sources are 90% of every
investigation. That number has only gone up. They track you with it, they find out your
contacts with it. They find out your secrets with it. Just try to get either of those
things anonymously. You can't.
philipat 11 hours ago remove link
Land of the Free....
Ura Bonehead PREMIUM 7 hours ago
'truth or go home', 'having no Facebook' doesn't help you as FB secures the same
information via data-sharing arrangements with any number of apps you may download, that
came on your phone, or are embedded deep on your phone. Just a fact.
Steeley 4 hours ago
A friend that lives in Pahrump, NV reports that every time he crosses into California a
smart phone Covid Health Tracking App activates and he starts getting notifications. Can't
turn it off or find where it resides. When he crosses back into Nevada it stops.
E5 10 hours ago
"After checking their claims, we firmly deny the false allegations made in their
report,"
Really? So if 99 claims are true and one false? Never did they say there was truth to
the accusation that they hacked phones.
If you are going to commit a crime I suppose you want to "issue a statement" that you
didn't. I guess we have to ask them 2 more times: then it is a rule that you must tell all.
No minion can resist the same question three times.
zzmop 9 hours ago (Edited)
Keyword -'Israeli', Not Russian, Israeli, Not 'Russian hackers', Israeli hackers
eatapeach 9 hours ago
This is old news. Congresswoman Jane Harman was all for spying/eavesdropping until she
got busted selling her power to Israel, LOL.
consistentliving PREMIUM 7 hours ago
Not USA fake paper pushers but Mexican journalists deserve mention here
Revealed: murdered journalist's number selected by Mexican NSO client
Israel doesn't respect human rights!. Israel has been killing defenseless people in
Palestine for more than 50 years. The sad thing is that US support these genocidal sick
sycophats.
wizteknet 10 hours ago
Where's a list of infected software?
vova_3.2018 9 hours ago (Edited)
Where's a list of infected software?
If they take yr phone under control they'd have access to everything & then they can
use the info against you or anybody else in the info. https://www.youtube.com/watch?v=iuBuyv6kUKI
Israeli spy-wear "Candiru" works a little bet different than Pegasus but is also used to
hack & track journalists and activists. https://www.youtube.com/watch?v=nWEJS0f6P6k
The magic number of "6 million" will be the Get out of Jail Card once again.
And, these idiots keep preaching about the great risk China poses...
Steeley 4 hours ago
Embedded in the OS...
Kugelhagel 12 hours ago (Edited)
Is that article an attempt to get some sympathy for "politicians", "journalists" and
"activists"? Try again.
HippieHaulers 11 hours ago
Exactly. Don't forget Kashogi was CIA. And they're using another asset (Snowden) to roll
this out. This story stinks.
WhiteCulture 7 hours ago (Edited)
I installed Nice Systems onto 600 desk tops in 2003 at 3 separate call centers, a call
monitoring and a PC, mainframe CICS, or email, screen scrape capability. When the call
audio was recorded we also captured whatever was on the screen. No doubt the government has
been doing this on our phones and all personal computers for over a decade.
TheInformed 7 hours ago
Your example shows that people are dumb, it's not evidence of some grand 'government
backdoor' conspiracy. Don't conflate the two.
two hoots 10 hours ago (Edited)
Forget the petty herd/individual surveillance, this is a "super power" tool for
investment opportunities, negotiation advantage, strategic decisions, military/covert
decisions, etc. you can be sure that the most improved (undisclosed) versions are in use in
the usual suspect country. Likely spying on the spy's that bought the software from them.
These are those steps beyond Nietzsche's amoral supra-man.
Globalist Overlord 12 hours ago
Whitney Webb was writing about this in 2018.
Snowden: Israeli Spyware Used By Governments to Pursue Journalists Targeted for
Assassination
If Pegasus is used against Human Traffic-ers, then why didnt they get Jeffrey Epstein
earlier?
Occams_Razor_Trader 11 hours ago
Why 'get' people when you can 'use' these people ........................?
RasinResin 11 hours ago
I use to be in IT and worked in association with Radcom. Now you may ask who is that?
They are the Israeli company that is truly behind all monitoring and spying of your phones
in America
"Reuters' spokesman Dave Moran said, "Journalists must be allowed to report the news
in the public interest without fear of harassment or harm, wherever they are. We are
aware of the report and are looking into the matter."
I love the sanctimonious clutching of pearls, wringing of hands, and bleating from the
purveyors of CCP propaganda, woketardness, and globalism whenever the velvet hand that
feeds them punishes them with a throat punch instead.
donebydoug 11 hours ago
Journalists can't be spies, right? That would never happen.
Watt Supremacist 12 hours ago
Yes but do the people working for Reuters know all that?
nowhereman 11 hours ago
Just look at the signature on your paycheck.
Grumbleduke 11 hours ago
they're in the news business - of course they don't!
You know the adage "when your livelihood depends on not knowing" or something....
Enraged 10 hours ago
Listening in on calls is a distraction story by the propaganda media.
The real story is the blackmailing of politicians, judges, corporate executives, etc.
for many years by the intelligence agencies with tapes of them with underage girls and
boys. This was included in the Maxwell/Esptein story.
These people are compromised, which is the reason for the strange decisions they make,
as they support the globalist elite.
There is no reason to spy on journalists, as they are part of the intelligence agency
operations.
Max21c 10 hours ago (Edited)
There is no reason to spy on journalists, as they are part of the intelligence agency
operations.
True the press are either spies or puppets and vassals of Big Brother and the secret
police. They're all mostly agents of the Ministry of Truth. But sometimes they get the
weather report right.
Wayoutwilly 12 hours ago remove link
Bet they have sh!t on Roberts, Kavanaugh and Barrett too.
Brushy 11 hours ago
Wait a minute, you mean the tracking spy device that you carry around and put all of
your personal information on is actually tracking and spying on you?!!
Dis-obey 10 hours ago remove link
They have data on everyone but not enough eyes to look at everyone all the time. So when
you get flagged then they can open all the data on your device to investigate
u.
ay_arrow
Yog Soggoth 10 hours ago
Khashoggi was not a journalist. While interesting, this is not the story of the
year.
Lawn.Dart 10 hours ago
Almost every intellegence agent is a writer of some kind.
Max21c 10 hours ago
NOS is just one company out of many. They have the willing complicity of the security
services of other countries including the CIA, FBI, NSA, DOJ, in the USA and similar per
UK. Secret police use these special contractors to help them engage in crimes and criminal
activities and it does not matter whether the secret police use a foreign or domestic
secret police agency or contractor as they're all in on it together. It's just a criminal
underworld of secret police, secret police bureaus & agencies, and "intelligence"
agencies. They're all crooked. They're all crooks and criminals and thieves that rob and
persecute innocent civilians just like the Bolsheviks, Nazis, Gestapo, Waffen SS, Viet
Kong, Khmer Rouge, Red Guards, ISIS, Stasi, KGB, etc. It's all the same or similar secret
police, police state tactics, state security apparatus abuses of power, absolute power
& its abuses, and spy agencies and intelligence agencies... and those that go along
with it and collaborate. It's all just criminal enterprises and crime agencies.
So you can solve the 10,000 open murder investigations in Chicago with this. That's how
its being used right...
Bostwick9 10 hours ago
"We are deeply troubled to learn that two AP journalists, along with journalists from
many news organizations, are among those who may have been targeted by Pegasus spyware,"
said Director of AP Media Relations Lauren Easton.
OMG . Not journalists !!!!!!!!!!
Guess NSO is a "buy", then.
NAV 11 hours ago remove link
To believe that the Israelis will not use the information that they have is absurd.
Here's one example:
The American Anti-Defamation League under Abe Foxman long made it a practice for decades
to tail all Congressmen – liberal or conservative -- as was brought out in
allegations in the San Francisco trial of its head operative Roy Bullock on charges of
buying blackmail information from members of the San Francisco Police Department as
reported by the San Francisco Examiner. Bullock had collected information and provided it
to the ADL as a secretly-paid independent contractor for more than 32 years.
Can it be that there's a connection between data of this kind and the unbelievable
unification of almost every congressman behind every Israeli position?
Of course, the San Francisco Examiner no longer is in existence. But Israeli trolls
continue to gather like wasps upon meat to destroy any information that might reveal their
nefarious purposes.
In 1993 the FBI interviewed
40-year undercover ADL operative Roy Bullock , who had improperly obtained social
security numbers and drivers licenses from San Francisco Police Department officer Tom
Gerard. Gerard and Bullock infiltrated and obtained information on California
Pro-Palestinian and anti-Apartheid groups as paid agents of both the ADL and South
African intelligence services. The ADL paid tens of thousands in damages over the
incident and promised not to collect confidential information in the future.
SARC '
novictim 8 hours ago
What do you want to bet that Orange Hitler and associates along with MAGA Republicans,
their attorneys, friendly patriot reporters, etc, have had their phones widely hacked going
all the way back to 2016?
Because when you are a "progressive" in power, anyone who wants to unseat you is a
terrorist threat and you can do just about anything you want to them because you are saving
the world.
Sarrazin 8 hours ago
unseat you is a terrorist threat and you can do just about anything you want to them
because you are saving the world.
Funny, it's the same formula US foreign policy applies to all it's victims nations
around the world. Fighting terrorists in the name of saving the world.
LEEPERMAX 9 hours ago (Edited)
💥BOOM !!!
In 2020 alone, Facebook and Amazon spent more money on
lobbyists than did Raytheon, Northrup Grumman, Lockheed Martin, and Boeing -- major players
in the defense-industrial complex !!!
Let that sink in.
OldNewB 11 hours ago
"Journalists must be allowed to report the news in the public interest without fear of
harassment or harm, wherever they are."
This hasn't happened in ages. What the large majority of MSM operatives (so called
"journalists" ) convey to the public is propaganda and agenda driven misinformation and
disinformation.
SummerSausage PREMIUM 12 hours ago
Obama spying on Trump and Fox reporters - meh.
Same Obama intelligence services spying on WaPo & leftist reporters - FASCIST
Mute Button 11 hours ago
We're supposed to be outraged even though Trump & co. know they're being "spied"
on.
Its just a game of the uniparty.
Ivy Mike 8 hours ago
Yawn. Smart phones have swiss cheese security. Who knew.
If you have a secret that you really don't want people to know, don't put in on a device
that ever touches the internet. Don't talk about important stuff on a phone call. Any mob
boss from the 70's could tell you that.
MeLurkLongtime 5 hours ago
I would add if you have Alexa, don't converse on any sensitive topics in front of her,
either.
_0000_ 9 hours ago remove link
" Pegasus is a very advanced malware that infects iOS and Android devices to allow
operators of the spyware to copy messages, photos, calls and other data, including
secretly activate microphones and cameras."
This is a non-story. Lots of smoke, lots of brew-ha-ha.
Why is THIS a jaw dropping story now when the NSA/CIA have been doing this to ALL iOS
and Android devices years ago? RE: CALEA , signed into law in 1996 by Bill Clinton.
Just more misdirection... meant to distract from something else. What?
Rectify77 PREMIUM 10 hours ago
Isn't it odd that Iran, Russia and China are not on the map? Who are the Israelis
playing?
NAV 10 hours ago
Isn't is amazing that Russia is giving asylum to Edward Snowden who will be arrested and
inflicted with only God knows what if captured by the USA?
Market Pulse 13 hours ago
And we are surprised, why??? Everyone's phones are spied upon with all the data
collected. All part and parcel of the NWO and the "Information Age". How else are they
going to get all that information to control everything. And just think, once upon a time,
there were no cell phones and the people were fine. They also were happier and much more
free. Hint - ditch the phone!
dog breath 4 hours ago
Hello? This stuff has been going on for two decades. Bill Binney, former NSA, been
talking about this since after 911. Five eyes is a way over going around internal rules.
Every country does this. Russia, China, EU, USA, Australia, etc. are all spying on their
own citizens. This world is turning into a corrupt crap pile and I'm waiting for the Lord
to come.
Windows is zero security operating system, if we are taking about sophisticated attackers.
Walways was and always will be. If somebody with sensitive information use for storage of such
information Internet connected Windows desktop he is an idiot. Plain and simple. Use of private
segment with youw own firewall might hel a little bit. But generally to use Windows to store
sensitive information you need disconnected from internet computer; you need an air gap for
machines that store such information and use writable CD or read-only switch on SD card to
transmit it. And even this might not be enough.
Microsoft,
Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments100+ dissidents, politicians, journos targeted by Israeli espionage toolkitIain Thomson in San
Francisco Fri 16 Jul 2021 // 00:57 UTC
ANALYSIS Software patches from Microsoft this week closed two vulnerabilities exploited by
spyware said to have been sold to governments by Israeli developer Candiru.
On Thursday, Citizen Lab released a
report fingering Candiru as the maker of the espionage toolkit, an outfit Microsoft
code-named Sourgum. It is understood the spyware, code-named DevilsTongue by Microsoft,
exploited at least a pair of zero-day holes in Windows to infect particular targets'
machines.
Redmond said at least 100 people – from politicians, human rights activists, and
journalists, to academics, embassy workers and political dissidents – have had their
systems infiltrated by Sourgum's code; about half are in Palestine, and the rest dotted around
Israel, Iran, Lebanon, Yemen, Spain, the United Kingdom, Turkey, Armenia, and Singapore.
Once it has comprehensively compromised a Windows PC, DevilsTongue can exfiltrate the
victim's files, obtain their login credentials for online and network accounts, snoop on chat
messages, and more. Candiru also touts spyware that can infect and monitor iPhones, Android
devices, and Macs, as well as Windows PCs, it is claimed. The products are said to be on sale
to government agencies and other organizations, which then use the espionage software against
their chosen targets.
"Candiru's apparent widespread presence, and the use of its surveillance technology against
global civil society, is a potent reminder that the mercenary spyware industry contains many
players and is prone to widespread abuse," Citizen Lab, part of the University of Toronto, said
in its report.
"This case demonstrates, yet again, that in the absence of any international safeguards or
strong government export controls, spyware vendors will sell to government clients who will
routinely abuse their services."
We're told that at least 764 domain names were found that were likely used in some way to
push Candiru's malware to victims: websites using these domains typically masqueraded as legit
sites belonging to Amnesty International and refugee organizations, the United Nations,
government websites, news outlets, and Black Lives Matter communities. The idea being, it
seems, to lure visitors to webpages that exploited browser, Microsoft Office, and Windows bugs
to not only infect PCs with DevilsTongue but also grant the spyware admin-level
access.
How's that patching going?
Microsoft was able to fix the operating system flaws exploited by Candiru's software in
this month's
Patch Tuesday after Citizen Lab obtained a hard drive from "a politically active victim in
Western Europe," it said. Redmond reverse-engineered the spyware to figure out the infection
process.
The Windows goliath saw that two privilege-escalation vulnerabilities, CVE-2021-31979
and CVE-2021-33771 ,
were being exploited, and patched them this week.
"The weapons disabled were being used in precision attacks targeting more than 100 victims
around the world including politicians, human rights activists, journalists, academics, embassy
workers and political dissidents,"
said Cristin Goodwin, GM at Microsoft's Digital Security Unit.
In Redmond's
technical rundown of the spyware, it said the DevilsTongue malware would gain a foothold on
a system by exploiting flaws in, for example, the user's browser when they visited a
booby-trapped site, and then use the aforementioned elevation-of-privilege holes to get into
the kernel and gain total control of the box.
The software nasty, once on a Windows PC, is capable of gathering all session cookies and
passwords from browsers, and can take control of social media accounts and third-party apps. It
sported several novel features designed to avoid detection, leading Microsoft to conclude that
the "developers are very professional, have extensive experience writing Windows malware, and
have a good understanding of operational security."
Chocolate Factory comes in, warns
it's not over
Google, meanwhile, this week detailed a
bunch of bugs it detected being exploited by malicious webpages and documents to gain code
execution on netizens' machines.
It would appear DevilsTongue exploited CVE-2021-21166 and CVE-2021-30551 in Chrome, and
CVE-2021-33742 in
Internet Explorer's MSHTML scripting engine – used by Microsoft Office, for instance
– and chained them with the above Windows bugs to install itself on the victim's PC and
gain admin-level access to data and applications. All a victim would need to do is surf to a
booby-trapped page in Chrome, or open a maliciously crafted document in Office.
Those flaws have been patched by now. "Based on our analysis, we assess that the Chrome and
Internet Explorer exploits ... were developed and sold by the same vendor providing
surveillance capabilities to customers around the world," Googlers Maddie Stone and Clement
Lecigne noted, adding: "Citizen Lab published a report tying the activity to spyware vendor
Candiru."
Google also documented an unrelated remote-code execution flaw in Safari's Webkit engine for
good measure.
We're told the Chrome flaws were spotted being exploited to commandeer Windows computers in
Armenia. Marks would be lured to websites that analyzed their screen resolution, timezone,
supported languages, browser plugins, and available MIME types to decide whether or not to
compromise their browser.
"This information was collected by the attackers to decide whether or not an exploit should
be delivered to the target," said Google's Threat Analysis Group (TAG). "Using appropriate
configurations, we were able to recover two zero-day exploits."
Further probing revealed that Armenian Windows users were being targeted via the
aforementioned Internet Explorer flaw. This would be triggered by opening a Office document
that contained either a malicious ActiveX object or VBA macro. Microsoft fixed that issue last
month.
Make it rain
Candiru has been in operation since 2014 and reminds us of another Israeli surveillanceware
outfit: NSO Group .
It's a lucrative business, judging by a contract obtained by Citizen Lab.
The deal, valued at €16.85m ($20m), offers unlimited malware injection attempts but
only the ability to surveil ten devices in one country directly. An extra €1.5m ($1.8m)
gets access to another 15 devices, and for €5.5m ($6.5m) buyers can snoop on 25 handsets
in up to five countries.
There are also paid-for optional extras to access specific accounts. If you want a target's
Signal messages, that'll cost another €500,000 ($590,000). Candiru also offers access to a
victim's Twitter, Viber, and WeChat for around half that amount. Training for four admins and
eight operators is included in the price.
Citizen Lab said Candiru appears to have changed its name five times in the past seven
years, and maintains a very low profile. An ex-employee
suing the company for lost commission claimed that it had $30m in revenue in 2017, and
business is good thanks to the organization's export license.
"Israel's Ministry of Defense -- from whom Israeli-based companies like Candiru must receive
an export license before selling abroad -- has so far proven itself unwilling to subject
surveillance companies to the type of rigorous scrutiny that would be required to prevent
abuses of the sort we and other organizations have identified," Citizen Lab said.
"The export licensing process in that country is almost entirely opaque, lacking even the
most basic measures of public accountability or transparency."
One wonders how this spyware would fly in America. Facebook is suing the NSO Group ,
accusing it of unlawfully compromising users' phones to snoop on them via a security hole in
WhatsApp.
NSO's lawyers have used a variety of legal arguments, saying that it only licenses its
software to governments for criminal or anti-terrorist work and so has sovereign immunity, that
it has no presence in the US
market, and claiming Facebook itself tried to buy the
company's Pegasus snoopware but was turned down. At one stage NSO didn't even bother to
turn
up in court.
The case is ongoing. US Senator Ron Wyden (D-OR) has called for an
investigation into NSO products being touted to law enforcement. ®
@erelis #45
PC anti-ransomware software is nothing but virus scanner software repackaged.
I've repeatedly said: modern ransomware attacks involve a network intrusion first. They do not involve getting someone to click
on a bad attachment or what not.
If someone capable knew who and where you were - you are not stopping them unless you REALLY know what you're doing.
For example: do you use a wifi router? If so, you have ZERO security. WiFi routers are crackable trivially with proximity.
Most of them are built on open source software which is rarely updated. And most importantly: if you don't even know if/when they're
being targeted, how can you possibly be secure?
I agree with Norwegian and One Too Many, though I haven't gotten around to switching to Linux yet.
IMO, MS has been building stupid dangerous interrupts into Window O/S, presumably because it's more profitable than building
saner, safer systems. I'm Old School - I want my computer to do what I tell it to do, even when I'm stupid. These days, Windows
products are built to prioritize instructions from Big Momma in Seattle (MS) over my keystrokes & mouse-clicks. Of course, the
techniques they created to manage this become the tricks used by malevolent hackers to steal control of computers remotely.
Yes, Cryptocurrencies ("Dunning-Kruegerrands") make it easier for profit-oriented hackers to get paid. But the underlying problem
is baked into Operating Systems designed to give control to someone other than the user.
Ransomware attacks continue to disrupt many businesses. Earlier this month an attack through
Kaseya VSA , a remote managing software,
disabled several managed service provider and some 1,500 of their customers. Their data was encrypted and will only be restored if
they pay the demanded ransom.
Such attacks are increasing because they are easy to do and carry little risk. The basic platforms for specific attacks can simply
be
rented from underground providers :
"I think what most people think about when they think of a stereotypical hacker is somebody that's in-depth into coding," the
officer said. "It has changed now in that it used to be that you had to be very technically adept to be a hacker, but the way
the cyber market or cyber underground has evolved is a lot of those things have become services now."
The industry has diversified, he said.
"Those network attackers, instead of profiting themselves, are now renting out their services and their expertise to others
and that's where we see this amplification," the officer said. "It's others renting out the services now. It unlocks another class
of folks that can be opportunistic and take advantage of bad cyber hygiene."
Some of the rentable ransomware services, like REvil, are run by Russian speaking groups. But that does not mean that the people
who use it are from Russia or that the attacks take place from Russian grounds. The last big bust that hit the command and control
severs of the alleged 'Russian' Emotet cyber crime service
took place in the Ukrainian capital Kiev. While those criminals spoke Russian they neither were Russians nor was Russia involved
at all.
Despite that U.S. media blame all recent attacks on Russia and use them to incite the Biden administration to respond by attacking
the Russian nation.
Those headlines and pieces are misleading in that they set expectations which the Biden administration is for good reasons unwilling
or unable to deliver on.
Mr. Biden is under growing pressure to take some kind of visible action" perhaps a strike on the Russian servers or banks that
keep them running" after delivering several stark warnings to Moscow that he would respond to cyberattacks on the United States
with what he has called "in-kind" action against Russia.
The 'growing pressure' are Sanger's writeups all by themselves. The piece then quotes a number of anti-Russian hawks who suggest
some very unreasonable 'retaliation options':
Dmitri Alperovitch, a founder of the cybersecurity firm CrowdStrike, and now the founder of the Silverado Policy Accelerator think
tank, has argued that until Mr. Biden moves to cut significantly into Russia's oil revenue, he will not get Mr. Putin's attention.
...
In recent days, however, a growing number of experts have argued that the United States is now facing such a barrage of attacks
that it needs to strike back more forcefully, even if it cannot control the response.
"You don't want escalation to get out of control, but we can't be so afraid of that that we bind our own hands," Mr. Painter
said.
William Evanina, who recently left a top counterintelligence post in the U.S. government and now advises companies, said he
would advise Mr. Biden "to be bold."
...
If Moscow wanted to stop Russia's cybercriminals from hacking American targets, experts say, it would. That is why, some Russia
experts argue, the United States needs take aim at Russia's kleptocracy, either by leaking details of Mr. Putin's financials or
by freezing oligarchs' bank accounts.
"The only language that Putin understands is power, and his power is his money," said Garry Kasparov, the Russian chess grandmaster
and a Putin critic. "It's not about tanks; it's about banks. The U.S. should wipe out oligarchs' accounts, one by one, until the
message is delivered."
Sure, lets blow up the international banking system by manipulating accounts of private Russian people even though we do not even
know if the criminal cyberattacks are run by Russians or from Russia.
President Biden warned President Vladimir V. Putin of Russia on Friday that time was running out for him to rein in the ransomware
groups striking the United States, telegraphing that this could be Mr. Putin's final chance to take action on Russia's harboring
of cybercriminals before the United States moved to dismantle the threat.
In Mr. Biden's starkest warning yet, he conveyed in a phone call to Mr. Putin that the attacks would no longer be treated only
as criminal acts, but as national security threats" and thus may provoke a far more severe response, administration officials
said. It is a rationale that has echoes of the legal justification used by the United States and other nations when they cross
inside another country's borders to rout terrorist groups or drug cartels.
Sure, U.S. special forces will parachute into Moscow to nab some cybercriminals who may or may not be there.
The warning that Sanger implies Biden allegedly made was never given. Biden himself is quoted in the next paragraph (emph. add.):
"I made it very clear to him that the United States expects, when a ransomware operation is coming from his soil, even though
it's not sponsored by the state, we expect them to act if we give them enough information to act on who that is ," Mr. Biden told
reporters.
There is the crucial point. The U.S. does not know who made those attacks or where they were actually controlled from. It has
not given Russia any names or evidence that Russia could act on. The Kremlin readout of Biden's call with Putin explicitly
makes that point :
In the context of recent reports on a series of cyberattacks ostensibly made from Russian territory, Vladimir Putin noted that
despite Russia's willingness to curb criminal manifestations in the information space through a concerted effort, no inquiries
on these issues have been received from US agencies in the last month. At the same time, considering the scale and seriousness
of the challenges in this area, Russia and the US must maintain permanent, professional and non-politicised cooperation. This
must be conducted through specialised information exchange channels between the authorised government agencies, through bilateral
judicial mechanisms and while observing the provisions of international law.
The leaders emphasised the need for detailed and constructive cooperation in cybersecurity and for the continuation of such
contacts.
Russia has long suggested to set up deeper talks and a treaty about cybersecurity issues. In a short interlude with the media
President Biden
said that meetings about these will now take place:
Q: Sir, what are the consequences for Putin if he does not step up against cyberattacks?
THE PRESIDENT: Well, we set up a committee" joint committee. They're meeting on, I think, the 16th. And I believe we're going
to get some cooperation. Thank you.
Q: Mr. President, what do you expect President Putin (inaudible)" what do you expect him to do? What are those actions?
THE PRESIDENT: It's not appropriate for me to say what I expect him to do now. But we'll see.
Those responses seemsfar from the belligerence the NYT 's Sanger tries to convey.
The problem of crippling ransomware attacks will only increase and blaming Russia for them will not change that fact. The most
basic tool that enables such criminal cyberattacks is the exchange medium through which
ransom payments are made :
Let me paint a picture of a bleak future, that seems to be racing towards us much faster than the public may know about. It's
a future in which ransomware and mass data theft are so ubiquitous they've worked their way into our daily lives.
...
[W]hat is new is that the level of these attacks has gone parabolic in the last few years because of one simple fact. With the
addition of bitcoin to the problem it's insanely profitable, low-risk, and almost the perfect crime. It's also a very real economic
tool that nation states can use to disrupt each other's infrastructure.
The singular reason why these attacks are even possible is due entirely to rise of cryptocurrency. Consider the same situation
on top of the existing international banking system. Go to your local bank branch and try to wire transfer $200,000 to an anonymous
stranger in Russia and see how that works out. Modern ransomware could not exist without Bitcoin, it has poured gasoline on a
fire we may not be able to put out.
It is not only bitcoin but also a number of other cryptocurrencies which have no real justification to exist. But there are transition
points from real money to cryptocurrencies and back where the problem can be tackled:
Cryptocurrency exchanges are the channel by which all the illicit funds in this epidemic flow. And it is the one channel that
the US government has complete power to rein in and regulate. The free flow of money from US banks to cryptocurrency exchanges
is the root cause of this pandemic and needs to halt. Through sanctions, control of the SWIFT network, and our allies in NATO
the federal government has all the tools to put a stop to these illicit flows. Nothing of value would be lost by shutting off
the spigot of dark money and darknet trade. Cryptocurrencies are almost entirely used for illicit activity, gambling and investment
frauds, and on the whole have no upside for society at large while also having unbounded downside and massive negative externalities.
A shut down of cryptocurrencies would disable the safe payment media that criminal ransomware attackers currently use. All other
payment methods require some physical interaction or in person verification. Using those would increase the risk for cyberattackers
immensely.
The good news is that the Biden administration has caught on to this. Last week the Deputy National Security Advisor for Cyber
and Emerging Technology Anne Neuberger
remarked on it :
Neuberger described the Administration's ransomware strategy which includes several lines of effort: disruption of ransomware
infrastructure and actors by working closely with the private sector; international cooperation to hold countries who harbor ransom
actors accountable; expanding cryptocurrency analysis to find and pursue criminal transactions ; and the federal government's
review to build a cohesive and consistent approach towards ransom payments.
This is more than just a conversation that's taking place between the two leaders, President Biden and President Putin. This is
really about our own resilience, as a nation, in the face of these attacks, and strengthening that. That's what the cybersecurity
executive order was largely about.
It's about addressing the challenges posed by cryptocurrency, which provides fuel for these sorts of transactions.
A ransomware attacker may sit in Kyrgyzstan, use a Swiss proxy network to access rented servers in Canada from which a ransomware
cyberattack is launched by using tools that were developed in Estonia but are managed from Spain. There are ways and means to hide
such routes and to fake the involved nationalities. To then blame Russia or any other country for such attacks or to threaten a response
against nation state assets is warmongering nonsense.
The Kaseya VSA attack shut down 800 local
food shop of the Swedish chain Coop for over a week. Millions of people were affected by that in their daily life. With more and
more information technology involved in our daily lives we no longer have the ability to avoid ransomware attacks and their consequences.
What can be done is to disable the cryptocurrency payment channel that is used by attackers with little to no risk. While this
may not completely solve the problem of widespread ransomware attacks it will at least make it more manageable.
Posted by b on July 10, 2021 at 16:54 UTC |
Permalink
next page Â" Yet another argument that banning cryptocurrencies will somehow prevent ransomware.
I vehemently disagree.
I previously wrote that check kiting still exists: there is absolutely nothing preventing traditional money laundering services
from being used by ransomware gangs.
Furthermore, the cryptocurrency ban argument is only 1 step removed from the original "Never pay ransoms" tripe and 2 steps removed
from the subsequent "terrorist financing" tripe.
Let me be clear:
we are talking about business continuity interruption value in the tens to hundreds of millions of dollars.
As I wrote back in 2016 - it would only be a matter of time before attackers starting realizing just how much value they were
holding hostage.
If a business is doing $100M a year in revenue - a major ransomware attack takes at least 1 week to recover and usually longer.
And no, backups make zero difference to this figure.
Restoring large databases, complex systems and/or customer facing portals takes at least that long - and this excludes the
work needed to verify if persistence (i.e. leave behind back doors or what not) exists.
Then there's the work of understanding how the attack began, how it proliferated, etc etc.
$100M revenue vs. 2 weeks of BCI - the loss is $4M plus the security review/forensics analysis. The latter is going to cost
at least 6 digits and could easily go into the 7 digits, if done by a top tier professional firm.
Now compare this to a $100K ransom.
Now consider: would the lack of cryptocurrency really matter?
Yes, it would drive operating costs up by 25% to 35% on the money laundering (mule) side, but so what? Charge $150K instead.
This doesn't even take into account the "mitigation" firm angle: at least 1 outfit has already been caught doing almost nothing
but negotiating directly with the ransomware attacker for the decode.
The way to reduce ransomware attacks is to drive up the risk factor - not attempt (and fail) to drive down the profitability.
Cryptocurrency isn't the problem. The argument in favor of banning it (whatever immensely draconian measures that would entail)
is an argument in favor of inverted totalitarianism with government or private spy agencies and mitary/police forces doing the
enforcement.
It's also an argument in favor of SWIFT and similar systems in service to the financial and corporate elites. Many of whom
are in fact adding crypto to their portfolios and accepting payments.
Think of it this way. The only reason these hackers (using NSA tools) don't just ask for a cash drop of various currencies
of unmarked non-sequential bills a remote place is that the USA, UK and Five Eyes can police any ransom payments. Same with SWIFT.
The majority of them have no Russian ties.
ransomware - along with stuxnet - is the main reason i started reverse engineering. it's just as easy to install as any other
malware since most payloads get dropped due to PICNIC s.
i actually recall seeing one that was almost entirely javascript and operated from RAM. one click in a browser without script
protection and that's it.
apple and microsoft (and to a degree android) have succeeded in dumbing down the average user and no amount of "compliance
meetings" will fix that any time soon.
as for crypto, it appeals to the segment of the population with too much money and is worse than useless for those with
too little. it's just like the VC idiots who have reaped the benefits of QE (and ridiculous
overvaluations ) and use their ill-gotten gains to keep garbage like uber on life support.
they shit their pants at the thought of paying $0.00000001 in taxes but will flush $40,000 down the toilet on "NFTs" and
imaginary digital monopoly money. assholes.
@ c1ue 1 -- "And no, backups make zero difference to this figure."
I don't pretend to understand the intricacies of this, but why wouldn't it be possible to have two servers (or server banks)
set up with identical data, then if one of them is attacked (illegally encrypted and locked out), IT personnel could migrate access
to the data in the second server and wipe the first one? Seems simple enough.
i usually ignore other comments but the above is a bit annoying and i've seen this "argument" from many otherwise smart people
(e.g. greenwald).
Cryptocurrency isn't the problem. The argument in favor of banning it (whatever immensely draconian measures that would entail)
is an argument in favor of inverted totalitarianism
1. yes it is a problem. nothing is "the" problem unless you want to get down to the philosophical bones of capitalism
and such.
2. "banning" it might not be practical (we've had bans on child porn for quite a while and it still exists...and is usually
paid for with crypto). but banning the mining of it will de facto take it down a few pegs.
3. let's drop the "derp imma freedom fighter cuz i has dogecoin" crap. the people with the most ability to buy and manipulate
coin are the people with the least reason to tamper even slightly with the "system". but then some people (usually soulless white
yuppie guys) act like musk is a "genius" so i guess making him and other cointards out to be digital che guevaras wouldn't be
a huge leap.
4. we already live under "inverted totalitarianism". and it smells a bit of ayn rand's verbal feces to equate "i can't have
100% freedom all the time with my vapor money" with "derp here come the stalins!" maybe try to think about something immaterial
for 5 seconds a day.
5. crypto is the BLM of currency. it looks all freedomy and changey but will eventually be co-opted and absorbed into the blob.
or have goldman and the other parasitic "masters of the universe" suddenly embraced competition?
6. it's also the "free range beef" of currency. just as that dumb fuck yuppie marketing campaign ignores the vast amount of
land it takes to feed the cows, crypto lovers have yet to explain how something that already uses as much electricity as goddamn
EGYPT can be scaled out to cover everyday use by billions (or even millions) of people.
Cryptocurrencies are almost entirely used for illicit activity, gambling and investment frauds, and on the whole have no upside
for society at large while also having unbounded downside and massive negative externalities
Bah Humbug. Lots of normal people with some excess cash use crypto, trade crypto, and pay their taxes. Almost everything blamed
on crypro can be blamed on the USD as well.
It is another avenue that can be used for illicit activities. These exploits against these systems would go on without crypto
albeit at a lesser extent. Organizations will learn to harden their weak systems and move on with life.
I work with people who have mad some damm good clean money playing crypto. They talked me into dabbling with some spare cash
and I have done quite well. If I lose its on me and no one else. I do not need the Empires bureaucrats breathing hot air down
my neck on this one.
Klaus Schwab and his friends at the WEF are currently running Cyber Polygon which simulates a cyber pandemic (electricity grids
shutdown, banking systems, hospitals etc) due to cyber attacks which will disrupt and impact society worse than anything Covid
did.
Giving the welcoming remarks at Cyber Polygon for the second year in a row, Schwab spoke at length about the World Economic
Forum's (WEF) desire to tackle cybersecurity by bringing together a closer merger of corporations, small businesses, and governments.
Last year, Schwab warned, "We all know, but still pay insufficient attention to, the frightening scenario of a comprehensive
cyber attack, which would bring a complete halt to the power supply, transportation, hospital services, our society as a whole."
A ransomware attacker may sit in Tel Aviv.... I'm convinced that the Zionists are involved in this. As for the American's sabre-rattling,
that's just empty nonsense. The NATO gang has been deploying cyber attacks on Russian infrastructure for a long time, to no avail.
Let's make it safe for FedCoin and the Banksters by eliminating all non-sanctioned non-governmental cryptos, as well as cash.
Only programable, traceable, instantly confiscatable "money" issued by the Central Banks and Governments will be allowed.
Take it straight from the Bank for International Settlements General Manager AgustÃn Carstens in October 2020, telling you exactly
where the central bankers intend to go
OK, attack corporations for crypto or cash. What is next is that attacks could be extended to attacks on Nations and infrastructure.
ie. The Iranian transport system has just been hacked. (The supreme Leaders telephone number appeared on all the railway Bulletin
boards.).
Not forgetting all the other Styxnets etc.
This may be one thing on which the Biden/US and the Putin/Russians could agree to cooperate. Self protection is a valid motive.
Cryptocurrency exchanges are the channel by which all the illicit funds in this epidemic flow. And it is the one channel that
the US government has complete power to rein in and regulate. The free flow of money from US banks to cryptocurrency exchanges
is the root cause of this pandemic and needs to halt.
I'm sorry but this is absolute nonsense. Any American (or European or Japanese or anyone else) is required to submit to various
KYC protocols (Know Your Customer) in the same manner as setting up a bank account at a bank that participates in the SWIFT system.
A government ID (which can be faked, more on that in a bit) is required to set up an account on any of the exchanges that the
US government has the power to regulate in traditional ways (i.e., not by simply shutting down the internet or seizing domains
like they did to Iranian and Houthi media).
Money flowing from US banks to exchanges and back the other way is not the problem, sorry. In fact I'd be willing to
bet that the money easily recovered by the FBI from the Colonial ransomware attack must have been transferred in this manner,
hence the ease with which it was recouped.
As far as a fake identity, one would have to obtain or generate a fake government ID, a fake social security number (or the
equivalent in EU, Japan, Korea, etc.), establish a bank account with this fake identity and only then could they use the system
in the manner that Diehl presupposes. Is this a possibility for a very small number of racketeers and extortionists? Sure, but
it doesn't make crytocurrencies somehow unique for this type of criminal to operate.
if they can disable crypto, they can disable stuff that's a whole lot worse than crypto.
people do recognize at times than we can solve problems simply by not doing certain things.
Isn't the Western banking system heavily invested in global criminality, and didn't this state of affairs exist before the
arrival of crypto? why would the USG change now, since crypto creates the need for more policing and surveillance, whose manipulation
nurtures another excuse to blame the Rooskies?
Crytpos are new securities that invest in technologies that will run the new world. Some technologies are foundational and some
are fads. Buyer beware.
911 was a psychological warfare operation. Russia-gate is a psy-war operation. Pandemic 2020 the same. And so too is this latest
fear mongering BS about cyber-security. All of it in service to ever-increasing compliance and control for 1984 2.0.
What evidence is there that this even happened at all? Seems like the same as the poisoning events, just empty claims and refusal
to provide evidence neither to Russian authorities nor the public. A bunch of nonsense.
I feel the same way about cocaine use and the American dollar, lol. Years ago researchers reported that most US $100 bills had
cocaine residue on them.
Also, check out during the 2008 crash that the big drug cartels bailed out EU banks to the tune of approximately $900 million
US. Nothing to see here, move along now.
Wow! What a chasm between Biden's quite reasonable and measured comments, that even hint at increasing, not decreasing
cooperation between himself and Putin...and the literal mouthfoaming of the New York Slimes!
Appreciate this really informative article! Some years back I decided to buy one bitcoin for the price of 500 Euros. I found
a guy [don't recall how, maybe by want ads in local paper] who met me at a McDonalds and I gave him the cash in hand, while I
checked on my laptop to see the bitcoin deposited.
Somehow, I misplaced that silly password or wallet or whatever, and that bitcoin is gone in the coin fountain forever, lol!
Kind of stings a little to see these things going now for something like 50 k, lol!
I had never heard of these crypto-markets, where I guess you can just buy them online in some way. I suppose they didn't exist
back when I wanted to buy one?
... why wouldn't it be possible to have two servers (or server banks) set up with identical data, then if one of them is attacked
(illegally encrypted and locked out), IT personnel could migrate access to the data in the second server and wipe the first one?
Seems simple enough.
Posted by: norecovery | Jul 10 2021 18:12 utc | 4
Data replication is a standard tool for massive data bases, but they require high throughput communication channel. So what
you want is a system that can only receive and store, with no processing whatsoever -- without an authorized user physically present.
Otherwise the remote rider of the mother side can instruct the mirror to encrypt the content in the same way as the mother site.
That may be a simplification but you probably need an operating system for the mirror that lacks any of the garbage invented
and planted in operating system in the last 30 years. No way to run java etc. Totally against the current software "philosophy".
Sanger is one of the Time's veteran war whores as well as being a favored propagandist for the "intelligence" cosa nostra and
their frequent disinformation campaigns that originate at his ol' grey bag.
I just picked up the rights to the domain: "TheRussiansDidIt.com ..seeing that no matter who what or where any kind of real
or perceived cyber attack occurs.....within milliseconds, "propornot" rags like the Times screeches as loud as their typeset allows:
the Russians did it...with of course a mandatory inclusion that Vlad the Evil Impaler is the ultimate " mastermind" behind it
all.
The escalating warmongering by David Sanger is the real danger here followed by the lack of an international Cyber-Security
Treaty, which is something the Outlaw US Empire doesn't at all want because it would apply reigns to its unilateralism and continual
breaking of the UN Charter.
Putin and Russia have asked for such negotiations for over a decade with zilch response from NATO/Outlaw US Empire. Think of
all the attempts to provide a casus belli since Putin became president/PM that are completely devoid of any evidence, then add
all Sanger's crap to that list as it's no different. He's being paid by a faction that wants war with Russia regardless the cost,
but he doesn't give a damn about all that since he writes lies for a living while also living a lie.
All Bitcoin transactions are public, traceable, and permanently stored in the Bitcoin network. Since users usually have to reveal
their identity in order to receive services or goods, Bitcoin addresses cannot remain fully anonymous.
"The only language that Putin understands is power, and his power is his money," said Garry Kasparov, the Russian chess grandmaster
and a Putin critic. "It's not about tanks; it's about banks. The U.S. should wipe out oligarchs' accounts, one by one, until
the message is delivered."
For the sake of the argument, let's assume Kasparov's assessment of Russia is true (that's already a big "if").
Then, we have two possibilities:
1) the USA is not an oligarchy, and has a system that is superior to an oligarchy, i.e. a system that is worth spreading around
Russia and is capable of crushing the Russian system;
2) the USA is an oligarchy, but a better oligarchy than Russia's.
We can discard #1 outright, as it is notorious and self-evident fact that the USA is an oligarchy. Even
Bernie Sanders has just stated that , it's already common knowledge.
So, we have #2 left to analyze.
Taking #2 as the premise of the real world, and also going from the premise Garry Kasparov is not a complete idiot or crazy
(Plato's presupposition for a political debate to take place), then we can only conclude Mr. Kasparov is openly asking the help
of the American oligarchy to crush the Russian oligarchy. Putting in another way, he's asking oligarchy to defeat oligarchy.
The problem here is that using an oligarchy to crush another oligarchy would not result in the extinction of oligarchy, but,
on the contrary, in the strengthening of the oligarchy. In this concrete example, the Russian Federation would just be governed
by the American oligarchy, in the same system, but much harder to defeat than before.
Garry Kasparov, therefore, is a pro-oligarchy militant. A Russian far-rightist could even demagogically claim he's anti-Russia.
There's an idealist scenario where you could argue abstractly #1 could be held true: that the Russian Federation is a "kleptocracy",
i.e. an oligarchy where the State dominates the bourgeoisie. In that case, the USA would not be an oligarchy because the bourgeoisie
uses the politicians to their own end, and not the inverse. That is, it is an oligarchy only when the politicians dominate the
capitalists, but not the inverse - the inverse would be (liberal) democracy.
But that's a liberal fantasy. Either Putin is all-powerful or he isn't - he can't be both at the same time. If Putin dominates
the oligarchs, then the oligarchs are not oligarchs - they're mere shells of Putin's (and, therefore, the Russian State) power
and wealth. If Putin is dominated by the oligarchs, then, by liberal standards, Russia is not an oligarchy either, just a traditional
liberal democracy.
In all of these ransomware attacks the one factor that is NEVER discussed is that the vast majority of them occur
on Microsoft Windows. When will people learn to start using a real operating system.
Technologists and those who follow their lead (Venture Capitalists, angel investors, etc) are often wayyyy ahead of the
curve, and as such, become mega-rich from their financial bets on new technologies
OR:
They are the 21'st century snake-oil salesmen---endlessly touting some zoomy, spiffy technology whose 'greatness' the proles
are just too dumb to comprehend, lol! And in 99.999 percent, it all turns out to be VAPOR! But the sheeple's fleece that is collected
is very very real, and comes from your wallet, lol!
I should think the real villains involved in a lot of these ransomware attacks attributed to Russia are the SBU and their CIA
bosses in Kiev. (The SBU and the CIA share the same offices.) The Ukrainian security services, and the people they use or contract
work to, most likely also have the tools to attach faked Russian-language metadata to their hacking activities.
Add also the possibility that these Nazi crazies in Kiev are working with Israeli-affiliated agents or agencies with cyber-hacking
experience and knowledge in getting access to major networks and we have one Hell of a global problem indeed.
No doubt the SBU and the CIA are using crypto to finance their activities. Even Bellingcat uses crypto to pay for information
hacked from private mobile phone databases. Of course the sooner crypto currencies can be regulated properly, the better. But
banning them outright cannot be the solution; the activities crypto helps to drive will migrate to another source of funding.
Is it easy to cash out cryptocurrencies? One can't fool all the people all the time.
Currencies are constantly MONITORED
Reality is in details and deeds. Please list all the cash out steps for cryptocurrencies. Do you know the payment space? Usually
within the U$A and other regions, deposits and withdrawals worth $5,000-10,000 are monitored for tax evasion and money laundering.
Try to cash out $25,000 from your bank account. Majority (98+%) of money is fully monitored and traceable. What % of the US$ are
in the physical form? How much cash does a typical bank branch carry? Cryptocurrencies are not the problem as they are constantly
monitored. How does one buy a bitcoin or cash out a bitcoin?
Which intelligence agencies are driving this DECEPTION?
It is currently harder for those looking to cash out cryptocurrencies while not being watched by the eyes of tax collectors,
administrations and intelligence agencies. So which Orcs are DRIVING this ransomware attacks? It looks like some intelligence
agencies group is leading this ploy of attacks. Why? They want to protect the existing payment and financial system? Create FUD
about their competitive digital currencies? Launch attacks worldwide to DISRUPT operations as they're losing, cyber proxy wars?
Someone is using these ploys to carry out attacks and create a mist to hide their future malicious crimes.
Ransomware services can be easily STOPPED
Why are administrations letting rentable ransomware services, like REvil, operate? This is like letting mafia operate. Why
let web services companies rent them their services? If AWS suspends Parler, then web services can do the same thing to ransomware
services which are a criminal operation. Similarly, Bitcoin, and other cryptocurrencies can be asked to prevent these transactions.
Remember, all these cryptocurrency companies operate under a CORPORATE CHARTER. Who controls the corporate charter? Governments
have enough tools to prevent these crimes. Why aren't they pursuing it proactively and stopping it? Who BENEFITS?
Russia isn't making a strong stand. Why?
On the tenth day of the Cuban missile crisis, the U$A UN ambassador Stevenson dressed down Valerian Zorin, the Soviet ambassador,
in a UN Security Council meeting as Americans watched on television. Stevenson went for the jugular: "I want to say to you, Mr.
Zorin, that I do not have your talent for obfuscation, for distortion, for confusing language, and for doubletalk. And I must
confess to you that I am glad that I do not!" Stevenson went on to denounce the Soviets for lying, treating Zorin in a way that
the Soviet ambassador likened to an American prosecutor browbeating a defendant.
Why isn't Russia raising the issue of these false accusations and provocations regarding manifestations in the information
space at the UN? Where are Russia's ambassadors? Why be a wimpy?
Posted by Steve @ 9
Who observed:
'A ransomware attacker may sit in Tel Aviv.... I'm convinced that the Zionists are involved in this. As for the American's sabre-rattling,
that's just empty nonsense. The NATO gang has been deploying cyber attacks on Russian infrastructure for a long time, to no avail.'
I agree.
I recommend the book Murdochs Pirates, currently 'unavailable' at the detestable Amazon [wonder why?] but now available
at Australian online bookseller Booktopia. Here is a brief and sanitised review of the book from Amazon:
"The inside story of the skullduggery at the heart of one the Murdoch empire's subsidiaries, NDS.
What happens when one of the biggest media groups in the world sets up its own private security force? What happens when
part of this operation goes rogue?
News of the World is not the first Murdoch company to be accused of skullduggery. Murdoch's Pirates is about the dark deeds
of a secret division of News Corp, based in Jerusalem, operating in a combustible world of ambitious ex Scotland Yard men and
former French and Israeli secret service agents, who have one thing in common - they have all left their previous employment under
controversial circumstances.
Reading like a thriller, Murdoch's Pirates is set in the arcane world of hackers and pirates. There are mysterious deaths,
break-ins and wild chases. Some of the individuals involved may well be amongst the brightest minds on the planet, but sometimes
their rivalry can get out of hand and their impulsive behaviour can defy logic.
Neil Chenoweth recounts this clandestine war with his customary lucidity, drollery and brio."
My synopsis of the allegations in the book: The Murdoch empire created a clandestine beyond the law cyber unit, based in Jerusalem,
using , among others, skilled Israeli hackers, to hack and pirate the codes of rival satellite TV companies. The hacked codes
were then used to manufacture millions of 'cloned cards' which were distributed world wide. Children were selling these cards
in schools. This gave the holders of the 'cloned' cards free access to various satellite TV channels, but not Murdoch owned channels.
Why pay a subscription for satellite TV access when you can buy 'cloned' cards for a few dollars? Various rival TV channels then
went broke. This left Fox and Sky to pick up the customers. The Murdoch empire, allegedly, knocked out the competition.
So much for copyright law. Take note Kim Dot Com, awaiting extradition from NZ to the US for his, alleged, 'file sharing' antics.
The Murdoch empire, allegedly, is very litigious and, allegedly, has deep pockets.
These American accusations about Russian ransomware and cyberwarfare are part of the USA's broader Hybrid War against Russia.
Namely, America accuses Russia of what "Leader of the Free World" is massively guilty of so as to extract concessions from
Russia on other unconnected concerns.
This is an umpteenth example of how Goebbelsian psychological projection is fundamental to the American national character.
It's long overdue that Russia and other nations like China and Iran, who are the targets of US smear campaigns, give the Americans
a taste of their own medicine and demand that the United States cease and desist its cyberterrorism and attacks on other nations.
We can start with Edward Snowden's revelations of the American NSA spying on and hacking civilian institutions and leaders
of other nations.
Then move on to the joint American-Israeli creation of the Stuxnet Virus deployed against Iran and even North Korea.
Add on the Wikileaks Vault 7 leaks exposing how the American CIA and its UMBRAGE unit stage *false-flag* cyber attacks, which
the USA will blame on other nations.
And then demand that America terminate its 60,000-member strong covert (cyber) army called Signature Reduction.
After that, tell the USA that its Echelon "Five Eyes" global spy network must be completely and irrevocably be destroyed.
Or Else.
This list is by no means comprehensive but only a very abridged version of what should be called American cyberterrorism.
I am following some parties that really do crypto in dirty deeds and/or really *really* want to stay off the governments radar,
and I have to say none of them is using bitcoin as they know it is traceable with little work. So, no real hacker pirate would
ever ask for ransom in bitcoin.
So, seems these recent ransom ware "attacks" are orchestrated by parties:
1. not afraid to get traced by US government (cause.. they won't bother them?)
2. conveniently not worried by the facts these acts will serve as 100% reason to ban crypto currencies themselves
Hm, which organizations/groups of people/3 letter agencies match these two criteria...
The close reading of Biden alone was worth the price of admission to this post. The whole affair is reminiscent of the invasion
of Afghanistan when Taliban offered to send OBL upon receiving evidence, which was never provided (and probably didn't exist).
I'd rate the conclusions as reasonably well established. Worthy of sending to all my friends who hate Russia. Considering the
nature of the oligopolus that rules the world and that crypto is as useful to them as anyone in evading taxes and accountability,
I wouldn't expect any changes. However I'd like to hear about each case cracked open, which is hard to find in the NYTimes.
>>>If Moscow wanted to stop Russia's cybercriminals from hacking American targets, experts say, it would.<<<
Who are these experts, how would Putin do that, why is it easier for Putin to do this than any ... us?
The attacks are taking place on our IT networks. It is funny that these 'experts' are so insistent that Putin can control all
of the LANs in Russia but we can't. I want these experts to explain how this works.
I am not up on crypto or the innards of ransonware except it was released to the world in Vault 7 I believe. But there is a
pattern by US private and public so called cyber experts. When an attack or breach happens, the US knows exactly who did it and
even the language they speak. However, these super duper experts and their organizations are powerless to stop the (Russian!!)
hackers armed with the most detailed facts. With the private companies of course for a hefty price they can (maybe) protect you.
More than anything these events show how utter incompetent the US is in cyber protection and avoidance at both the government
and corporate levels.
My personal cyber security software installation on my PC for pennies a day offers ransomware protection and has for several
years.
The step does not work like this and has a problem:
1) Especially in the case of attacks that are blamed on Russia, one must see that the perpetrators are located in Ukraine and
neighboring countries and are paid and operated by their intelligence services.
The now occurring increase of the accusation against Russia must be seen simultaneously with the current NATO exercise in the
Black Sea. The warmongers are looking for a reason (or Russia's mistake) that will give them the position of the defender in the
eyes of the Western public and thus a legitimate right for military action. We are there 5 minutes before a war with NATO, which
is fiercely demanded by Ukraine, among others.
2) Interfering with SWIFT would be a declaration of war for Russia, as it is impossible to ensure that legitimate Russian transactions
are not affected.
3) The only solution, besides a real cooperation between the USA and Russia, is to close all non-supervisable "exchange offices"
and at the same time to monitor - as with cash - every transaction of these offices, i.e. the same as is already being done for
money laundering (but even there not consistently).
How little this works, however, when one or more of these states undermine governments themselves, can be seen in the financing
of terrorism. Those who shout "Stop thief" the loudest are those who finance their "friends", who are the "good" terrorists.
So: All wishful thinking, far from the reality of the hypocrisy of the services. The only protection is the companies' own.
If they are too stingy to invest in security, which reduces profits, they have to pay. If you leave your car with the engine running
and the key in the ignition and walk away, you are to blame if your car is stolen.
Translated with www.DeepL.com/Translator (free version)
I should remind barflies that Trump floated the idea of nuking Russia in response to a cyber attack. Do see my comment on the
rocket thread linking to Martyanov's blog.
Don't understand why so many people here are defending the private cyptocurrencies. They're not and never will be money. The
libertarian utopia where there are no banks and everybody will be paying directly with crypto is impossible, will never happen.
According to Klaus Schwab(World Economic Forum/Davos) the next big crisis the world will have to face is a Cyber pandemic. And
judging by the scale he is talking about they got some great crisis for us in store.
Klaus Schwab: "We all know, but still pay insufficient attention to, the frightening scenario of a comprehensive cyber attack,
which would bring a complete halt to the power supply, transportation, hospital services, our society as a whole.
The COVID-19 crisis would be seen in this respect as a small disturbance in comparison to a major cyber attack, he added."
Perimetr @ 10 =>Only programmable, traceable, instantly confiscatable "money" issued by the Central Banks and Governments will
be allowed. <= this is the last thing Americans want to see, the elimination of non traceable cash.. so the USA will do its best
to make it happen..
by: Stonebird @ 11 Crypto? The Banks won't let it go. <=neither will anyone governed by a nation that allows its private monopoly
powered corporations to spy on the population and to use the government itself as an agency which facilitates corporate private
exploitation against those the government governs.
Conflict seems to be developing between the governments and those the governments govern? Its about trust. Global humanity
no longer trust any one in government, for any reason or at any time. Everyone has learned the private corporate powers used by
corporations to exploit the governed, were given to the corporations by the governments; and everyone has seen the exploitation
government imposed on humanity will soon destroy it.
Tom_Q_Collins @ 12 identifies the following statement as absolute nonsense. "Cryptocurrency exchanges are the channel by which
all the illicit funds in this epidemic flow. And it is the one channel that the US government has complete power to rein in and
regulate. The free flow of money from US banks to cryptocurrency exchanges is the root cause of this pandemic and needs to halt.
I'm sorry but this is absolute nonsense. " <= I agree completely, Governments are the mother of illicit funds; the issue that
has the governments and their monopoly powered corporations so upset, is competition to their private party land.
<= Corporations want the corrupt governments, the corporations control, to
outlaw competition so the protected corporations can control everything?
Good luck..
<= Eight billion people sorted into 256 different government governed cages, have lost faith in the integrity of those who
run the governments.
<= I believe, something different, more human oriented is coming to the world. Cryptcurrency is interesting to watch because
it inverts the foundation into a root top.
by: circumspect @ 7 says: "I work with people who have mad some damm good
clean money playing crypto. They talked me into dabbling with some spare
cash and I have done quite well. If I lose its on me and no one else.
I do not need the Empires bureaucrats breathing hot air down my neck
on this one. <=exactly..
Down South @ 8 says
"˜Lack of cybersecurity has become a clear & immediate danger to our society': Klaus Schwab, Cyber Polygon 2021 <=bull shit.
posted by rjb1.5 @ 14 ..
"Isn't the Western banking system heavily invested in global criminality, and didn't this state of affairs exist before the arrival
of crypto? why would the USG change now, since crypto creates the need for more policing and surveillance, whose manipulation
nurtures another excuse to blame the Rooskies? <=exactly..
Abe @ 35 =>which organizations/groups of people/3 letter agencies match these two criteria...<= CIA comes to mind..
But it should also be noted that most Americans have never even seen a "benjamin" (a $100 dollar bill) before. Common
Iraqis or Colombians are much more likely than a regular American to have seen a US $100 bill. Isn't that weird?
It's Russian military doctrine and policy to launch all nuclear weapons in the case of cyber operations attack interfering with
Russian Nuclear Forces computer infrastructure -- message is launch straight away, should be a hoot and a bang. These people are
insane Sanger and co. The courts should jail them for life, for proffering advice that leads to the total destruction of Earths
biosphere. (incl, Humans)
b, your beef is not with crypto currency, but cryptography for one cannot ban crypto currency without crippling cryptography.
This was tried in the US. But the downside of weakening cryptography is that it weakens the entire financial system and put every
financial transaction at greater risk.
Why not simply ban insurance against cyber crime? At least then, companies would take security seriously enough for the current
environment.
Martin Armstrong just posted a piece about crypto where a BIS official talks about how it will be used to ultimately control
every transaction by them and their ilk. They will tell you what you can and cannot spend your money on.
Just like the internet it was let to run free but crypto, the internet, smartphones and Starlink will ultimately control
every person on the planet. Internet passports in in their hoped for plans as well. We do not like you we kick you off. You cannot
give money to those people becasue we do not like them.
While I am not fully convinced that a crypto crackdown will terminate ransomware attacks (but might help to reduce) just a
sidenote:
Some of the rentable ransomware services, like REvil , are run by Russian speaking groups.
Funny name, but immediately Guccifer2.0 and his "Russian breadcrumbs" jump in my mind. So these guys are "Russian speaking",
more exactly, writing, ok. But the pun "REvil" is definitely an English, more exactly American English pun. No Russian, German,
French, or Chinese speaker without a background in spoken/written American English would have that idea in the first place.
The administration already has information of over at least 90+% of (> $1,000) transactions and 99+% on big (> $50,000) transactions.
Digital currencies are good for international trade!
What % of your transactions are in cash? What % of your amount spent is in cash? Even if you pay your cellphone, broadband,
electricity,... bills in cash, they are reported. What information is collected by the credit scoring companies? If you're using
a smartphone they know your favorite places, work location, visited places... How to prevent the ABUSE of data?
Most individuals are sleeping. What % of people are awakened? What % have integrity? Interesting world.
Not only do I view cryptocurrency's rise as a relief-valve to placate the masses and "shoo" them away from precious metals (read:
sound money), but also along the same lines as a 401k. When the SHTF, you won't be able to hold it, so you won't own it. 1s and
0s are not physical and therefore entirely speculative (the stuff of vapor). You can only feel its breath on you when the game
is afoot. When the music stops, it is gone.
What is Russia and China doing? They are buying pms. When the greenback dies its inglorious death, cryptos will be abadoned
and forgotten faster than you can say "Sears."
@ GoverntheMente | Jul 11 2021 1:40 utc | 46 with the reminder of the potential for Intertube outage...thanks
I agree that loss of the Intertubes for a day would be tragic for the Plato's Cave Display worshipers but some of us remember
life without technology coming out your ass as nice....I was on-call for over 20 years...
What this social control effort does though is make the sale for money that is only soft and not hard much more difficult.
It will remind the proles that electricity does not come out of the ground and maybe it would be good to have coinage or paper
backed by thing(s) to give it intrinsic value.
Given the ignorance I am reading lets review a bit about money.
Hard Money is money that has intrinsic value. It could be represented by coinage, paper or a permissioned block chain cryptocurrency.
How that Hard Money establishes and maintains its relationship to the value of things is a separate subject but needs to be recognized
as an event and ongoing process. The relationship that Hard Money has to value is different than the relationship that Soft Money
has to value.
Soft Money is any form of money that has no intrinsic value but is currently given a faith based relationship to value of
things. In 1971, when Nixon took the US dollar, as Hard Money Reserve Currency, off the gold conversion standard it became Soft
Money, or more clearly, a measure of debt passed around to others of faith in its ongoing value. Cryptocurrenies are other examples
of Soft Money but the concept is not new. For decades there have been ongoing local "currency" programs all over the world (the
Hours program) but marketing has now used block chain technology to help birth sexy digital "currencies".
Lets digress at this point and discuss what money is for....used for medium of exchange and as a store of value if available
as such. In those roles there is the assumption of the established/maintained relationship to value over time.
What kids of things get this value relationship? Labor, raw materials, FOOD, property, finished goods and services, etc.
How is this value relationship established and maintained? That is where this get tricky. In the past that responsibility was
executed by the governments or religions of the day. Over the past few hundred years in the West that responsibility has been
held by what could be considered a religion, the God of Mammon religion. That said the bottom line is that the resource allocation
and risk management decisions that come with that authority are and have been decided by a historically elite cult of humans that
have brought humanity to this level of environment and human abuse. That control is being challenged by the China/Russia axis
and the totally sovereign PBOC.
The shit show continues until it doesn't and ransomeware is a sideshow
"" What can be done is to disable the cryptocurrency payment channel that is used by attackers with little to no risk. While this
may not completely solve the problem of widespread ransomware attacks it will at least make it more manageable."" The only effective
way to do the above is to stut down the entire internet. There are many other ways that Ransom can be made via the dark web which
do not involve crypto.
Crypto 'currencies' aren't currencies, they are the most stupid objects of speculation ever invented.
You don't have to ban them, just make shure they can't be traded in or exchanged for real money.
(If you want to know whether something is a currency or not, there's only one simple question you need to ask: can you use
it to pay your taxes? If the answer is 'no', it's not a currency.)
The blockchain is an accounting of all transactions. Every single Crypto/Bitcoin transaction is public. Not only to the merchant
and the customer, but to the world.
Let's assume you buy something with Crypto. Then I see the sender and can look in the database, where he has paid. So if the Cops/CIA/NSA
see that you bought drugs on Darknet, but they don't know who you are, then they just have to go through all the other payments
from the same sender until they find someone they know, let's say a Pizza service or something, and then seize the files there,
and there's your delivery address in there.
Some CIA shill: ..."the attacks would no longer be treated only as criminal acts, but as national security threats"...
Even thought these are clearly criminal acts.
Yeah, OK, and if my neighbor calls me names then I will treat that as a deadly threat against my life, and create accordingly.
Where does this "logic" take Sanger?
Can the USA react with force when some foreign company uses bribery to win a contract?
Can the USA kill people because they have copied something that is under a copyright?
Can the USA let loose the dogs of war when some overseas distributor dumps stuff below cost?
I mean, honestly, have the Americans really thought this through?
In all of these ransomware attacks the one factor that is NEVER discussed is that the vast majority of them occur on Microsoft
Windows. When will people learn to start using a real operating system.
While ransomware attacks are not just a function of the operating system (stupidity on the receiving end is also a factor), I
absolutely agree that people should start using a proper operating system like Linux. Personally, I use Linux Kubuntu
https://kubuntu.org/ which is very user friendly and with KDE it looks familiar
to Windows users. Underneath it is exactly the same operating system as the well known Ubuntu, it is just a different GUI desktop.
It is very easy to install a system like Kubuntu, in fact easier to install than Windows. But most people never install the
operating system they use, so they don't know. So the answer to your question is they will start to use a real operating system
when it is available pre-installed on machines they buy. Obviously, companies like M$ will do their part to prevent that happening
to any significant degree.
I've been following the ransomware actions throufgh
Ars Technica for a while now and for some time it has seemed to me to be obvious that if amerikan intelligence needs untraceable
cash, which may be doubtful since the cocaine/crack running occured at a particular time in the 80's where following Carter and
a dem congress' bill preventing tax revenue from being used to destabilise Nicaragua and reagan still having a dem congress determined
to hold that position, the CIA in particular decided coke dealing was seen as an obvious work around.
As far as I know there are few if any controls on what CIA, defense intelligence and NSA chooses to spend money on currently,
the Church committee after effects have long passed, but if they truly need black money gathered in a manner that is essentially
untraceable because the poachers are also the game keepers, then ransomware would be a much tidier and more profitable option
than dope dealing.
This is particularly the case when one considers that
Monero is the cryptocurrency of choice for many ransomware payouts.
While bitcoin leaves a visible trail of transactions on its underlying blockchain, the niche "privacy coin" monero was designed
to obscure the sender and receiver, as well as the amount exchanged.
As a result, it has become an increasingly sought-after tool for criminals such as ransomware gangs, posing new problems
for law enforcement.
The primary benefits for intelligence are 1) the seeming russian connection plays into the hands of the cold war resurrection
nonsense which forms the basis for amerikan intelligence's empire building and 2) the same intelligence agencies can select corporations
to be 'taxed' on the basis of which corporations haven't been cooperative with agency beat ups about Russian copyright 'theft'
or have whined about particular sanctions etc.
These ransomware attacks are major projects requiring all sorts of social hacking as well as digital hacking to obtain access.
I cannot imagine any band of arseholes better equipped & trained for
social hacking than the CIA or one better
placed for digital hacks than the NSA.
That said if these types can't access crypto currencies it is naive to imagine thay will just down tools & give the game away.
An alternative payment route will be adopted.
The whole point of cryptocurrencies is to combat authoritarianism. I know it's hard for an old mindset to realize what it means,
but more than half of today's population were raised with Internet. They no longer accept authoritarianism like those from
the 20th century.
I would like to say you are right (and I do hope you are), but it looks to me that the population raised with Internet are extremely
susceptible to accept authoritarianism of the 21st century variant, and it is frightening.
Crypto 'currencies' aren't currencies, they are the most stupid objects of speculation ever invented.
You don't have to ban them, just make shure they can't be traded in or exchanged for real money.
This sounds like the same idea that the west has with Russia: Sanction it so it cannot trade with you. Obviously, the result is
that it becomes more independent and starts trading with someone else. It might continue until the west starts to feel isolated.
Your idea could have the same effect on USD, even if it is a way to go before you get there. But eventually, you will.
I use whatever currency my government says is legal tender.
Cryptocurrencies are interestimg, but I would only start using them if I thought they had some sort of military willing to
fight for their worth. Otherwise, they could become worthless overnight.
Perhaps I would feel differently if I understood computer languages and secure banking systems better, but for the time being
it is much easier for me to lose all of my bitcoin than all of the legal tender I have stored in a bank.
Crypto does seem like a very profitable way to speculate on currency if you are in to that.
One of the unstated results of digitalisation at the expense of common sense, including backup. This is one of many reasons I
have consistently refused to digitalise my practice.
"One of the unstated results of digitalisation at the expense of common sense, including backup. This is one of many reasons I
have consistently refused to digitalise my practice."
Yes. It was always stupid to put everything on the internet. They did it like sheep because it was cheap and they thought it
help would help screw the public and their own employees. If you want to avoid being hacked, don't put anything worth hacking
on the internet. Job done. Not only that, when you improve internet herd immunity.
Yes. It was always stupid to put everything on the internet.
There is soon no difference between fiat currencies and crypto currencies in this regard. Over here, they used "covid" to fraudulently
eliminate physical cash. If it hasn't come to you yet, it will.
This all about setting the stage for some huge false flag Cyber attacks , to be blamed on Russia or some other chump. The US,
Israel, the Brits and others from the West are working with WEF- PAC in order to continue their One World Order Agendas. Whether
its financial, infrastructure or sabotage - it's all being done by the same evil cabal.
I find it very troublesome that israel is leading
Israel Moves to Seize Bitcoin
to attack the resistant and any live support send to Gaza.
Counter Terror Financing today issued a
seizure order against 84 crypto
addresses believed to be controlled by Hamas.
The bankers dont need proof, just a honest economic terrorist:
I, Christopher Janczewski, a Special Agent with the Internal Revenue Service-Criminal
Investigations, declare under penalty of perjury, pursuant to 28 U.S.C. § 1746, that the foregoing
Verified Complaint for Forfeiture In Rem is based upon reports and information known to me
and/or furnished to me by other law enforcement representatives and that everything represented
herein is true and correct.
I call them "faith-based currencies". I retain faith in the US $$ mainly in that it will pay off my mortgage (legal tender).
I remember when we at least pretended to have real money here, about 50 years. Now it is all based on the notion the government
will make you take it.
Crypto-currencies look like a great racket. I read Cryptonomicon back in the day, and I can see the anti-authoritarian point
of it, but you still are trusting the purveyor, unless you have recourse when the "money" fails to perform.
I find it strange when people dismiss crypto currencies as a fad, a scam or pyramid scheme just because it is purely digital.
One should realize the US Federal Reserve notes are almost completely digital. The amount of physical coins and paper currency
is only a fraction of total money supply.
Look into M0, M1, M2 money supplies and the monetary base to verify this yourself.
Whenever you have your income direct deposited, pay with a credit card and pay bills online, that is all digital currency.
Why people that transact with digital US dollars all day, every day have such a problem with any other digital currency boggles
my mind.
You're right. I made a strong case in the past that BTC is a ponzi. But given all the falsehoods peddled by their backers,
cryptos really are more of a scam.
Ok, that brings into the question of currency definitions.
From a quick google search one finds this: "Currency is a medium of exchange for goods and services. In short, it's money,
in the form of paper or coins, usually issued by a government and generally accepted at its face value as a method of payment."
Now, currency issued by government is usually called "fiat" currency. It has no intrinsic value and only derives value as a
medium of exchange by law.
Why is that the only acceptable form? Are people not free to design, create and use their own private decentralized medium
of exchange?
If so, and this private currency becomes widespread and readily acceptable, is it not a legitimate medium of exchange.
The question really becomes whether people should have the freedom to use whatever medium of exchange to barter they choose
without any government interference.
The reason you have 'fiat' in the USD (I guess you are from the US) is because you know you can use them to pay tax. And if
you don't, you go to jail.
So all currencies are ultimately based on violence; the unquestioned state monopoly.
That's why I gave the question 'can you use it to pay your taxes' as a litmus test to whether something is a currency or not.
The text you quoted sounds much like something taught to children in school, to spare them an uncomfortable truth.
Could we imaging that there was a currency that was not controlled by a state? Yes, if the state doesn't have a monopoly on
violence. We call that 'civil war'. Historical example of that are abundant. The latest being ISIS issuing their own, I think.
Violence is a natural monopoly. We want it to be a state one; some states (not least the US) might not use it very wisely,
but all alternatives are worse.
Currency is not synonymous with money. They're completely different things. You don't even need currency to exchange products
(barter).
In capitalism, in order for something (anything, digital or not, being digital is immaterial to Economics in this case) to
be money, it has to have three functions at the same time: 1) means of payment, 2) unit of accountancy and 3) reserve of value.
Cryptocurrency serves only as #1, never serves as #2 (you only know you how much you really have and is paying by observing
its price in USDs in the stock exchange market) and doesn't really serve as #3 (just look at its volatility) even though many
insist that it does, but ok, its doable in favorable environment.
The thing is: even when crypto can do the function of #3, it cannot do the rest. When, e.g. Bitcoin goes to the roof (and you
can only know that in USD terms), some rich speculators hoard it and, because it is not fiat, circulation diminishes. That means
it sees a proportional lowering of its function as #1. That means that, even in a good day, cryptocurrency can never serve as
both reserve of value and as means of payment at the same time: hoarded Bitcoin is the same as hoarded gold.
But what astonishes me is the volatility: even the best crypto (Bitcoin) is as volatile as any other dubious financial asset
available in New York. It is a complete myth it is a safe/promising investment, on par with gold. It walks like a financial asset,
smells like a financial asset and looks like a financial asset, and some people simply choose to ignore the data and keep claiming
it is the future of financial security and stability.
After reading about the problems at Kaseya, at least in that case the problem is negligence in regards to software quality and
perhap even bad corporate security. A group of insiders well familiar with their security flaws might have pulled that off.
"But what astonishes me is the volatility: even the best crypto (Bitcoin) is as volatile as any other dubious financial asset
available in New York."
It's a lot worse than other assets, just look at the last few weeks. Last time we had this discussion some bar flies told us
BTC would never crash. Now the crash has clearly happened. BTC's still the best, though.
The reason it's so volatile is that it's nothing. Literally. Even the worst object of speculation in NY is backed by some kind
of real asset, how ever far back in the chain of instruments. Heck, even when the tulip bulb market crashed in Holland in 1637
you could still use the darned things to grow beautiful flowers. That's not just an asset, that's a real value!
Usually near the center of your 'modern' computer's motherboard (and presumably in your smartphone) there is a relatively large
square component called the 'CPU package', which is the thing that does the computing. It contains one or more 'CPU cores' on
a 'silicon wafer'. Unknown to most of us, it also contains a small 'MiniMe' 'management engine' core that runs half as fast, but
has the final say in everything that goes on in the rest of the package. It starts up its own operating system before any it allows
the big cores to start and load the user's operating system, and it talks to the Internet, although we don't know who it talks
to. It can listen to everything that happens inside the package, and report it back to someone. Maybe this has something to do
with cryptocurrencies. Just a wild guess.
Thanks for being one of the very few people who mention, or even know about the situation in Gaza.
**
Israel has also seized $180 million in tax revenues (per year) that it calculates are paid to families of "militants" killed
by themselves. ie. generally those that are left with no other resources. Then Israel will destroy their houses as well, leaving
kids and complete families to sleep in the streets.
That is pure monetary theft with brutality added.
Continue with the fact that it is estimated it will cost nearly half a billion to rebuild Gaza (and there are no longer any
supporters as this is the fourth time this has happened, about $486+millions). Again the rebuilding and it's access to finance
is controlled by Israel.
91% of Gazan children suffer from PTSD, from the latest killings.
****
However your second link seems to be about US civil forfeiture from a scam based in Turkey selling masks. They do use Bitcoin.
The link to ISIS is tenuous at best, but habitually "civil forfeiture" goes to pay for luxury item for US law-"makers".
****
Note that the ongoing genocide-ethnic cleaning, which is covered up by the MSM, has reached a stage where long lasting physical
effects due to starvation, deprivation, resulting in life-long sequels (rachitism etc) and despair, are war crimes. If
there is a war. Which is why a hidden genocide is conveniently based on accusing Hamas or any other group. Without Hamas as cover,
the real aggression would be plain to see.
The continuous accent on "arresting" children as young as seven, is terrorism of the weakest.
****
The seizure of 84 sites (?) is not just about bitcoin, but is a massive clampdown on any means of describing the conditions
in Gaza today, by eliminating news outlets (censorship) and actual access to Gaza...... and using "Bitcoin" as the excuse.
So Hamas has managed to get a few millions by using cryptos? They don't have much choice.
You're speaking to the choir. I'm been using Ubuntu on all my machines since Breezy, which was released in 2005. I tried other
distros, but always came back to Ubuntu due to packages. There are ALWAYS packages available for Ubuntu.
@norecovery #4
The problem with "mirrored" servers - i.e. fully parallel systems - is that you have to pass data back and forth.
The more you pass this data, the more visible the mirror is to anyone in the system.
The state of the art in ransomware attacks - the very first thing the attacker does is look for hardware backups, software backup
programs and cloud backups. And then poison them.
This isn't just talk: I had a customer, a mid-size accounting firm that did exactly that - 2 fully parallel systems which they
switched on/off every few days. The attacker took down the other system just as it was rotating out/offline, then took down the
online one.
Keep in mind - as much time as it takes to decrypt - so too is the attacker taking the time to encrypt. A ransomware attack doesn't
happen in minutes or even hours - it occurs over days, weeks and sometimes months.
@the pair #6
Let's examine your arguments one by one:
You said:
1. yes it is a problem. nothing is "the" problem unless you want to get down to the philosophical bones of capitalism and such.
no, it isn't the problem. Should we ban online bank accounts because they are used for money laundering (which they are)?
Should we ban credit cards because they're used for crime (which they are)?
This is a risible argument based on the idea that a magical ban on cryptocurrency would stop ransomware.
It. Would. Not.
You said:
2. "banning" it might not be practical (we've had bans on child porn for quite a while and it still exists...and is usually
paid for with crypto). but banning the mining of it will de facto take it down a few pegs.
No it wouldn't. Mining doesn't need to happen in the US. Unless you have a global China-style internet control bureaucracy
- you cannot stop mining.
You said:
3. let's drop the "derp imma freedom fighter cuz i has dogecoin" crap. the people with the most ability to buy and manipulate
coin are the people with the least reason to tamper even slightly with the "system". but then some people (usually soulless
white yuppie guys) act like musk is a "genius" so i guess making him and other cointards out to be digital che guevaras wouldn't
be a huge leap.
I have no idea what you're trying to say here. Dogecoin is a joke coin that has been used by Lone Skum to literally pump and
dump. But then again, this guy has done the same to actual companies, so what?
You said:
4. we already live under "inverted totalitarianism". and it smells a bit of ayn rand's verbal feces to equate "i can't have
100% freedom all the time with my vapor money" with "derp here come the stalins!" maybe try to think about something immaterial
for 5 seconds a day.
Again, no idea how this is relevant to cryptocurrency. You do understand that the 2nd most common criminal currency are gift
cards, right? We should ban those too?
You said:
5. crypto is the BLM of currency. it looks all freedomy and changey but will eventually be co-opted and absorbed into the blob.
or have goldman and the other parasitic "masters of the universe" suddenly embraced competition?
Cryptocurrency is not money. It is not value. It provides no real benefits. But then again, neither does art or 99.9% of philosophy
degrees.
So what?
You said:
6. it's also the "free range beef" of currency. just as that dumb fuck yuppie marketing campaign ignores the vast amount of
land it takes to feed the cows, crypto lovers have yet to explain how something that already uses as much electricity as goddamn
EGYPT can be scaled out to cover everyday use by billions (or even millions) of people.
I've noted the electricity consumption of bitcoin is a problem going back for many years.
But so what? Does anyone care about the carbon footprint of the NYSE? This is a stupid and irrelevant argument.
A more relevant argument would be: bitcoin and other mined currencies are actually far more fiat than fiat currencies. The
percentage of total value they give away to miners in order to get mining done is enormous compared to fiat currencies - but is
invisible because they're being given away from "stock" and not from supply. What happens when the stock ends, as is architected
in Bitcoin and really isn't so far away?
In any case, you have focused overmuch on the libertarian idiots pushing cryptocurrencies. Those are irrelevant.
The reality is that rich people are buying it. US and European and Japanese banks are CUSIP holding crypto for wealthy clients.
It ain't going away and any talk about doing so is deluded.
@Tom_Q_Collins #12
KYC and AML are starting to get implemented in 1st world exchanges, but this is irrelevant.
Criminals have had no problems turning drug/sanction proceeds into cash - why would cyber crime be different?
@gottlieb #17
Nope.
Cryptocurrencies have no real use except to hold value, evade currency controls and get paid for .
I have been watching the space for over a decade now, including hundreds of startups. Not a single for profit use case could
not be done trivially some other way.
There are a few use cases for institutions, but anyone who thinks crypto is going to democratize anything is seriously deluded.
@10 to 1 #27
Untrue. Only if a user connect a wallet with the real world in some way: buying a physical product, converting to fiat, etc is
the chain traceable.
However, the error is that the virtual wallets are literally unlimited.
The further down the chain the "bad" crypto is - the more uncertain who actually controls it and/or benefited from it.
A simple example: a ransomware attacker gets paid 5 bitcoin.
Those 5 bitcoin weren't created - they came from somewhere. Rarely, they are newly mined but usually there's a terrorist wallet,
a thief wallet, a legit owner etc in the chain already.
So who is the legit owner after the 5 bitcoin get split into 20 wallets and then proceed downstream from there?
There is nothing but software required to take the 5 bitcoin and process through 50,000 wallets in 20-long chains - yes, you can
trace all you desire but just how accurate do you think the results are?
Thus the "transparency" is a lie just like those radio and TV stations who are open to anyone looking at who pays for ads...if
they go in person and dig through the deliberately obfuscatory paper trail. And not always even then.
The software companies that say they can handle this: they lie. What they are actually doing is taking known datapoints from participatory
exchanges and using that to ascertain beneficial ownership and/or control - but this in turn makes all manner of assumptions which
will certainly not hold up well in court vs. a knowledgeable other side.
@One Too Many #30
Idiotic.
The main reason ransomware attacks occur on windows machines is because the majority of compute used by companies are on windows
machines.
If a modern Mac laptop or computer is encrypted - you are literally SOL. The OS, if security precautions are set up, is literally
tied to the physical CPU. It is only a matter of time before someone figures out how to hose that check routine - at which point
ransoming masses of Macs will be on the table.
Nor is Linux any better. Encryption performance in Linux is so much faster that it would actually be harder to stop, once in.
Ultimately the green field nature of IT today is such that the criminals go for the easy stuff first.
As Windows improves, that changes the equation which Linux and Mac users have been counting on.
@Jen #32
Possible but not likely.
The reality is that the Ukraine has been a haven for cyber criminals - independent of the present or past governments - for a
long time.
1 of the 4 guys behind the first dark web stolen credit card forum escaped to Ukraine; the Darth Vader political candidate - he
founded/funded that party.
@Max #33
Wrong.
Here's a very common cashout method:
1) exchange crypto for Apple gift cards on Paxful
2) Buy iPhone with gift card.
3) Sell iPhone for up to 40% off retail prices in most countries that have import taxes
@Abe #38
Do these people use cell phones? If so, then they're penny wise and pound foolish.
It doesn't matter what cryptocurrency you use, if you're accessing it via a cell phone or American ISP. With legal or illegal
access to the telco operator - they ain't hiding diddly.
paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier
this week that the company had no intention of paying an extortion fee to help restore the
country's largest fuel pipeline, Bloomberg reported Thursday, citing two people familiar with
the transaction. From the report:
The company paid the hefty ransom in untraceable cryptocurrency within hours after the
attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline
and jet fuel flowing again to major cities along the Eastern Seaboard, those people said.
Once they received the payment, the hackers provided the operator with a decrypting tool to
restore its disabled computer network. The tool was so slow that the company continued using
its own backups to help restore the system, one of the people familiar with the company's
efforts said.
(therecord.media) 53Ireland's national health service, the Health Service
Executive (HSE), temporarily shut down its
IT systems today after suffering a ransomware attack overnight. The organization, which is
in the mid of its COVID-19 vaccination program, said the attack did not impact its ability to
provide urgent medical care but that some routine checks and services might be delayed or
canceled. The HSE described the ransomware incident as "significant" and "human-operated," a
term used to describe high-end sophisticated ransomware groups which orchestrate targeted
attacks against carefully big organizations. In a morning radio show with public broadcaster
RTE, HSE Chief Executive Paul Reid said the agency's IT teams are currently investigating the
incident to find out its breadth. In a different radio show, Reid identified the ransomware
gang behind the attack as Conti, a ransomware gang that started operating in the summer of
2020.
how Norwegian firm Volue Technology handled a ransomware attack that began on May 5th:
The company has set up a Web
page with information about the attack and also links to frequent updates about the status
of its systems. There was no obfuscation about the attack, none at all. The company said: "The
ransomware attack on Volue Technology ('Powel') was caused by Ryuk, a type of malware usually
known for targeting large, public-entity Microsoft Windows systems."
What is even more remarkable about this page is that it has provided the telephone number
and email address of its chief executive, Trond Straume, and asked for anyone who needs
additional information to contact him. Not some underling.
ITWire argues this response "demonstrated to the rest of the world how a ransomware attack
should be handled."
(cnbc.com) 56BeauHD on Thursday May 13,
2021 @09:00AM from the there's-more-where-that-came-from dept. PolygamousRanchKid shares a report from CNBC:
The hacker group DarkSide
claimed on Wednesday to have attacked three more companies , despite the global outcry over
its attack on Colonial Pipeline this week, which has caused shortages of gasoline and panic
buying on the East Coast of the U.S. Over the past 24 hours, the group posted the names of
three new companies on its site on the dark web, called DarkSide Leaks. The information posted
to the site includes summaries of what the hackers appear to have stolen but do not appear to
contain raw data. DarkSide is a criminal gang, and its claims should be treated as potentially
misleading.
The posting indicates that the hacker collective is not backing down in the face of an
FBI investigation and denunciations of the attack from the Biden administration. It also
signals that the group intends to carry out more ransom attacks on companies, even after it
posted a cryptic message earlier this week indicating regret about the impact of the Colonial
Pipeline hack and pledging to introduce "moderation" to "avoid social consequences in the
future." One of the companies is based in the United States, one is in Brazil and the third is
in Scotland. None of them appear to engage in critical infrastructure. Each company appears to
be small enough that a crippling hack would otherwise fly under the radar if the hackers hadn't
received worldwide notoriety by crippling gasoline supplies in the United States. In a
separate report from The Associated Press, the East Coast pipeline company was found to
have "atrocious" information management practices and "a patchwork of poorly connected and
secured systems," according to an outside audit from three years ago. Slashdot reader
wiredmikey shares an excerpt
from the report: "We found glaring deficiencies and big problems," said Robert F. Smallwood,
whose consulting firm delivered an 89-page report in January 2018 after a six-month audit. "I
mean an eighth-grader could have hacked into that system." Colonial said it
initiated the restart of pipeline operations on Wednesday afternoon and that it would take
several days for supply delivery to return to normal.
Probably it was not a false flag. First of all the state of IT security at Colonial Pipeline
was so dismal that it was strange that this did not happened before. And there might be
some truth that they try to exploit this hack to thier advantage as maintenance of the
pipeline is also is dismal shape.
Notable quotes:
"... "As for the money-nobody really knows where it really went." If you are right about the perpetrators, my guess would be that it went into the black-ops fund, two birds one stone. ..."
"... I have become so used to false flags, I am going to be shocked when a real intrusion happens! ..."
"... an in depth article researching solarwinds hack - looks like it was Israel, not a great leap to see that colonial was a false flag https://unlimitedhangout.com/2021/01/investigative-reports/another-mega-group-spy-scandal-samanage-sabotage-and-the-solarwinds-hack/ ..."
"... Regarding the ownership of Colonial Pipeline: 'IFM Investors, which is owned by 27 Australian union- and employer-backed industry superannuation funds, owns a 16 per cent stake in Colonial Pipeline, which the infrastructure manager bought in 2007 for $US651 million.' ..."
"... 'The privately held Colonial Pipeline is valued at about $US8 billion, based upon the most recent sale of a 10 per cent stake to a unit of Royal Dutch Shell in 2019.' ..."
The Colonial Pipeline Co.,ransomware attack was a false flag. They wanted to blame Russian
hackers so they could derail Nordstream II
It is common knowledge that the only real hackers that are able of such sabotage is CIA
and Israeli. It's the same attack types they do to Iranian infrastructure on a regular
basis.
The Russians are not that stupid to do something they know will be blamed on them and is
of no political use to them. And could derail Nordstream2.
As for the money-nobody really knows where it really went. CEO is ultra corrupt. They
never ever invested in their infrastructure so when it went down they came up with a
profitable excuse. Just look at their financials/balance sheet over the years. No real
investment in updating and maintaining infrastructure. Great false flag. Corruption and
profiteering.
"As for the money-nobody really knows where it really went." If you are right
about the perpetrators, my guess would be that it went into the black-ops fund, two birds one
stone.
I'm not familiar with your handle - hello. IMO, it would be counterproductive for Russia
to initiate such a hack. What really affects and debilitates US oil and gas interests is low
prices, both at the pump and on the stock exchange. The hack helped jack up prices (which
were already being jacked-up despite demand still lagging behind supply) which only HELPS
those energy interests. It has long been known, the math isn't complicated, what level crude
must trade at for US domestic oil & gas operations to be profitable. Remember that just
as the pandemic was emerging Russia and Saudi Arabia once again sent the global crude market
into the depths of despair.
I do agree the hack can be interpreted in light of the desperation of US energy interests
to try to kill NS2. I have not yet read the recent articles discussing Biden's recent moves
in that regard. If these moves are a recognition that US LNG to Europe (and elsewhere) are
diametrically opposed to climate responsibility, I'd welcome those moves. As is usually the
case though, environmental responsibility is probably the least likely reason.
Regarding the ownership of Colonial Pipeline: 'IFM Investors, which is owned by 27
Australian union- and employer-backed industry superannuation funds, owns a 16 per cent stake
in Colonial Pipeline, which the infrastructure manager bought in 2007 for $US651
million.'
also
'The privately held Colonial Pipeline is valued at about $US8 billion, based upon the
most recent sale of a 10 per cent stake to a unit of Royal Dutch Shell in 2019.'
Gangs have been operating by registering accounts on selected platforms, signing up for
a free tier, and running a cryptocurrency mining app on the provider's free tier
infrastructure.
After trial periods or free credits reach their limits, the groups register a new
account and start from the first step, keeping the provider's servers at their upper usage
limit and slowing down their normal operations...
The list of services that have been abused this way includes the likes of GitHub,
GitLab, Microsoft Azure, TravisCI, LayerCI, CircleCI, Render, CloudBees CodeShip, Sourcehut,
and Okteto.
GitLab and
Sourcehut have
published blog posts detailing their efforts to curtail the problem, with Sourcehut
complaining cryptocurrency miners are "deliberately circumventing our abuse detection," which
"exhausts our resources and leads to long build queues for normal users."
In the article an engineer at CodeShip acknowledges "Our team has been swamped with
dealing with this kind of stuff."
Who are the Vendors for the SCADA systems? Rockwell, Honeywell, Siemens? Think twice about
public facing gear from publicly listed companies, it's too costly to be honest about many
exploits. I deploy routers from MikroTik, Tools built in to watch connections/traffic live.
Simple to re-flash everything if you get suspicious. Lessons learned from the latest exploits
of Solarwinds and M$ Exchange is the more you know you realize the wider the net. Blaming
nation states for your own stupidity could result TEOTWAWKI. Building fault tolerant systems
can reduce downtime, but who holds the keys? Covid wars is now ramping up into I N F R A W A R
S
REPLYLONGTIMBER IGNORED05/10/2021
at 12:43 pm
"Complexity and connectivity are the Achilles heel of industrial civilization ."
How about foolish interdependence?
-Using Grid Power for refinery & pipelines
-UL1741 Grid Inter-tie Prevents most Solar Customers from using his own "System"
Fukushima survived the events just fine. The Final outcome was due to loss of power.
Evidence is thin, but Natanz enrichment facility is offlineSimon Sharwood, APAC Editor Mon 12 Apr 2021
// 06:57 UTC SHARE
Iran has admitted that one of its nuclear facilities went offline over the weekend, and a
single report claiming Israeli cyber-weapons were the cause has been widely accepted as a
credible explanation for the incident.
Iran on Sunday published
this announcement that said an "accident" impacted the "electricity distribution network"
at its Natanz enrichment facility.
The facility was
inaugurated the previous day, and is thought to have the capability to enrich Uranium and
to represent capacity for uses prohibited under the US/Iran nuclear deal. The Trump
administration tore up that deal, but the Biden administration hoped to revisit the pact.
Iranian officials have said that whatever hit Natanz was an act of "nuclear terrorism".
The Register can find no indication that any radioactive material has been exposed.
Few nations like the idea of anyone in the Gulf region obtaining nuclear capabilities, but
Israel is implacably opposed to the idea. In 1981 Israel bombed a nuclear plant in the early
stages of construction in Iraq and is thought to have collaborated on the Stuxnet worm,
discovered in 2010, that eventually damaged centrifuges used to refine nuclear materials at
Iran's Natanz.
Not long after the news of this weekend's electrical incident, the Israeli Public
Broadcasting Corporation reported that intelligence sources had told
its reporters the accident was in fact a cyber-attack. The corporation is an independent public
broadcaster.
But the say-so of just one of the corporation's shows is all the evidence that Israel had
any hand in the attack. While Israel does not comment on such matters officially, Israeli
politicians have claimed that Natanz was more badly damaged than Iran is letting on. And now
the New York Times reports the
event was a "detonation of explosives."
Iran says it is investigating the cause of the incident and will announce its findings in
due course. ®
Just because a vulnerability is old doesn't mean it's not useful. Whether it's Adobe Flash
hacking or the EternalBlue exploit
for Windows , some methods are just too good for attackers to abandon, even if they're
years past their prime. But a critical 12-year-old bug in Microsoft's ubiquitous Windows
Defender antivirus was seemingly overlooked by attackers and defenders alike until recently.
Now that Microsoft has finally patched it, the key is to make sure hackers don't try to make up
for lost time.
The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver
that Windows Defender -- renamed Microsoft Defender last year -- uses to delete the invasive
files and infrastructure that malware can create. When the driver removes a malicious file, it
replaces it with a new, benign one as a sort of placeholder during remediation. But the
researchers discovered that the system doesn't specifically verify that new file. As a result,
an attacker could insert strategic system links that direct the driver to overwrite the wrong
file or even run malicious code.
Windows Defender would be endlessly useful to attackers for
such a manipulation, because it ships with Windows by default and is therefore present in
hundreds of millions of computers and servers around the world. The antivirus program is also
highly trusted within the operating system, and the vulnerable driver is cryptographically
signed by Microsoft to prove its legitimacy. In practice, an attacker exploiting the flaw could
delete crucial software or data, or even direct the driver to run their own code to take over
the device.
"This bug allows privilege escalation," says Kasif Dekel, senior security researcher at
SentinelOne. "Software that's running under low privileges can elevate to administrative
privileges and compromise the machine."
SentinelOne first reported the bug to Microsoft in mid-November, and the company released a
patch on Tuesday. Microsoft rated the vulnerability as a "high" risk, though there are
important caveats. The vulnerability can only be exploited when an attacker already has access
-- remote or physical -- to a target device. This means it isn't a one-stop shop for hackers
and would need to be deployed alongside other exploits in most attack scenarios. But it would
still be an appealing target for hackers who already have that access. An attacker could take
advantage of having compromised any Windows machine to bore deeper into a network or victim's
device without having to first gain access to privileged user accounts, like those of
administrators.
SentinelOne and Microsoft agree there is no evidence that the flaw was discovered and
exploited prior to the researchers' analysis. And SentinelOne is withholding specifics on how
the attackers could leverage the flaw to give Microsoft's patch time to proliferate. Now that
the findings are public, though, it's only a matter of time before bad actors figure out how to
take advantage. A Microsoft spokesperson noted that anyone who installed the February 9 patch,
or has auto-updates enabled, is now protected.
CISA is an agency full of bureaucrats, not computer specialists. So any judgement is highly
suspect. In my view "computer security bureaucrat" is typically a parasite or a charlatan.
Traditionally computer security departments in large corporations often serve as a place to exile
incompetent wannabes. I do not think the government is different. Real high quality programmers
usually prefer to write their own software not to spend their time analyzing some obtuse malware
code. Often high level honchos in such department are so obviously incompetent that it hurts.
This is the same agency that declared Presidential election 2020 to be the most secure in
history. So their statements are not worth the electrons used to put them on the screen, so say
nothing about a ppar , if they manage to get into such rags as NYT or WaPo.
We need clear-eyed assessment from a real Windows OS specialists like for Stuxnet was
Mark
Russinovich , which is difficult in current circumstances.
The supply chain attack used to breach federal agencies and at least one private company
poses a "grave risk" to the United States, in part because the attackers likely used means
other than just the SolarWinds backdoor to penetrate networks of interest, federal officials
said on Thursday. One of those networks belongs to the National Nuclear Security
Administration, which is responsible for the Los Alamos and Sandia labs, according to a report
from
Politico .
"This adversary has demonstrated an ability to exploit software supply chains and shown
significant knowledge of Windows networks," officials with the Cybersecurity Infrastructure and
Security Agency wrote in an alert . "It is likely that the adversary
has additional initial access vectors and tactics, techniques, and procedures (TTPs) that have
not yet been discovered." CISA, as the agency is abbreviated, is an arm of the Department of
Homeland Security.
Elsewhere, officials wrote: "CISA has determined that this threat poses a grave risk to the
Federal Government and state, local, tribal, and territorial governments as well as critical
infrastructure entities and other private sector organizations."
Reuters, meanwhile, reported that the attackers
breached a separate major technology supplier and used the compromise to get into
high-value final targets. The news services cited two people briefed on the
matter.
FURTHER READING
Premiere security firm FireEye says it was breached by nation-state hackers The attackers,
whom CISA said began their operation no later than March, managed to remain undetected until
last week when security firm FireEye reported that hackers backed by a nation-state had
penetrated deep into its network . Early this week, FireEye said that the hackers were
infecting targets using Orion, a widely used network management tool from SolarWinds. After
taking control of the Orion update mechanism, the attackers were using it to install a backdoor
that FireEye researchers are calling Sunburst. Advertisement
FURTHER READING
Russian hackers hit US government using widespread supply chain attack Sunday was also when
multiple news outlets, citing unnamed people, reported that the hackers had
used the backdoor in Orion to breach networks belonging to the Departments of Commerce,
Treasury, and possibly other agencies. The Department of Homeland Security and the National
Institutes of Health were later added to the list. Bleak assessment
Thursday's CISA alert provided an unusually bleak assessment of the hack; the threat it
poses to government agencies at the national, state, and local levels; and the skill,
persistence, and time that will be required to expel the attackers from networks they had
penetrated for months undetected.
"This APT actor has demonstrated patience, operational security, and complex tradecraft in
these intrusions," officials wrote in Thursday's alert. "CISA expects that removing this threat
actor from compromised environments will be highly complex and challenging for
organizations."
The officials went on to provide another bleak assessment: "CISA has evidence of additional
initial access vectors, other than the SolarWinds Orion platform; however, these are still
being investigated. CISA will update this Alert as new information becomes available."
The advisory didn't say what the additional vectors might be, but the officials went on to
note the skill required to infect the SolarWinds software build platform, distribute backdoors
to 18,000 customers, and then remain undetected in infected networks for months.
"This adversary has demonstrated an ability to exploit software supply chains and shown
significant knowledge of Windows networks," they wrote. "It is likely that the adversary has
additional initial access vectors and tactics, techniques, and procedures that have not yet
been discovered."
Among the many federal agencies that used SolarWinds Orion, reportedly, was the Internal
Revenue Service. On Thursday, Senate Finance Committee Ranking Member Ron Wyden (D-Ore.) and
Senate Finance Committee Chairman Chuck Grassley (R-Iowa) sent a
letter to IRS Commissioner Chuck Rettig asking that he provide a briefing on whether
taxpayer data was compromised.
The IRS appears to have been a customer of SolarWinds as recently as 2017. Given the
extreme sensitivity of personal taxpayer information entrusted to the IRS, and the harm both
to Americans' privacy and our national security that could result from the theft and
exploitation of this data by our adversaries, it is imperative that we understand the extent
to which the IRS may have been compromised. It is also critical that we understand what
actions the IRS is taking to mitigate any potential damage, ensure that hackers do not still
have access to internal IRS systems, and prevent future hacks of taxpayer data.
IRS representatives didn't immediately return a phone call seeking comment for this
post.
The CISA alert said the key takeaways from its investigation so far are:
This is a patient, well-resourced, and focused adversary that has sustained long duration
activity on victim networks The SolarWinds Orion supply chain compromise is not the only
initial infection vector this APT actor leveraged Not all organizations that have the
backdoor delivered through SolarWinds Orion have been targeted by the adversary with
follow-on actions Organizations with suspected compromises need to be highly conscious of
operational security, including when engaging in incident response activities and planning
and implementing remediation plans
What has emerged so far is that this is an extraordinary hack whose full scope and effects
won't be known for weeks or even months. Additional shoes are likely to drop early and
often.
video.ch9.ms
/sessions/teched/na/2013/ATC-B308_Russinovich.pptxStuxnet . Discovered June 2010
after it had spread for year. Exploited 4 zero day Windows vulnerabilities. Print spooler for
remote code execution. ... Written by MarkRussinovich andAaron Margosis. Full
chapters on the major tools: Process Explorer. Process Monitor. Autoruns.
I worked electrical/nuclear with early Programmable controllers/and at maintenance at Nuc
Pwr Generators and alongside Westinghouse and Alstom personnel, etc. and could not make sense
of , for example,
1. Big rush job to "upgrade" nuc electrical control and s/ware at a pwr plant
2.Suddenly GE buys Alstom
3. Siemens intimately involved in sabotage of Iran centrifuges ;[BTW was at U. when Jesse
Beams was spinning at 1 million rps., so I paid attention]
4. Mitsubishi Heavy Ind. sells 4 unique steam generators to US nuc plant, , they all fail,
and 2 operating nuc pwr plants are suddenly shut down...forever [SONGS]. The entire reasons
for failure are true, but absurd in how the failures were "allowed" to happen. E.g., the
certification process was grossly inept and failure was invited, if not assured.
Reminds me the attack on Iranian uranium enrichment infrastructure, which also used patches
as the way to inject malware into the system. And who were the players in this attack?
Notable quotes:
"... Moon of Alabama ..."
"... Next to the NSA and Britain's GHCQ there are at least Israel, China and maybe Russia which do have such capabilities. But whoever had the chutzpah to intrude the cybersecurity company FireEye ..."
"... 'People familiar with the issue' say 'Russia is believed to be responsible'. Well, some kids familiar with wobbly teeth believe in the tooth fairy. What is that 'believe' based on? ..."
Based on my 25 years in cyber security and responding to incidents, I've concluded we are
witnessing an attack by a nation with top-tier offensive capabilities. This attack is
different from the tens of thousands of incidents we have responded to throughout the years.
The attackers tailored their world-class capabilities specifically to target and attack
FireEye. They are highly trained in operational security and executed with discipline and
focus. They operated clandestinely, using methods that counter security tools and forensic
examination. They used a novel combination of techniques not witnessed by us or our partners
in the past.
We are actively investigating in coordination with the Federal Bureau of Investigation and
other key partners, including Microsoft. Their initial analysis supports our conclusion that
this was the work of a highly sophisticated state-sponsored attacker utilizing novel
techniques.
Intruding a cybersecurity company is a mistake as the chance of getting caught is
significantly higher that during an intrusion into other environments. The intruders allegedly
made off with some tools which likely can also be found in the wild.
We have identified a global campaign that introduces a compromise into the networks of
public and private organizations through the software supply chain. This compromise is
delivered through updates to a widely-used IT infrastructure management software -- the Orion
network monitoring product from SolarWinds . The campaign demonstrates top-tier operational
tradecraft and resourcing consistent with state-sponsored threat actors.
Based on our analysis, the attacks that we believe have been conducted as part of this
campaign share certain common elements:
Use of malicious SolarWinds update : Inserting malicious code into legitimate software
updates for the Orion software that allow an attacker remote access into the victim's
environment
Light malware footprint : Using limited malware to accomplish the mission while
avoiding detection
Prioritization of stealth : Going to significant lengths to observe and blend into
normal network activity
High OPSEC : Patiently conducting reconnaissance, consistently covering their tracks,
and using difficult-to-attribute tools
Based on our analysis, we have now identified multiple organizations where we see
indications of compromise dating back to the Spring of 2020, and we are in the process of
notifying those organizations. Our analysis indicates that these compromises are not
self-propagating; each of the attacks require meticulous planning and manual interaction.
Neither FireEye
nor Microsoft named any suspected actor behind the 'difficult-to-attribute'
intrusion effort. Next to the NSA and Britain's GHCQ there are at least Israel, China and
maybe Russia which do have such capabilities. But whoever had the chutzpah to intrude the
cybersecurity company FireEye also blew up their own operation against many targets of
much higher value. Years of work and millions of dollars went to waste because of that one
mistake.
Despite the lack of evidence that points to a specific actor 'western' media immediately
blamed Russia for the spying attempt.
Hackers believed to be working for Russia have been monitoring internal email traffic at the
U.S. Treasury and Commerce departments, according to people familiar with the matter, adding
they feared the hacks uncovered so far may be the tip of the iceberg.
The hack is so serious it led to a National Security Council meeting at the White House on
Saturday, said one of the people familiar with the matter.
...
The U.S. government has not publicly identified who might be behind the hacking , but three
of the people familiar with the investigation said Russia is currently believed to be
responsible for the attack . Two of the people said that the breaches are connected to a
broad campaign that also involved the recently disclosed hack on FireEye, a major U.S.
cybersecurity company with government and commercial contracts.
In a statement posted here to Facebook, the Russian foreign ministry described the
allegations as another unfounded attempt by the U.S. media to blame Russia for cyberattacks
against U.S. agencies.
'People familiar with the issue' say 'Russia is believed to be responsible'. Well, some
kids familiar with wobbly teeth believe in the tooth fairy. What is that 'believe' based
on?
The Associated Press
reported on the wider aspect of the intrusions and also blamed Russia:
Hackers broke into the networks of the Treasury and Commerce departments as part of a
monthslong global cyberespionage campaign revealed Sunday, just days after the prominent
cybersecurity firm FireEye said it had been breached in an attack that industry experts said
bore the hallmarks of Russian tradecraft.
I have read FireEye's and Microsoft's detailed technical analysis of the
intrusion and took a look at the code . As a
(former) IT professional very familiar with network management, I have seen nothing in it that
points to Russia. Who are those 'industry experts' who make such unfounded claims?
In response to what may be a large-scale penetration of U.S. government agencies, the
Department of Homeland Security's cybersecurity arm issued an emergency directive calling on
all federal civilian agencies to scour their networks for compromises.
The threat apparently came from the same cyberespionage campaign that has afflicted
FireEye, foreign governments and major corporations, and the FBI was investigating.
"This can turn into one of the most impactful espionage campaigns on record," said
cybersecurity expert Dmitri Alperovitch .
Ah - the AP talked to Alperovitch, the former chief technical officer of the
cybersecurity firm CrowdStrike . The company which in 2016 claimed that Russia had
stolen emails from the Democratic National Council but could not provide any evidence of that
to the FBI. The company that admitted in Congress testimony that it
did not see any exfiltration of emails from the DNC and had no evidence that Russia was
involved. Alperovitch is also the 'industry expert' who falsely
claimed that Russia hacked into an application used by the Ukrainian artillery. The same
Alperovich who is a Senior Fellow of the
anti-Russian lobbying organization Atlantic Council . Alperovitch apparently has never
seen a software bug or malware that was not made by Russia.
Quoting an earlier version of the above AP story Max Abrams predicted:
"The U.S. government did not publicly identify Russia as the culprit behind the hacks,
first reported by Reuters, and said little about who might be responsible."
You know this story will be retold as all 17 intel agencies 100% certain Putin is behind
it.
That is indeed likely to happen.
Even while there is no hint in the intrusion software where it might have come from the
media all started to blame Russia.
On Sunday, in its first report on the attack, the New York Times headlined:
The Trump administration acknowledged on Sunday that hackers acting on behalf of a foreign
government -- almost certainly a Russian intelligence agency, according to federal and
private experts -- broke into a range of key government networks, including in the Treasury
and Commerce Departments, and had free access to their email systems.
...
News of the breach,
reported earlier by Reuters , came less than a week after the National Security Agency,
which is responsible for breaking into foreign computer networks and defending the most
sensitive U.S. national security systems,
issued a warning that "Russian state-sponsored actors" were exploiting flaws in a system
broadly used in the federal government.
That
warning by the NSA was about a known vulnerability in VMware, a software issue that is
completely unrelated to the intrusions FireEye had detected and which targeted
multiple government agencies.
Not bothering with facts the NYT continued its
insinuations :
At the time, the N.S.A. refused to give further details of what had prompted the urgent
warning. Shortly afterward, FireEye announced that hackers working for a state had stolen
some of its prized tools for finding vulnerabilities in its clients' systems -- including the
federal government's. That investigation also pointed toward the S.V.R., one of Russia's
leading intelligence agencies. It is often called Cozy Bear or A.P.T. 29, and it is known as
a traditional collector of intelligence.
No, the investigation by FireEye does not point in any direction. The company did
not name a suspected actor and it did not mention Russia or the S.V.R. at all. The intrusion is
also in no way similar to those phishing attempts that some have named Cozy Bear or APT 29.
The Times then further discredits itself by quoting the anti-Russian nutter
Alperovich.
On Monday another NYT piece, co-written by Sanger,
describes the wider attack and includes the word 'Russia' 23 times! But it does not provide
any evidence for any Russian involvement in the case. This is the nearest it comes to:
The early assessments of the intrusions -- believed to be the work of Russia's S.V.R., a
successor to the K.G.B. -- suggest that the hackers were highly selective about which victims
they exploited for further access and data theft.
'Believed to be' the tooth fairy?
The piece also falsely insinuates that FireEye has linked the attack to Russia:
FireEye said that despite their widespread access, Russian hackers exploited only what was
considered the most valuable targets.
Nowhere did FireEye say anything about Russian hackers. It only stated that the
intrusions were specifically targeted. The implication of Russia only happened in the
NYT writers' heads.
On Monday, SolarWinds confirmed that Orion - its flagship network management software - had
served as the unwitting conduit for a sprawling international cyberespionage operation. The
hackers inserted malicious code into Orion software updates pushed out to nearly 18,000
customers.
And while the number of affected organizations is thought to be much more modest, the
hackers have already parlayed their access into consequential breaches at the U.S. Treasury
and Department of Commerce.
Three people familiar with the investigation have told Reuters that Russia is a top
suspect, although others familiar with the inquiry have said it is still too early to
tell.
As of now no one but the people behind the intrusion know where it has come from.
SolarWinds , the company behind the network management software that was abused to
intrude agencies and companies, is known for a lack of security:
SolarWinds' security, meanwhile, has come under new scrutiny.
In one previously unreported issue, multiple criminals have offered to sell access to
SolarWinds' computers through underground forums, according to two researchers who separately
had access to those forums.
One of those offering claimed access over the Exploit forum in 2017 was known as "fxmsp"
and is wanted by the FBI "for involvement in several high-profile incidents," said Mark
Arena, chief executive of cybercrime intelligence firm Intel471. Arena informed his company's
clients, which include U.S. law enforcement agencies.
Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that
anyone could access SolarWinds' update server by using the password "solarwinds123"
"This could have been done by any attacker, easily," Kumar said.
And that's it.
Any significant actor with the necessary resources could have used the publicly known
SolarWinds' password to sneak some malware into the Orion software update
process to thereby intrude SolarWinds' customers and spy on them. Without further
definitive evidence there is no reason to attribute the intrusions to Russia.
If anyone is to blame it is surely SolarWinds which has learned nothing from the
attack. Monday night, days after it was warned, its infected software was still available on its
servers . It seems that the SolarWinds people were busy with
more important issues than their customers' security:
Top investors in SolarWinds, the Texas-based company whose software was breached in a major
Russian cyberattack, sold millions of dollars in stock in the days before the intrusion was
revealed.
The timing of the trades raises questions about whether the investors used inside
information to avoid major losses related to the attack. SolarWinds's share price has plunged
roughly 22 percent since the company disclosed its role in the breach Sunday night.
Note the casual use of 'Russian cyberattack', for which there is no evidence, in the very
first sentence.
Silver Lake, a Silicon Valley investor with a history of high-profile tech deals including
Airbnb, Dell and Twitter, sold $158 million in shares of SolarWinds on Dec. 7 -- six days
before news of the breach became public. Thoma Bravo, a San Francisco-based private equity
firm, also sold $128 million of its shares in SolarWinds on Dec. 7.
Together, the two investment firms own 70 percent of SolarWinds and control six of the
company's board seats, giving the firms access to key information and making their stock
trades subject to federal rules around financial disclosures.
Well, grifters are gonna grift.
And 'western' mainstream writers will
blame Russia for anything completely independent of what really happened.
Posted by b on December 16, 2020 at 19:07 UTC |
Permalink
since when has USA needed evidence? They blamed Saddam for years that he had "weapons of mass
distraction". And back in 1990, they created the famous "Iraq solders took babies out fo
incubators " lies. Some of us have lived longer than 30 years and we remember all the lies
USA has said.
all part of the plan to cut Russia from the SWIFT in 2021.
once Biden becomes a president, he will call on all "democracies" to stand up to Russia. He
and other "Western democracies" will hold a joint meeting sometime in 2021 where they will
"condemn Russia for all the malign things Russia has done" and will press Belgium to cut
Russia fro the SWIFT.
Whats wore, instead of doing anything, Russia is just sitting and watching them instead of
warming Europe that this will mean Europe will freeze their collective asses next winter when
they won't be able to get Russia gas. Even Iran is warning Russia that they will be cut off
from the SWIFT.
Putin is getting old and sick, Russia desperately needs a leader who will stand up to those
assholes and warn them to stop. Oh well, it's NOT my problem. Russia better get its asshole
oiled up, it will need it. Putin is a weak and inefficient leader, and the SAker IS full of
shit.
I believe that there are a few golden rules that can be applied to news stories:
1) If the first sentence contains a variation of the words "according to," then the story
is at least partially bullsh*t
2) If a variation of "according to" is in the headline, then every word of the story is a
lie
I have to agree with you, the deep state just cannot get over losing Russia to Putin and
nationalism after the thought that they had turned it into their playground in the 1990s.
They are hot to trot to take out Russia and make it bend the knee, whatever the risks are.
Would not put it past them to pull the SWIFT option, although that would have huge
implications for the Europeans who buy so much oil and gas from Russia.
It could end up as an own goal, as the Europeans join the Russian payments network and
start paying in Euros convertible directly into Rubles (especially with Nordstream 2 in
place). The Indians and Chinese are already setup for payments in local currencies. Right now
China needs Russia as an ally, so they would also probably re-source oil imports to take more
from Russia.
Russia has already made itself self sufficient in food etc., and has been working on
payments in local currencies. They are not stupid, and see such a move coming.
iv> Since Wikileaks first publicised its hacking of the infamous Vault 7
emails demonstrating that the CIA had the ability to attach certain metadata to its own hacking
activities, to insinuate that Russian or Chinese hackers were responsible (and thus put future
investigators on a wrong trail away from the actual culprits), I don't rule out that the CIA
and possibly other intel agencies chummy with it may have penetrated FireEye. Especially as
these hacking attempts appear to have specific targets and some investors in the companies
affected by these hacking attempts seem to employ crystal ball gazers so they were able to
divest themselves of huge numbers of shares and make tidy profits before news of the hacking
came out which would have sent these hacked companies' share prices down into an abyss. Could
some of the hackers themselves be shareholders in the hacked firms?
Since Wikileaks first publicised its hacking of the infamous Vault 7 emails demonstrating
that the CIA had the ability to attach certain metadata to its own hacking activities, to
insinuate that Russian or Chinese hackers were responsible (and thus put future investigators
on a wrong trail away from the actual culprits), I don't rule out that the CIA and possibly
other intel agencies chummy with it may have penetrated FireEye. Especially as these hacking
attempts appear to have specific targets and some investors in the companies affected by
these hacking attempts seem to employ crystal ball gazers so they were able to divest
themselves of huge numbers of shares and make tidy profits before news of the hacking came
out which would have sent these hacked companies' share prices down into an abyss. Could some
of the hackers themselves be shareholders in the hacked firms?
Meanwhile in East Flatrock Tennessee a group of teens is laughing.
"They said our hack was 'an attack by a nation with top-tier offensive capabilities'!
You hear that? We're a nation now! With 'top-tier offensive capabilities' at that! How
awesome is that?"
I believe the Russian President's annual Q&A session is taking place on 17 December
2020. It will be televised and probably videos of it will be uploaded to Youtube and other
platforms over the next few days. The President's own website will feature transcripts of the
session in Russian and English, and probably sevetal other languages. The Q&A session is
usually a marathon affair running several hours. If you watch it, you will find out how ill
Putin appears to be.
b - master propaganda buster, lol... go get em b! i am surprised they aren't coming after
you! maybe they figure you are a relatively obscure presence that will remain irrelevant for
all intensive purposes... and they haven't figured out how to pull an assange or snowden on
you - yet.... you better have some protection with the kgb and know how to speak a little
russian!
Based on my 25 years in cyber security and responding to incidents, I've concluded we are
witnessing an attack by a nation with top-tier offensive capabilities.
Translation: we fucked up and we're gonna blame either China or Russia, depending on the
customer's preference (Republican or Democrat), in order to avoid blame and keep our stock
prices from falling.
If you go to Fox News et al, I'm sure they'll be blaming China.
If you've followed Lavrov's trail for the month of December, he's been in top form in his
denunciations of the United States of Voldemort and its neverending illegalities and immoral
actions. For the curious, the most recent are on the week in review thread. IMO, what
constitutes the Outlaw US Empire's mainstream media lacks credibility across the spectrum of
potential topics just as does the federal government. The planet will be a happier place if
those two entities are just cast away and allowed to drift upon the endless sea of filth they
generate daily.
The Russian Federation can annihilate the United States and US has no defenses against
that.
So they indulge in such self-propaganda exercise, puffing up themselves and their
population, and then they go home, knowing that RF can destroy them.
On the other hand, US can annihilate Iran and Iran cannot do anything about that
either.
So they indulge in such self-propaganda exercise, puffing up themselves and their
population, and then they go home, knowing that US can destroy them.
The only difference between Iran and Russia is that Iran is not a nuclear-armed state,
targeting US cities.
I wonder what percentage of Americans are willing to nuke the Russian Federation - in
contradistinction to the 59% who are willing to nuke Iran - per this M.I.T. report
SL Ayatollah Khamenei by audience of General Soleimani family
"Ayatollah Khamenei said: The funeral of millions of martyrs of Soleimani was the first
severe slap in the face to the Americans, but the more severe slap is "software overcoming
the absurd hegemony of arrogance" and "expelling the United States from the region". It is
definite whenever possible." Fars News Agency 16.12.20
iv> To be honest, this isn't even worth talking about. A non-story that
doesn't deserve any oxygen at all.
The funerals of the late Abu Mehdi Mohandess, the late Brigadier General Solimani and
their companions have been unprecedent in the history of Shia Islam - to my knowledge.
Americans carried out an act that betrayed the extent of their hatred for Iran (as a
country) and Shia (as a religion).
It was not the act of a sane sovereign - but as I have maintained for a long time - those
of a Mad King.
That action, in my opinion, ended the possibility of the United States staying in Iraq, in
Afghanistan, in Syria, or in Lebanon.
I wonder how the Shia would react, overtime, in the Azerbaijan Republic, in Kuwait, in
Bahrain to the United States in the future.
"Neither FireEye nor Microsoft named any suspected actor behind the 'difficult-to-attribute'
intrusion effort. Next to the NSA and Britain's GHCQ there are at least Israel, China and
maybe Russia which do have such capabilities. But whoever had the chutzpah to intrude the
cybersecurity company FireEye also blew up their own operation against many targets of much
higher value. Years of work and millions of dollars went to waste because of that one
mistake."
Well if software+SolarWind+elections = manipulation => proven[before date]
then a country, either from the list of those with 'capabilities', or another whose
capablities were until now unknown, will have invalidated the US election.
Perhaps it may be not worthwhile to discuss the main topic of this thread but I think it
is worthwhile to note it as an indication of the unwillingness to face the World as it is by
many in the United States at all levels.
Now der spiegel,le monde and le figaro have info from Bellingcat about a team of eight FSB
spies and chemical specialist following Navalny for years to take him out,yet not
succeeding.Even the most gullible "Russia,Russia,Russia" consumers start to find this
ridiculous,judging by the comments.Some indeed start to have concerns about a new war on
russia ,that will obviously obliterate all of western-europe.
They had four articles about this in two days.Mockingbird in full speed.It is very clear
to me now that Spiegel ex-journo Udo Ulfkotte was "heartattacked" for outing CIA mastering
der Spiegel in his book.
"This attack is different from the tens of thousands of incidents we have responded to
throughout the years.[...] ...this was the work of a highly sophisticated state-sponsored
attacker utilizing novel techniques"
"Incidents we have responded to"? Meh. Also, this "attack" may or may not be different
from the (likely) tens of thousands of incidents that they've never detected.
Facebook discovered and neutralized a troll farm's accounts related to the french army in
Central African Republic and Mali,working against russian st.petersburg related trollfarm
accounts,that they neutralized as well.This is all about the french countering russians (and
chinese) getting foothold amongst africans,you know the people they threw napalm on in the
fifties,like they did in Vietnam way before the americans,to pacify those people.
And of course Navalny is such a hot item that bellingcats's video on youtube got 10 million
viewers within 48 hours.War on Russia,who is marching on Moscou,any volunteers?The germans
and the french were not very lucky with that in the past,let the united americans have a
try,after all its only europe that is meant for destruction either way.The Rotschilds will be
proud of you.
For me it was enough to read in the news that U.S. Treasury and Commerce department was
among the targets to know who stand behind this operation. It must be very humiliating for US
government, that's why the synchronous chorus about the "Russian Cyberattack", they know well
that it was not Russia ...
U.S. Treasury and Commerce department is the driving force behind "maximum pressure"
sanctions against Iran, terrorizing the Iranian population even blocking trade of medicine
necessary for the treatment of kids with chronically illness.
Now Iranians sit with a complete list of U.S. Treasury and Commerce executives and their
secrets, that would make it difficult for these economical terrorists to have a relaxing
sleep at night. The extra bonus is what Iran got from all other US departments, useful for
the future.
US need to restructure a whole lot of their IT network. protocols, hardware, even
administrators at government and security level to repair at least part of the damage
done.
Khameneie calls it a "sever slap" for the assassination of general Soleimani, one must
agree a mind-blowing one indeed ...
"We are actively investigating in coordination with the Federal Bureau of Investigation and
other key partners, including Microsoft. Their initial analysis supports our conclusion
that this was the work of a highly sophisticated state-sponsored attacker utilizing novel
techniques."
Interpreted as "we screwed up, that Microsoft Defender software is a POS and to think
FireEye AND FBI relied on their crap upgrades - we had better blame Russia and save our total
embarrassment.
They had four articles about this in two days.Mockingbird in full speed.It is very clear to
me now that Spiegel ex-journo Udo Ulfkotte was "heartattacked" for outing CIA mastering der
Spiegel in his book.
Thank you and I fully agree - 'heartbreaker herb' is native to a few eastern countries and
known as an end of life choice of tea that is used by malign actors for centuries. Hard to
find a reference to it these days as most search engines have hidden it. One used to be able
to read of it.
The "united americans" had their try during Russia's Civil War but didn't get very far.
Then they tried carpetbagging neoliberal parasites, and they failed too, although they did
considerable damage. Currently within the Outlaw US Empire, about as many people are out of
work as reside within all of Russia, and their government cares not a whit what happens to
them. On the other hand, President Putin has made it clear on many occasions that every
Russian life is treasured by him and the Russian government, with more support given Russians
than at any previous time by the USSR.
Just so that everyone knows that what this => Framarz @23 poster says is entirely
possible, back in the olden days when I was helping with Linux kernel space stuff Iran was
one of the top five countries where code was being submitted from. Iran has more than just a
few very sharp codesmiths.
Regarding the David Sanger fantasy piece published in the NYT, I commented on the Times's
website that Sanger made the claim of Russian culpability without providing a shred of actual
evidence. Much to my surprise, my comment was accepted for publication. Shortly thereafter,
it mysteriously vanished into the ether, no doubt having been read and removed by some editor
or even by slimeball Sanger himself. Now that was not a surprise.
Thanks for your contribution but it's crystal clear that Khamenei took the responsibility for
this operation today, looking at the eyes of Soleimani's daughter and saying what he said:
(english text)
fna(dot)ir/f1cm2o
- looks like use of (ir) domain causing the text to be blocked, convert the dot
Indeed - if there's anything to be learned, it is that cyber security even in government
intel agencies (Snowden), the military (Manning), political parties (Clinton emails) and now
FireEye plus numerous other Solarwinds customers - is marked more for what it isn't than for
what it is.
This on top of the damage caused by NotPetya and WannaCry - both of which did so much damage
because clearly even Fortune 50 companies don't bother to segment their networks even between
countries.
Incompetence and CYA rules the day.
iv> framarz link might show up later.. i just posted it, but it is in the
cue to be released later, or not..
Re: They had four articles about this in two days.Mockingbird in full speed.It is very
clear to me now that Spiegel ex-journo Udo Ulfkotte was "heartattacked" for outing CIA
mastering der Spiegel in his book.
-Posted by: willie | Dec 16 2020 20:56 utc | 18
Didn't know that until you shared just now. Really terrible if true, but not that
surprising given recent events. Wikipedia sez he died 13 January 2017 (aged 56). That would
have happened during the Obama/Brennan period.
If I understand correctly what you're hinting at, then I'll add that the alps and the
nordic countries are also rife with it. It's principle active alkaloid is easily to determine
port-mortem and if you're lucky, a good clinician will also diagnose it correctly before it's
too late..
Less easy to pinpoint are the effects of targeted exposure with masers.
"But whoever had the chutzpah to intrude the cybersecurity company FireEye also blew up their
own operation against many targets of much higher value. Years of work and millions of
dollars went to waste because of that one mistake."
yankistan propaganda always inserts a clause to show that hackers are bumblers. Reading
the very short one sentence report in Reuters, the yanks got hit hard. pompus had to fly home
and cut short his cold/hot war rabble rousing efforts.
Thank you so much for "Yankistan". That sums it up nicely.
b's observation also gives a clue that it may very well be a white hat attack by the NSA.
Lucky for us they could go the extra mile and give it some "positive" spin. Snark.
[This post not appear, so here it is without links]
Whatever is the definition of "intelligence", certainly it must be inclusive of this
example, from Khamenei:
"Lifting sanctions is up to the enemy, but nullifying them is up to us'"
Also, he said "We must be strong in all areas, including economy, science, technology and
defense, because as long as we do not grow strong, the enemies will not give up greed and
aggression."
Now, compare that last to JV Stalin's 1931 speech in the run-up to WW 2:
"One feature of the history of old Russia was the continual beatings she suffered because
of her backwardness. ... All beat her -- because of her backwardness, because of her military
backwardness, cultural backwardness, political backwardness, industrial backwardness,
agricultural backwardness. They beat her because it was profitable and could be done with
impunity..."
Interesting, eh?
Hat-tip to Framarz | Dec 16 2020 21:53 utc | 30 for Khamenei link.
Stalin's speech link to follow...if it posts.
This cyber attack has NSA written all over it. Either that or the attackers had access to the
tools that were leaked from the NSA trove. The tactics at least are very similar in some
ways.
@willie - I posted a link to CNN's joint investigation with Bellingcat, Der Spiegel, and
"The Insider" the other day in the open thread. Nobody seemed to have noticed. Looks like
Russia has responded to them.
I didn't have time to delve into all the different pages that comprise Bellingcat's
allegations nor did I see anywhere in their stated methodology how they got access to these
phone records that they're claiming correspond to the agents tailing Navalny. At least they
didn't call him "opposition leader" this time - just "opposition activist" or something like
that. LOL I'll be interested to see b's take on this affair once he's had time to digest it -
and there is a lot to digest.
What is so cynical is that during the last three years of fake "Russian Collusion" certain
politicians were colluding with the Chinese CCP, ie in actuality doing what they were
accusing Trump of doing. Inevitable now that there is big trouble brewing in the US, I don't
see how all the fraud evidence on every level can be disregarded, let alone apparent foreign
involvement in the voting machines.
western' mainstream writers will blame Russia for anything completely independent of what
really happened.
can we get a list of these writers.. and store their names and aliases somewhere. a db..
is needed.
b - master propaganda buster, lol... go get em b! i am surprised the oligarch wealth and its
minions haven't
figured out how to pull an assange or snowden on you - yet.... you better have some
protection with the kgb
and know how to speak a little russian! by: james @ 8
James I think the propaganda monsters have discovered how to take b down, they
probably plan to ask B to self inject himself with one of their Gene Modifying
Vaccines(GMVs) with expectation that a mental giant will vegetate to a wimp.
.....
The CIA remains firmly in charge of US policy and the mainstream media. by: gottlieb @ 6
Not really, the people who support and control the CIA have firm control over
politics,
finance, CIA, and media, remember the nine layers of control consist of but two layers
that are public. The CIA is the leg breaker arm of that oligarch cartel. .. .. but mr
gottlieb
please list who in the CIA is the leg breaker in charge over US Policy and explain
how US Policy, CIA leg breaking, mainstream media, wall street execution are financed
marketed and coordinated. I suggest to you these are not government people but private
party marketers.
Just saying a bunch of puppets dressed in CIA suits are in charge is useless.. I will
bet when you identify to us, who it is you are talking about, it will be discovered the
person you think is in charge is not, but instead that person is executing orders given
by a private party someone else. Its the private party some one else that needs media
exposure.
who (by name) do the puppets work for,
how can the string pullers be identified, and
Ill bet because the string pullers are not government at all, but private exploitative
persons, that can be legally tracked?
To Norwegian @ 21 fascinating The private parties most likely responsible (PPMLR) for
the
cyber attack have been asked to investigate the victim of the cyber attack. The PPMLR's
initial findings support the victim pre investigation conclusion made before the
investigation
was complete that the cyber attack was the work of a highly sophisticated state
sponsored attacker utilizing novel techniques? Not all of us were born yesterday?
"I haven't looked at the kernel sources for any significant amount of time for years. It would be interesting to make a tally
of what kind of patches were brought in by Iranian contributors. That is to say, if at any time fixes were made to 'bugs'
brought/left in by the likes of IBM, Intel, Nvidia et al. Would be a nice holiday project."
A number of years back I used to contribute patches for inclusion in the Linux kernel
and stayed up to date on day to day submissions. One thing that surprised me back then was
how many were coming from Iran. Iran was one of the top ten countries where fixes and new
features for Linux were coming from.
After the CIA's Stuxnet attack on Iran back in 2010, Iran began to transition away from
using Windows operating system towards using Linux. This is because it was clear that
Microsoft played a part in distributing the Stuxnet code to computers in Iran embedded
within otherwise normal OS updates.
Presumably the version of Linux authorized for use in Iran by the military and in
strategic infrastructure is a custom distribution that has be heavily audited for security.
Iran certainly has the domestic talent to accomplish this so I have no doubt that the
rumors of it are true. This dramatically increases the difficulty the CIA faces in
launching their cyber attacks. Most of the CIA's tools use backdoors that software vendors
design into their products just for that purpose, but since you can build Linux from source
code it is difficult to hide backdoors that competent programmers cannot find in that
source code.
Basically, the biggest impact of letting the CIA go wild like this is that it will
encourage more people, institutions, and countries to ditch Microsoft products. That is a
very good thing.
The big danger here is that all sides can play such games. The U.S. does not have a
monopoly or even a large advantage in waging cyber wars. It is in fact more vulnerable
than others. Edward Snowden provided proof that the NSA is unable to protect its own
secrets. Wikileaks published Vault 7, the CIA's own secret cyber attack tool collection.
If even the NSA and the CIA can not protect their systems one can only imagine how bad
the security situation is in private institutions like U.S. banks, media organizations,
charities, religious institutions or businesses.
If the CIA targets such institutions in other countries counter attacks on similar
U.S. entities become legitimate.
There may be a method to this madness. Last "Open Thread", I linked this op-ed from an
American columnist for Bloomberg (via The Japan Times):
Fortunately, this is only a very partial history of Cold War America. The fever of
McCarthyism broke by the mid-1950s; the country's institutions proved stronger than the
challenge that movement posed to them. On the whole, the superpower rivalry was a force
for constructive change.
It seems there's an eschatological thesis among many post-war American intellectuals
(many of whom are certainly working for the CIA, in one position or another) that constant
(perpetual) warfare against foreign enemies can solve the USA's own inner capitalist
contradictions. That, if America's enemies attack it with all their guile and force of
will, America will inherently develop its own means of repelling their attack and, at the
same time, develop itself.
Certainly, this "theory" arose, in part, by necessity: as liberal democracy became less
and less compatible with capitalism, the USG had to resort more and more to foreign events
and States of Emergency to pass the legislation needed to satisfy the interests of its own
elite (bourgeoisie). The most illustrative example of this was the Patriot Act, born from
the ashes of the Twin Towers.
But I don't think it is just that. The author mentions many legitimate episodes during
the Cold War where the USA reformed directly because of pressure exerted by the USSR (the
Civil Rights Act of 1968). He could be even more eloquent and simply mentioned the concept
of Welfare State in Western Europe - which was only invented because of the shadow of the
USSR, cast from the other side of Berlin.
So, in this case, I think there is a significant portion of the American intelligentsia
who genuinely believe in this mad thesis that perpetual war will always solve positively
all the domestic problems of the USA. I don't think this is pure cynicism: many of those
Cold War living fossils really envision an even better America for their children and
grandchildren by promoting an all-out war against China, Russia, Iran, North Korea et al -
even in the stances where USA proper is attacked and Americans directly die because of
it.
Presumably the version of Linux authorized for use in Iran by the military and in
strategic infrastructure is a custom distribution that has be heavily audited for
security.
The reason European customers trust Huawei is because Huawei uses open-source software or at
least makes their code available for inspection by customers.
Closed-source software cannot provide secrecy or security. This was vividly demonstrated
last month when
NSA revealed a critical vulnerability in Windows 10 that rendered any cryptographic
security worthless.
Rashid's simulated attack exploits CVE-2020-0601, the critical vulnerability that
Microsoft patched on Tuesday after receiving a private tipoff from the NSA. As Ars
reported, the flaw can completely break certificate validation for websites, software
updates, VPNs, and other security-critical computer uses. It affects Windows 10 systems,
including server versions Windows Server 2016 and Windows Server 2019. Other versions of
Windows are unaffected.
The flaw involves the way the new versions of Windows check the validity of certificates
that use elliptic-curve cryptography. While the vulnerable Windows versions check three ECC
parameters, they fail to verify a fourth, crucial one, which is known as a base point
generator and is often represented in algorithms as 'G.' This failure is a result of
Microsoft's implementation of ECC rather than any flaw or weakness in the ECC algorithms
themselves.
The attacker examines the specific ECC algorithm used to generate the root-certificate
public key and proceeds to craft a private key that copies all of the certificate
parameters for that algorithm except for the point generator. Because vulnerable Windows
versions fail to check that parameter, they accept the private key as valid. With that, the
attacker has spoofed a Windows-trusted root certificate that can be used to mint any
individual certificate used for authentication of websites, software, and other sensitive
properties.
I do not believe this vulnerability was a bug. It is more likely a backdoor intentionally
left in the code for NSA to utilize. Whatever the case, NSA must have known about it for
years. Why did they reveal it now? Most likely someone else had discovered the back door and
may have been about to publish it.
(I
commented on these same issues on Sputnik a few weeks ago.)
Something is really fishy here. Dynamic IP address is reassigned only if you do not switch on you computer on for several days,
which is not very probable for Krugman. Otherwise it is glued to this device and is difficult to highjack without installing
malware on the computer or router. and he should have static IP anyway, he is not some poor shmuck and can
afford extra $10 a month to have.
Two devices with the same IP on the network are usually automatically detected and it is
difficult to use them for download, as during this time the second device will lose Internet connection completely and the
problem will be detected by the ISP support.
So the only option is that somebody installed backdoor malware on Krugman computer and used his harddrive for storage. That's
an extremely improbable scenario, unless he visited some grey site himself.
ccnafr shared their report:
One of the gang's victims was Tobias
Frömel , a German software developer. Frömel was one of the victims who paid the
ransom demand so he could regain access to his files. However, after paying the ransom,
Frömel also analyzed the ransomware, gained insight into how Muhstik operated, and then
retrieved the crooks' database from their server . "I know it was not legal from me," the
researcher wrote in a text file he
published online on Pastebin earlier Monday, containing 2,858 decryption keys. "I'm not the
bad guy here," Frömel added.
Besides releasing the decryption keys, the German developer also published a decrypter
that all Muhstik victims can use to unlock their files. The decrypter is available on
MEGA [
VirusTotal scan ], and
usage instructions are avaiable on the Bleeping Computer forum.
In the meantime, Frömel has been busy notifying Muhstik victims on Twitter about the
decrypter's availability, advising users against paying the ransom.
Carbyne's current CEO, Amir Elichai, served in Unit 8200 and tapped
former Unit 8200 commander and current board member of AIPAC Pinchas
Buchris to serve as the company's director and on its board. In addition to Elichai,
another Carbyne co-founder, Lital Leshem , also served in Unit 8200 and
later worked for Israeli private spy company Black Cube. The only Carbyne co-founder that
didn't serve in Unit 8200 is Alex Dizengof, who previously worked for Israel's Prime
Minister's office.
As MintPress noted in
a past report detailing Israeli military intelligence's deep ties to American tech giant
Microsoft, Unit 8200 is an elite unit of the Israeli Intelligence corps that is part of the
IDF's Directorate of Military Intelligence and is involved mainly in signal intelligence (i.e.,
surveillance), cyberwarfare and code decryption. It is frequently described as the Israeli
equivalent of the NSA and Peter Roberts, senior research fellow at Britain's Royal United
Services Institute, characterized the unit in an interview with the
Financial Times as "probably the foremost technical intelligence agency in the world and
stand[ing] on a par with the NSA in everything except scale."
Notably, the NSA and Unit 8200 have collaborated on numerous projects, most infamously on
the
Stuxnet virus as well as the Duqu
malware . In addition, the NSA is known to work with veterans of Unit 8200 in the private
sector, such as when the NSA hired two Israeli companies , to
create backdoors into all the major U.S. telecommunications systems and major tech companies,
including Facebook, Microsoft and Google.
Both of those companies, Verint and Narus, have top executives with ties to Israeli
intelligence and one of those companies, Verint (formerly Comverse Infosys), has a history of
aggressively
spying on U.S. government facilities.
Unit 8200 is also
known for spying on civilians in the occupied Palestinian territories for "coercion
purposes" -- i.e., gathering info for blackmail -- and also for
spying on Palestinian-Americans via an intelligence-sharing agreement with the NSA.
So before MH17 Dutch intelligence was involved with Stuxnet. Nice, if we can believe the author... It is possible that this
is a plated story with fake facts and dates designed to cover something up. Iranians now probably know a lot more, but they are
not talking.
BTW the following completely discredits the article exposing the authors as frauds: " AIVD's cyber capabilities are well known now
-- last year it was revealed that AIVD was responsible for tipping off the FBI to the 2016 hack of the Democratic National Committee,
knowledge it had acquired because
its operatives had hacked into computers belonging to the Russian hacking group known as Cozy Bear in 2014 and were watching in
2015 when the Russians broke into computers at the U.S. State Department and the DNC. "
DNC was most probably an internal
leak (possibly by Seth Rich),
not a hack and any intelligence agency. Which makes any authors who claims that it was hack a part of the cover-up operation.
Comments are very interesting, much more then the article itself, as they reveals unprecedented level of distrust among commenters
toward Israel (who was the main beneficiary of the sabotage of the Iran nuclear program, as it complete with Iran for regional hegemony)
and by extension the USA.
Notable quotes:
"... An Iranian engineer recruited by the Dutch intelligence agency AIVD provided critical data that helped the U.S. developers target their code to the systems at Natanz, according to four intelligence sources. That mole then provided much-needed inside access when it came time to slip Stuxnet onto those systems using a USB flash drive. ..."
"... The Dutch were asked in 2004 to help the CIA and Mossad get access to the plant, but it wasn't until three years later that the mole, who posed as a mechanic working for a front company doing work at Natanz, delivered the digital weapon to the targeted systems. "[T]he Dutch mole was the most important way of getting the virus into Natanz," one of the sources told Yahoo. ..."
"... The Olympic Games operation was primarily a joint U.S.-Israel mission that involved the NSA, the CIA, the Mossad, the Israeli Ministry of Defense and the Israeli SIGINT National Unit, Israel's equivalent of the NSA. But the U.S. and Israel had assistance from three other nations, according to sources, hence the covert codename that gave nod to the five-ring symbol of the world's most famous international sporting event. Two of the three participating players were the Netherlands and Germany. The third is believed to be France, although U.K. intelligence also played a role. ..."
"... The Dutch intelligence agency, known as AIVD, along with U.S. and British intelligence, infiltrated Khan's supply network of European consultants and front companies who helped build the nuclear programs in Iran and Libya. That infiltration didn't just involve old-school tradecraft but also employed offensive hacking operations being developed as part of the burgeoning field of digital espionage. ..."
"... The Dutch intelligence agency already had an insider in Iran, and after the request from the CIA and Mossad came in, the mole decided to set up two parallel tracks -- each involving a local front company -- with the hope that one would succeed getting into Natanz. ..."
"... it wasn't until February 2007 that they formally launched the enrichment program by installing the first centrifuges in the main halls at Natanz. ..."
"... A sabotage test was conducted with centrifuges some time in 2006 and presented to President George Bush, who authorized the covert operation once he was shown it could actually succeed. ..."
"... sometime before the summer of 2007, the Dutch mole was inside Natanz. ..."
"... they made final changes to the code on Sept. 24, 2007, modifying key functions that were needed to pull off the attack, and compiled the code on that date. Compiling code is the final stage before launching it. ..."
"... Engineers at Natanz programmed the control systems with code loaded onto USB flash drives, so the mole either directly installed the code himself by inserting a USB into the control systems or he infected the system of an engineer, who then unwittingly delivered Stuxnet when he programmed the control systems using a USB stick. ..."
"... the malware worked its sabotage throughout 2008. In 2009 the attackers decided to change tactics and launched a new version of the code in June that year and again in March and April 2010. This version, instead of closing valves on the centrifuges, varied the speed at which the centrifuges spun, alternatively speeding them up to a level beyond which they were designed to spin and slowing them down. ..."
"... But their later tactic had a different drawback. The attackers added multiple spreading mechanisms to this version of the code to increase the likelihood that it would reach the target systems inside Natanz. This caused Stuxnet to spread wildly out of control, first to other customers of the five contractors, and then to thousands of other machines around the world, leading to Stuxnet's discovery and public exposure in June 2010. ..."
"... Gen. Michael Hayden, former head of the CIA and the NSA, acknowledged its groundbreaking nature when he likened the Stuxnet operation to the atomic bombs dropped on Hiroshima and Nagasaki. "I don't want to pretend it's the same effect," he said, "but in one sense at least, it's August 1945." ..."
"... Could it be that the story itself has been planted by intelligence operatives? Well, yeah. Okay. Now we have a story with a potential epiphany. ..."
"... The assassination of civilian scientists fall under the same umbrella but as a crime of murder. The malware move does not bother me but could have caused the release of toxic radiation throughout the world. Killing civilians is wrong. ..."
"... Interesting how Israel planted a virus to help "not to destroy Iran's nuclear program outright but to set it back for a while to buy time for sanctions and diplomacy to take effect." And now Israel is so adamant in trying to derail it. ..."
"... Lot's of misinformation out there about Iran and Nuclear power, they have never tried to put a nuke BOMB together. They may not like Israel but they have never threatened them with Nukes either ..."
"... Israel has provoked so many neighbors, their troubles are on them. They are bullies in the region and the world protects them even when they mistreat and attack others. They always claim they are going after enemies who are plotting against them, but the truth is they are stealing more land. ..."
"... The Mossad is spying on US citizens ..."
"... We're supposed to believe these sources? This piece is typical of the Huff who makes up sensational conspiracies, revelations, showing them as be a or facts. Laughable ..."
"... As always, if we turn the situation around, the major news media would be screaming bloody murder and calling for war with Iran. ..."
"... One of the top American generals, Smedley Butler, was correct when he called war nothing but a racket. ..."
"... to help Israel achieve its demented goal, Stuxnet, ultimately, has come back to bite the US in the >ssa<. Good going morons. How to teach the enemy defeat you in your own game. ..."
"... Yet, as a signatory to the NNPT, Iran has every right to pursue nuclear energy, for civilian purpose ..."
"... Meanwhile, India, Pakistan and Israel couldn't legally sign the NNPT, as they refused to divulge how many nukes they had... ..."
"... This article glorifies the typical USA interference in other countries affairs, the hate and mistrust toward the USA is 100% founded, that country through out its history has shown his neighbors and the the rest of the world that they are friends of no one and always try to undermine other nations. ..."
"... They practically exterminated the native Americans, stole half of Mexico, sponsored coups all over the world, promoted wars and became the biggest producer of arms. All historical facts that no one can denied, and so much more, karma will eventually catch up with the USA, is already starting ..."
"... Another propaganda by YAHOO. Nothing about the 6 billion Obama gave them ??? What do you thing that money went towards. Yahoo should be investigated for treason. ..."
"... The Neocons (and NeoLiberals) opened Pandora's box when they came up with the plan to destabilize the Middle East. Instead they destabilized our planet.. ..."
"... Did you know the UK and Australia worked with Clapper and Brennan to spy on Trump and his campaign team? ..."
"... Zionist are finally losing their propaganda war little by little. American people are fed up ..."
"... "Stuxnet was pretty much dead as a spreading worm a month after it was discovered," he added. "Every antivirus company worth its salt had Stuxnet detection signatures out quickly. It was a worm designed to never be found in the 1st place. Once it was uncovered, it was defenseless." ..."
"... How is this story any more than gossip with international security ramifications? ..."
The first-of-its-kind virus, designed to sabotage Iran's nuclear program, effectively launched the era of digital warfare and
was unleashed some time in 2007, after Iran began installing its first batch of centrifuges at a controversial enrichment plant near
the village of Natanz.
The courier behind that intrusion, whose existence and role has not been previously reported, was an inside mole recruited by
Dutch intelligence agents at the behest of the CIA and the Israeli intelligence agency, the Mossad, according to sources who spoke
with Yahoo News.
An Iranian engineer recruited by the Dutch intelligence agency AIVD provided critical data that helped the U.S. developers
target their code to the systems at Natanz, according to four intelligence sources. That mole then provided much-needed inside access
when it came time to slip Stuxnet onto those systems using a USB flash drive.
The Dutch were asked in 2004 to help the CIA and Mossad get access to the plant, but it wasn't until three years later that
the mole, who posed as a mechanic working for a front company doing work at Natanz, delivered the digital weapon to the targeted
systems. "[T]he Dutch mole was the most important way of getting the virus into Natanz," one of the sources told Yahoo.
Neither the CIA nor the Mossad responded to inquiries from Yahoo News about the information. The AIVD declined to comment on its
involvement in the operation.
The now famous covert operation known as "Olympic Games" was designed not to destroy Iran's nuclear program outright but to set
it back for a while to buy time for sanctions and diplomacy to take effect. That strategy was successful in helping to bring Iran
to the negotiating table, and ultimately resulted in an agreement with the country in 2015.
The revelation of Dutch involvement harkens back to a time when there was still extensive cooperation and strong, multilateral
agreement among the U.S. and its allies about how to deal with the Iranian nuclear program -- a situation that changed last year
after the Trump administration pulled out of the hard-won nuclear accord with Tehran.
withdrawal from the Iran nuclear deal, May 8, 2018. (Photo: Saul Loeb/AFP/Getty Images)
The Olympic Games operation was primarily a joint U.S.-Israel mission that involved the NSA, the CIA, the Mossad, the Israeli
Ministry of Defense and the Israeli SIGINT National Unit, Israel's equivalent of the NSA. But the U.S. and Israel had assistance
from three other nations, according to sources, hence the covert codename that gave nod to the five-ring symbol of the world's most
famous international sporting event. Two of the three participating players were the Netherlands and Germany. The third is believed
to be France, although U.K. intelligence also played a role.
Germany contributed technical specifications and knowledge about the industrial control systems made by the German firm Siemens
that were used in the Iranian plant to control the spinning centrifuges, according to sources. France is believed to have provided
intelligence of a similar sort.
But the Dutch were in a unique position to perform a different role -- delivering key intelligence about Iran's activities to
procure equipment from Europe for its illicit nuclear program, as well as information about the centrifuges themselves. This is because
the centrifuges at Natanz were based on designs stolen from a Dutch company in the 1970s by Pakistani scientist Abdul Qadeer Khan.
Khan stole the designs to build Pakistan's nuclear program, then proceeded to market them to other countries, including Iran and
Libya.
The Dutch intelligence agency, known as AIVD, along with U.S. and British intelligence, infiltrated Khan's supply network
of European consultants and front companies who helped build the nuclear programs in Iran and Libya. That infiltration didn't just
involve old-school tradecraft but also employed offensive hacking operations being developed as part of the burgeoning field of digital
espionage.
AIVD's cyber capabilities are well known now -- last year it was revealed that AIVD was responsible for tipping off the FBI to
the 2016 hack of the Democratic National Committee, knowledge it had acquired because
its operatives had hacked into computers belonging to the Russian hacking group known as Cozy Bear in 2014 and were watching
in 2015 when the Russians broke into computers at the U.S. State Department and the DNC.
But during the early days of Iran's nuclear program, AIVD's hacking team was small and still developing.
The Iranian program, which had been on the back burner for years, kicked into high gear in 1996, when Iran secretly purchased a set
of blueprints and centrifuge components from Khan. In 2000, Iran broke ground at Natanz with plans to build a facility that would
hold 50,000 spinning centrifuges for enriching uranium gas. That same year, AIVD hacked the email system of a key Iranian defense
organization in an effort to obtain more information about Iran's nuclear plans, according to sources.
Israeli and Western intelligence agencies secretly monitored the progress at Natanz over the next two years, until August 2002,
when an Iranian dissident group publicly exposed the Iranian program at a press conference in Washington, D.C., using information
provided by the intelligence agencies. Inspectors for the International Atomic Energy Agency, the United Nations body that monitors
nuclear programs around the world, demanded access to Natanz and were alarmed to discover that the Iranian program was much further
along than believed.
Iran was pressed into agreeing to halt all activity at Natanz while the IAEA sought to obtain more information about the nuclear
program, and the suspension continued throughout all of 2004 and most of 2005. But it was only a matter of time before operations
at Natanz resumed, and the CIA and the Mossad wanted to be inside when they did.
The request to the Dutch for help with this came toward the end of 2004, when a Mossad liaison working out of the Israeli Embassy
in the Hague and a CIA official based at the U.S. Embassy met with a representative from AIVD. There was no talk yet about inserting
a digital weapon into the control systems at Natanz; the aim at that time was still just intelligence.
But the timing wasn't random. In 2003, British and U.S. intelligence had landed a huge coup when they intercepted a ship containing
thousands of centrifuge components headed to Libya -- components for the same model of centrifuges used at Natanz. The shipment provided
clear evidence of Libya's illicit nuclear program. Libya was persuaded to give up the program in exchange for the lifting of sanctions,
and also agreed to relinquish any components already received.
By March 2004, the U.S., under protest from the Dutch, had seized the components from the ship and those already in Libya and
flown them to the Oak Ridge National Lab in Tennessee and to a facility in Israel. Over the next months, scientists assembled the
centrifuges and studied them to determine how long it might take for Iran to enrich enough gas to make a bomb. Out of this came the
plot to sabotage the centrifuges.
The Dutch intelligence agency already had an insider in Iran, and after the request from the CIA and Mossad came in, the mole
decided to set up two parallel tracks -- each involving a local front company -- with the hope that one would succeed getting into
Natanz.
Establishing a dummy company with employees, customers and records showing a history of activity, takes time, and time was in
short supply. In late 2005, Iran announced it was withdrawing from the suspension agreement, and in February 2006 it began to enrich
its first batch of uranium hexaflouride gas in a pilot plant in Natanz. The Iranians ran into some problems that slowed them down,
however, and it wasn't until February 2007 that they formally launched the enrichment program by installing the first centrifuges
in the main halls at Natanz. [ in 2007 it is still Bush administration (which means Cheney) at the helm]
By then, development of the attack code was already long under way. A sabotage test was conducted with centrifuges some time
in 2006 and presented to President George Bush, who authorized the covert operation once he was shown it could actually succeed.
By May 2007, Iran had 1,700 centrifuges installed at Natanz that were enriching gas, with plans to double that number by summer.
But sometime before the summer of 2007, the Dutch mole was inside Natanz.
The first company the mole established had failed to get into Natanz -- there was a problem with the way the company was set up,
according to two of the sources, and "the Iranians were already suspicious," one explained.
The second company, however, got assistance from Israel. This time, the Dutch mole, who was an engineer by training, managed to
get inside Natanz by posing as a mechanic. His work didn't involve installing the centrifuges, but it got him where he needed to
be to collect configuration information about the systems there. He apparently returned to Natanz a few times over the course of
some months.
"[He] had to get in several times in order to collect essential information [that could be used to] update the virus accordingly,"
one of the sources told Yahoo News.
The sources didn't provide details about the information he collected, but Stuxnet was meant to be a precision attack that would
only unleash its sabotage if it found a very specific configuration of equipment and network conditions. Using the information the
mole provided, the attackers were able to update the code and provide some of that precision.
There is, in fact, evidence of updates to the code occurring during this period. According to the security firm Symantec, which
reverse-engineered Stuxnet after it was discovered, the attackers made updates to the code in May 2006 and again in February 2007,
just as Iran began installing the centrifuges at Natanz. But they made final changes to the code on Sept. 24, 2007, modifying
key functions that were needed to pull off the attack, and compiled the code on that date. Compiling code is the final stage before
launching it.
The code was designed to close exit valves on random numbers of centrifuges so that gas would go into them but couldn't get out.
This was intended to raise the pressure inside the centrifuges and cause damage over time and also waste gas.
This version of Stuxnet had just one way to spread -- via a USB flash drive. The Siemens control systems at Natanz were air-gapped,
meaning they weren't connected to the internet, so the attackers had to find a way to jump that gap to infect them. Engineers
at Natanz programmed the control systems with code loaded onto USB flash drives, so the mole either directly installed the code himself
by inserting a USB into the control systems or he infected the system of an engineer, who then unwittingly delivered Stuxnet when
he programmed the control systems using a USB stick.
Once that was accomplished, the mole didn't return to Natanz again, but the malware worked its sabotage throughout 2008. In
2009 the attackers decided to change tactics and launched a new version of the code in June that year and again in March and April
2010. This version, instead of closing valves on the centrifuges, varied the speed at which the centrifuges spun, alternatively speeding
them up to a level beyond which they were designed to spin and slowing them down. The aim was to both damage the centrifuges
and undermine the efficiency of the enrichment process. Notably, the attackers had also updated and compiled this version of the
attack code back on Sept. 24, 2007, when they had compiled the code for the first version -- suggesting that intelligence the Dutch
mole had provided in 2007 may have contributed to this version as well.
By the time this later version of the code was unleashed, however, the attackers had lost the inside access to Natanz that they
had enjoyed through the mole -- or perhaps they simply no longer needed it. They got this version of Stuxnet into Natanz by infecting
external targets who brought it into the plant. The targets were employees of five Iranian companies -- all of them contractors in
the business of installing industrial control systems in Natanz and other facilities in Iran -- who became unwitting couriers for
the digital weapon.
"It's amazing that we're still getting insights into the development process of Stuxnet [10 years after its discovery]," said
Liam O'Murchu, director of development for the Security Technology and Response division at Symantec. O'Murchu was one of three researchers
at the company who reversed the code after it was discovered. "It's interesting to see that they had the same strategy for [the first
version of Stuxnet] but that it was a more manual process. ... They needed to have someone on the ground whose life was at risk when
they were pulling off this operation."
O'Murchu thinks the change in tactics for the later version of Stuxnet may be a sign that the capabilities of the attackers improved
so that they no longer needed an inside mole.
"Maybe back in 2004 they didn't have the ability to do this in an automated way without having someone on the ground," he said.
"Whereas five years later they were able to pull off the entire attack without having an asset on the ground and putting someone
at risk."
But their later tactic had a different drawback. The attackers added multiple spreading mechanisms to this version of the
code to increase the likelihood that it would reach the target systems inside Natanz. This caused Stuxnet to spread wildly out of
control, first to other customers of the five contractors, and then to thousands of other machines around the world, leading to Stuxnet's
discovery and public exposure in June 2010.
Months after Stuxnet's discovery, a
website in Israel indicated
that Iran had arrested and possibly executed several workers at Natanz under the belief that they helped get the malware onto systems
at the plant. Two of the intelligence sources who spoke with Yahoo News indicated that there indeed had been loss of life over the
Stuxnet program, but didn't say whether this included the Dutch mole.
While Stuxnet didn't significantly set back the Iranian program -- due to its premature discovery -- it did help buy time for
diplomacy and sanctions to bring Iran to the negotiating table. Stuxnet also changed the nature of warfare and launched a digital
arms race. It led other countries, including Iran, to see the value in using offensive cyber operations to achieve political aims
-- a consequence the U.S. has been dealing with ever since.
Gen. Michael Hayden, former head of the CIA and the NSA, acknowledged its groundbreaking nature when he likened the Stuxnet
operation to the atomic bombs dropped on Hiroshima and Nagasaki. "I don't want to pretend it's the same effect," he said, "but in
one sense at least, it's August 1945."
Operation Ajax seem to be forgotten by the West, but well remembered, by the Iranian folks. Gary
"The now famous covert operation known as "Olympic Games" was designed not to destroy Iran's nuclear program outright but
to set it back for a while to buy time for sanctions and diplomacy to take effect."
REALITY CHECK 2 hours ago
General Michael Hayden (ex CIA and NSA head) "In other words, there were many of us in government who thought the purpose of
the [Israeli threatened air] raid wasn't to destroy the Iranian nuclear system but the purpose of the raid was to put us at war
with Iran." -in "Zero Days" 2016 documentary about the Stuxnet attack on Iran
From the 'Zero days' documentary on Stuxnet: "Inside the ROC (NSA Remote Operations Center] we were furious. The Israelis took
our code for the [Stuxnet] delivery system and changed it. Then, on their own, without our agreement they just ****ing launched
it. 2010, around the same time they started killing Iranian scientists, [unintelligble] ****ed up the code, Instead of hiding,
the code started shutting down computers, so naturally people noticed. Because they [Israel] were in a hurry, they opened Pandora's
Box. They let it out, and it spread all over the world. ... The problem was that the Israelis, Unit 8200, were always pushing
us to be more aggressive ----
Our "friends" in Israel took a weapon that we jointly developed, in part to keep Israel from doing something crazy, and then
used it on their own in a way that blew the cover of the operation and could have led to war. And we can't talk about that?" But
my concern, and the reason I'm talking, is because when you shut down a country's power grid, it doesn't just pop back up. It's
more like Humpty Dumpty. and if all the King's men can't turn the lights back on, or filter the water for weeks, then lots of
people die. And something we can do to others, they can do too. Is that something we should keep quiet? Or should we talk about
it? ---- R
REALITY CHECK 1 hour ago
@potz.. Nice try at the diversion. In fact it's already well known that the "jewish state" funds your internet propaganda operations.
In fact I'll give readers a little insight to your operation. Ever wondered why Mid East comments are so overwhelmingly anti-Muslim,
anti-Iran, anti-Palestinians and pro-israel? A new propaganda app sponsored by the Israeli Strategic Affairs Ministry for israel's
thousands of internet trolls, Act.il : "A new app 'arms' thousands of motivated civilians worldwide, defending Israel's image
online" ... ... ..
"We had about 1,000 volunteers, most of them students from the IDC, who created pro- Israel PR content in 35 different languages,
reaching some 40 million web users."... we started working from the operations room on a regular basis. We had a database of
student volunteers from dozens of countries, and it became more and more organized. We started setting up departments: One
department created pro-Israeli marketing content, another department found and marked online articles that required our attention,
and a third department dealt with finding and reporting pages that incite against Israel."...
Within only two weeks, it was downloaded by over 6,000 people in 27 countries around the world ... "In the months before
the app's launch, we ran it a pilot among a group of some 800 students, most of them Americans,"...
During the pilot period, we were able to remove 2-5 inciting pages or videos every week. We re working with the IDF [Israeli
Defense Forces] and the Shin Bet [Israeli version of theFBI], who are giving us information on such inciting content, and even
they couldn't keep uswith how fast we were getting things removed."
"Companies, such as Facebook, remove content following reports from the community," Ben-Yosefexplains. "If there is only
one person reporting it, he usually gets told by Facebook the content doesn't meet the criteria for removal. If300 report it-the
content is removed immediately. As soon as content inciting against "Companies, such as Facebook, remove content following
reports from the community," Ben-Yosefexplains. "If there is only one person reporting it, he usually gets told by Facebook
the content doesn't meet the criteria for removal. If300 report it-the content is removed immediately. As soon as content inciting
against Israel is posted online, we send a message through the app and all of its subscribers immediately report it." ...
"Students from the University of California (UC), where there are a lot of anti-Israel activists, came to us for help,"
Briga says. "We organized a joint campaign, in which we opened Skype chats at the IDC and at UC campuses and we let random
students just sit down and have a conversation with someone from here [Israel].
People need to research just how much the Zionist jew state skrewed the U.S. and the world with this Stuxnet, and many OTHER
computer viruses.
Unit 8200 is a cyber terrorist training facility just outside Jerusalem. https://www.forbes.com/sites/startupnationcentral/2018/05/28/rise-of-computer-vision-brings-
obscure-israeli-intelligence-unit-into-spotlight/#7530b9743c19
The accelerating shift toward technologies like autonomous driving, satellite navigation, image recognition, and augmented
and virtual reality, are bringing to the fore Israeli intelligence unit 9900, whose grads are starting to make a name for The
accelerating shift toward technologies like autonomous driving, satellite navigation, image recognition, and augmented and virtual
reality, are bringing to the fore Israeli intelligence unit 9900, whose grads are starting to make a name for them
www.forbes.com
korok malfesio, 2 hours ago
If the CIA, Mossad, and AIVD have refused to comment on the veracity of this story, where did the information come from, and
how did the reporters verify the story? The Dutch mole, who was actually an Iranian citizen, is a possibility, but another insider
is needed for confirmation. This cyber sortie has more leaks in it than the Titanic.
Could it be that the story itself has been planted by intelligence operatives? Well, yeah. Okay. Now we have a story with
a potential epiphany.
rod, 8 hours ago
A little bit of disinformation here on this story. The article refers to "enrich its first batch of uranium hexaflouride gas"
This is incorrect. You can not enrich Hexaflouride gas. You can however, use a radioactive gas such as Irridium gas,
or any other gas that is radioactive in nature such as xenon gas which will bind to the raw uranium molecule and make it bigger.
Therefor allowing the refinement process to become more efficient. This is why Baghdad calls their bahgatrons, an improvement
from a traditional centerfuge.
Also, I remember how the U.S. infiltrated the Iraq military command by installing special chips inside printers to get into
their command and control systems. Not much was talked about in this article about the torture of the people who were suspected
of being #$%$. sympathizer.
NativeRedemption, yesterday
The assassination of civilian scientists fall under the same umbrella but as a crime of murder. The malware move does not
bother me but could have caused the release of toxic radiation throughout the world. Killing civilians is wrong.
True Blue, yesterday
Former Ohio Congressman James Traficant ~ "Israel Owns the Congress and the Senate" ...
ChrisP.Bacon, yesterday
We had an agreement that stopped Iranian development of Nukes. It was verified by international inspectors that Iran was and
is living up to the agreement. America didn't live up to their end of the bargain. Because Trump walked away from the agreement
after America gave their word, now Iran has been given a green light to restart their program courtesy of Donald Trump.
True Blue, yesterday
AIPAC is an organization holding our elected government officials hostage to their foreign policy directives ! Before Israel
we had no enemies in the Middle East... fact !
Ryan, yesterday
Just sayin...It was a combination of the CIA, Mossad, Meyer Lansky, and Israel that killed JFK, Israel wanted nuclear weapons,
Kennedy would have none of it. Lansky wanted his properties back that Castro nationalized when he took over Cuba, and the Jewish
James 'Jesus' Angleton was an Israeli 'mole' who rose to be the 3rd ranked member of the CIA. The book 'Finale Judgement' lays
out all the connections extremely well, there's no doubt than David Ben Gurion and Israel were a part of the scheme to take out
an American president...
Ally M, yesterday
ALL my Congressmen and ALL my Senators have ASSURED me that they will make certain that America provides Israel with all the
Military Intelligence and Military equipment that they should require not only to Defend themselves, but to ensure that they will
Defeat their enemies in any major conflict.
Thank you to ALL our C.I.A. and Military Intelligence officials in Iraq, Syria, Lebanon, Egypt, Qatar, and, yes, Iran who are
providing our Israel friends with Real-time Intelligence information!
AliMD, 18 hours ago
Interesting how Israel planted a virus to help "not to destroy Iran's nuclear program outright but to set it back for a
while to buy time for sanctions and diplomacy to take effect." And now Israel is so adamant in trying to derail it.
vani, 9 hours ago
Lot's of misinformation out there about Iran and Nuclear power, they have never tried to put a nuke BOMB together. They
may not like Israel but they have never threatened them with Nukes either.
Israel has provoked so many neighbors, their troubles are on them. They are bullies in the region and the world protects
them even when they mistreat and attack others. They always claim they are going after enemies who are plotting against them,
but the truth is they are stealing more land.
The Mossad is spying on US citizens, they are as bad as Russia on interfering with our sovereign rights to fair elections,
and a threat to our constitutional rights.
Mike, 4 hours ago
We're supposed to believe these sources? This piece is typical of the Huff who makes up sensational conspiracies, revelations,
showing them as be a or facts. Laughable
idiocracynowi, yesterday
As always, if we turn the situation around, the major news media would be screaming bloody murder and calling for war with
Iran.
This hypocrisy by the American media has been going on since the early 1900s, and is the reason America gets into so many unnecessary
wars. One of the top American generals, Smedley Butler, was correct when he called war nothing but a racket.
Mark Paris, yesterday
"While Stuxnet didn't significantly set back the Iranian program - due to its premature discovery - it did help buy time
for diplomacy and sanctions to bring Iran to the negotiating table." - Or they have to say that since there has been loss of
innocent lives as they say, themselves. - _
"Stuxnet also changed the nature of warfare and launched a digital arms race. It led other countries, including Iran, to
see the value in using offensive cyber operations to achieve political aims - a consequence the U.S. has been dealing with
ever since."
Otherwise, to help Israel achieve its demented goal, Stuxnet, ultimately, has come back to bite the US in the >ssa<. Good
going morons. How to teach the enemy defeat you in your own game.
Kate, yesterday
What comes around, often goes around...
Everyman, 21 hours ago
Operation Talpiot is the back door data pipeline from your computer/cell phone to Israel. Everything you communicate electronically
is stored and analyzed by Israel...
sam spade, 17 hours ago
So this why you stay in the nuclear deal. They know we did it. They signed the deal anyway. They have no reason to trust us,
yet they signed the deal. Can we get back into the deal?
TommyGun, 22 hours ago
This is a nice story-cloak and dagger and all that. Why would anyone want to expose this? ..and endanger the lives of those
involved as there will always be retributions.
Eli, yesterday
Israel will always have people around the world willing to help because if you believe in God and the Bible then helping Israel
is an easy decision against the evil Ishmaelite's. God will forever protect Israel against her enemies those who want to destroy
Israel are on a collision with God, just look at all the countries who hate Israel, they are the worse human rights countries
on the planet, no mans land.
Loyal Tribune, 15 hours ago
Stuxnet haven't had much affect on Iranian side. I read, they through out all infected centrifuges and replaced with brand
new ones in matter of a news weeks. although to them it was like nothing important happened, but a few life are gone for not much
to gain.
IrishAmericanPsycho, 7 hours ago
Yet, as a signatory to the NNPT, Iran has every right to pursue nuclear energy, for civilian purposes.
Meanwhile, India, Pakistan and Israel couldn't legally sign the NNPT, as they refused to divulge how many nukes they had....YET
THE US SHARED NUCLEAR TECH with those countries anyway.....
Censored, 11 hours ago
US and Israel have tried everything to topple Iran: malware terrorism, sanctions, oil embargo, supporting Wahhabi terrorists,
financial terrorism, economic war, sanctioning any country who does business with Iran, disinformation, sabotage, threats, disallowing
Red Cross to help flood victims, pirating... yet, Iran stands tall and grows. The only reason they didn't attack Iran is simple:
they can't.
American, yesterday
Famous act of war. Imagine if Iran had done this? Amazing how restrained the Iranians have been in the face of all the attacks.
anatoly, 16 hours ago
betcha stuff like this is still going on!
P KP K, 4 hours ago
Stuxnet was working fine until Israel decided without US knowledge to increase the effects of the virus and it was caught by
the Iranians. Then it was subsequently used by the Iranians on attacks against Saudi and the US.
Funny how that part of the story was left out
Shekel_Trader, 4 hours ago
If the US had put in half the effort back in the '60's to stop Israel's illicit nuke program, as they did with Stuxnet, we'd
all be a much happier and healthier society today, without Israel threatening its neighbors with one hand while waving the "Sampson
option" in the other.
-S/T
Alex, 17 hours ago
This article glorifies the typical USA interference in other countries affairs, the hate and mistrust toward the USA is
100% founded, that country through out its history has shown his neighbors and the the rest of the world that they are friends
of no one and always try to undermine other nations.
They practically exterminated the native Americans, stole half of Mexico, sponsored coups all over the world, promoted
wars and became the biggest producer of arms. All historical facts that no one can denied, and so much more, karma will eventually
catch up with the USA, is already starting
Tony, 22 hours ago
Another propaganda by YAHOO. Nothing about the 6 billion Obama gave them ??? What do you thing that money went towards.
Yahoo should be investigated for treason.
Collapsing Society, 20 hours ago
Fact: Iran has not attacked any country since the year 1798. Why does the West so bent on bringing Iran down? Answer:
https://youtu.be/HP7L8bw5QF4
rene, yesterday
If Eisenhower hadn't overthrew Iran's government and put our puppet, the Shah, in its place, and if Reagan hadn't shot down
an Iranian civilian jet killing 250 people they'd still be our ally.
William, 23 hours ago
Now that the details are coming out, it doesn't sound like it was a terribly effective operation.
Antiestablishmentarian, 2 hours ago
The Neocons (and NeoLiberals) opened Pandora's box when they came up with the plan to destabilize the Middle East. Instead
they destabilized our planet..
----------10 hours ago
This is a fictitious article. Another fake news from liberal Yahoo-Verizon. It's purpose is to falsely attack President Trump
as someone who has permanently damaged relations with all of our allies. Complete lie.
Did you know the UK and Australia worked with Clapper and Brennan to spy on Trump and his campaign team? Trump is
weeding out all the bad leaders of the world who supported the terrorist state called Iran and threatened his Presidency with
a silent coup. Those people are not allies, they are the Obama era monsters. Yahoo-Verizon liberals want Iran to have nuclear
weapons to destroy the planet. Liberals cry over plastic in the ocean, yet support the most destructive device on earth being
sold to violent, homosexual murdering, muslim terrorists?
Everyman, 21 hours ago
Zionist are finally losing their propaganda war little by little. American people are fed up. In Dickenson Texas,
if you need Federal relief assistance after Hurricane Harvey, you have to sign an unconditional pledge to support Israel. Will
Floridians who slaves or destroyed by Hurricane Dorian be forced to do the same? Will we have to sign an unconditional oath to
support Israel or be refused Federal disaster relief funds?
You're free to be a Zionist if you wish. The rest of us are free to criticize those beliefs. If you wish to push those beliefs
into the public domain and include them in political discourse, they WILL be criticized harshly, rightly so.
Ruban, 18 hours ago
If Russians or Chines has done something like this then, western media would whine for months and call for new sanctions against
them
Can anyone read this article, and NOT understand that the Zionist faction CONTROLS America? And that this incident is just
more proof of it?
Rob, yesterday
So all the fuss about "Russian hacking" was crocodile tears western propaganda.
Sheri, yesterday
And when they repay in kind, don't scream terrorism.
Brook, 13 hours ago
No one wants to mention that the coup was pulled off during the Bush administration.
Jax,15 hours ago
The Stuxnet operation transferred malware technology from Israel to Iran and Russia. This is the unintended consequence. Now
Iran can update the malware and distribute it to attack targets anywhere.
Wallstreet, 6 hours ago
The success of this virus attack spurred on a gold rush for Israel. They now get extra billions per year in funding from USA
to keep developing their security software activities which turned commercial and now allows spying around the world. Israel now
has access to most of the world's governments secrets and is turning that access into gold.
SamS, 22 hours ago
I am truly glad that its only patriotic defense, when we use our computers and hackers to hack into things in Iran, China or
NK and not espionage hacking, as when they do the same exact thing, in reverse!
bez22, yesterday
NSA designed... June 24, 2012, as Big Sleep day for the infamous malware. On that day, it stopped replicating. Its more like
neutered, rather than dead," Eric Byres, CTO and vp for engineering at Tofino Security, told TechNewsWorld.
"The 6/24 date stops it from replicating, but if it has infected your uranium centrifuge, it will still be doing its destructive
work in the PLCs & the drive controllers.
"Stuxnet was pretty much dead as a spreading worm a month after it was discovered," he added. "Every antivirus company
worth its salt had Stuxnet detection signatures out quickly. It was a worm designed to never be found in the 1st place. Once it
was uncovered, it was defenseless."
Susie, 11 hours ago
Dutch pirates continue to work at the destruction of other nations. The Dutch East India company created the skull and cross
bones flag for its' vessels. That flag soon meant violent pirate ship and continues today as the same warning.
Will, 22 hours ago
Thankfully the Apartheid government of Israel with their "Samson Option" is on our side. They held back information about the
impending 9/11 attacks (then celebrated afterwards and were arrested) then gave us false intelligence about Iraq having WMDs.
But yes they are our closest allies and we should continue giving them billions in cash and openly allow their spies into top
secret facilities.
John, yesterday
Israel has an arsenal of nuclear weapons estimated at 200 to 300 war heads. Yet Israel has refused to sign the Nuclear Non
Proliferation Treaty or the Chemical Weapons Conventions. And the US says NOTHING about that.
Rudolph, 16 hours ago
If you Turn the Tables and If Iran does the same thing to Israel,why is that considered "Terrorism" ? Because they OWN the
media?
opaw, 10 hours ago
we should allow every nation to develop their own nuclear programs in the spirit of competition, deterrence and mutually assured
destruction. nobody has the right to say that "you can't have nuclear weapons you are not democracy." the moment that you lay
your hands on nukes you already lost the moral decency. plus the more the merrier.
dan, 6 hours ago
The worlds greatest hack of all time is Israeli agents steeling US Nuclear secrets and developing a vast nuclear arsenal. Once
the hack was found, Israeli influences dramatically changed to that of soft hacking of the US congress and all other political
branches. The greatest 'check and mate'!
Singl, 6 hours ago
So, this secret operation took place from 2004 thru 2015 initiated by the Netherlands and Germany, with an assist from France.....under
the ObAMA administration (who also went along with it) .
So Iran development was stalled ...so the agreement could be hammered out.
But it was an OBAMA admin agreement...so it HAD TO be destroyed by the Trump administration.... a crisis created ,...so that
the TRUMP administration could,-- one way or another -- "resolve" , the crisis. SICK. This man Trump,...is SICK....and MUST be
removed.
MatthewL, yesterday
How is this story any more than gossip with international security ramifications?
Juan, 4 hours ago
Great! We just put a target on the back of every Dutch in a Muslim nation. Sounds to me like payback for not wanting to join
the current Israel/US effort against Iran.
ccc, 22 minutes ago
And when other nations attack us using cyber We claim it's a declaration of war
Anonymous, yesterday
Wondering what these other countries are doing to us and we dont know?
HC, 7 hours ago
About the last successful thing the CIA's ever done in Iran.
JASON, 6 hours ago
I remember when my parents told me to mind my own business. It seems like the U.S. and Israeli government can't mind their
own business. It seems like they are the problem for world peace.
So Dutch government participated is Stuxnet and MH17 false flag operation. Nice...
Notable quotes:
"... The first-of-its-kind virus, designed to sabotage Iran's nuclear program, effectively launched the era of digital warfare and was unleashed some time in 2007, after Iran began installing its first batch of centrifuges at a controversial enrichment plant near the village of Natanz. ..."
"... The courier behind that intrusion, whose existence and role has not been previously reported, was an inside mole recruited by Dutch intelligence agents at the behest of the CIA and the Israeli intelligence agency, the Mossad, according to sources who spoke with Yahoo News ..."
@Lot Iran is also
involving into Israel-India relationship. Netanyhooo has cancelled his visit just 2 weeks
before the election – Haaretz.
And now we don't hear much about terrorism on Europe soil but bit by bit we hear the
terrorism committed by Dutch Norwegian Danish against Iran . Justice ? It will arrive one day
. Dutch will be supposed so will be the numerous pundits . Why Dutch? Yes that question will
find its answer "why Afghanistan ?" after 911.
"Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran
--
For years, an enduring mystery has surrounded the Stuxnet virus attack that targeted Iran's
nuclear program: How did the U.S. and Israel get their malware onto computer systems at the
highly secured uranium-enrichment plant?
The first-of-its-kind virus, designed to sabotage Iran's nuclear program, effectively
launched the era of digital warfare and was unleashed some time in 2007, after Iran began
installing its first batch of centrifuges at a controversial enrichment plant near the
village of Natanz.
The courier behind that intrusion, whose existence and role has not been previously reported,
was an inside mole recruited by Dutch intelligence agents at the behest of the CIA and the
Israeli intelligence agency, the Mossad, according to sources who spoke with Yahoo News."
Ransomware can be fatal for badly managed IT infrastructure, such as often is found in school, hospitals and even medium size
manufacturing companies. Often there are not enough firewalled segments and there is not distinction in the access of vital data
and semi-useless employees generated files.
BTW Microsoft offers some level of ransomware protection with its Microsoft Drive.
This interesting discussion which points out like like infections in nature, ransomware typically successfully attack badly
managed (or completely screwed up) IT systems. But why NSA does not catch such guys almost instantly is beyond me. Payment
can be traced by NSA for sure and that a death sentence for malware authors.
Notable quotes:
"... Earlier today, some residents of Johannesburg have been left without electricity after a ransomware infection. ..."
"... If something a student clicks can fuck your whole network, you have bigger problems ..."
"... It has impacted three school districts as in every school in each district, so clearly this is a high level admin security failure and not something happening at school level. At least one benefit, find what is common with those three districts and you are on the path to tracking the insider who did it ..."
"... Can confirm. Myself and my 2 best friends in high school where the admins for my junior and senior year. Dunno who got the job when we graduated. ..."
The ransomware
infections took place this week and have impacted the school districts of three North Louisiana
parishes -- Sabine, Morehouse, and Ouachita. IT networks are down at all three school
districts, and files have been encrypted and are inaccessible, local media outlets are
reporting. By signing the Emergency Declaration, the Louisiana governor is making available
state resources to impacted schools. This includes assistance from cybersecurity experts from
the Louisiana National Guard, Louisiana State Police, the Office of Technology Services, the
Governor's Office of Homeland Security and Emergency Preparedness (GOHSEP), and others.
State
officials hope that additional IT expertise will speed up the recovery process so schools can
resume their activity and preparations for the upcoming school year.
Earlier today, some
residents of Johannesburg have been
left without electricity after a ransomware infection.
Uh, once a student clicks on the wrong .exe it's too late to unplug
anything.
If something a student clicks can fuck your whole network, you have bigger problems.
Ocker3 ( 1232550 ) on Thursday July 25, 2019 @11:27PM (#58988772)
Re:State of emergency? (Score:2)
Does the student also have admin rights on the server?
When you're getting attacked by serious teams who know what they're doing, sometimes smaller enterprises just don't have
the resources to fight back, only shut down and restore everything from backups (which hopefully aren't also compromised).
With BYOx being So common, the amount of hostile traffic coming from authenticated users Inside your network is a huge
PITA.
rtb61 ( 674572 ) on Friday July 26, 2019 @03:19AM (#58989406) Homepage
Re:State of emergency? (Score:2)
It has impacted three school districts as in every school in each district, so clearly this is a high level admin
security failure and not something happening at school level. At least one benefit, find what is common with those three
districts and you are on the path to tracking the insider who did it, although it is likely they did not attack every
school district they could for the same reason, similarly figuring out which school districts they could have attacked and
didn't will likely help point the finger.
Re:High School IT (Score:2)
by drinkypoo ( 153816 ) <[email protected]> on Friday July 26, 2019 @09:06AM (#58990296) Homepage Journal
High schools won't trust students with that kind of access, and colleges don't need to, since tuition is high enough these
days to hire IT staff.
Re:High School IT (Score:1)
by plloi ( 1055946 ) on Friday July 26, 2019 @09:57AM (#58990628)
Can confirm. Myself and my 2 best friends in high school where the admins for my junior and senior year. Dunno who got
the job when we graduated.
all the admin machines should be vms with snapshots. that way if this happens you can
quickly restore. but public schools never have a good setup and normally stock unpatched end
of life windows.
Substandard employees that they hire. They will blame IT first. Ideally their IT should
have proper backups that are air gaped at some part of the process. But ultimately these
things happen because clueless employees allow it to happen.
Heavens! Are you saying that getting the cheapest contractors they can find isn't the best
financial decision they could have made? But those nice MBAs assured them that running things
like a cutthroat corporation was the best way!
Heavens no. For instance I know of a city municipality that has the wan side of their
internet merged with the lan side of their network. potentially exposing their whole
infrastructure. I know and I told them but they would rather trust the guy who did the wiring
to know more about networking than the guy who configured their fiber circuit. I'm sure that
when they get their asses hacked again they will try to cast the net wide looking for anyone
other than themselves to blame. That is why I fired off
Well, the MBA morons think that one unit of "employee xyz" is of course exactly the same
as another one. Hence getting the cheapest ones does make sense to them. It is a sure recipe
for an eventual collapse, of course.
You can't blame the substandard and clueless employees. You can blame the people who
decided to hire substandard and clueless people. Responsability goes from top to bottom. Not
the other way around.
So why did they hire substandard people? Because of money. And why did they not have more
money? Because people elected those who lowered taxes or apointed them elsewhere.
So who do we blame? The shareholders, or the voters in this case.
What kills me about the low-tax, free market crowd is that they don't seem to be able to
link these ideas together. If you want competent teachers and other school staff, you need to
pay enough that competent people want to do that job.
Starting salary around here for a teacher who has to have a bachelor's degree at minimum,
with a master's preferred is mid-$50k. For someone with a BA in English, that's not bad. But
how do you get someone with a MS in a STEM field for that sort of money, when they could, at
minimum, be making 50% more in the private sector, and likely close to double that, depending
on their field. And that's not even considering that the work environment sucks.
While only working about 190 days a year seems like a nice benefit, the flip side is that
you get no vacations during the school year other than the ones scheduled for the kids. That
makes things like going to a wedding or joining a family vacation pretty much impossible if
it falls during the school year.
And it used to be that teachers got the summers largely off, but now a good portion of
states are requiring continuing education to retain your license, which means going back to
school during your "summer off". And every time the standards or state curriculum change,
teachers get to re-do their lesson plans. Unpaid, during the summer.
And IT? No break for them. Summer is when you refresh all the machines, update the
network, get rid of the old stuff that students broke and set up all the new stuff. Likely in
a steaming hot school with no AC, or if it has AC, with the thermostat set at 80 to save
money since "nobody is there during the summer".
If you want competent people to work in these conditions, you need to pay them
appropriately. If you need to pay them more, you need money to do that. And that money comes
from taxes, or from finding other things to cut spending on. Of course, we'd never consider
violating the sanctity of the football program, so the $2m we're going to spend refreshing
the turf and bleachers can't be put to better use....
For years, malware was used for things like nabbing credit card numbers and selling them
on the black market, or for sending spam emails. Deleting files and defacing web sites was
good for the lulz, but nobody made money off that. But two concepts changed all that:
Ransomware + Cryptocurrency. Now, ransoming files is safe AND profitable! Expect to see more
and more of this.
Ransomware is really kinda genius when you think of it as a business model. The hacker
steals the files - but does not need to store the files themselves! The files are still on
the victim's own hard drives! So the hacker does not need to pay for storage, rent a server,
or pay for bandwidth. It's akin to sneaking into a bank and instead of stealing the money,
you just change the combination on the vank vault so they can't get in. The money is still in
their own vault, just inaccessible!
Cryptocurrency has made it possible to transfer money with no physical presence, and no
presence in any "legitimate" managed institution. Yes, it's still a visible transaction, but
there's nobody's name and address and tax ID number assigned to the account.
It seems to me this will re-invigorate the hacking community, and everyone needs to become
hyper vigilant. 5 years ago we could say "meh, nobody will hack me" and we were 99.9% right.
And if they did, you just had to get a new credit card number or phone number or something.
Now, the threat is losing everything.
I work in a school. Chromebooks and iPads are certainly used a lot in education - but the
bread-and-butter of school IT, in every school, is Windows. On desktops, or on laptops. It
really has to be - the ICT classes need it because their course materials and exam standards
expect it. Plus we like Active Directory - there's nothing so easily administered for
managing large numbers of desktops on other operating systems.
Plus we like Active Directory - there's nothing so easily administered for managing
large numbers of desktops on other operating systems.
The thing with centralised administration is that if compromised, it becomes centralised
compromise and allows the ransomware (or whatever else) to infect every machine
simultaneously.
Active directory is not very secure by default, and is extremely complex... Actually keeping
it secure is extremely difficult and expensive, requiring significant investment, highly
skilled staff and quite a lot of inconvenience for users.
Active directory is far from easy if you actually want it to be secure, if you want it to
be easy then it also becomes easy to compromise and significantly increases the damage from a
ransomware infection.
Active Directory is easy to secure if you aren't stupid. Don't expose it directly to the
internet and firewall off all non essential ports.
And Centralized data stores are easy to restore if compromised. Just use your
offsite/offline/warm backup/restore plan. You test that regularly, offline, with false hw
date clocks, so even if there is a timebonb strawman to worry about, you've git it
covered.
And apparently no backups and no Business Continuity Management.
IT is not cheap. It is just cheaper than doing it in the traditional ways. If you try to
do it on the cheap, it can get very expensive though, and that is why you do not if you have
a clue.
What does Democratic Governor John Bel Edwards have to do with low taxes? Louisiana spends
$11K/student, about the same as California, which is pretty damn high for a State with such a
low cost of living in comparison.
Or just block people from opening certain files and restrict them from only being able to
do the basic stuff. Also this should be a heads up to people. HAVE BACKUPS! I don't
understand how any enterprise can overlook this. Yeah it's expensive, but what's cheaper?
Maintaining that, or being locked out of your data for a while/forever or having to pay a
ransom that would've cost the same if not more?
An
anonymous reader quotes ZDNet: On the three-year anniversary of the No More Ransom project,
Europol announced today that users who downloaded and decrypted files using free tools made
available through the No More Ransom portal have
prevented ransomware gangs from making profits estimated at at least $108 million ...
However, an Emsisoft spokesperson told ZDNet that the $108 million estimate that Europol shared
today is "actually a huge underestimate. They're based on the number of successful decryptions
confirmed by telemetry -- in other words, when the tools phone home to confirm they've done
their job," Emsisoft told ZDNet... Just the free decryption tools for the GandCrab ransomware
alone offered on the No More Ransom website have prevented ransom payments of nearly $50
million alone, Europol said.
The project, which launched in July 2016, now hosts 82 tools that can be used to decrypt
109 different types of ransomware. Most of these have been created and shared by antivirus
makers like Emsisoft, Avast, and Bitdefender, and others; national police agencies; CERTs; or
online communities like Bleeping Computer. By far the most proficient member has been antivirus
maker Emsisoft, which released 32 decryption tools for 32 different ransomware strains... All
in all, Europol said that more than three million users visited the site and more than 200,000
users downloaded tools from the No More Ransom portal since its launch.
One Emisoft researcher said they were "pretty proud" of their decryptor for MegaLocker, "as not
only did it help thousands of victims, but it really riled up the malware author."
"... a) detected the DNC server hack, but failed to stop it b) falsely accused the Russians of hacking Ukrainian artillery c) failed to prevent the NRCC from being hacked, even though that was why they were hired ..."
"... In other words, Crowdstrike is really bad at their job. In addition, Crowdstrike is really bad at business too. CrowdStrike recorded a net loss last year of $140 million on revenue of $249.8 million, and negative free cash flow of roughly $59 million. ..."
a) detected the DNC server hack, but failed to stop it
b) falsely
accused the Russians of hacking Ukrainian artillery
c) failed to prevent the NRCC from being hacked, even though that was why they were
hired
In other words, Crowdstrike is really bad at their job. In addition, Crowdstrike is
really bad at business
too. CrowdStrike recorded a net loss last year of $140 million on revenue of $249.8 million,
and negative free cash flow of roughly $59 million.
So what does a cybersecurity company that is hemorrhaging money and can't protect it's
clients do? It does an IPO
.
It just goes to show that "getting it right" is not the same thing as "doing a good job." If
you tell the right people what they want to hear, the money will take care of itself.
It just goes to show that "getting it right" is not the same thing as "doing a good
job."
If you tell the right people what they want to hear, the money will take care of
itself.
It's all about making the people at the top feel smart for having hired you and assuring
them they don't need to waste their beautiful minds trying to understand what it is you do.
Whoops, you got hacked? Gee, nothing we could have done. More money please!
Iran purged Microsoft Windows OS from military uses years ago, so Stuxnet style attacks
are no longer possible. Stuxnet itself was only possible because the manufacturer provided
the CIA with a backdoor to the operating system. Prior to 2010 Iran was in the top 10
countries from which patches to the Linux kernel came from, but that has dropped to 0% since
then. Though I do not know this for a fact, this suggests that Iran forked Linux in 2010 and
has been encouraging domestic development of that operating system.
What does this have to do with claims that the US launched a cyber attack on Iran? It
means that any American cyber attack on Iran almost certainly failed 100%.
America's misnamed "intelligence" agencies are spoiled by having easy access to
targets' communications through built-in back doors and vulnerabilities that American
industry build into their products. Despite appearances, US "intelligence" agencies
are not very good at real hacking. In fact, they suck badly at it. If Microsoft, Cisco,
Google or Apple don't provide them access to the products that they sell, then the CIA is
sh!t out of luck (which is why they hate Huawei, by the way). Since Iran no longer uses
Microsoft Windows in any critical functions, and instead uses a version of Linux that has
diverged from the ones that the West uses for almost a decade, the chances that the CIA or
Pentagram's Visual Basic script kiddies could hack them effectively drops to 0%.
@WHAT
The point is not to stop them entirely, but to delay and disrupt their ambitious programs.
The infamous Stuxnet cyberweapon did not destroy more than a fifth of Iran's nuclear
centrifuges, but that does not mean it was not a real success for Israel/America's campaign
against the Iranian nuclear program.
...I suspect that for
both of those, when they hit, you need to resolve things quickly and efficiently, with panic
being the worst enemy.
Panic in my experience stems from a number of things here, but two crucial ones are:
– input overload
– not knowing what to do, or learned actions not having any effect
Both of them can be, to a very large extent, overcome with training, training, and more
training (of actually practising the emergency situation, not just reading about it and
filling questionairres).
The U.S. military's love affair with bug bounty programs continues.
The second iteration of "Hack the Air Force" in December paid out $103,883 in bounties
to freelance hackers for 106 vulnerabilities found over a 20-day period. The highest bounty
was $12,500, the largest paid by the U.S. government to date.
The Air Force's first bug bounty program launched in April 2017 following similar
efforts like Hack the Pentagon and Hack the Army in 2016. In total, more than 3,000
vulnerabilities have been found in federal government systems since the programs began.
The bug bounty platform HackerOne, a private company, continues to handle the military's
bug bounty initiatives. Air Force CISO Peter Kim, who helped kick off and cheerlead the
service's first round last year, also played a leading role this time. . . here
Is this shadow of Integrity Initiative in the USA ? This false flag open the possibility that other similar events like
DNC (with very questionable investigation by Crowdstrike, which was a perfect venue to implement a false flag; cybersecurity area is
the perfect environment for planting false flags), MH17 (might be an incident but later it definitely was played as a false flag), Skripals
(Was Skripals poisoning a false flag decided to hide the fact that Sergey Skripal was involved in writing Steele dossier?) and Litvinenko
(probably connected with lack of safety measures in the process of smuggling of Plutonium by Litvinenko himself, but later played a
a false flag). All of those now should be re-assessed from the their potential of being yet another flag flag operation
against Russia. While Browder was a MI6 operation from the very beginning (and that explains
why he abdicated the US citizenship more convincingly that the desire to avoid taxes) .
Notable quotes:
"... Democratic operative Jonathon Morgan - bankrolled by LinkedIn founder Reid Hoffman, pulled a Russian bot "false flag" operation against GOP candidate Roy Moore in the Alabama special election last year - creating thousands of fake social media accounts designed to influence voters . Hoffman has since apologized, while Morgan was suspended by Facebook for "coordinated inauthentic" behavior. ..."
"... Really the bigger story is here is that these guys convincingly pretended to be Russian Bots in order to influence an election (not with the message being put forth by the bots, but by their sheer existence as apparent supporters of the Moore campaign). ..."
"... By all appearances, they were Russian bots trying to influence the election. Now we know it was DNC operatives. Yet we are supposed to believe without any proof that the "Russian bots" that supposedly influenced the 2016 Presidential election were, actually, Russian bots, and worthy of a two year long probe about "Russian collusion" and "Russian meddling." ..."
"... The whole thing is probably a farce, not only in the sense that there is no evidence that Russia had any influence at all on a single voter, but also in the sense that there is no evidence that Russia even tried (just claims and allegations by people who have a vested interest in convincing us its true). ..."
For over two years now, the concepts of "Russian collusion" and "Russian election meddling" have been shoved down our throats
by the mainstream media (MSM) under the guise of legitimate concern that the Kremlin may have installed a puppet president in Donald
Trump.
Having no evidence of collusion aside from a largely unverified opposition-research dossier fabricated by a former British spy,
the focus shifted from "collusion" to "meddling" and "influence." In other words, maybe Trump didn't actually collude with Putin,
but the Kremlin used Russian tricks to influence the election in Trump's favor. To some, this looked like nothing more than an establishment
scheme to cast a permanent spectre of doubt over the legitimacy of President Donald J. Trump.
Election meddling "Russian bots" and "troll farms" became the central focus - as claims were levied of social media operations
conducted by Kremlin-linked organizations which sought to influence and divide certain segments of America.
And while scant evidence of a Russian influence operation exists outside of a handful of indictments connected to a St. Petersburg
"Troll farm" (which a liberal journalist
cast serious doubt ov er), the MSM - with all of their proselytizing over the "threat to democracy" that election meddling poses,
has largely decided to ignore actual evidence of "Russian bots" created by Democrat IT experts, used against a GOP candidate in the
Alabama special election, and amplified through the Russian bot-detecting "Hamilton 68" dashboard developed by the same IT experts.
Democratic operative Jonathon Morgan - bankrolled by LinkedIn founder Reid Hoffman, pulled a Russian bot "false flag" operation
against GOP candidate Roy Moore in the Alabama special election last year - creating thousands of fake social media accounts designed
to influence voters . Hoffman has since apologized, while Morgan was suspended by Facebook for "coordinated inauthentic" behavior.
As Russian state-owned RT puts
it - and who could blame them for being a bit pissed over the whole thing, "it turns out there really was meddling in American democracy
by "Russian bots." Except they weren't run from Moscow or St. Petersburg, but from the offices of Democrat operatives chiefly responsible
for creating and amplifying the "Russiagate" hysteria over the past two years in a textbook case of psychological projection. "
A week before Christmas, the Senate Intelligence Committee released a report accusing Russia of depressing Democrat voter turnout
by targeting African-Americans on social media. Its authors, New Knowledge, quickly became a household name.
Described by the
New York Times
as a group of "tech specialists who lean Democratic," New Knowledge has ties to both the US military and intelligence agencies.
Its CEO and co-founder Jonathon Morgan previously worked for DARPA, the US military's advanced research agenc y. His partner,
Ryan Fox, is a 15-year veteran of the National Security Agency who also worked as a computer analyst for the Joint Special Operations
Command (JSOC). Their unique skill sets have managed to attract the eye of investors, who pumped $11 million into the company
in 2018 alone.
...
On December 19, a New York Times story revealed that Morgan and his crew had created a fake army of Russian bots, as well as
fake Facebook groups, in order to discredit Republican candidate Roy Moore in Alabama's 2017 special election for the US Senate.
Working on behalf of the Democrats, Morgan and his crew created an estimated 1,000 fake Twitter accounts with Russian names,
and had them follow Moore. They also operated several Facebook pages where they posed as Alabama conservatives who wanted like-minded
voters to support a write-in candidate instead.
In an internal memo, New Knowledge boasted that it had "orchestrated an elaborate 'false flag' operation that planted the idea
that the Moore campaign was amplified on social media by a Russian botnet."
It worked. The botnet claim made a splash on social media and was further amplified by Mother Jones, which based its story
on expert opinion from Morgan's other dubious creation, Hamilton 68. -
RT
Moore ended up losing the Alabama special election by a slim margin of just
In other words: In November 2017 – when Moore and his Democratic opponent were in a bitter fight to win over voters – Morgan
openly promoted the theory that Russian bots were supporting Moore's campaign . A year later – after being caught red-handed orchestrating
a self-described "false flag" operation – Morgan now says that his team never thought that the bots were Russian and have no idea
what their purpose was . Did he think no one would notice? -
RT
Disinformation warrior @ jonathonmorgan attempts to control
damage by lying. He now claims the "false flag operation" never took place and the botnet he promoted as Russian-linked (based
on phony Hamilton68 Russian troll tracker he developed) wasn't Russian https://www.
newknowledge.com/blog/about-ala bama
Even more strange is that Scott Shane - the journalist who wrote the New York Times piece exposing the Alabama "Russian bot" scheme,
knew about it for months after speaking at an event where the organizers bragged about the false flag on Moore .
Shane was one of the speakers at a meeting in September, organized by American Engagement Technologies, a group run by Mikey
Dickerson, President Barack Obama's former tech czar. Dickerson explained how AET spent $100,000 on New Knowledge's campaign to
suppress Republican votes, " enrage" Democrats to boost turnout, and execute a "false flag" to hrt Moore. He dubbed it "Project
Birmingham." - RT
Shane told BuzzFeed that he was "shocked" by the revelations, though hid behind a nondisclosure agreement at the request of American
Engagement Technologies (AET). He instead chose to spin the New Knowledge "false flag" operation on Moore as "limited Russian tactics"
which were part of an "experiment" that had a budget of "only" $100,000 - and which had no effect on the election.
New Knowledge suggested that the false flag operation was simply a "research project," which Morgan suggested was designed "to
better understand and report on the tactics and effects of social media disinformation."
While the New York Times seemed satisfied with his explanation, others pointed out that Morgan had used the Hamilton 68 dashboard
to give his "false flag" more credibility – misleading the public about a "Russian" influence campaign that he knew was fake.
New Knowledge's protestations apparently didn't convince Facebook, which
announced last week that five
accounts linked to New Knowledge – including Morgan's – had been suspended for engaging in "coordinated inauthentic behavior."
- RT
They knew exactly what they were doing
While Morgan and New Knowledge sought to frame the "Project Birmingham" as a simple research project, a leaked copy of the operation's
after-action report reveals that they knew exactly what they were doing .
"We targeted 650,000 like AL voters, with a combination of persona accounts, astroturfing, automated social media amplification
and targeted advertising," reads the report published by entrepreneur and executive coach Jeff Giesea.
The rhetorical question remains, why did the MSM drop this election meddling story like a hot rock after the initial headlines
faded away?
criminal election meddling, but then who the **** is going to click on some morons tactic and switch votes?
anyone basing any funding, whether it is number of facebook hits or attempted mind games by egotistical cuck soyboys needs a serious
psychological examination. fake news is fake BECAUSE IT ISNT REAL AND DOES NOT MATTER TO ANYONE but those living in the excited misery
of their tiny bubble world safe spaces. SOCIAL MEDIA IS A CON AND IS NOT IMPORTANT OR RELEVANT TO ANYONE.
far more serious is destroying ballots, writing in ballots without consent, bussing voters around to vote multiple times in different
districts, registering dead voters and imperosnating the corpses, withholding votes until deadlines pass - making them invalid.
Herdee , 10 minutes ago
NATO on behalf of the Washington politicians uses the same bullsh*t propaganda for continual war.
Mugabe , 20 minutes ago
Yup "PROJECTION"...
Yippie21 , 21 minutes ago
None of this even touches on the 501c3 or whatever that was set up , concerned Alabama voters or somesuch, and was funneled
a **** load of money to be found to be in violation of the law AFTER the election and then it all just disappeared. Nothing to
see here folks, Democrat won, let's move on. There was a LOT of " tests " for the smart-set in that election and it all worked.
We saw a bunch of it used in 2018, especially in Texas with Beto and down-ballot races. Democrats cleaned up like crazy in Texas,
especially in Houston.
2020 is going to be a hot mess. And the press is in on it, and even if illegal or unseemly things are done, as long as Democrats
win, all good... let's move on. Crazy.
LetThemEatRand , 21 minutes ago
The fact that MSM is not covering this story -- which is so big it truly raises major questions about the entire Russiagate
conspiracy including why Mueller was appointed in the first place -- is proof that they have no interest in journalism or the
truth and that they are 100% agenda driven liars. Not that we needed more proof, but there it is anyway.
Oldguy05 , 19 minutes ago
Dimz corruption is a nogo. Now if it were conservatives.......
CosineCosineCosine , 23 minutes ago
I'm not a huge fan, but Jimmy Dore has a cathartic and entertaining 30 minutes on this farce. Well worth the watch:
Really the bigger story is here is that these guys convincingly pretended to be Russian Bots in order to influence an election
(not with the message being put forth by the bots, but by their sheer existence as apparent supporters of the Moore campaign).
By all appearances, they were Russian bots trying to influence the election. Now we know it was DNC operatives. Yet we
are supposed to believe without any proof that the "Russian bots" that supposedly influenced the 2016 Presidential election were,
actually, Russian bots, and worthy of a two year long probe about "Russian collusion" and "Russian meddling."
The whole thing is probably a farce, not only in the sense that there is no evidence that Russia had any influence at all
on a single voter, but also in the sense that there is no evidence that Russia even tried (just claims and allegations by people
who have a vested interest in convincing us its true).
dead hobo , 30 minutes ago
I've been watching Scandal on Netflix. Still only in season 2. Amazing how nothing changes.They nailed it and memorialized
it. The MSM are useful idiots who are happy to make money publicizing what will sell the best.
chunga , 30 minutes ago
The media is biased and sucks, yup.
The reason the reds lost the house is because they went along with this nonsense and did nothing about it, like frightened
baby chipmunks.
JRobby , 33 minutes ago
Only when "the opposition" does it is it illegal. Total totalitarian state wannabe stuff.
divingengineer , 22 minutes ago
Amazing how people can contort reality to justify their own righteous cause, but decry their opposition for the EXACT same
thing. See trump visit to troops signing hats as most recent proof. If DJT takes a piss and sprinkles the seat, it's a crime.
DarkPurpleHaze , 33 minutes ago
They're afraid to expose themselves...unlike Kevin Spacey. Trump or Whitaker will expose this with one signature. It's
coming.
divingengineer , 20 minutes ago
Spacey has totally lost it. See his latest video, it will be a powerful piece of evidence for an insanity plea.
CosineCosineCosine , 10 minutes ago
Disagree strongly. I think it was excellent - perhaps you misunderstood the point? 6 minutes Diana Davidson look at it clarifies
Last week, Iran's chief of civil defense claimed that the Iranian government had
fought off Israeli attempts to infect computer systems with what he described as a new
version of Stuxnet -- the malware reportedly developed jointly by the US and Israel that
targeted Iran's uranium-enrichment program. Gholamreza Jalali, chief of the National Passive
Defense Organization (NPDO), told Iran's IRNA news service, "Recently, we discovered a new
generation of Stuxnet which consisted of several parts... and was trying to enter our
systems."
On November 5, Iran Telecommunications Minister Mohammad-Javad Azari Jahromi accused Israel
of being behind the attack, and he said that the malware was intended to "harm the country's
communication infrastructures." Jahromi praised "technical teams" for shutting down the attack,
saying that the attackers "returned empty-handed." A report from Iran's Tasnim news agency
quoted Deputy Telecommunications Minister Hamid Fattahi as stating that more details of the
cyber attacks would be made public soon.
Jahromi said that Iran would sue Israel over the attack through the International Court of
Justice. The Iranian government has also said it would sue the US in the ICJ over the
reinstatement of sanctions. Israel has
remained silent regarding the accusations .
The claims come a week after the NPDO's Jalali announced that President
Hassan Rouhani's cell phone had been "tapped" and was being replaced with a new, more
secure device. This led to a statement by Iranian Supreme Leader Ayatollah Ali Khamenei,
exhorting Iran's security apparatus to "confront infiltration through scientific, accurate, and
up-to-date action."
While Iran protests the alleged attacks -- about which the Israeli government has been
silent -- Iranian hackers have continued to conduct their own cyber attacks. A
recent report from security tools company Carbon Black based on data from the company's
incident-response partners found that Iran had been a significant source of attacks in the
third quarter of this year, with one incident-response professional noting, "We've seen a lot
of destructive actions from Iran and North Korea lately, where they've effectively wiped
machines they suspect of being forensically analyzed."
The twin pillars of Iran's foreign policy - America is evil and Wipe Israel off the map -
do not appear to be serving the country very well.
They serve Iran very well, America is an easy target to gather support against, and Israel is
more than willing to play the bad guy (for a bunch of reasons including Israels' policy of
nuclear hegemony in the region and historical antagonism against Arab states).
Israeli hackers offered Cambridge Analytica, the data collection firm that worked on U.S.
President Donald Trump's election campaign, material on two politicians who are heads of
state, the Guardian reported Wednesday, citing witnesses.
While Israelis are not necessarily number one in technical skills -- that award goes to
Russian hackers -- Israelis are probably the best at thinking on their feet and adjusting to
changing situations on the fly, a trait essential for success in a wide range of areas,
including cyber-security, said Forzieri. "In modern attacks, the human factor -- for example,
getting someone to click on a link that will install malware -- constitutes as much as 85% of
a successful attack," he said.
The pro-Israel trolls out in front of this comment section...
You don't have to be pro-Israel to be anti-Iran. Far from it. I think many of Israel's
actions in Palestine are reprehensible, but I also know to (rightly) fear an Islamic
dictatorship who is actively funding terrorism groups and is likely a few years away from
having a working nuclear bomb, should they resume research (which the US actions seem likely
to cause).
The US created the Islamic Republic of Iran by holding a cruel dictator in power rather
than risking a slide into communism. We should be engaging diplomatically, rather than trying
sanctions which clearly don't work. But I don't think that the original Stuxnet was a bad
idea, nor do I think that intense surveillance of what could be a potentially very dangerous
country is a bad one either.
If the Israelis (slash US) did in fact target civilian infrastructure, that's a problem.
Unless, of course, they were bugging them for espionage purposes.
Agree. While Israel is not about to win Humanitarian Nation of the year Award any
time soon, I don't see it going to Iran in a close vote tally either.
(zdnet.com)
62Researchers have found flaws that can be
exploited to bypass hardware encryption in well known and popular SSD drives. Master
passwords and faulty standards implementations allow attackers access to encrypted data without
needing to know the user-chosen password.
SSDs from Micron (Crucial) and Samsung are affected. These are SSDs that support
hardware-level encryption via a local built-in chip, separate from the main CPU. Some of these
devices have a factory-set master password that bypasses the user-set password, while other
SSDs store the encryption key on the hard drive, from where it can be retrieved. The issue is
worse on Windows, where BitLocker defers software-level encryption to hardware
encryption-capable SSDs, meaning user data is vulnerable to attacks without the user's
knowledge. More in the research paper .
"... The DOI conducts IT security training once a year, during which employees sign a statement saying they understand those rules. The employee attended those annual training events and the OIG "confirmed he agreed to the Rules of Behavior for several years prior." ..."
"... The OIG recommended that USGS step up its monitoring of employee web usage, block pornographic websites and prevent unauthorized USB devices from being used on all employee computers. It gave USGS 90 days to indicate whether it plans on implementing those recommendations. ..."
A US government employee with an apparent addiction to Russian pornography is causing a
headache at the US Geological Survey (USGS) after infecting their network with malware. The
USGS's Office of Inspector General (OIG) released a report October 17 detailing the compromise.
The employee was apparently visiting pornography sites on his government-issued laptop, which
is how the malware was contracted and spread through the network.
The employee, whose name is redacted from the report, visited thousands of pornographic
websites. "Many of the 9,000 web pages [redacted] visited routed through websites that
originated in Russia and contained malware," the report says.
"Most of the larger porn sites are not actively trying to install malware on your device,
because that would interrupt their business model of getting you to come back to the site,
click and view ads, and subscribe to their premium content," web developer and technologist
Chris Garaffa told Sputnik News Tuesday. "However, third-party ad networks that do not properly
screen the ads they run can be exploited to serve malware along with the ad. This applies not
just to porn sites but to any site with advertisements on it."
"I recommend people use a safer browser like Mozilla Firefox or Brave, along with an
ad-blocker add-on like uBlock Origin to help mitigate the risks -- regardless of what content
they're viewing," Garaffa added.
According to the government's analysis, a number of pornographic images were saved on an
unauthorized USB device and the employee's personal Android phone, which also got infected with
the malware.
USGS is under the Department of Interior (DOI), which prohibits employees from viewing or
distributing pornography on government computers. Employees are also banned from connecting
their personal devices to government computers or networks, another rule that was violated by
the employee.
The DOI conducts IT security training once a year, during which employees sign a
statement saying they understand those rules. The employee attended those annual training
events and the OIG "confirmed he agreed to the Rules of Behavior for several years
prior."
The OIG recommended that USGS step up its monitoring of employee web usage, block
pornographic websites and prevent unauthorized USB devices from being used on all employee
computers. It gave USGS 90 days to indicate whether it plans on implementing those
recommendations.
According to NextGov, a number of US government agencies have had similar scandals in recent
history, including the Environmental Protection Agency, the Securities and Exchange Commission,
the Internal Revenue Service and
about a dozen others .
Representative Mark Meadows (R-NC) has on three occasions introduced legislation banning the
viewing of pornography on federal government computers, NextGov notes. It isn't clear why the
bills have failed to come to fruition.
"If your employer owns your phone, computer or even just the network you're connecting to,
they have the legal right to monitor, log and save records of what you're typing, what websites
you're visiting, the content of the emails you send -- even on your personal accounts -- and
the right to look at your screen," Garaffa said.
"Employees should effectively keep in mind that they currently have no legal right to
privacy when using a company-owned device or network," he added.
"... Iranian Students News Agency (ISNA) then reported on Monday that Rouhani's cell phone had recently been discovered to be bugged, citing Jalali as saying that Rouhani's phone would be replaced with a more secure device. Again, Jalali made no indication as to who was believed to be behind the wire tap ..."
"... Earlier this year, Israel claimed it had accomplished a vast cyber-heist, stealing an archive that Israel claimed documented Tehran's continuing nuclear weapons program. Israeli Prime Minister Benjamin Netanyahu presented those claims to the UN in September. ..."
"... "What Iran hides, Israel will find," Netanyahu declared in his UN speech at the time. ..."
"... What kind of sick people put viruses in nuclear power stations? ..."
"... Who else could it be but one of the dirty 4, US, UK, France or Israel ..."
The head of Iran's civil defense agency announced on Sunday that a new version of the
Stuxnet virus, believed to be a US-Israeli creation, had been found by Iranian authorities. The
announcement came amid news that President Hassan Rouhani's phone had been bugged and a call
for increased defenses to "confront infiltration." "Recently we discovered a new generation of
Stuxnet which consisted of several parts and was trying to enter our systems," announced
Brigadier General Gholamreza Jalali, head of Iranian civil defense, Reuters reported. He gave
no further details, such as whom the Iranian government believes to be behind the attack or how
much damage it had caused.
The original Stuxnet virus targeted nuclear centrifuges at Iran's Natanz Uranium Enrichment
Facility in June 2009, when it caused about 20 percent of the facility's centrifuges to spin
out of control until they broke. It's widely believed to have been a joint creation by the US
and Israel.
The Times of Israel noted that Israeli officials have refused to discuss what role, if any,
they played in either Stuxnet operation.
That same day, Iranian Supreme Leader Ayatollah Ali Khamenei said Sunday, "In the face of
the enemy's complex practices, our civil defense should confront infiltration through
scientific, accurate and up-to-date action."
Iranian Students News Agency (ISNA) then reported on Monday that Rouhani's cell phone
had recently been discovered to be bugged, citing Jalali as saying that Rouhani's phone would
be replaced with a more secure device. Again, Jalali made no indication as to who was believed
to be behind the wire tap .
Still, Israel seems to be name on everyone's lips. The news is only one episode in a rapid
succession of moves between Israel and Iran, with Israel's Mossad intelligence agency saying on
Wednesday it had thwarted an Iranian murder plot in Denmark against three members of the Arab
Struggle Movement for the Liberation of Ahvaz, an organization connected to those who carried
out a terrorist attack during a
military parade in the Iranian city of Ahvaz on September 22, killing 25 people.
Earlier this year, Israel claimed it had accomplished a vast cyber-heist, stealing an
archive that Israel claimed documented Tehran's continuing nuclear weapons program. Israeli
Prime Minister Benjamin Netanyahu presented those claims to the UN in September.
"What Iran hides, Israel will find," Netanyahu declared in his UN speech at the
time.
What kind of sick people put viruses in nuclear power stations? The same kind that
shoot kids with sniper rifles while their citizens watch and cheer, I guess. Straight up
criminal rogue regime...
John Mason
Who else could it be but one of the dirty 4, US, UK, France or Israel who have been
involved in creating global chaos.
"... Apple is a shit proprietary company that has somehow convinced people around the world that their product is as important as eating, and costs you as much to have an iPhone as it costs you to buy food each month. Oh but it has a camera and these really cool weather apps that cuss at you, and my selfie stick is made for the iPhone 7, but they will be coming out with an iPhone 8 soon. I sure hope my selfie stick works with it! ..."
Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains
documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the
infection persists even if the operating system is re-installed) developed by the CIA's
Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain
'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of
EFI/UEFI and firmware malware.
Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by
the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop
is booting" allowing an attacker to boot its attack software for example from a USB stick "even
when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the
modified firmware of an Apple Thunderbolt-to-Ethernet adapter.
"DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air
computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI,
kernel-space and user-space implants.
Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent
version "DerStake" are also included in this release. While the DerStake1.4 manual released
today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on
and update these systems and is working on the production of DerStarke2.0.
Also included in this release is the manual for the CIA's "NightSkies 1.2" a
"beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached
1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones.
i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.
While CIA assets are sometimes used to physically infect systems in the custody of a target
it is likely that many CIA physical access attacks have infected the targeted organization's
supply chain including by interdicting mail orders and other shipments (opening, infecting, and
resending) leaving the United States or otherwise
... "Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be
physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone
supply chain of its targets since at least 2008."
... time to ditch those CiApple devices ... now you know why the Canadian Blackberry was
killed off the US market ... they wouldn't play the US alphabet agencies' surveillance game
...
I knew it was a publicity hoax when Apple didn't want to allow the
feds access to the phone that was used by the killers in the San Bernadillo Massacre. Like
Apple really cares about giving your info to the feds...
Apple is a shit proprietary company that has somehow convinced people around the world that
their product is as important as eating, and costs you as much to have an iPhone as it costs
you to buy food each month. Oh but it has a camera and these really cool weather apps that cuss
at you, and my selfie stick is made for the iPhone 7, but they will be coming out with an
iPhone 8 soon. I sure hope my selfie stick works with it!
"Hi, my name is Lisa and I am in like 7th grade. Other kids in my class only have the iPhone
5, but I have the new iPhone 7. I go to school with such pathetic loooserrs. Everyone in my
school is jealous of me and my new iPhone 7, cause it shows that my parents really care about
me, because, you know, they spent a lot of money on me for this phone so it must show they
like, really care, right?
And the other kids in school chant my name as I walk down the halls
because they're like so jealous of how much my parents love me. They are jealous because I'm
like really rich, really cool, and my parents really love me too."
In a honest country where the rule of law applies to all, USA prisons
would be filled with CIA and NSA operatives. Instead, we live in a banana republic, without the
bananas.
Who's your money on? Bloomberg's sources? Apple? Amazon? Super Micro?
####
Hit the comments. Quite a few very good points made, namely 'Why now?' (its da Chinese!)
as it supposed occurred some years ago, the US breaks this kind of story when it knows it
will shortly be fingered for doing the same (the US did a demo SCADA attack for the media
before the STUXNET story broke), if it was done it would have only been on select machines
etc. etc.
There was a headlining (which of course I cannot find now*) saying that the US is calling
on the UK, EU & Japan should get together and take on China economically. Why does the
might US need help? It's quite an admission. This is at the same time that the US is
targeting EU companies that do business with Russia and also telling Brussels that they do
not agree with its very modest proposals for WTO reform.** There's no balance. They're all
over the place, no to mention their spokespersons going tonto and shooting off their mouths
so casually (US NATO Amb).
The more you look at all the current revelations, who they are made by, the way they are
all being fed to the press and the demands now being made, it looks more and more that the
Euro-Atfantacists are making another concerted and desperate campaign to retain some sort of
influence. The UK is leaving the EU. Even if it rejoins, it won't be a 'special partner'. The
fact that the USA-insane Netherlands and the UK are running their stories together shows us
that the target is the rest of Europe, just as outgoing Pres of the EU J-C Juncker has said
that Europe's best interests are with a security treaty with Russia. BTW, Finland's Stubb is
putting himself forward to replace Juncker
"... There has been an ongoing campaign on the part of the US, to get out the idea that China, Russia, North Korea, and Iran have massive armies of hackers that are constantly looking to steal American secrets. The absurdity of the US' claims is pretty obvious. As I pointed out in my book The Myth of Homeland Security ..."
"... "The Great US/China Cyberwar of 2010" is one cyberwar that didn't happen, but was presaged with a run-up of lots of claims that the Chinese were hacking all over the place. I'm perfectly willing to accept the possibility that there was Chinese hacking activity, but in the industry there was no indication of an additional level of attack or significance. ..."
"... One thing that did ..."
"... US ideology is that "we don't start wars" -- it's always looking for an excuse to go to war under the rubric of self-defense, so I see these sorts of claims as justification in advance for unilateral action. I also see it as a sign of weakness; if the US were truly the superpower it claims it is, it would simply accept its imperial mantle and stop bothering to try to justify anything. I'm afraid we may be getting close to that point. ..."
"... My assumption has always been that the US is projecting its own actions on other nations. At the time when the US was talking the loudest about Chinese cyberwar, the US and Israel had launched STUXNET against the Iranian enrichment plant at Natanz, and the breeder reactor at Bushehr (which happens to be just outside of a large city; the attack took some of its control systems and backup generators offline). Attacks on nuclear power facilities are a war crime under international humanitarian law, which framework the US is signatory to but has not committed to actually follow. This sort of activity happens at the same time that the US distributes talking-points to the media about the danger of Russian hackers crashing the US power grid. I don't think we can psychoanalyze an entire government and I think psychoanalysis is mostly nonsense -- but it's tempting to accuse the US of "projection." ..."
"... All of this stuff happens against the backdrop of Klein, Binney, Snowden, and the Vault 7 revelations, as well as solid attribution identifying the NSA as "equation group" and linking the code-tree of NSA-developed malware to STUXNET, FLAME, and DUQU. ..."
"... the US has even admitted to deploying STUXNET -- Obama bragged about it. When Snowden's revelations outlined how the NSA had eavesdropped on Angela Merkel's cellphone, the Germans expressed shock and Barack Obama remarkably truthfully said "that's how these things are done" and blew the whole thing off by saying that the NSA wasn't eavesdropping on Merkel any more. [ bbc ] ..."
"... It's hard to keep score because everything is pretty vague, but it sounds like the US has been dramatically out-spending and out-acting the other nations that it accuses of being prepared for cyberwar. ..."
"... it's hard not to see the US is prepared for cyberwar, when both the NSA and the CIA leak massive collections of advanced tools. ..."
"... My observation is that the NSA and CIA have been horribly sloppy and have clearly spent a gigantic amount of money preparing to compromise both foreign and domestic systems -- that's bad enough. With friends like the NSA and CIA, who needs Russians and Chinese? ..."
"... The Russian and Chinese efforts are relatively tiny compared to the massive efforts the US expends tens of billions of dollars on. The US spends about $50bn on its intelligence agencies, while the entire Russian Department of Defense budget is about $90bn (China is around $139bn) -- maybe the Russians and Chinese have such a small footprint because they are much smaller operations? ..."
"... That brings us to the recent kerfuffle about taps on the Supermicro motherboards. That's not unbelievable at all -- not in a world where we discover that Intel has built a parallel management CPU into every CPU since 2008, and that there is solid indications that other processors have similar backdoors. ..."
"... There are probably so many backdoors in our systems that it's a miracle it works at all. ..."
"... So, with respect to "propaganda" I would say that the US intelligence community has been consistently pushing a propaganda agenda against the US government, and the citizens in order to justify its actions and defend its budget. ..."
"... What little I've been able to find out the new Trump™ cybersecurity plan is that it doesn't involve any defense, just massive retribution against (perceived) foes. ..."
"... Funny how those obsessed with "false flag" operations work so hard to invite more of same. ..."
Bob Moore asks me to comment on an article about propaganda and security/intelligence. [
article ] This is going to be a mixture of opinion and references to facts; I'll try to be
clear which is which.
Yesterday several NATO countries ran a concerted propaganda campaign against Russia. The
context for it was a NATO summit in which the U.S. presses for an intensified cyberwar
against NATO's preferred enemy.
On the same day another coordinated campaign targeted China. It is aimed against China's
development of computer chip manufacturing further up the value chain. Related to this is
U.S. pressure on Taiwan, a leading chip manufacturer, to cut its ties with its big
motherland.
It is true that the US periodically makes a big push regarding "messaging" about hacking.
Whether or not it constitutes a "propaganda campaign" depends on how we choose to interpret
things and the labels we attach to them -- "propaganda campaign" has a lot of negative
connotations and one person's "outreach effort" is an other's "propaganda." An
ultra-nationalist or an authoritarian submissive who takes the government's word for anything
would call it "outreach."
There has been an ongoing campaign on the part of the US, to get out the idea that
China, Russia, North Korea, and Iran have massive armies of hackers that are constantly looking
to steal American secrets. The absurdity of the US' claims is pretty obvious. As I pointed out
in my book The Myth of Homeland Security (2004) [
wc ] claims such as that the Chinese had "40,000 highly trained hackers" are flat-out
absurd and ignore the reality of hacking; that's four army corps. Hackers don't engage in
"human wave" attacks.
"The Great US/China Cyberwar of 2010" is one cyberwar that didn't happen, but was
presaged with a run-up of lots of claims that the Chinese were hacking all over the place. I'm
perfectly willing to accept the possibility that there was Chinese hacking activity, but in the
industry there was no indication of an additional level of attack or significance.
One thing that did happen in 2010 around the same time as the nonexistent
cyberwar was China and Russia proposed trilateral talks with the US to attempt to define
appropriate limits on state-sponsored hacking. The US flatly rejected the proposal, but there
was virtually no coverage of that in the US media at the time. The UN also called for a
cyberwar treaty framework, and the effort was killed by the US. [ wired ] What's
fascinating and incomprehensible to me is that, whenever the US feels that its ability to claim
pre-emptive cyberwar is challenged, it responds with a wave of claims about Chinese (or Russian
or North Korean) cyberwar aggression.
John Negroponte, former director of US intelligence, said intelligence agencies in the
major powers would be the first to "express reservations" about such an accord.
US ideology is that "we don't start wars" -- it's always looking for an excuse to go to
war under the rubric of self-defense, so I see these sorts of claims as justification in
advance for unilateral action. I also see it as a sign of weakness; if the US were truly the
superpower it claims it is, it would simply accept its imperial mantle and stop bothering to
try to justify anything. I'm afraid we may be getting close to that point.
My assumption has always been that the US is projecting its own actions on other
nations. At the time when the US was talking the loudest about Chinese cyberwar, the US and
Israel had launched STUXNET against the Iranian enrichment plant at Natanz, and the breeder
reactor at Bushehr (which happens to be just outside of a large city; the attack took some of
its control systems and backup generators offline). Attacks on nuclear power facilities are a
war crime under international humanitarian law, which framework the US is signatory to but has
not committed to actually follow. This sort of activity happens at the same time that the US
distributes talking-points to the media about the danger of Russian hackers crashing the US
power grid. I don't think we can psychoanalyze an entire government and I think psychoanalysis
is mostly nonsense -- but it's tempting to accuse the US of "projection."
The anti-Russian campaign is about alleged Russian spying, hacking and influence
operations. Britain and the Netherland took the lead. Britain accused Russia's military
intelligence service (GRU) of spying attempts against the Organisation for the Prohibition of
Chemical Weapons (OPCW) in The Hague and Switzerland, of spying attempts against the British
Foreign Office, of influence campaigns related to European and the U.S. elections, and of
hacking the international doping agency WADA. British media willingly
helped to exaggerate the claims: [ ]
The Netherland [sic] for its part released
a flurry
of information about the alleged spying attempts against the OPCW in The Hague. It claims
that four GRU agents traveled to The Hague on official Russian diplomatic passports to sniff
out the WiFi network of the OPCW. (WiFi networks are notoriously easy to hack. If the OPCW is
indeed using such it should not be trusted with any security relevant issues.) The Russian
officials were allegedly very secretive, even cleaning out their own hotel trash, while they,
at the same, time carried laptops with private data and even taxi receipts showing their
travel from a GRU headquarter in Moscow to the airport. Like in the Skripal/Novichok saga the
Russian spies are, at the same time, portrayed as supervillains and hapless amateurs. Real
spies are neither.
There's a lot there, and I think the interpretation is a bit over-wrought, but it's mostly
accurate. The US and the UK (and other NATO allies, as necessary) clearly coordinate when it
comes to talking points. Claims of Chinese cyberwar in the US press will be followed by claims
in the UK and Australian press, as well. My suspicion is that this is not the US Government and
UK Government coordinating a story -- it's the intelligence agencies doing it. My
opinion is that the intelligence services are fairly close to a "deep state" -- the
CIA and NSA are completely out of control and the CIA has gone far toward building its own
military, while the NSA has implemented completely unrestricted surveillance worldwide.
All of this stuff happens against the backdrop of Klein, Binney, Snowden, and the Vault
7 revelations, as well as solid attribution identifying the NSA as "equation group" and linking
the code-tree of NSA-developed malware to STUXNET, FLAME, and DUQU. While the attribution
that "Fancy Bear is the GRU" has been made and is probably fairly solid, the attribution of NSA
malware and CIA malware is rock solid; the US has even admitted to deploying STUXNET --
Obama bragged about it. When Snowden's revelations outlined how the NSA had eavesdropped on
Angela Merkel's cellphone, the Germans expressed shock and Barack Obama remarkably truthfully
said "that's how these things are done" and blew the whole thing off by saying that the NSA
wasn't eavesdropping on Merkel any more. [ bbc ]
It's hard to keep score because everything is pretty vague, but it sounds like the US
has been dramatically out-spending and out-acting the other nations that it accuses of being
prepared for cyberwar. I tend to be extremely skeptical of US claims because: bomber gap,
missile gap, gulf of Tonkin, Iraq WMD, Afghanistan, Libya and every other aggressive attack by
the US which was blamed on its target. The reason I assume the US is the most aggressive actor
in cyberspace is because the US has done a terrible job of protecting its tool-sets and
operational security: it's hard not to see the US is prepared for cyberwar, when both the
NSA and the CIA leak massive collections of advanced tools.
Meanwhile, where are the leaks of Russian and Chinese tools? They have been few and far
between, if there have been any at all. Does this mean that the Russians and Chinese have
amazingly superior tradecraft, if not tools? I don't know. My observation is that the NSA
and CIA have been horribly sloppy and have clearly spent a gigantic amount of money preparing
to compromise both foreign and domestic systems -- that's bad enough. With friends like the NSA
and CIA, who needs Russians and Chinese?
The article does not have great depth to its understanding of the situation, I'm afraid. So
it comes off as a bit heavy on the recent news while ignoring the long-term trends. For
example:
The allegations of Chinese supply chain attacks are of course just as hypocritical as the
allegations against Russia. The very first know case of computer related supply chain
manipulation goes
back to 1982 :
A CIA operation to sabotage Soviet industry by duping Moscow into stealing booby-trapped
software was spectacularly successful when it triggered a huge explosion in a Siberian gas
pipeline, it emerged yesterday.
I wrote a piece about the "Farewell Dossier" in 2004. [ mjr
] Re-reading it, it comes off as skeptical but waffly. I think that it's self-promotion by the
CIA and exaggerates considerably ("look how clever we are!") at a time when the CIA was
suffering an attention and credibility deficit after its shitshow performance under George
Tenet. But the first known cases of computer related supply chain manipulation go back to the
70s and 80s -- the NSA even compromised Crypto AG's Hagelin M-209 system (a mechanical
ciphering machine) in order to read global communications encrypted with that product. You can
imagine Crypto AG's surprise when the Iranian secret police arrested one of their sales reps
for selling backdoor'd crypto -- the NSA had never told them about the backdoor, naturally. The
CIA was also on record for producing Xerox machines destined for the USSR, which had recorders
built into them So, while the article is portraying the historical sweep of NSA dirty tricks,
they're only looking at the recent ones. Remember: the NSA also weakened the elliptic curve
crypto library in RSA's Bsafe implementation, paying RSADSI $13 million to accept their tweaked
code.
Why haven't we been hearing about the Chinese and Russians doing that sort of thing? There
are four options:
The Russians and Chinese are doing it, they're just so darned good nobody has
caught them until just recently.
The Russians and Chinese simply resort to using existing tools developed by the
hacking/cybercrime community and rely on great operational security rather than fancy
tools.
The Russian and Chinese efforts are relatively tiny compared to the massive efforts
the US expends tens of billions of dollars on. The US spends about $50bn on its intelligence
agencies, while the entire Russian Department of Defense budget is about $90bn (China is
around $139bn) -- maybe the Russians and Chinese have such a small footprint because they are
much smaller operations?
Something else.
That brings us to the recent kerfuffle about taps on the Supermicro motherboards. That's
not unbelievable at all -- not in a world where we discover that Intel has built a parallel
management CPU into every CPU since 2008, and that there is solid indications that other
processors have similar backdoors.
Was the Intel IME a "backdoor" or just "a bad idea"? Well, that's tricky. Let me put my
tinfoil hat on: making a backdoor look like a sloppily developed product feature would be the
competent way to write a backdoor. Making it as sneaky as the backdoor in the Via is
unnecessary -- incompetence is eminently believable.
&
(kaspersky)
I believe all of these stories (including the Supermicro) are the tip of a great big, ugly
iceberg. The intelligence community has long known that software-only solutions are too
mutable, and are easy to decompile and figure out. They have wanted to be in the BIOS of
systems -- on the motherboard -- for a long time. If you go back to 2014, we have disclosures
about the NSA malware that hides in hard drive BIOS: [
vice ] [
vice ] That appears to have been in progress around 2000/2001.
Of note, the group recovered two modules belonging to EquationDrug and GrayFish that were
used to reprogram hard drives to give the attackers persistent control over a target machine.
These modules can target practically every hard drive manufacturer and brand on the market,
including Seagate, Western Digital, Samsung, Toshiba, Corsair, Hitachi and more. Such attacks
have traditionally been difficult to pull off, given the risk in modifying hard drive
software, which may explain why Kaspersky could only identify a handful of very specific
targets against which the attack was used, where the risk was worth the reward.
But
Equation Group's malware platforms have other tricks, too. GrayFish, for example, also has
the ability to install itself into computer's boot record -- software that loads even
before the operating system itself -- and stores all of its data inside a portion of
the operating system called the registry, where configuration data is normally stored.
EquationDrug was designed for use on older Windows operating systems, and "some of the
plugins were designed originally for use on Windows 95/98/ME" -- versions of Windows so old
that they offer a good indication of the Equation Group's age.
This is not a very good example of how to establish a "malware gap" since it just makes the
NSA look like they are incapable of keeping a secret. If you want an idea how bad it is,
Kaspersky labs' analysis of the NSA's toolchain is a good example of how to do attribution
correctly. Unfortunately for the US agenda, that solid attribution points toward Fort Meade in
Maryland. [kaspersky]
Let me be clear: I think we are fucked every which way from the start. With backdoors in the
BIOS, backdoors on the CPU, and wireless cellular-spectrum backdoors, there are probably
backdoors in the GPUs and the physical network controllers, as well. Maybe the backdoors in the
GPU come from the GRU and maybe the backdoors in the hard drives come from NSA, but who cares?
The upshot is that all of our systems are so heinously compromised that they can only be
considered marginally reliable. It is, literally, not your computer: it's theirs. They'll let
you use it so long as your information is interesting to them.
Do I believe the Chinese are capable of doing such a thing? Of course. Is the GRU? Probably.
Mossad? Sure. NSA? Well-documented attribution points toward NSA. Your computer is a free-fire
zone. It has been since the mid 1990s, when the NSA was told "no" on the Clipper chip and
decided to come up with its own Plan B, C, D, and E. Then, the CIA came up with theirs. Etc.
There are probably so many backdoors in our systems that it's a miracle it works at
all.
From my 2012 RSA conference lecture "Cyberwar, you're doing it wrong."
The problem is that playing in this space is the purview of governments. Nobody in the
cybercrime or hacking world need tools like these. The intelligence operatives have huge
budgets, compared to a typical company's security budget, and it's unreasonable to expect any
business to invest such a level of effort on defending itself. So what should companies do?
They should do exactly what they are doing: expect the government to deal with it; that's what
governments are for. The problem with that strategy is that their government isn't on their
side, either! It's Hobbes' playground.
In case you think I am engaging in hyperbole, I assure you I am not. If you want another
example of the lengths (and willingness to bypass the law) "they" are willing to go, consider
'stingrays' that are in operation in every major US city and outside of every interesting hotel
and high tech park. Those devices are not passive -- they actively inject themselves into the
call set-up between your phone and your carrier -- your data goes through the stingray, or it
doesn't go at all. If there are multiple stingrays, then your latency goes through the roof.
"They" don't care. Are the stingrays NSA, FBI, CIA, Mossad, GRU, or PLA? Probably a bit of all
of the above depending on where and when.
Whenever the US gets caught with its pants down around its ankles, it blames the Chinese or
the Russians because they have done a good job of building the idea that the most serious
hackers on the planet at the Chinese. I don't believe that we're seeing complex propaganda
campaigns that are tied to specific incidents -- I think we see ongoing organic
propaganda campaigns that all serve the same end: protect the agencies, protect their budgets,
justify their existence, and downplay their incompetence.
So, with respect to "propaganda" I would say that the US intelligence community has been
consistently pushing a propaganda agenda against the US government, and the citizens in order
to justify its actions and defend its budget.
The government also engages in propaganda, and is influenced by the intelligence
community's propaganda as well. And the propaganda campaigns work because everyone
involved assumes, "well, given what the NSA has been able to do, I should assume the Chinese
can do likewise." That's a perfectly reasonable assumption and I think it's probably true that
the Chinese have capabilities. The situation is what Chuck Spinney calls "A self-licking ice
cream cone" -- it's a justifying structure that makes participation in endless aggression seem
like a sensible thing to do. And, when there's inevitably a disaster, it's going to be like a
cyber-9/11 and will serve as a justification for even more unrestrained aggression.
Want to see what it looks like? A thousand thanks to Commentariat member [redacted] for this
link. If you don't like video, there's an article here. [ toms ]
Is this an NSA backdoor, or normal incompetence? Is Intel Management Engine an NSA-inspired
backdoor, or did some system engineers at Intel think that was a good idea? There are other
scary indications of embedded compromise: the CIA's Vault7 archive included code that appeared
to be intended to embed in the firmware of "smart" flatscreen TVs. That would make every LG
flat panel in every hotel room, a listening device just waiting to be turned on.
We know the Chinese didn't do that particular bug but why wouldn't they do
something similar, in something else? China is the world's oldest mature culture -- they
literally wrote the book on strategy -- Americans acting as though it's a great
surprise to learn that the Chinese are not stupid, it's just the parochialism of a 250 year-old
culture looking at a 3,000 year-old culture and saying "wow, you guys haven't been asleep at
the switch after all!"
What little I've been able to find out the new
Trump™ cybersecurity plan is that it doesn't involve any defense, just massive
retribution against (perceived) foes.
Funny how those obsessed with "false flag" operations work so hard to invite more of
same.
Pierce R. Butler@#1: What little I've been able to find out the new Trump™ cybersecurity plan is that
it doesn't involve any defense, just massive retribution against (perceived) foes.
Yes. Since 2001, as far as most of us can tell, federal cybersecurity spend has been 80%
offense, 20% defense. And a lot of the offensive spend has been aimed at We, The
People.
Your mention of Operation Sundevil and Kevin Mitnick in a previous post made me think
that maybe the reason we haven't seen the kind of leaks from the Russian and Chinese
hacking operations that we've seem from the NSA is that they're running a "Kevin Mitnick
style" operation; that is, relying less on technical solutions and using instead
old-fashioned "social engineering" and other low-tech forms of espionage (like running
troll farms on social media). I mean, I've seen interviews with retired US intelligence
people since the 90s complain that since the late 1980s, the intelligence agencies have
been crippled by management in love with hi-tech "SIGINT" solutions to problems that never
deliver and neglecting old-fashioned "HUMINT" intelligence-gathering.
The thing is, Kevin Mitnick got away with a lot of what he did because people didn't
take security seriously then, and still don't. On a similar nostalgia vibe, I remember
reading an article by Keith Bostic (one of the researchers who helped in the analysis of
the Morris worm
that took down a significant chunk of the Internet back in 1988) where he did a follow-up a
year or so afterwards and some depressing number of organisations that had been hit by it
still hadn't patched the holes that had let the worm infect them in the first
place.
Cat Mara@#3: Your mention of Operation Sundevil and Kevin Mitnick in a previous post made me think
that maybe the reason we haven't seen the kind of leaks from the Russian and Chinese
hacking operations that we've seem from the NSA is that they're running a "Kevin Mitnick
style" operation; that is, relying less on technical solutions and using instead
old-fashioned "social engineering" and other low-tech forms of espionage (like running
troll farms on social media).
I think that's right, to a high degree. What if Edward Snowden was an agent provocateur
instead of a well-meaning naive kid? A tremendous amount of damage could be done, as well
as stealing the US' expensive toys. The Russians have been very good at doing exactly that
sort of operation, since WWII. The Chinese are, if anything, more subtle than the
Russians.
The Chinese attitude, as expressed to me by someone who might be a credible source is,
"why are you picking a fight with us? We don't care, you're too far away for us to threaten
you, we both have loads of our own fish to fry. To them, the US is young, hyperactive, and
stupid.
The FBI is not competent, at all, against old-school humint intelligence-gathering.
Compared to the US' cyber-toys, the old ways are probably more efficient and cost
effective. China's intelligence community is also much more team-oriented than the CIA/NSA;
they're actually a disciplined operation under the strategic control of policy-makers.
That, by the way, is why Russians and Chinese stare in amazement when Americans ask things
like "Do you think Putin knew about this?" What a stupid question! It's an autocracy; they
don't have intelligence operatives just going an deciding "it's a nice day to go to England
with some Novichok." The entire American attitude toward espionage lacks maturity.
On a similar nostalgia vibe, I remember reading an article by Keith Bostic (one of
the researchers who helped in the analysis of the Morris worm that took down a significant
chunk of the Internet back in 1988) where he did a follow-up a year or so afterwards and
some depressing number of organisations that had been hit by it still hadn't patched the
holes that had let the worm infect them in the first place.
That as an exciting time. We were downstream from University of Maryland, which got hit
pretty badly. Pete Cottrel and Chris Torek from UMD were also in on Bostic's dissection. We
were doing uucp over TCP for our email (that changed pretty soon after the worm) and our
uucp queue blew up. I cured the worm with a reboot into single-user mode and a quick 'rm
-f' in the uucp queue.
Thanks. I appreciate your measured analysis and the making explicit of the bottom line:
" agencies, protect their budgets, justify their existence, and downplay their
incompetence."
"In simplified terms, the implants on Supermicro hardware manipulated the core operating
instructions that tell the server what to do as data move across a motherboard, two people
familiar with the chips' operation say. This happened at a crucial moment, as small bits of
the operating system were being stored in the board's temporary memory en route to the
server's central processor, the CPU. The implant was placed on the board in a way that
allowed it to effectively edit this information queue, injecting its own code or altering the
order of the instructions the CPU was meant to follow. Deviously small changes could create
disastrous effects.
The illicit chips could do all this because they were connected to the baseboard
management controller, a kind of superchip that administrators use to remotely log in to
problematic servers, giving them access to the most sensitive code even on machines that have
crashed or are turned off."
"The Intel Management Engine (ME), also known as the Manageability Engine, is an
autonomous subsystem that has been incorporated in virtually all of Intel's processor
chipsets since 2008. The subsystem primarily consists of proprietary firmware running on a
separate microprocessor that performs tasks during boot-up, while the computer is running,
and while it is asleep.As long as the chipset or SoC is connected to current (via battery or
power supply), it continues to run even when the system is turned off. Intel claims the ME is
required to provide full performance. Its exact workings are largely undocumented and its
code is obfuscated using confidential huffman tables stored directly in hardware, so the
firmware does not contain the information necessary to decode its contents. Intel's main
competitor AMD has incorporated the equivalent AMD Secure Technology (formally called
Platform Security Processor) in virtually all of its post-2013 CPUs.
The Electronic Frontier Foundation (EFF) and security expert Damien Zammit accuse the ME
of being a backdoor and a privacy concern. Zammit states that the ME has full access to
memory (without the parent CPU having any knowledge); has full access to the TCP/IP stack and
can send and receive network packets independent of the operating system, thus bypassing its
firewall. Intel asserts that it "does not put back doors in its products" and that its
products do not "give Intel control or access to computing systems without the explicit
permission of the end user."
"... Plus according to Microsemi's own website, all military and aerospace qualified versions of their parts are still made in the USA. So this "researcher" used commercial parts, which depending on the price point can be made in the plant in Shanghai or in the USA at Microsemi's own will. ..."
"... The "researcher" and the person who wrote the article need to spend some time reading more before talking. ..."
"... You clearly have NOT used a FPGA or similar. First the ProASIC3 the article focuses on is the CHEAPEST product in the product line (some of that model line reach down to below a dollar each). But beyond that ... Devices are SECURED by processes, such as blowing the JTAG fuses in the device which makes them operation only, and unreadable. They are secureable, if you follow the proper processes and methods laid out by the manufacturer of the specific chip. ..."
"... Just because a "research paper" claims there is other then standard methods of JTAG built into the JTAG doesn't mean that the device doesn't secure as it should, nor does it mean this researcher who is trying to peddle his own product is anything but biased in this situation. ..."
"... You do know that the Mossad has been caught stealing and collecting American Top Secrets. ..."
"... The original article is here. [cam.ac.uk] It refers to an Actel ProAsic3 chip, which is an FPGA with internal EEPROM to store the configuration. ..."
"... With regard to reprogramming the chip remotely or by the FPGA itself via the JTAG port: A secure system is one that can't reprogram itself. ..."
"... When I was designing VMEbus computer boards for a military subcontractor many years ago, every board had a JTAG connector that required the use of another computer with a special cable plugged into the board to perform reprogramming of the FPGAs. None of this update-by-remote-control crap. ..."
"... It seems that People's Republic of China has been misidentified with Taiwan (Republic of China). ..."
"... Either the claims will be backed up by independently reproduced tests or they won't. But, given his apparent track record in this area and the obvious scrutiny this would bring, Skorobogatov must have been sure of his results before announcing this. ..."
"... Where was this undocumented feature/bug designed in? I see plenty of "I hate China" posts, it would be quite hilarious if the fedgov talked the US mfgr into adding this backdoor, then the Chinese built it as designed. Perhaps the plan all along was to blame the Chinese if they're caught. ..."
"... These are not military chips. They are FPGAs that happen to be used occasionally for military apps. Most of them are sold for other, more commercially exploitable purposes. ..."
"... The page with a link to the final paper actually does mention China. However, it's an American design from a US company. I suspect we will find the backdoor was in the original plans. It will be interesting to see however. ..."
"Today's big news is that researchers have found proof of Chinese manufacturers putting
backdoors in American chips that the military uses. This is false. While they did find a
backdoor in a popular FPGA chip, there is no evidence the Chinese put it there, or even
that it was intentionally malicious.
Furthermore, the Actel ProAsic3 FPGA chip isn't fabricated in China at all !!
1) Read the paper http://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf
2) This is talking about FPGAs designed by Microsemi/Actel.
3) The article focuses on the ProAsic3 chips but says all the Microsemi/Actel chips tested
had the same backdoor including but not limited to Igloo, Fusion and Smartfusion.
4) FPGAs give JTAG access to their internals for programming and debugging but many of the
access methods are proprietary and undocumented. (security through obscurity)
5) Most FPGAs have features that attempt to prevent reverse engineering by disabling the
ability to read out critical stuff.
6) These chips have a secret passphrase (security through obscurity again) that allows you to
read out the stuff that was supposed to be protected.
7) These researchers came up with a new way of analyzing the chip (pipeline emission
analysis) to discover the secret passphrase. More conventional analysis (differential power
analysis) was not sensitive enough to reveal it.
This sounds a lot (speculation on my part) like a deliberate backdoor put in for debug
purposes, security through obscurity at it's best. It doesn't sound like something secret
added by the chip fab company, although time will tell. Just as embedded controller companies
have gotten into trouble putting hidden logins into their code thinking they're making the
right tradeoff between convenience and security, this hardware company seems to have done the
same.
Someone forgot to tell the marketing droids though and they made up a bunch of stuff about
how the h/w was super secure.
I don't think anyone fully understands JTAG, there are a lot of different versions of it
mashed together on the typical hardware IC. Regardless if its a FPGA, microcontroller or
otherwise. The so called "back door" can only be accessed through the JTAG port as well, so
unless the military installed a JTAG bridge to communicate to the outside world and left it
there, well then the "backdoor" is rather useless.
Something that can also be completely disabled by setting the right fuse inside the chip
itself to disable all JTAG connections. Something that is considered standard practice on
IC's with a JTAG port available once assembled into their final product and programmed.
Plus according to Microsemi's own website, all military and aerospace qualified versions
of their parts are still made in the USA. So this "researcher" used commercial parts, which
depending on the price point can be made in the plant in Shanghai or in the USA at
Microsemi's own will.
The "researcher" and the person who wrote the article need to spend some time reading more
before talking.
The so called "back door" can only be accessed through the JTAG port as well, so unless
the military installed a JTAG bridge to communicate to the outside world and left it there,
well then the "backdoor" is rather useless.
With pin access to the FPGA it's trivial to hook it up, no bridges or transceivers needed.
If it's a BGA then get a breakout/riser board that provides pin access. This is off-the-shelf
stuff. This means if the Chinese military gets their hands on the hardware they can reverse
engineer it. They won't have to lean very hard on the manufacturer for them to cough up every
last detail. In China you just don't say no to such requests if you know what's good for you
and your business.
Not being readable even when someone has the device in hand is exactly what these secure
FPGAs are meant to protect against!
It's not a non-issue. It's a complete failure of a product to provide any advantages
over non-secure equivalents.
You clearly have NOT used a FPGA or similar. First the ProASIC3 the article focuses on is
the CHEAPEST product in the product line (some of that model line reach down to below a
dollar each). But beyond that ... Devices are SECURED by processes, such as blowing the JTAG fuses in the device which makes
them operation only, and unreadable. They are secureable, if you follow the proper processes
and methods laid out by the manufacturer of the specific chip.
Just because a "research paper" claims there is other then standard methods of JTAG built
into the JTAG doesn't mean that the device doesn't secure as it should, nor does it mean this
researcher who is trying to peddle his own product is anything but biased in this
situation.
"Even if this case turns out to be a false alarm, allowing a nation that you repeatedly
refer to as a 'near-peer competitor' to build parts of your high-tech weaponry is
idiotic."
Not to mention the non-backdoor ones.
'Bogus electronic parts from China have infiltrated critical U.S. defense systems and
equipment, including Navy helicopters and a commonly used Air Force cargo aircraft, a new
report says.'
The US military should have a strict policy of only buying military parts from
sovereign, free, democratic countries with a long history of friendship, such as Israel,
Canada, Europe, Japan and South Korea.
Didn't the US and UK governments sell crypto equipment they knew they could break to their
'allies' during the Cold War?
Second problem.... 20 years ago the DOD had their own processor manufacturing facilities,
IC chips, etc. They were shut down in favor of commercial equipment because some idiot
decided it was better to have an easier time buying replacement parts at Radioshack than
buying quality military-grade components that could last in austere environments. (Yes,
speaking from experience). Servers and workstations used to be built from the ground up at
places like Tobyhanna Army Depot. Now, servers and workstations are bought from Dell.
Fabs are expensive. The latest generation nodes cost billions of dollars to set up and
billions more to run. If they aren't cranking chips out 24/7, they're literally costing
money. Yes, I know it's hte military, but I'm sure people have a hard time justifying $10B
every few years just to fab a few chips. One of the biggest developments in the 90s was the
development of foundries that let anyone with a few tens of millions get in the game of
producing chips rather than requiring billions in startup costs. Hence the startup of tons of
fabless companies selling chips.
OK, another option is to buy a cheap obsolete fab and make chips that way - much cheaper
to run, but we're also talking maybe 10+ year old technology, at which point the chips are
going to be slower and take more power.
Also, building your own computer from the ground up is expensive - either you buy the
designs of your servers from say, Intel, or design your own. If you buy it, it'll be
expensive and probably require your fab to be upgraded (or you get stuck with an old design -
e.g., Pentium (the original) - which Intel bought back from the DoD because the DoD had been
debugging it over the decade). If you went with the older cheaper fab, the design has to be
modified to support that technology (you cannot just take a design and run with it - you have
to adapt your chip to the foundry you use).
If you roll your own, that becomes a support nightmare because now no one knows the
system.
And on the taxpayer side - I'm sure everyone will question why you're spending billions
running a fab that's only used at 10% capacity - unless you want the DoD getting into the
foundry business with its own issues.
Or, why is the military spending so much money designing and running its own computer
architecture and support services when they could buy much cheaper machines from Dell and run
Linux on them?
Hell, even if the DoD had budget for that, some bean counter will probably do the same so
they can save money from one side and use it to buy more fighter jets or something.
30+ years ago, defense spending on electronics formed a huge part of the overall
electronics spending. These days, defense spending is but a small fraction - it's far more
lucrative to go after the consumer market than the military - they just don't have the
economic clout they once had. End result is the military is forced to buy COTS ICs, or face
stuff like a $0.50 chip costing easily $50 or more for same just because the military is a
bit-player for semiconductors
You do know that the Mossad has been caught stealing and collecting American Top Secrets.
In fact most of the nations above save perhaps Canada have at one time or another been caught
either spying on us, or performing dirty deeds cheap against America's best interest. I'd say
for the really classified stuff, like the internal security devices that monitor everything
else... homegrown only thanks, and add that any enterprising person who's looking to get paid
twice by screwing with the hardware or selling secrets to certified unfriendlies get's to
cools their heels for VERY LONG TIME.
We investigated the PA3 backdoor problem through Internet searches, software and
hardware analysis and found that this particular backdoor is not a result of any mistake or
an innocent bug, but is instead a deliberately inserted and well thought-through backdoor
that is crafted into, and part of, the PA3 security system. We analysed other
Microsemi/Actel products and found they all have the same deliberate backdoor. Those
products include, but are not limited to: Igloo, Fusion and Smartfusion.
we have found that the PA3 is used in military products such as weapons, guidance,
flight control, networking and communications. In industry it is used in nuclear power
plants, power distribution, aerospace, aviation, public transport and automotive products.
This permits a new and disturbing possibility of a large scale Stuxnet-type attack via a
network or the Internet on the silicon itself. If the key is known, commands can be
embedded into a worm to scan for JTAG, then to attack and reprogram the firmware
remotely.
emphasis mine. Key is retrieved using the backdoor. Frankly, if this is true, Microsemi/Actel should get complete ban from all government
contracts, including using their chips in any item build for use by the government.
I would not be surprised if it's a factory backdoor that's included in all their products,
but is not documented and is assumed to not be a problem because it's not documented.
With regard to reprogramming the chip remotely or by the FPGA itself via the JTAG port: A
secure system is one that can't reprogram itself.
When I was designing VMEbus computer boards
for a military subcontractor many years ago, every board had a JTAG connector that required
the use of another computer with a special cable plugged into the board to perform
reprogramming of the FPGAs. None of this update-by-remote-control crap.
No
source approved [dla.mil] for Microsemi (Actel) qualified chips in China. If you use
non-approved sources then, well, shit happens (although how this HW backdoor would be
exploited is kind of unclear).
It seems that People's Republic of China has been misidentified with Taiwan (Republic of
China).
Either the claims will be backed up by independently reproduced tests or they won't. But,
given his apparent track record in this area and the obvious scrutiny this would bring,
Skorobogatov must have been sure of his results before announcing this.
Even though this story has been blowing-up on Twitter, there are a few caveats. The
backdoor doesn't seem to have been confirmed by anyone else, Skorobogatov is a little short
on details, and he is trying to sell the scanning technology used to uncover the
vulnerability.
Hey hey HEY! You stop that right this INSTANT, samzenpus! This is Slashdot! We'll have
none of your "actual investigative research" nonsense around here! Fear mongering to sell ad
space, mister, and that's ALL! Now get back to work! We need more fluffy space-filling
articles like that one about the minor holiday labeling bug Microsoft had in the UK! That's
what we want to see more of!
The back-door described in the white paper requires access to the JTAG (1149.1) interface
to exploit. Most deployed systems do not provide an active external interface for JTAG. With
physical access to a "secure" system based upon these parts, the techniques described in the
white paper allow for a total compromise of all IP within. Without physical access, very
little can be done to compromise systems based upon these parts.
Where was this undocumented feature/bug designed in? I see plenty of "I hate China" posts,
it would be quite hilarious if the fedgov talked the US mfgr into adding this backdoor, then
the Chinese built it as designed. Perhaps the plan all along was to blame the Chinese if
they're caught.
These are not military chips. They are FPGAs that happen to be used occasionally for
military apps. Most of them are sold for other, more commercially exploitable purposes.
This is a physical-access backdoor. You have to have your hands on the hardware to be able
to use JTAG. It's not a "remote kill switch" driven by a magic data trigger, it's a mechanism
that requires use of a special connector on the circuit board to connect to a dedicated JTAG
port that is simply neither used nor accessible in anything resembling normal operation.
That said, it's still pretty bad, because hardware does occasionally end up in the hands
of unfriendlies (e.g., crashed drones). FPGAs like these are often used to run classified
software radio algorithms with anti-jam and anti-interception goals, or to run classified
cryptographic algorithms. If those algorithms can be extracted from otherwise-dead and
disassembled equipment, that would be bad--the manufacturer's claim that the FPGA bitstream
can't be extracted might be part of the system's security certification assumptions. If that
claim is false, and no other counter-measures are place, that could be pretty bad.
Surreptitiously modifying a system in place through the JTAG port is possible, but less of
a threat: the adversary would have to get access to the system and then return it without
anyone noticing. Also, a backdoor inserted that way would have to co-exist peacefully with
all the other functions of the FPGA, a significant challenge both from an intellectual
standpoint and from a size/timing standpoint--the FPGA may just not have enough spare
capacity or spare cycles. They tend to be packed pretty full, 'coz they're expensive and you
want to use all the capacity you have available to do clever stuff.
This is a physical-access backdoor. You have to have your hands on the hardware to be
able to use JTAG. It's not a "remote kill switch" driven by a magic data trigger, it's a
mechanism that requires use of a special connector on the circuit board to connect to a
dedicated JTAG port that is simply neither used nor accessible in anything resembling
normal operation.
Surreptitiously modifying a system in place through the JTAG port is possible, but
less of a threat: the adversary would have to get access to the system and then return it
without anyone noticing.
As someone else mentioned in another post, physical access can be a bit of a misnomer.
Technically all that is required is for a computer to be connected via the JTAG interface in
order to exploit this. This might be a diagnostic computer for example. If that diagnostic
computer were to be infected with a targeted payload, there is your physical access.
The page with a link to the final paper actually does mention China. However, it's an
American design from a US company. I suspect we will find the backdoor was in the original
plans. It will be interesting to see however.
Kind of Chinagate, but China means her Taivan and the design is US-based. Completely false
malicious rumors -- propaganda attack on China. The goal is clearly to discredit Chinese hardware
manufactures by spreading technical innuendo. In other words this is a kick below the belt.
Bloomberg jerks are just feeding hacker paranoia.
First of all this is not easy to do, secondly this is a useless exercise, as you need access
to TCP/IP stack of the computer to transmit information. Software Trojans is much more productive
area for such activities.
Today, Bloomberg BusinessWeek published a story claiming that AWS was aware of modified
hardware or malicious chips in SuperMicro motherboards in Elemental Media's hardware at the
time Amazon acquired Elemental in 2015, and that Amazon was aware of modified hardware or chips
in AWS's China Region.
As we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is
untrue. At no time, past or present, have we ever found any issues relating to modified
hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor
have we engaged in an investigation with the government.
There are so many inaccuracies in this article as it relates to Amazon that they're
hard to count. We will name only a few of them here. First, when Amazon was considering
acquiring Elemental, we did a lot of due diligence with our own security team, and also
commissioned a single external security company to do a security assessment for us as well.
That report did not identify any issues with modified chips or hardware. As is typical with
most of these audits, it offered some recommended areas to remediate, and we fixed all critical
issues before the acquisition closed. This was the sole external security report commissioned.
Bloomberg has admittedly never seen our commissioned security report nor any other (and refused
to share any details of any purported other report with us).
The article also claims that after learning of hardware modifications and malicious chips in
Elemental servers, we conducted a network-wide audit of SuperMicro motherboards and discovered
the malicious chips in a Beijing data center. This claim is similarly untrue. The first and
most obvious reason is that we never found modified hardware or malicious chips in Elemental
servers. Aside from that, we never found modified hardware or malicious chips in servers in any
of our data centers. And, this notion that we sold off the hardware and datacenter in China to
our partner Sinnet because we wanted to rid ourselves of SuperMicro servers is absurd. Sinnet
had been running these data centers since we launched in China, they owned these data
centers from the start, and the hardware we "sold" to them was a transfer-of-assets agreement
mandated by new China regulations for non-Chinese cloud providers to continue to operate in
China.
Amazon employs stringent security standards across our supply chain – investigating
all hardware and software prior to going into production and performing regular security audits
internally and with our supply chain partners. We further strengthen our security posture by
implementing our own hardware designs for critical components such as processors, servers,
storage systems, and networking equipment.
Security will always be our top priority. AWS is trusted by many of the world's most
risk-sensitive organizations precisely because we have demonstrated this unwavering commitment
to putting their security above all else. We are constantly vigilant about potential threats to
our customers, and we take swift and decisive action to address them whenever they are
identified.
– Steve Schmidt, Chief Information Security Officer
Trumptards are IDIOTs
CashMcCall , 5 hours ago
TRUMPTARDS have an enormous amount of surplus time on their hands to forward their Harry
Potter Styled Conspiracies.
APPLE AND AMAZON DENIED THE STORY. STORY OVER... GET IT CREEPY?
CashMcCall , 5 hours ago
While TRUMPTARDS were posting their Conspiracy Theories and the "TrumpEXPERTS" were
embellishing the ridiculous story with their lavish accounts of chip bug design, I was
enjoying a Bloomberg windfall.
Having confirmed early that the story was False since AMAZON and APPLE BOTH DENIED IT...
and their stock was not moving, I turned to Supermicro which was plunging and down over 50%.
I checked the options, and noted they were soft, so I put in bids for long shares and filled
blocks at 9 from two accounts.
The moronic TRUMPTARD Conspiracy posts continued, Supermicro is now up over 13.
That is the difference between having a brain in your head or having TRUMPTARD **** FOR
BRAINS...
Urban Roman , 5 hours ago
On second thought, this story is just ********. Note that the BBG story never mentions the
backdoors that were talked about for over a decade, nor did they mention Mr. Snowden's
revelation that those backdoors do exist, and are being used, by the surveillance state.
Since the Chinese factories are manufacturing these things, they'd have all the specs and
the blobs and whatever else they need, and would never require a super-secret hardware chip
like this. Maybe this MITM chip exists, and maybe it doesn't. But there's nothing to keep
China from using the ME on any recent Intel chip, or the equivalent on any recent AMD chip,
anywhere.
The purpose of this article is to scare you away from using Huawei or ZTE for anything,
and my guess is that it is because those companies did not include these now-standard
backdoors in their equipment. Maybe they included Chinese backdoors instead, but again, they
wouldn't need a tiny piece of hardware for this MITM attack, since modern processors are all
defective by design.
Chairman , 5 hours ago
I think I will start implementing this as an interview question. If a job candidate is
stupid enough to believe this **** then they will not work for me.
DisorderlyConduct , 4 hours ago
Well, hmmm, could be. To update a PCB is actually really poor work. I would freak my
biscuits if I received one of my PCBs with strange pads, traces or parts.
To substitute a part is craftier. To change the content of a part is harder, and nigh
impossible to detect without xray.
Even craftier is to change VHDL code in an OTP chip or an ASIC. The package and internal
structure is the same but the fuses would be burned different. No one would likely detect
this unless they were specifically looking for it.
Kendle C , 5 hours ago
Well written propaganda fails to prove claims. Everybody in networking and IT knows that
switches and routers have access to root, built in, often required by government, backdoors.
Scripts are no big thing often used to speed up updates, backups, and troubleshooting. So
when western manufacturers began shoveling their work to Taiwan and China, with them they
sent millions of text files, including instructions for backdoor access, the means and
technology (to do what this **** article is claiming) to modify the design, even classes with
default password and bypass operations for future techs. We were shoveling hand over foot
designs as fast as we could...all for the almighty dollar while stiffing American workers. So
you might say greed trumped security and that fault lies with us. So stuff this cobbled
together propaganda piece, warmongering ****.
AllBentOutOfShape , 5 hours ago
ZH has definitely been co-oped. This is just the latest propaganda ******** article of the
week they've come out with. I'm seeing more and more articles sourced from well known
propaganda outlets in recent months.
skunzie , 6 hours ago
Reminds me of how the US pulled off covert espionage of the Russians in the 70's using
Xerox copiers. The CIA inserted trained Xerox copy repairmen to handle repairs on balky
copiers in Russian embassies, etc. When a machine was down the technician inserted altered
motherboards which would transmit future copies directly to the CIA. This is a cautionary
tale for companies to cover their achilles heel (weakest point) as that is generally the
easiest way to infiltrate the unsuspecting company.
PrivetHedge , 6 hours ago
What another huge load of bollocks from our pharisee master morons.
I guess they think we're as stupid as they are.
CashMcCall , 6 hours ago
But but but the story came from one of the chosen money changers Bloomberg... everyone
knows a *** would never lie or print a false story at the market open
smacker , 7 hours ago
With all the existing ***** chips and backdoors on our computers and smartphones planted
by the CIA, NSA, M$, Goolag & friends, and now this chip supposedly from China, it won't
be long before there's no space left in RAM and on mobos for the chips that actually make the
device do what we bought it to do.
Stinkbug 1 , 7 hours ago
this was going on 20 years ago when it was discovered that digital picture frames from
china were collecting passwords and sending them back. it was just a test, so didn't get much
press.
now they have the kinks worked out, and are ready for the coup de grace.
This story seemed to die. Did anyone find anything indicating someone on our side has
actually got a look at the malicious chip, assuming it exists? Technical blogs have nothing,
only news rags like NewsMaxx. If 30 companies had these chips surely someone has one. This
might be one huge fake news story. Why Bloomberg would publish it is kind of odd.
FedPool , 7 hours ago
Probably a limited evaluation operation to gauge the population's appetite for war.
Pentagram market research. They're probably hitting all of the comment sections around the
web as we speak. Don't forget to wave 'hi'.
Heya warmongers. No, we don't want a war yet, k thanks.
underlying , 7 hours ago
Since were on the topic let's take a look at the scope hacking tools known to the general
public known prior to the Supermicro Server Motherboard Hardware Exploit; (P.S. What the ****
do you expect when you have Chinese state owned enterprises, at minimum quasi state owned
enterprises in special economic development zones controlled by the Chinese communist party,
building motherboards?)
Snowden NSA Leaks published in the gaurdian/intercept
This does not include the private/corporate sector hacking pen testing resources and
suites which are abundant and easily available to **** up the competition in their own
right.
Exactly. Why would they ever need a super-micro-man-in-the-middle-chip?
Maybe this 'chip' serves some niche in their spycraft, but the article in the keypost
ignores a herd of elephants swept under the carpet, and concentrates on a literal speck of
dust.
Moribundus , 8 hours ago
A US-funded biomedical laboratory in Georgia may have conducted bioweapons research under
the guise of a drug test, which claimed the lives of at least 73 subjects...new documents
"allow us to take a fresh look" at outbreaks of African swine fever in southern Russia in
2007-2018, which "spread from the territory of Georgia into the Russian Federation, European
nations and China. The infection strain in the samples collected from animals killed by the
disease in those nations was identical to the Georgia-2007 strain." https://www.rt.com/news/440309-us-georgia-toxic-bioweapon-test/
"... In the running are Amazon Web Services, IBM and Microsoft. Winning this contract gives the winner an advantage in winning future related contracts ..."
The Defense Department on Thursday officially began accepting proposals for its
highly-anticipated Joint Enterprise Defense Infrastructure cloud contract. The JEDI contract
will be awarded to a single cloud provider -- an issue many tech companies rallied against --
and will be valued at up to $10 billion over 10 years, according to the final request for
proposal. The contract itself will put a commercial company in charge of hosting and
distributing mission-critical workloads and classified military secrets to warfighters around
the globe in a single war cloud.
As some of the biggest U.S. technology companies have lined up to bid on the $10 billion
contract to create a massive Pentagon cloud computing network, the behind-the-scenes war to
win it has turned ugly.
In the running are Amazon Web Services, IBM and Microsoft. Winning this contract gives the winner an advantage in winning future related contracts.
"... There was a big row over Kaspersky's software actually doing its job and detecting malware on an NSA officer's personal workstation at home, where he was conducting development in an unauthorized manner. The software did as it is designed, which is upload the suspicious software to Kaspersky's servers for analysis. This was represented by the US government as some sort of "spying for the Russian intelligence community" by Kaspersky. The US government also made a big deal over the fact that Kaspersky does work with the Russian government on computer security issues, as one would expect of such a company. ..."
Yes, PostgreSQL is very good. It's open source, meaning the source code is available for inspection, so if there was anything
suspicious about it, it would likely have been caught before now. Of course, bugs and security issues might well remain, regardless.
Russians make a lot of good software. Their computer training in universities has always been first rate.
This is similar to the big issue over the Kaspersky company, a major manufacturer of a high-quality antimalware suite, being
Russian. The US has made it a big issue, passing regulations that prohibit US government offices from using it, forcing Kaspersky
to consider moving to Switzerland. I don't think many people in the infosec community have any concerns about Kaspersky being
Russian. They've been in the antimalware business for quite a while and always get top marks in the independent antimalware tests.
There was a big row over Kaspersky's software actually doing its job and detecting malware on an NSA officer's personal workstation
at home, where he was conducting development in an unauthorized manner. The software did as it is designed, which is upload the
suspicious software to Kaspersky's servers for analysis. This was represented by the US government as some sort of "spying for
the Russian intelligence community" by Kaspersky. The US government also made a big deal over the fact that Kaspersky does work
with the Russian government on computer security issues, as one would expect of such a company.
The whole thing is just another example of "Russian Derangement Syndrome."
Yes, PostgreSQL is very good. It's open source, meaning the source code is available for
inspection, so if there was anything suspicious about it, it would likely have been
caught before now. Of course, bugs and security issues might well remain, regardless.
Russians make a lot of good software. Their computer training in universities has
always been first rate.
This is similar to the big issue over the Kaspersky company, a major manufacturer of a
high-quality antimalware suite, being Russian. The US has made it a big issue, passing
regulations that prohibit US government offices from using it, forcing Kaspersky to
consider moving to Switzerland. I don't think many people in the infosec community have
any concerns about Kaspersky being Russian. They've been in the antimalware business for
quite a while and always get top marks in the independent antimalware tests.
There was a big row over Kaspersky's software actually doing its job and detecting
malware on an NSA officer's personal workstation at home, where he was conducting
development in an unauthorized manner. The software did as it is designed, which is
upload the suspicious software to Kaspersky's servers for analysis. This was represented
by the US government as some sort of "spying for the Russian intelligence community" by
Kaspersky. The US government also made a big deal over the fact that Kaspersky does work
with the Russian government on computer security issues, as one would expect of such a
company.
The whole thing is just another example of "Russian Derangement Syndrome."
...Stuxnet, which was thought to be a joint American-Israeli assault on Iran's nuclear program. And there are reports of U.S.
attempts to similarly hamper North Korean missile development. Some consider such direct attacks on other governments to be akin
to acts of war. Would Washington join Moscow in a pledge to become a good cyber citizen?
A 29-year-old former CIA computer engineer, Joshua Adam Schulte, was indicted Monday by the
Department of Justice on charges of masterminding the largest leak of classified information in the spy agency's history .
Schulte, who created malware for the U.S. Government to break into adversaries computers, has been sitting in jail since his August
24, 2017 arrest on unrelated charges of posessing and transporting child pornography - which was discovered in a search of his New
York apartment after Schulte was named as the prime suspect in the cyber-breach one week after WikiLeaks published the "Vault 7"
series of classified files. Schulte was arrested and jailed on the child porn charges while the DOJ ostensibly built their case leading
to Monday's additional charges.
[I]nstead of charging Mr. Schulte in the breach, referred to as the Vault 7 leak, prosecutors charged him last August with
possessing child pornography, saying agents had found 10,000 illicit images on a server he created as a business in 2009 while
studying at the University of Texas at Austin.
Court papers quote messages from Mr. Schulte that suggest he was aware of the encrypted images of children being molested by
adults on his computer, though he advised one user, "Just don't put anything too illegal on there." -
New York Times
Monday's DOJ announcement adds new charges related to stealing classified national defense information from the Central Intelligence
Agency in 2016 and transmitting it to WikiLeaks ("Organization-1").
The Vault 7 release - a series of 24 documents which began to publish on March 7, 2017 - reveal that the CIA had a wide variety
of tools to use against adversaries, including the
ability to "spoof" its malware to appear as though it was created by a foreign intelligence agency , as well as the ability to
take control of Samsung Smart TV's and surveil a target using a "Fake Off" mode in which they appear to be powered down while eavesdropping.
The CIA's hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a "fingerprint"
that can be used by forensic investigators to attribute multiple different attacks to the same entity .
...
The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen'
from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution
by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from .
Schulte previously worked for the NSA before joining the CIA, then "left the intelligence community in 2016 and took a job in
the private sector," according to a statement reviewed in May by
The Washington Post .
Schulte also claimed that he reported "incompetent management and bureaucracy" at the CIA to that agency's inspector general
as well as a congressional oversight committee. That painted him as a disgruntled employee, he said, and when he left the CIA
in 2016, suspicion fell upon him as "the only one to have recently departed [the CIA engineering group] on poor terms," Schulte
wrote. - WaPo
Part of that investigation, reported WaPo, has been analyzing whether the Tor network - which allows internet users to hide their
location (in theory) "was used in transmitting classified information."
In other hearings in Schulte's case, prosecutors have alleged that he used Tor at his New York apartment, but they have provided
no evidence that he did so to disclose classified information. Schulte's attorneys have said that Tor is used for all kinds of
communications and have maintained that he played no role in the Vault 7 leaks. - WaPo
Schulte says he's innocent: " Due to these unfortunate coincidences the FBI ultimately made the snap judgment that I was guilty
of the leaks and targeted me," Schulte said. He launched
Facebook and GoFundMe pages
to raise money for his defense, which despite a $50 million goal,
has yet to r eceive a single donation.
The Post noted in May, the Vault 7 release was one of the most significant leaks in the CIA's history , "exposing secret cyberweapons
and spying techniques that might be used against the United States, according to current and former intelligence officials."
The CIA's toy chest includes:
Tools code named " Marble " can misdirect forensic investigators from attributing viruses, trojans and hacking attacks to
their agency by inserted code fragments in foreign languages. The tool was in use as recently as 2016. Per the
WikiLeaks release:
"The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi.
This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator
was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators
even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages."
iPads / iPhones / Android devices and Smart TV's are all susceptible to hacks and malware. The agency's "Dark Matter" project
reveals that the CIA has been bugging "factory fresh" iPhones since at least 2008 through suppliers. Another, " Sonic Screwdriver
" allows the CIA to execute code on a Mac laptop or desktop while it's booting up.
The increasing sophistication of surveillance techniques has drawn comparisons with George Orwell's 1984, but "Weeping Angel",
developed by the CIA's Embedded Devices Branch (EDB)
, which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization.
The Obama administration promised to disclose all serious vulnerabilities they found to Apple, Google, Microsoft, and other
US-based manufacturers. The US Government broke that commitment.
"Year Zero" documents show that the CIA breached the Obama administration's commitments. Many of the vulnerabilities used in
the CIA's cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.
In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its
hackers covering Europe, the Middle East and Africa.
CIA hackers operating out of the Frankfurt consulate (
"Center for Cyber Intelligence Europe" or CCIE)
are given diplomatic ("black") passports and State Department cover.
Instant messaging encryption is a joke.
These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking
the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.
The CIA laughs at Anti-Virus / Anti-Malware programs.
"Joshua Schulte, a former employee of the CIA, allegedly used his access at the agency to transmit classified material to an outside
organization . During the course of this investigation, federal agents also discovered alleged child pornography in Schulte's New
York City residence ," said Manhattan U.S. Attorney Geoffrey S. Berman.
On March 7, 2017, Organization-1 released on the Internet classified national defense material belonging to the CIA (the "Classified
Information"). In 2016, SCHULTE, who was then employed by the CIA, stole the Classified Information from a computer network at
the CIA and later transmitted it to Organization-1. SCHULTE also intentionally caused damage without authorization to a CIA computer
system by granting himself unauthorized access to the system, deleting records of his activities, and denying others access to
the system . SCHULTE subsequently made material false statements to FBI agents concerning his conduct at the CIA.
Schulte faces 135 years in prison if convicted on all 13 charges:
Illegal Gathering of National Defense Information, 18 U.S.C. §§ 793(b) and 2
Illegal Transmission of Lawfully Possessed National Defense Information, 18 U.S.C. §§ 793(d) and 2
Illegal Transmission of Unlawfully Possessed National Defense Information, 18 U.S.C. §§ 793(e) and 2
Unauthorized Access to a Computer To Obtain Classified Information, 18 U.S.C. §§ 1030(a)(1) and 2
Theft of Government Property, 18 U.S.C. §§ 641 and 2
Unauthorized Access of a Computer to Obtain Information from a Department or Agency of the United States, 18 U.S.C. §§ 1030(a)(2)
and 2
Causing Transmission of a Harmful Computer Program, Information, Code, or Command, 18 U.S.C. §§ 1030(a)(5) and 2
Making False Statements, 18 U.S.C. §§ 1001 and 2
Obstruction of Justice, 18 U.S.C. §§ 1503 and 2
Receipt of Child Pornography, 18 U.S.C. §§ 2252A(a)(2)(B), (b)(1), and 2
Possession of Child Pornography, 18 U.S.C. §§ 2252A(a)(5)(B), (b)(2), and 2
Transportation of Child Pornography, 18 U.S.C. § 2252A(a)(1)
Seems like everyone has kiddy porn magically appear and get discovered after they piss off the deep state bastards.
And the best part is that it's probably just the deep state operatives' own private pedo collections that they use to frame
anyone who they don't like.
I was thinking about the advancement of the technology necessary for that. They can do perfect fake stills already.
My thought is that you will soon need to film yourself 24/7 (with timestamps, shared with a blockchain-like verifiably) so
that you can disprove fake video evidence by having a filmed alibi.
Ironically, every single ex gov whistle blower (/pedophile) has the exact same kiddie porn data on their secret server (hidden
in plane view at the apartment). Joe CIA probably has a zip drive preloaded with titled data sets like "Podesta's Greatest Hits",
"Hillary's Honey bunnies" or "Willy go to the zoo". Like the mix tapes you used to make for a new gal you were trying to date.
Depending upon the mood of the agent in charge, 10,000 images of Weiner's "Warm Pizza" playlist magically appear on the server
in 3-2-1... Gotcha!
These false fingerprint tactics were all over the trump accusations which started the whole Russia Russia Russia ordeal. And
the Russia ordeal was conceptualized in a paid report to Podesta by the Bensenson Group called the Salvage Program when it was
appearant that Trump could possible win and the DNC needed ideas on how to throw the voters off at the polls. Russia is coming
/Red dawn was #1 or #2 on the list of 7 recommended ploys. The final one was crazy.. If Trump appeared to win the election, imagery
of Jesus and an Alien Invasion was to be projected into the skies to cause mass panic and create a demand for free zanex to be
handed out to the panic stricken.
Don't forget Black Lives Matters. That was idea #4 of this Bensenson report, to create civil unrest and a race war. Notice
how BLM and Antifa manically disappeared after Nov 4. All a ploy by the Dems & the deep state to remain in control of the countrys
power.
Back to the topic at hand. Its a wonder he didn't get Seth Riched. Too many porn servers and we will begin to question the
legitimacy. Oh wait...
You won't find any kiddie porn on Hillary's or DeNiros laptop. Oh its there. You just will never ever hear about it.
The Vault 7 release - a series of 24 documents which began to publish on March 7, 2017 - reveal that the CIA had a wide
variety of tools to use against adversaries, including
the ability to "spoof" its malware to appear
as though it was created by a foreign intelligence agency ....
It probably can spoof child porn as well.
Is he charged with copyright infringement for pirating child porn?
The intel community sure has a knack for sussing out purveyors of child pornography. It's probably just a coincidence govt
agencies and child pornography are inextricably linked.
It's very easy for a criminal spook to plant child porn on some poor slob's machine - especially when they want to keep him
on the hook to sink his ass for something bigger in the future. Who knows... this guy may have done some shit but I'm willing
to bet he was entirely targeted by these IC assholes. Facing 135 years in prison... yet that baggy ass cunt Hillary walks free...
Funny how they always seem to have a "sting" operation in progress when there's anyone the DC rats want to destroy but strangely,
or not, silent as the grave when one of the special people are fingered.
Of all these things the C_A can do, it doesn't take a brain surgeon to realize that planting CP on a computer of someone you
don't like would be a piece of cake, comparatively speaking.
Of all these things the C_A can do, it doesn't take a brain surgeon to realize that planting CP on a computer of someone you
don't like would be a piece of cake, comparatively speaking.
The "Spoofing" or Digital Finger Print & Parallel Construction tools that can be used against Governments, Individuals, enemies
& adversaries are Chilling.
The CIA can not only hack into anything -- they can download any "evidence" they want onto your phone or computer. Child pornography,
national secrets, you name it. Then they can blackmail you, threatening prosecution for whatever crap they have planted, then
"found" on your computer. They can also "spoof" the source of such downloads -- for instance, if they want to "prove" that something
on your computer (or Donald Trump's computer) came from a "Russian source" -- they can spoof the IP address of a Russian source.
The take-away: no digital evidence the CIA or NSA produces on any subject whatsoever can be trusted. No digital evidence should
be acceptable in any case where the government has an interest, because they have the complete ability to fabricate and implant
any evidence on any iphone or computer. And worse: they have intentionally created these digital vulnerabilities and pushed them
onto the whole world via Microsoft and Google. Government has long been at war with liberty, claiming that we need to give up
liberty to be secure. Now we learn that they have been deliberately sabotaging our security, in order to augment their own power.
Time to shut down the CIA and all the other spy agencies. They're not keeping us free OR secure, and they're doing it deliberately.
Their main function nowadays seems to be lying us into wars against countries that never attacked us, and had no plans to do so.
The Echelon Computer System Catch Everything
The Flagging goes to Notify the Appropriate Alphabet,,,...Key Words Phrases...Algorithms,...It all gets sucked up and chewed
on and spat out to the surmised computed correct departments...That simple.
Effective immediately defund, Eliminate & Supeona it's Agents, Officials & Dept. Heads in regard to the Mass Surveillance,
Global Espionage Spying network & monitoring of a President Elect by aforementioned Agencies & former President Obama, AG Lynch
& DIA James Clapper, CIA John Breanan.
Since 911, they've been "protecting" the shit out of us. "protecting" away every last fiber of liberty. Was watching some fact-based
media about the CIA's failed plan to install Yeltsin's successor via a Wallstreet banking cartel bet (see, LTCM implosion). The
ultimate objectives were to rape and loot post-Soviet Russian resources and enforce regime change. It's such a tired playbook
at this point. Who DOESNT know about this sort of affront? Apparently even nobel prize economists cant prevent a nation from failing
lol. The ultimate in vanity; our gubmint and its' shadow controllers.
This is because people who are smart enough to write walware for the CIA send messages in the clear about child porn and are
too dumb to encrypt images with a key that would take the lifetime of the universe to break.
Next his mother will be found to have a tax problem and his brother's credit rating zeroed out.
Meanwhile Comey will be found to have been "careless".
Yeah I don't believe for a second that this guy had anything to do with child porn. Not like Obama and his hotdogs or Clintons
at pedo island, or how bout uncle pervie podesta? go after them, goons and spooks. They (intelligence agencies) falsely accuse
people of exactly what they are ass-deep in. loses credibility with me when the CIA clowns or NSA fuck ups accuse anyone of child
porn; especially one of their former employees who is 'disgruntled'. LOL. another spook railroad job done on a whistleblower.
fuck the CIA and all 17 alphabet agencies who spy on us 24/7. Just ask, if you want to snoop on me. I may even tell you what I'm
up to because I have nothing that I would hide since, I don't give a shit about you or whether you approve of what I am doing.
"Yeah I don't believe for a second that this guy had anything to do with child porn."
Speculation by my part: He was running a Tor server, and the porn originated from other Tor users. If that is the case ( it
would be easy for law enforcement to just assume it was his) law enforcement enjoys a quick and easy case.
It really doesn't matter if someone wants to hide. That is their right. Only Nazi's like our spy agencies would use the old
Gestapo line, "If you have nothing to hide then you have nothing to worry about. Or better yet, you should let me turn your life
upside down if you have nothing to hide. " Bullshit! It's none of their fucking business. How bout that? Spooks and secret clowns
CAN and DO frame anybody for whatever or murder whomever they wish. So why WOULDNT people be afraid when government goons start
sticking their big snouts into their lives??? They can ruin your life for the sake of convenience. Zee Furor is not pleased with
your attitude, comrade.
Looks like US and British government does not like competition ;-)
"These network devices make "ideal targets," said Manfra, Homeland Security's assistant secretary for cybersecurity and
communications." -- he knows what he is talking about...
The problem here are "very cheap" and "very old" routers and weak firewalls.
Your Router's Security Stinks Here's How to Fix It
For those who are into this business it might benefical to use a separate firewall unit and a "honeypot" before the
router those days. You may wish to buy a low-end commercial-grade Wi-Fi/Ethernet router, which retails for about $200, rather than a
consumer-friendly router that can cost as little as $20.
The unusual
public warning
from
the White House, U.S. agencies and Britain's National Cyber Security Center follows a years-long effort to monitor
the threat. The targets number in the millions, officials say, and include "primarily government and private-sector
organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these
sectors."
... ... ...
These network devices make "ideal targets," said Manfra, Homeland Security's assistant secretary for cybersecurity
and communications. Most traffic within a company or between organizations traverses them. So a hacker can monitor,
modify or disrupt it, she said. And they're usually not secured at the same level as a network server.
"Once you own the router, you own the traffic that's traversing the router," she said.
... ... ...
Ellen Nakashima is a national security reporter for The Washington Post. She covers cybersecurity, surveillance,
counterterrorism and intelligence issues. She has also served as a Southeast Asia correspondent and covered the White House and
Virginia state politics. She joined The Post in 1995. Follow @nakashimae
jedediah smytheson, 3 hours ago
It is appropriate to reveal and decry misbehavior in cyberspace. What is not appropriate is our leaders ignoring their own
responsibility to secure government networks. The sad fact is that senior leaders in government do not understand the issue and
are unwilling to accept any inconvenience. The Federal government has lost huge amounts of very sensitive data of AT LEAST 100
million citizens. If I remember correctly, OPM lost 23 million electronic security clearance forms (SF 86s) with personal
information not only of the person being processed for a clearance, but also of the members of that person's family. That's how I
came up with over 100 million. And what was the result? Well, no one was held accountable or responsible for this incredible
breach of security. More importantly, the networks are still not well secured. In summary, we will be hacked continuously until
someone in Government takes this seriously and puts more resources into securing the networks rather than turning the
public's attention away from their own incompetence and focusing on our adversaries.
bluefrog, 4 hours ago
Haha ... the U.K. who secretly tapped the fiber optic cables running under the Atlantic Ocean to record EVERYONE's private
data is now advising against hackers! A degenerate country operating on the basis of lies and deceit, I don't trust them as far
as I can throw them.
The only part that might be news is if there's evidence of a concerted, targeted campaign from one very organized actor.
Haven't seen the evidence presented, though, and my scans are basically what they've always been: hundreds and hundreds from
residential CPE and other compromised machines from all over the world.
Update your firmware - even old devices can be updated, for the most part; turn off remote mgt (!), change the password to
something that YOU set.
Make it challenging, at least.
4 hours ago
Really no different from the NSA and GCHQ..........
(vice.com)The story of Azimuth Security, a tiny startup in Australia, provides a rare peek inside the
secretive
industry that helps government hackers get around encryption . Azimuth is part of an
opaque, little known corner of the intelligence world made of hackers who develop and sell
expensive exploits to break into popular technologies like iOS, Chrome, Android and
Tor.
(theguardian.com)
an anonymised, aggregate dataset of 57bn Facebook friendships . From a report:
Facebook provided the
dataset of "every friendship formed in 2011 in every country in the world at the national
aggregate level" to Kogan's University of Cambridge laboratory for a study on international
friendships published in Personality and Individual Differences in 2015. Two Facebook employees
were named as co-authors of the study, alongside researchers from Cambridge, Harvard and the
University of California, Berkeley. Kogan was publishing under the name Aleksandr Spectre at
the time. A University of Cambridge press release on the study's publication noted that the
paper was "the first output of ongoing research collaborations between Spectre's lab in
Cambridge and Facebook." Facebook did not respond to queries about whether any other
collaborations occurred. "The sheer volume of the 57bn friend pairs implies a pre-existing
relationship," said Jonathan Albright, research director at the Tow Center for Digital
Journalism at Columbia University. "It's not common for Facebook to share that kind of data. It
suggests a trusted partnership between Aleksandr Kogan/Spectre and Facebook."
(vice.com)spyware to everyday consumers
and wiped their servers, deleting photos captured from monitored devices. A year later,
the
hacker has done it again . Motherboard: Thursday, the hacker said he started wiping some
cloud servers that belong to Retina-X Studios, a Florida-based company that sells spyware
products targeted at parents and employers, but that are also used by people to spy on their
partners without their consent. Retina-X was one of two companies that were breached last year
in a series of hacks that exposed the fact that many otherwise ordinary people surreptitiously
install spyware on their partners' and children's phones in order to spy on them. This software
has been called "stalkerware" by some.
(bbc.com)BeauHD on Monday February 19, 2018
@06:00AM from the crypto-cash dept. dryriver shares a report from BBC: News organizations
have tried many novel ways to make readers pay -- but this idea is possibly the most audacious
yet. If a reader chooses to block its advertising, U.S. publication Salon will use that person's computer to mine for
Monero , a cryptocurrency similar to Bitcoin. Creating new tokens of a cryptocurrency
typically requires complex calculations that use up a lot of computing power. Salon told
readers: "We intend to use a small percentage of your spare processing power to contribute to
the advancement of technological discovery, evolution and innovation." The site is making use
of CoinHive, a controversial mining tool that was
recently used in an attack involving government websites in the UK, U.S. and elsewhere.
However, unlike that incident, where hackers took control of visitors' computers to mine
cryptocurrency, Salon notifies users and requires them to agree before the tool begins
mining.
(torrentfreak.com)Flight sim company FlightSimLabs has found itself in trouble after
installing malware onto users' machines as an anti-piracy measure . Code embedded in its
A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The
Pirate Bay, which then triggered a process through which the company stole usernames and
passwords from users' web browsers.
(techcrunch.com)BeauHD on Tuesday
March 06, 2018 @03:00AM from the head-held-high dept. MoviePass CEO Mitch Lowe told an audience
at a Hollywood event last Friday that the app
tracks moviegoers' locations before and after each show they watch . "We get an enormous
amount of information," Lowe said. "We watch how you drive from home to the movies. We watch
where you go afterwards."
His talk at the Entertainment Finance Forum was entitled "Data is the New Oil: How will
MoviePass Monetize It?" TechCrunch reports: It's no secret that MoviePass is planning on
making hay out of the data collected through its service. But what I imagined, and what I think
most people imagined, was that it would be interesting next-generation data about ticket sales,
movie browsing, A/B testing on promotions in the app and so on. I didn't imagine that the app
would be tracking your location before you even left your home, and then follow you while you
drive back or head out for a drink afterwards. Did you? It sure isn't in the company's
privacy policy , which in
relation to location tracking discloses only a "single request" when selecting a theater, which
will "only be used as a means to develop, improve, and personalize the service." Which part of
development requires them to track you before and after you see the movie? A MoviePass
representative said in a statement to TechCrunch: "We are exploring utilizing location-based
marketing as a way to help enhance the overall experience by creating more opportunities for
our subscribers to enjoy all the various elements of a good movie night. We will not be selling
the data that we gather. Rather, we will use it to better inform how to market potential
customer benefits including discounts on transportation, coupons for nearby restaurants, and
other similar opportunities."
(bleepingcomputer.com)A massive survey of nearly 1,200 IT security practitioners and
decision makers across 17 countries reveals that half the people who fell victim to ransomware
infections last year were able to recover their files after paying the ransom demand. The
survey, carried out by research and marketing firm CyberEdge Group, reveals that paying the
ransom demand, even if for desperate reasons,
does not guarantee that victims will regain access to their files . Timely backups are
still the most efficient defense against possible ransomware infections, as it allows easy
recovery. The survey reveals that 55% of all responders suffered a ransomware infection in
2017, compared to the previous year's study, when 61% experienced similar incidents. Of all the
victims who suffered ransomware infections, CyberEdge discovered that 61.3% opted not to pay
the ransom at all. Some lost files for good (8%), while the rest (53.3%) managed to recover
files, either from backups or by using ransomware decrypter applications. Of the 38.7% who
opted to pay the ransom, a little less than half (19.1%) recovered their files using the tools
provided by the ransomware authors.
(theatlantic.com)Already in 2010, it felt like a malicious attention market where
people treated friends as latent resources to be optimized. Compulsion rather than choice
devoured people's time. Apps like FarmVille sold relief for the artificial inconveniences they
themselves had imposed. In response, I made a satirical social game called Cow Clicker. Players
clicked a cute cow, which mooed and scored a "click." Six hours later, they could do so again.
They could also invite friends' cows to their pasture, buy virtual cows with real money,
compete for status, click to send a real cow to the developing world from Oxfam, outsource
clicks to their toddlers with a mobile app, and much more. It became strangely popular, until
eventually, I shut the whole thing down in a bovine rapture -- the "cowpocalypse."
It's kind of a complicated story .
But one worth revisiting today, in the context of the scandal over Facebook's sanctioning
of user-data exfiltration via its application platform. It's not just that abusing the Facebook
platform for deliberately nefarious ends was easy to do (it was). But worse, in those days, it
was hard to avoid extracting private data, for years even, without even trying. I did it with a
silly cow game. Cow Clicker is not an impressive work of software. After all, it was a game
whose sole activity was clicking on cows. I wrote the principal code in three days, much of it
hunched on a friend's couch in Greenpoint, Brooklyn. I had no idea anyone would play it,
although over 180,000 people did, eventually. And yet, if you played Cow Clicker, even just
once, I got enough of your personal data that, for years, I could have assembled a reasonably
sophisticated profile of your interests and behavior. I might still be able to; all the data is
still there, stored on my private server, where Cow Clicker is still running, allowing players
to keep clicking where a cow once stood, before my caprice raptured them into the digital
void.
BeauHD on Monday March 12, 2018
@08:10PM from the under-the-radar dept. An anonymous reader quotes a report from Engadget:
Security researchers at Kaspersky Lab have discovered what's
likely to be another state-sponsored malware strain, and this one is more advanced than most.
Nicknamed Slingshot, the code spies on
PCs through a multi-layer attack that targets MikroTik routers . It first replaces a
library file with a malicious version that downloads other malicious components, and then
launches a clever two-pronged attack on the computers themselves. One, Canhadr, runs low-level
kernel code that effectively gives the intruder free rein, including deep access to storage and
memory; the other, GollumApp, focuses on the user level and includes code to coordinate
efforts, manage the file system and keep the malware alive. Kaspersky describes these two
elements as "masterpieces," and for good reason. For one, it's no mean feat to run hostile
kernel code without crashes. Slingshot also stores its malware files in an encrypted virtual
file system, encrypts every text string in its modules, calls services directly (to avoid
tripping security software checks) and even shuts components down when forensic tools are
active. If there's a common method of detecting malware or identifying its behavior, Slingshot
likely has a defense against it. It's no wonder that the code has been active since at least
2012 -- no one knew it was there. Recent MikroTik router firmware updates should fix the
issue. However, there's concern that other router makers might be affected.
Creating a malware application which masks itself as some kind of pseudo scientific test and
serves as the backdoor to your personal data is a very dirty trick...
Especially dirty it it used by academic researchers, who in reality are academic scum... An
additional type of academic gangsters, in addition to Harvard Mafia
Notable quotes:
"... By Ivan Manokha, a departmental lecturer in the Oxford Department of International Development. He is currently working on power and obedience in the late-modern political economy, particularly in the context of the development of new technologies of surveillance. Originally published at openDemocracy ..."
"... The current social mobilization against Facebook resembles the actions of activists who, in opposition to neoliberal globalization, smash a McDonald's window during a demonstration. ..."
"... But as Christopher Wylie, a twenty-eight-year-old Canadian coder and data scientist and a former employee of Cambridge Analytica, stated in a video interview , the app could also collect all kinds of personal data from users, such as the content that they consulted, the information that they liked, and even the messages that they posted. ..."
"... All this is done in order to use data to create value in some way another (to monetize it by selling to advertisers or other firms, to increase sales, or to increase productivity). Data has become 'the new oil' of global economy, a new commodity to be bought and sold at a massive scale, and with this development, as a former Harvard Business School professor Shoshana Zuboff has argued , global capitalism has become 'surveillance capitalism'. ..."
"... What this means is that platform economy is a model of value creation which is completely dependant on continuous privacy invasions and, what is alarming is that we are gradually becoming used to this. ..."
"... In other instances, as in the case of Kogan's app, the extent of the data collected exceeds what was stated in the agreement. ..."
"... What we need is a total redefinition of the right to privacy (which was codified as a universal human right in 1948, long before the Internet), to guarantee its respect, both offline and online. ..."
"... I saw this video back in 2007. It was originally put together by a Sarah Lawrence student who was working on her paper on social media. The ties of all the original investors to IN-Q-Tel scared me off and I decided to stay away from Facebook. ..."
"... But it isn't just FB. Amazon, Twitter, Google, LinkedIn, Apple, Microsoft and many others do the same, and we are all caught up in it whether we agree to participate or not. ..."
"... Platform Capitalism is a mild description, it is manipulation based on Surveillance Capitalism, pure and simple. The Macro pattern of Corporate Power subsuming the State across every area is fascinating to watch, but a little scary. ..."
"... For his part, Aleksandr Kogan established a company, Global Science Research, that contracted with SCL, using Facebook data to map personality traits for its work in elections (Kosinski claims that Kogan essentially reverse-engineered the app that he and Stillwell had developed). Kogan's app harvested data on Facebook users who agreed to take a personality test for the purposes of academic research (though it was, in fact, to be used by SCL for non-academic ends). But according to Wylie, the app also collected data on their entire -- and nonconsenting -- network of friends. Once Cambridge Analytica and SCL had won contracts with the State Department and were pitching to the Pentagon, Wylie became alarmed that this illegally-obtained data had ended up at the heart of government, along with the contractors who might abuse it. ..."
"... This apparently bizarre intersection of research on topics like love and kindness with defense and intelligence interests is not, in fact, particularly unusual. It is typical of the kind of dual-use research that has shaped the field of social psychology in the US since World War II. ..."
"... Much of the classic, foundational research on personality, conformity, obedience, group polarization, and other such determinants of social dynamics -- while ostensibly civilian -- was funded during the cold war by the military and the CIA. ..."
"... The pioneering figures from this era -- for example, Gordon Allport on personality and Solomon Asch on belief conformity -- are still cited in NATO psy-ops literature to this day ..."
"... This is an issue which has frustrated me greatly. In spite of the fact that the country's leading psychologist (at the very least one of them -- ex-APA president Seligman) has been documented taking consulting fees from Guantanamo and Black Sites goon squads, my social science pals refuse to recognize any corruption at the core of their so-called replicated quantitative research. ..."
Yves
here. Not new to anyone who has been paying attention, but a useful recap with some good
observations at the end, despite deploying the cringe-making trope of businesses having DNA.
That legitimates the notion that corporations are people.
By Ivan Manokha, a departmental lecturer in the Oxford Department of International
Development. He is currently working on power and obedience in the late-modern political
economy, particularly in the context of the development of new technologies of surveillance.
Originally published at
openDemocracy
The current social mobilization against Facebook resembles the actions of activists who,
in opposition to neoliberal globalization, smash a McDonald's window during a
demonstration.
On March 17,
The Observer of London and The
New York Times announced that Cambridge Analytica, the London-based political and corporate
consulting group, had harvested private data from the Facebook profiles of more than 50 million
users without their consent. The data was collected through a Facebook-based quiz app called
thisisyourdigitallife, created by Aleksandr Kogan, a University of Cambridge psychologist who
had requested and gained access to information from 270,000 Facebook members after they had
agreed to use the app to undergo a personality test, for which they were paid through Kogan's
company, Global Science Research.
But as Christopher Wylie, a twenty-eight-year-old Canadian coder and data scientist and
a former employee of Cambridge Analytica, stated in a video interview , the
app could also collect all kinds of personal data from users, such as the content that they
consulted, the information that they liked, and even the messages that they posted.
In addition, the app provided access to information on the profiles of the friends of each
of those users who agreed to take the test, which enabled the collection of data from more than
50 million.
All this data was then shared by Kogan with Cambridge Analytica, which was working with
Donald Trump's election team and which allegedly used this data to target US voters with
personalised political messages during the presidential campaign. As Wylie, told The Observer,
"we built models to exploit what we knew about them and target their inner demons."
'Unacceptable Violation'
Following these revelations the Internet has been engulfed in outrage and government
officials have been quick to react. On March 19, Antonio Tajani President of the European
Parliament Antonio Tajani, stated in a twitter message that misuse of
Facebook user data "is an unacceptable violation of our citizens' privacy rights" and promised
an EU investigation. On March 22, Wylie communicated in a tweet that he accepted
an invitation to testify before the US House Intelligence Committee, the US House Judiciary
Committee and UK Parliament Digital Committee. On the same day Israel's Justice Ministry
informed
Facebook that it was opening an investigation into possible violations of Israelis'
personal information by Facebook.
While such widespread condemnation of Facebook and Cambridge Analytica is totally justified,
what remains largely absent from the discussion are broader questions about the role of data
collection, processing and monetization that have become central in the current phase of
capitalism, which may be described as 'platform capitalism', as suggested by the Canadian
writer and academic Nick Srnicek in his recent book
.
Over the last decade the growth of platforms has been spectacular: today, the top 4
enterprises in Forbes's
list of most valuable brands are platforms, as are eleven of the top twenty. Most recent
IPOs and acquisitions have involved platforms, as have most of the major successful startups.
The list includes Apple, Google, Microsoft, Facebook, Twitter, Amazon, eBay, Instagram,
YouTube, Twitch, Snapchat, WhatsApp, Waze, Uber, Lyft, Handy, Airbnb, Pinterest, Square, Social
Finance, Kickstarter, etc. Although most platforms are US-based, they are a really global
phenomenon and in fact are now playing an even more important role in developing countries
which did not have developed commercial infrastructures at the time of the rise of the Internet
and seized the opportunity that it presented to structure their industries around it. Thus, in
China, for example, many of the most valuable enterprises are platforms such as Tencent (owner
of the WeChat and QQ messaging platforms) and Baidu (China's search engine); Alibaba controls
80 percent of China's e-commerce market through its Taobao and Tmall platforms, with its Alipay
platform being the largest payments platform in China.
The importance of platforms is also attested by the range of sectors in which they are now
dominant and the number of users (often numbered in millions and, in some cases, even billions)
regularly connecting to their various cloud-based services. Thus, to name the key industries,
platforms are now central in Internet search (Google, Yahoo, Bing); social networking
(Facebook, LinkedIn, Instagram, Snapchat); Internet auctions and retail (eBay, Taobao, Amazon,
Alibaba); on-line financial and human resource functions (Workday, Upwork, Elance, TaskRabbit),
urban transportation (Uber, Lyft, Zipcar, BlaBlaCar), tourism (Kayak, Trivago, Airbnb), mobile
payment (Square Order, PayPal, Apple Pay, Google Wallet); and software development (Apple's App
Store, Google Play Store, Windows App store). Platform-based solutions are also currently being
adopted in more traditional sectors, such as industrial production (GE, Siemens), agriculture
(John Deere, Monsanto) and even clean energy (Sungevity, SolarCity, EnerNOC).
User Profiling -- Good-Bye to Privacy
These platforms differ significantly in terms of the services that they offer: some, like
eBay or Taobao simply allow exchange of products between buyers and sellers; others, like Uber
or TaskRabbit, allow independent service providers to find customers; yet others, like Apple or
Google allow developers to create and market apps.
However, what is common to all these platforms is the central role played by data, and not
just continuous data collection, but its ever more refined analysis in order to create detailed
user profiles and rankings in order to better match customers and suppliers or increase
efficiency.
All this is done in order to use data to create value in some way another (to monetize
it by selling to advertisers or other firms, to increase sales, or to increase productivity).
Data has become 'the new oil' of global economy, a new commodity to be bought and sold at a
massive scale, and with this development, as a former Harvard Business School professor
Shoshana Zuboff
has argued , global capitalism has become 'surveillance capitalism'.
What this means is that platform economy is a model of value creation which is
completely dependant on continuous privacy invasions and, what is alarming is that we are
gradually becoming used to this.
Most of the time platform providers keep track of our purchases, travels, interest, likes,
etc. and use this data for targeted advertising to which we have become accustomed. We are
equally not that surprised when we find out that, for example,
robotic vacuum cleaners collect data about types of furniture that we have and share it
with the likes of Amazon so that they can send us advertisements for pieces of furniture that
we do not yet possess.
There is little public outcry when we discover that Google's ads are racially biased as, for
instance, a Harvard professor Latanya Sweeney
found by accident performing a search. We are equally hardly astonished that companies such
as Lenddo buy access to
people's social media and browsing history in exchange for a credit score. And, at least in
the US, people are becoming accustomed to the use of algorithms, developed by private
contractors, by the justice system to take decisions on sentencing, which often result in
equally unfair and racially
biased decisions .
The outrage provoked by the Cambridge Analytica is targeting only the tip of the iceberg.
The problem is infinitely larger as there are countless equally significant instances of
privacy invasions and data collection performed by corporations, but they have become
normalized and do not lead to much public outcry.
DNA
Today surveillance is the DNA of the platform economy; its model is simply based on the
possibility of continuous privacy invasions using whatever means possible. In most cases users
agree, by signing the terms and conditions of service providers, so that their data may be
collected, analyzed and even shared with third parties (although it is hardly possible to see
this as express consent given the size and complexity of these agreements -- for instance, it
took 8 hours and 59 minutes for an actor hired by the consumer group Choice to read Amazon Kindle's terms and
conditions). In other instances, as in the case of Kogan's app, the extent of the data
collected exceeds what was stated in the agreement.
But what is important is to understand that to prevent such scandals in the future it is not
enough to force Facebook to better monitor the use of users' data in order to prevent such
leaks as in the case of Cambridge Analytica. The current social mobilization against Facebook
resembles the actions of activists who, in opposition to neoliberal globalization, smash a
McDonald's window during a demonstration.
What we need is a total redefinition of the right to privacy (which was codified as a
universal human right in 1948, long before the Internet), to guarantee its respect, both
offline and online.
What we need is a body of international law that will provide regulations and oversight for
the collection and use of data.
What is required is an explicit and concise formulation of terms and conditions which, in a
few sentences, will specify how users' data will be used.
It is important to seize the opportunity presented by the Cambridge Analytica scandal to
push for these more fundamental changes.
I am grateful for my spidey sense. Thanks, spidey sense, for ringing the alarm bells
whenever I saw one of those personality tests on Facebook. I never took one.
The most efficient strategy is to be
non-viable . They may come for you eventually, but someone else gets to be the canary,
and you haven't wasted energy in the meantime. TOR users didn't get that figured out.
Never took the personality test either, but now I now that all of my friends who did
unknowingly gave up my personal information too. I read an article somewhere about this over
a year ago so it's really old news. Sent the link to a few people who didn't care. But now
that they all know that Cambridge Analytical used FB data in support of the Trump campaign
it's all over the mainstream and people are upset.
You can disable that (i.e., prevent friends from sharing your info with third parties) in
the privacy options. But the controls are not easy to find and everything is enabled by
default.
I haven't FB'd in years and certainly never took any such test, but if any of my friends,
real or FB, did, and my info was shared, can I sue? If not, why not?
Everyone thought I was paranoid as I discouraged them from moving backups to the cloud,
using trackers, signing up for grocery store clubs, using real names and addresses for online
anything, etc. They thought I was overreacting when I said we need European-style privacy
laws in this country. People at work thought my questions about privacy for our new
location-based IoT plans were not team-based thinking.
And it turns out after all this that they still think I'm extreme. I guess it will have to
get worse.
In a first for me, there are surface-mount resistors in the advert at the top of today's
NC links page. That is way out of the ordinary; what I usually see are books or bicycle
parts; things I have recently purchased or searched.
But a couple of days ago I had a SKYPE conversation with a sibling about a PC I was
scavenging for parts, and surface mount resistors (unscavengable) came up. I suspect I have
been observed without my consent and am not too happy about it. As marketing, it's a bust; in
the conversation I explicitly expressed no interest in such components as I can't install
them. I suppose I should be glad for this indication of something I wasn't aware was
happening.
No keyboard search. I never so much as think about surface mount components; the inquiry
was raised by my sibling and I responded. Maybe its coincidental, but it seems quite odd.
I decided to click through to the site to generate a few pennies for NC and at least feel
like I was punishing someone for snooping on me.
Its been happening to me a lot recently on my Instagram, I don't like pictures or
anything, but whenever I have a conversation with someone on my phone, I start seeing ads of
what I spoke about
What we need is a total redefinition of the right to privacy (which was codified as a
universal human right in 1948, long before the Internet), to guarantee its respect, both
offline and online.
Are we, readers of this post, or citizens of the USA supposed to think there is anything
binding in declarations? Or anything from the UN if at all inconvenient for that matter?
No one shall be subjected to arbitrary interference with his privacy, family, home or
correspondence, nor to attacks upon his honour and reputation. Everyone has the right to
the protection of the law against such interference or attacks.
Platforms like facebook allow individuals to 'spy' on each other and people love it. When
I was a kid i always marveled at how some households would leave a police scanner on 24/7.
With the net we have this writ large with baby, puppy and tv dinner photos. Not to forget
it's a narcissist paradise. I have friends who I've tried to gently over time inject tidbits
of info like this article provides for many years and they still just refuse to try and get
it. If they looked over their shoulder and saw how many people/entities are literally
following them everywhere they go, they would become rabid gun owners (don't tread on me!)
overnight, but the invisible hand/eye registers not at all.
A side note: If Facebook and other social media were to assume ANY degree of
responsibility for content appearing on their platforms, they would be acknowledging their
legal liability for ALL content.
Hence they would be legally responsible just as newspapers are. And major newspapers have
on-staff lawyers and editors exquisitely attuned to the possibility of libelous content so
they can avoid ruinous lawsuits.
If the law were applied as it should be, Facebook and its brethren wouldn't last five
minutes before being sued into oblivion.
Non-liability is a product of the computer age. I remember having to agree with Microsofts
policy to absolve them of -any- liability when using their software. If they had their
druthers, -no- company would be liable for -anything-. It's called a 'perfect world'.
Companies that host 'social media' should not have to bear any responsibility for their
users content. Newspapers employ writers and fact checkers. They are set up to monitor their
staff for accuracy (Okay, in theory). So you can sue them and even their journalist
employees. Being liable (and not sued) allows them to brag about how truthful they are.
Reputations are a valuable commodity these days.
In the case of 'social media' providers, liability falls on the authors of their own
comments, which is only fair, in my view. However, I would argue that those 'providers'
should -not- be considered 'media' like newspapers, and their members should not be
considered 'journalists'.
Also, those providers are private companies, and are free to edit, censor, or delete
anything on their site. And of course it's automated. Some conservative Facebook members were
complaining about being banned. Apparently, there a certain things you can't say on
Facebook.
AFAIC, the bottom line is this: Many folks tend to believe everything they read online.
They need to learn the skill of critical thinking. And realize that the Internet can be a
vast wasteland; a digital garbage dump.
Why are our leaders so concerned with election meddling? Isn't our propaganda better than
the Russians? We certainly pay a lot for it.
. .. . .. -- .
Today, Musk also made fun of Sonos for not being as committed as he was to the
anti-Facebook cause after the connected-speaker maker said it would pull ads from the
platform -- but only for a week.
Musk, like Trump, knows he does not need to advertise because a fawning press will
dutifully report on everything he does and says, no matter how dumb.
A thoughtful post, thanks for that. May I recommend you take a look at "All You Can Pay"
(NationBooks 2015) for a more thorough treatment of the subject, together with a proposal on
how to re-balance the equation. Full disclosure, I am a co-author.
I saw this video back in 2007. It was originally put together by a Sarah Lawrence
student who was working on her paper on social media. The ties of all the original investors
to IN-Q-Tel scared me off and I decided to stay away from Facebook.
But it isn't just FB. Amazon, Twitter, Google, LinkedIn, Apple, Microsoft and many
others do the same, and we are all caught up in it whether we agree to participate or
not.
Anyone watch the NCAA Finals and see all the ads from Google about being "The Official
Cloud of the NCAA"? They were flat out bragging, more or less, about surveillance of players.
for the NCAA.
Platform Capitalism is a mild description, it is manipulation based on Surveillance
Capitalism, pure and simple. The Macro pattern of Corporate Power subsuming the State across
every area is fascinating to watch, but a little scary.
It was amusing that the top Google hit for the Brandeis article was JSTOR which requires
us to surrender personal detail to access their site. To hell with that.
The part I like about the Brandeis privacy story is the motivation was some Manhattan rich
dicks thought the gossip writers snooping around their wedding party should mind their own
business. (Apparently whether this is actually true or just some story made up by somebody
being catty at Brandeis has been the topic of gigabytes of internet flame wars but I can't
ever recall seeing any of those.)
" Two young psychologists are central to the Cambridge Analytica story. One is Michal
Kosinski, who devised an app with a Cambridge University colleague, David Stillwell, that
measures personality traits by analyzing Facebook "likes." It was then used in collaboration
with the World Well-Being Project, a group at the University of Pennsylvania's Positive
Psychology Center that specializes in the use of big data to measure health and happiness in
order to improve well-being. The other is Aleksandr Kogan, who also works in the field of
positive psychology and has written papers on happiness, kindness, and love (according to his
résumé, an early paper was called "Down the Rabbit Hole: A Unified Theory of
Love"). He ran the Prosociality and Well-being Laboratory, under the auspices of Cambridge
University's Well-Being Institute.
Despite its prominence in research on well-being, Kosinski's work, Cadwalladr points out,
drew a great deal of interest from British and American intelligence agencies and defense
contractors, including overtures from the private company running an intelligence project
nicknamed "Operation KitKat" because a correlation had been found between anti-Israeli
sentiments and liking Nikes and KitKats. Several of Kosinski's co-authored papers list the US
government's Defense Advanced Research Projects Agency, or DARPA, as a funding source. His
résumé boasts of meetings with senior figures at two of the world's largest
defense contractors, Boeing and Microsoft, both companies that have sponsored his research.
He ran a workshop on digital footprints and psychological assessment for the Singaporean
Ministry of Defense.
For his part, Aleksandr Kogan established a company, Global Science Research, that
contracted with SCL, using Facebook data to map personality traits for its work in elections
(Kosinski claims that Kogan essentially reverse-engineered the app that he and Stillwell had
developed). Kogan's app harvested data on Facebook users who agreed to take a personality
test for the purposes of academic research (though it was, in fact, to be used by SCL for
non-academic ends). But according to Wylie, the app also collected data on their entire --
and nonconsenting -- network of friends. Once Cambridge Analytica and SCL had won contracts
with the State Department and were pitching to the Pentagon, Wylie became alarmed that this
illegally-obtained data had ended up at the heart of government, along with the contractors
who might abuse it.
This apparently bizarre intersection of research on topics like love and kindness with
defense and intelligence interests is not, in fact, particularly unusual. It is typical of
the kind of dual-use research that has shaped the field of social psychology in the US since
World War II.
Much of the classic, foundational research on personality, conformity, obedience,
group polarization, and other such determinants of social dynamics -- while ostensibly
civilian -- was funded during the cold war by the military and the CIA. The cold war was
an ideological battle, so, naturally, research on techniques for controlling belief was
considered a national security priority. This psychological research laid the groundwork for
propaganda wars and for experiments in individual "mind control."
The pioneering figures from this era -- for example, Gordon Allport on personality and
Solomon Asch on belief conformity -- are still cited in NATO psy-ops literature to this
day .."
This is an issue which has frustrated me greatly. In spite of the fact that the
country's leading psychologist (at the very least one of them -- ex-APA president Seligman)
has been documented taking consulting fees from Guantanamo and Black Sites goon squads, my
social science pals refuse to recognize any corruption at the core of their so-called
replicated quantitative research.
I have asked more than five people to point at the best critical work on the Big 5
Personality theory and they all have told me some variant of "it is the only way to get
consistent numbers". Not one has ever retreated one step or been receptive to the suggestion
that this might indicate some fallacy in trying to assign numbers to these properties.
They eat their own dog food all the way and they seem to be suffering from a terrible
malnutrition. At least the anthropologists have Price . (Most of
that book can be read for free in installments at Counterpunch.)
The rule No.1: do not buy cheap routers. Do not use routers which are supplied for free by
your ISP. Buy only from proven companies with good security record. To use your own firewall (a
small linux server is OK) is a must in the current circumstances
There is no special value in Kaspersky anti-virus software. all such products can be used as
a backdoor in your computer (for example via update mechanism). Using complex and opaque software
actually makes Windows less secure not more secure. Periodic (say, daily) reinstallation from
trusted image is probably a better way, especially if Windows is really minimized and does not
contain third party software that has it's own update mechanisms or such mechanism are
blocked.
But attacks on routers is a new fashion and should be taken very seriously as most people pay
no attention to this crucial part of their business or home network. In any case a separate
firmware is needed after Internet router which now is not that expensive (a decent box can be
bought for around $300. For those who know Unix/Linux see for example Firewall Micro Appliance
or QOTOM
(both can be used of pfSense or your custom Linux solution) For those who don't see, for example,
Zyxel [USG40] ZyWALL (USG) UTM Firewall
Notable quotes:
"... Further findings suggest that Slingshot had common code with only two other known pieces of software, both malwares, which were attributed to the NSA and CIA, respectively, by analysts. Though various U.S. agencies are all denying comment, things are clearly pointing uncomfortably in their direction. ..."
"... Malware is not a precision munition, it hits wide targets and spreads out to bystanders. This is particularly disturbing to note if, as some reports are indicating, this malware was Pentagon in origin. ..."
Slingshot . The
malware targeted Latvian-made Internet routers popular in the
Middle East, Africa, and Southeast Asia.
Kaspersky's reports reveal that the malware had been active since at least 2012, and
speculates that it was government-made, owing to its sophistication and its use of novel
techniques rarely seen elsewhere.
Those investigating the matter further have drawn the conclusion that Slingshot was
developed by the U.S. government, with some reports quoting former
officials as connecting it to the Pentagon's JSOC special forces. For those following the
cyber security and malware sphere, this is a huge revelation, putting the U.S. government in
the hot seat for deploying cyber attacks that harm a much greater range of innocent users
beyond their intended targets.
Kaspersky's own findings note that the code was written in English, using a driver flaw to
allow the implanting of various types of spyware. Among those mentioned by Moscow-based
Kaspersky was an implant named "GOLLUM," which notably was mentioned in
one of the leaked Edward Snowden documents .
Further findings suggest that Slingshot had common code with only two other known pieces
of software, both malwares, which were attributed to the NSA and CIA, respectively, by
analysts. Though various U.S. agencies are all denying comment, things are clearly pointing
uncomfortably in their direction.
Cyberscoop
, one of the first news outlets to break the story, reported a mixed reaction among officials.
Some noted that Kaspersky Labs was simply doing what a security company is supposed to do.
Others, however, were less agreeable, suggesting it was an intentional attempt by Kaspersky to
undermine U.S. security.
The argument, as far as it goes, is that given the ostensible target areas -- the Middle
East, North Africa, Afghanistan -- Kaspersky should have concluded it was related to the War on
Terror and sat on their findings. The Trump administration already views Kaspersky as a sort of
hostile actor --
banning the use of Kaspersky products by any government or civilian federal contractor in
December, citing Kremlin influence (a charge that has been vehemently denied by the company).
This just gives them more justification for seeing Kaspersky as an adversary in the space.
Unfortunately for the Russian company, some American retailers have even followed suit,
pulling the software from the shelves on the grounds that it's Russian, and that therefore
suspect.
There has been no clear evidence that Kaspersky's software was serving as a backdoor for
Russian intelligence, though it was reported last fall that sensitive documents were stolen
from a National Security Agency (NSA) contractor's laptop via
its Kaspersky-made antivirus software . In a statement at the time, the company said,
"Kaspersky Lab has never helped, nor will help, any government in the world with its
cyberespionage efforts." Turns out that Israeli spies, spying on the Russian spies, disclosed
the intrusion to U.S. officials.
Kaspersky has consistently ranked near the top of antivirus ratings from virtually all
third-party reviewers. The company has sold its products to nearly 400 million users worldwide,
with 60 percent in the U.S. and Western Europe. Until now, Kaspersky was being used by several
major agencies in the federal government, including the State Department and Department of
Defense.
Ironically, this new Slingshot issue itself appears just to be a testament to how well the
company's security works at digging up extremely dangerous malware. It also underscores the
uneasy reality that the U.S. has been engaging in its own brand of cyber warfare all along.
Any claims that a specific piece of U.S. malware -- in this case, Slingshot -- was targeting
only al-Qaeda or ISIS bad guys is disingenuous as well. The exploit on routers is hitting an
entire region,
infecting an untold number of innocent people . Internet cafés are said to have been
hit in this, meaning everyone going into the cafes is at risk.
Malware is not a precision munition, it hits wide targets and spreads out to bystanders.
This is particularly disturbing to note if, as some reports are indicating, this malware was
Pentagon in origin.
U.S. civilian government surveillance is already doing great harm to general Internet
security, and does so by remaining in denial about the balance of good to harm that is being
done. The U.S. military, by contrast, has shown its willingness to inflict major harm on
innocents in pursuit of any war goal. As they start hitting regions with malware, all bets are
off on how far it will spread.
Security companies like Kaspersky Labs only afford the private user limited protection from
all of this malware, because they're constantly playing catch-up, finding new variants and new
exploits that the various pieces of software are using. Slingshot, for instance,
went undetected for six solid years .
The discovery means fixes can finally be implemented for the routers and the computers.
Novel exploits like this are rarely a one-time fix, however, as a slew of similar exploits from
other sources tend to crop up after one gets taken out. It's a never-ending battle.
In August, President Trump made U.S. Cyber Command
a formal military command , reflecting the growing view of the Internet as a military
objective. Much as America's other battlefields result in collateral damage on the ground, the
cyberwar is going to have a deleterious impact on day-to-day life in cyberspace. The big
questions are how bad things will get, and how quickly.
Jason Ditz is news editor at Antiwar.com , a nonprofit organization dedicated to the cause of
non-interventionism. In addition to TAC, his work has appeared in Forbes, Toronto Star,
Minneapolis Star-Tribune, Providence Journal, Daily Caller, Washington Times and Detroit Free
Press.
In a casual conversation at a party a computer science researcher from a leading
university commented that the vast majority of "denial of service" attacks in this country
are done by the federal government. That would probably be the CIA covert ops in service to
the bankster oligarchy. The Israelis are also known to have cyber warfare capabilities, and
are a central part of the oligarchy, judging by their clear control of the MSM.
It makes complete sense that the oligarchy would do everything it could to harass and slow
down the opposition, even if just to frustrate them to the point of giving up. I'm glad you
are reporting your experiences here; it will help the site administrators deal with the
problem.
A few years ago there was a Zionist mole(s) at Disqus who deleted posts that were too
informative about Israel, especially those with links to highly informative articles. After
an open discussion of the problem it eventually disappeared.
backwardsevolution , March 19, 2018 at 4:29 pm
Realist -- occasionally this happens to me and, yes, it is most frustrating. What I am
doing more often now (but sometimes I still forget) is copying my text before hitting "Post
Comment". If it disappears, at least you still have it and can try again. If this occurs, I
go completely off the site, and then come back on and post again. Does this just happen on
posts that took you a long time to get finished? I ask this because I've found that if I type
some words, go away and start making dinner (or whatever), and my comment is not posted for
several hours, then sometimes it does this.
I sure hope you get it figured out because your posts are always wonderful to read.
Realist , March 19, 2018 at 4:47 pm
This has been happening systematically to anything I post today. Both long and short
entries. I copy the text, then post it. When I see it appear or even see it under moderation,
I have assumed it would stand and so delete the copy rather than save it -- that space goes
to the next composition. So, everything "disappeared" today is gone. Most of the stuff
disappeared has to do with our supposed rights of free speech and the intrusion of the
intelligence agencies into our lives and our liberties. Guess who I suspect of sabotaging
these calls to be vigilant against attacks on our freedoms? Good gravy, they are becoming
relentless in trying to control every jot and tittle of the narrative. The entire MSM is not
enough for them, even web sites with a microscopic audience are now in their sights. I don't
know what else to make of a problem that has become routine, not just sporadic.
backwardsevolution , March 19, 2018 at 6:18 pm
You're just too good, Realist! You make too much sense! If there is a "they" out there who
are censoring, of course they'd go after someone like you. Take a break, kick back, then see
what happens tomorrow. If it continues, then maybe you could make a few calls.
Skip Scott , March 19, 2018 at 7:29 pm
Sorry to hear of your difficulties, Realist. Don't give up yet. Your posts are a very
valuable part of this website. I do suspect outside interference. This site and ICH are both
under attack, and probably others as well. I hope Nat and Tom Feeley can afford some good
techies to mount a good defense.
robjira , March 19, 2018 at 9:58 pm
I agree with be and Skip, Realist. The same thing happened to me (and I'm not even a
frequent commentator here); sometimes it takes days for a post(s) to appear. This sometime
can be triggered by multiple links, extensive text formatting, etc. (you probably already
know all this).
Anyway, be has it right; take a breather for a while. If something more nefarious is
really happening, wear it like a medal; if your comments are disappeared, that as good as
confirms you're on target. Your commentary is really insightful, and nothing freaks
them out more than an informed opinion.
Peace.
To paraphrase someone: "Never attribute to malice that which can be attributed to a bug in
the software."
backwardsevolution , March 19, 2018 at 10:15 pm
Paul E. Merrell -- "Never attribute to malice that which can be attributed to a bug in the
software."
Quite true. I was having trouble going on Paul Craig Roberts' site for about a month (and
another site, but I can't remember which one). I said to my son, "What the heck? Are they
shutting down access to this site?" My son came onto my computer and within about two minutes
he had me set right again. He said it had to do with my Internet security company. Who knew?
Certainly not me! Thank goodness for tech-literate children.
Litchfield , March 20, 2018 at 9:09 am
" even web sites with a microscopic audience are now in their sights."
Maybe "microscopic," but with the potential to be magnified and multiplied. I have been
puzzled as to why some posts have shown up as being in moderation and others not. But have
not systematically followed up to see what happened. I assume comments at this site are
moderated in some way, but why would that result in the patchy appearance of an actual "under
moderation" signal?
freedom lover , March 20, 2018 at 3:39 pm
Not just this website but very common if you try to post anything on RT.
Sam F , March 19, 2018 at 8:47 pm
I also noticed several comments here that had been deleted after I refreshed the screen.
They appeared to have attracted the "anti-semitism" accusation, so perhaps other hackers are
involved.
Sam F , March 19, 2018 at 8:40 pm
While at first skeptical of the hacking hypothesis, I realized its similarity to what I
have seen for two months on RT.
RT is apparently being copied to "mirror sites" likely controlled by US agencies, so that
they can run spy scripts when the stories are viewed. My PC runs far slower after checking
any story on RT, and the browser must be restarted to regain normal speed. No other website
has this problem, and certainly RT would not want to annoy their viewers by doing that
themselves.
Most likely the secret agency scripts are sending files and browsing information to
government spies.
It may be that CN is now being copied into hacked "mirror sites" by those who control the
web DNS service that identifies the web server address for named websites. That would be a US
secret agency. I have wondered whether such agencies are responsible for the trolls who have
annoyed commenters here for several months. It may be that they are controlling the
commentary now as well, to make political dossiers.
Litchfield , March 20, 2018 at 9:12 am
"My PC runs far slower after checking any story on RT, and the browser must be restarted
to regain normal speed. "
I have noticed this as well. I don't check RT all that often, but one time I wanted to see
what Peter Lavelle had been up to lately with CrossTalk, so went to RT. This was awhile ago
so I can't recall the exact details, but I think my browser generally froze up and I had to
reboot my laptop. Of course it made me a bit paranoid and I wondered what was going on at
RT.
Realist , March 20, 2018 at 5:01 pm
I've often noticed a great delay in RT loading. I'll have to focus on the effect you
described. Sometimes I get a "service not available" notice for CN which usually resolves
within no more than a half hour.
Inthebyte , March 20, 2018 at 11:27 am
I agree about RT. When I log on there everything slows to a crawl, or flat doesn't
navigate. Thanks for the comment. Now I know I'm being gas lighted. Another site with all of
these problems is Information Clearing House who are hacked repeatedly.
Zachary Smith , March 20, 2018 at 12:51 pm
My PC runs far slower after checking any story on RT, and the browser must be restarted
to regain normal speed. No other website has this problem, and certainly RT would not want
to annoy their viewers by doing that themselves.
I'm running three script-blocker addons as I type this, and a fourth will be enabled again
after making this post. The latter one does something to the CN site, and unless disabled any
comment goes to the bottom of the page. My Firefox browser (which I'm using now) has the
cache set to "0", and also to "never remember history". This slows it somewhat, but I figure
the trade-off is worthwhile.
I review four "Russian" sites and have noticed they're chock-full of annoying ads and
scripts. One of them I suspect is being run for income, for there is no coherent "message"
along with most of the headlines being clickbait material. But I return there because
sometimes they have a story worth more investigation.
Sam F , March 19, 2018 at 8:42 pm
While at first skeptical of the hacking hypothesis, I should note what I have seen for two
months on RT.
RT is apparently being copied to "mirror sites" likely controlled by US agencies, so that
they can run spy scripts when the stories are viewed. My PC runs far slower after checking
any story on RT, and the browser must be restarted to regain normal speed. No other website
has this problem, and certainly RT would not want to annoy their viewers by doing that
themselves.
Most likely the secret agency scripts are sending files and browsing information to
government spies.
It may be that CN is now being copied into hacked "mirror sites" by those who control the
web DNS service that identifies the web server address for named websites. That would be a US
secret agency. I have wondered whether such agencies are responsible for the trolls who have
annoyed commenters here for several months. It may be that they are controlling the
commentary now as well, to make political dossiers.
geeyp , March 20, 2018 at 12:28 am
Nothing much secret regarding the secret agencies. Didn't I read that Google and Face.
(same company with Y.T.) have fairly recently hired 10,000 new employees for just this
purpose? I ,too, have had plenty of issues with the RT.com site. It is not RT causing the
issues. Truth hurts these evil P.O.S. And, also I have wondered regarding the ISP
involvement. On the article topic, I was quite angered when I read his Tweet over the
weekend; that punk has got nerve and needs to wear an orange jumpsuit.
Litchfield , March 20, 2018 at 9:13 am
What is the ISP movement?
Sam F , March 20, 2018 at 11:50 am
The ISP may or may not be involved, but the DNS is involved in creating fake (or real)
"mirror sites." DNS (distributed name service) has its own servers all over, which translate
text URLs (xxx.com ) to numeric internet (IP) addresses. So when you request the site, your
local DNS server gives you the address based upon its updates from other sources, including
the "mirror" sites used for heavily-used websites.
I do not yet know the processes used to update DNS servers which would be tampered to
create fake mirror sites, or exactly how this would be controlled, except that secret
agencies would know this and would have such control. Others might be able to do this as
well.
Skeptigal , March 20, 2018 at 4:26 am
Sorry, I know you're frustrated but I couldn't help but giggle at your indignant replies.
They are hilarious. Your comments may have ended up in the spam folder. If you contact them
they will restore your comments. Good luck! :)
Realist , March 20, 2018 at 11:23 pm
Using the British standard, I'm going to assume you are responsible for all the trouble
unless you prove otherwise.
Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National
Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but
a very different type of covert, globe-spanning force -- its own substantial fleet of hackers.
The agency's hacking division freed it from having to disclose its often controversial
operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking
capacities.
By the end of 2016, the CIA's hacking division, which formally falls under the agency's
Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than
a thousand hacking systems, trojans, viruses, and other "weaponized" malware. Such is the scale
of the CIA's undertaking that by 2016, its hackers had utilized more code than that used to run
Facebook. The CIA had created, in effect, its "own NSA" with even less accountability and
without publicly answering the question as to whether such a massive budgetary spend on
duplicating the capacities of a rival agency could be justified.
"... The US and European press have both published stories accusing the Russian government, and in particular, the Russian military, of the so-called "NotPetya" cyberattack which targeted information technology infrastructure in Ukraine. ..."
"... Ulson Gunnar is a New York-based geopolitical analyst and writer especially for the online magazine " New Eastern Outlook ". ..."
"... All images in this article are from the author. ..."
The US and European press have both published stories accusing the Russian government,
and in particular, the Russian military, of the so-called "NotPetya" cyberattack which targeted
information technology infrastructure in Ukraine.
Britain and the United States blamed the Russian government on Thursday for a
cyberattack that hit businesses across Europe last year, with London accusing Moscow of
"weaponizing information" in a new kind of warfare. Foreign Minister Tariq Ahmad said "the
U.K. government judges that the Russian government, specifically the Russian military, was
responsible for the destructive NotPetya cyberattack of June 2017."The fast-spreading
outbreak of data-scrambling software centered on Ukraine, which is embroiled in a conflict
with Moscow-backed separatists in the country's east. It spread to companies that do business
with Ukraine, including U.S. pharmaceutical company Merck, Danish shipping firm A.P.
Moller-Maersk and FedEx subsidiary TNT.
The Russian military was directly behind a "malicious" cyber-attack on Ukraine that
spread globally last year, the US and Britain have said.
The BBC also added that:
On Thursday the UK government took the unusual step of publicly accusing the Russia
military of being behind the attack."The UK and its allies will not tolerate
malicious cyber activity," the foreign office said in a statement. Later, the White House
also pointed the finger at Russia.
Yet despite this "unusual step of publicly accusing the Russian military of being behind
the attack," neither the US nor the British media provided the public with any evidence, at
all, justifying the accusations. The
official statement released by the British government would claim:
The UK's National Cyber Security Centre assesses that the Russian military was almost
certainly responsible for the destructive NotPetya cyber-attack of June 2017. Given the high
confidence assessment and the broader context, the UK government has made the judgement that
the Russian government – the Kremlin – was responsible for this
cyber-attack.
Claiming that the Russian military was "almost certainly responsible," is not the
same as being certain the Russian military was responsible. And such phrases as "almost
certainly" have been used in the past by the United States and its allies to launch
baseless accusations ahead of what would otherwise be entirely unprovoked aggression against
targeted states, in this case, Russia. The White House would also
release a statement claiming:
In June 2017, the Russian military launched the most destructive and costly
cyber-attack in history.The attack, dubbed "NotPetya," quickly spread worldwide,
causing billions of dollars in damage across Europe, Asia, and the Americas. It was part of
the Kremlin's ongoing effort to destabilize Ukraine and demonstrates ever more clearly
Russia's involvement in the ongoing conflict. This was also a reckless and indiscriminate
cyber-attack that will be met with international consequences.
Considering claims that this is the "most destructive and costly cyber-attack in
history, " it would seem imperative to establish evidence beyond doubt of who was
responsible. No Evidence From Governments Confirmed to Possess the Means to Fabricate
Attribution Yet, so far, this has not been done. Claims that Russia's military was behind
the attacks seems to be built solely upon private analysts who have suggested the attacks
appear to have originated in Russia.
A division of the Central Intelligence Agency stockpiled hacking techniques culled from
other hackers, giving the agency the ability to leave behind the "fingerprints" of the
outside hackers when it broke into electronic devices, the anti-secrecy group WikiLeaks
alleges as it released thousands of documents Tuesday.
The article continues by pointing out:
The documents also suggest that one of the agency's divisions – the Remote
Development Branch's UMBRAGE Group – may have been cataloguing hacking methods from
outside hackers, including in Russia, that would have allowed the agency to mask their
identity by employing the method during espionage."With UMBRAGE and related projects
the CIA cannot only increase its total number of attack types, but also misdirect attribution
by leaving behind the 'fingerprints' of the groups that the attack techniques were stolen
from," Wikileaks said in a statement.
Not only does this ability allow the CIA to carry out espionage that if discovered would be
attributed to other parties, it also allows the CIA to conduct attacks the US government and
its allies can then blame on foreign states for the purpose of politically maligning them, and
even justifying otherwise indefensible acts of aggression, either militarily, or in the realm
of cyberspace.
Evidence provided by the UK and US governments would have to establish Russia's role in the
"NotPetya" cyberattack beyond mere attribution, since this is now confirmed to be possible to
forge. The UK and US governments have failed to provide any evidence at all, likely because all
it can offer is mere attribution which skeptics could easily point out might have been forged.
NATO Had Been Preparing "Offensive" Cyber Weapons
A group of NATO allies are considering a more muscular response to state-sponsored
computer hackers that could involve using cyber attacks to bring down enemy networks,
officials said.
Reuters would also report:
The doctrine could shift NATO's approach from being defensive to confronting hackers
that officials say Russia, China and North Korea use to try to undermine Western governments
and steal technology.
It has been repeatedly pointed
out how the US, UK and other NATO members have repeatedly used false pretexts to justify
military aggression carried out with conventional military power. Examples include fabricated
evidence of supposed "weapons of mass destruction (WMD)" preceding the 2003 US invasion of Iraq
and the so-called "humanitarian war" launched against Libya in 2011 built on fabricated
accounts from US and European rights advocates.
With UMBRAGE, the US and its allies now possess the ability to fabricate evidence in
cyberspace, enabling them to accuse targeted nations of cyber attacks they never carried out,
to justify the deployment of "offensive" cyber weapons NATO admits it has prepared ahead of
time. While the US and European media have warned the world of a "cyber-911″ it appears
instead we are faced with "cyber-WMD claims" rolled out to justify a likewise "cyber-Iraq War"
using cyber weapons the US and its NATO allies have been preparing and seeking to use for
years. Were Russia to really be behind the "NotPetya" cyberattack, the US and its allies have
only themselves to blame for decades spent undermining their own credibility with serial
instances of fabricating evidence to justify its serial military aggression. Establishing that
Russia was behind the "NotPetya" cyberattack, however, will require more evidence than mere
"attribution" the CIA can easily forge.
*
Ulson Gunnar is a New York-based geopolitical analyst and writer especially for the
online magazine " New Eastern Outlook
".
"... Poor Russia cant get a break, neither can Americans get a break from this USA 'get Russia' monkey circus. The monkeys now reach back a year ago to get Russia on a cyber attack. ..."
Poor Russia cant get a break, neither can Americans get a break from this USA 'get
Russia' monkey circus. The monkeys now reach back a year ago to get Russia on a cyber
attack.
White House blames Russia for 'reckless' NotPetya cyber attack
3 days ago -- WASHINGTON/LONDON (Reuters) -- The White House on Thursday blamed Russia for
the devastating 'NotPetya' cyber attack last year , joining the British government in
condemning Moscow for unleashing a virus that crippled parts of Ukraine's infrastructure and
damaged computers in countries across the
Best advice for Americans believe nothing, trust nothing that issues from a
government.
The experts:
John McAfee, founder of an anti-virus firm, said: "When the FBI or when any other agency
says the Russians did it or the Chinese did something or the Iranians did something -- that's
a fallacy," said McAfee.
"Any hacker capable of breaking into something is extraordinarily capable of hiding their
tracks. If I were the Chinese and I wanted to make it look like the Russians did it I would
use Russian language within the code. "I would use Russian techniques of breaking into
organisations so there is simply no way to assign a source for any attack -- this is a
fallacy."
I can promise you -- if it looks like the Russians did it, then I can guarantee you it was
not the Russians."
Wikileaks has released a number of CIA cyber tools it had obtained. These included
software specifically designed to create false attributions.
Late last night the White House accused the
Russian military of having launched the destructive "NotPetya" malware which in June 2017 hit
many global companies:
Statement from the Press Secretary
In June 2017, the Russian military launched the most destructive and costly cyber-attack
in history.
The attack, dubbed "NotPetya," quickly spread worldwide, causing billions of dollars in
damage across Europe, Asia, and the Americas. It was part of the Kremlin's ongoing effort to
destabilize Ukraine and demonstrates ever more clearly Russia's involvement in the ongoing
conflict. This was also a reckless and indiscriminate cyber-attack that will be met with
international consequences.
The statement has the same quality as earlier statements about Spain sinking the Maine or about Saddam's Weapons of
Mass Destruction had.
Neither the U.S. nor anyone else has presented ANY evidence of ANY Russian involvement in
the creation or distribution of the NotPetya malware. The U.S. is simply asserting this while
presenting nothing to back it up.
There is, in general, no attribution possible for any such cyber attack. As John McAfee,
founder of an anti-virus firm,
said :
"When the FBI or when any other agency says the Russians did it or the Chinese did something
or the Iranians did something – that's a fallacy," said McAfee.
...
" Any hacker capable of breaking into something is extraordinarily capable of hiding their
tracks. If I were the Chinese and I wanted to make it look like the Russians did it I would
use Russian language within the code. "I would use Russian techniques of breaking into
organisations so there is simply no way to assign a source for any attack – this is a
fallacy."
...
I can promise you – if it looks like the Russians did it, then I can guarantee you it
was not the Russians ."
I agree with McAfee's statement. The CIA must likewise agree. Wikileaks has released a number of CIA cyber tools it had
obtained. These included software specifically designed to create false attributions:
The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library
of attack techniques 'stolen' from malware produced in other states including the Russian
Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack
types but also misdirect attribution by leaving behind the "fingerprints" of the groups that
the attack techniques were stolen from.
Nearly all "attributes" used for attributing a cyber attack can be easily faked to accuse a
party not involved in the attack.
The British National Cyber Security Center, part of the British computer spying organisation
GCHQ, also claims that the Russian military is "
almost certainly " responsible for the NotPetya attack. Canada and the Australians also
chipped
in .
But note - these are NOT independent sources. They are, together with New Zealand, part of
the of the " Five Eyes "
spying alliance. From NSA files released by Edward Snowden we know that the Five Eyes are
practically
led by the U.S. National Security Agency:
One internal document quotes the head of the NSA, Lieutenant General Keith Alexander, on a
visit to Menwith Hill in June 2008, asking: "Why can't we collect all the signals all the
time? Sounds like a good summer project for Menwith."
Menwith Hill is
a Royal Airforce spying station and part of the GCHQ infrastructure. That the head of the NSA
can assign "summer projects" to it shows where the real power lies.
NotPetya was a destructive virus that masked as ransomware. It was based
on attacking tools which originally had been developed by the NSA but were later anonymously
published by someone calling himself Shadow-Broker. One of several attack vectors NotPetya used
was the update mechanism of some tax accounting software which is common in Ukraine and Russia.
But the attack soon spread globally
:
The attack hit Ukraine central bank, government computers, airports, the Kiev metro, the
state power distributor Ukrenergo, Chernobyl's radiation monitoring system, and other
machines in the country. It also affected Russian oil giant Rosneft, DLA Piper law firm, U.S.
biopharmaceutical giant Merck, British advertiser WPP, and Danish shipping and energy company
Maersk, among others.
The biggest damaged through NotPetya
occurred at the Danish shipping company Maersk which had to completely reboot its entire
infrastructure and lost some $250-300 million due to the attack.
The question one must always ask when such accusations are made is: Why would the accused do
this?
In January the U.S. attribution claims about the NotPetya malware
were prelaunched through the Washington Post :
The CIA has attributed to Russian military hackers a cyberattack that crippled computers in
Ukraine last year, an effort to disrupt that country's financial system amid its ongoing war
with separatists loyal to the Kremlin.
...
The GRU military spy agency created NotPetya, the CIA concluded with "high confidence" in
November, according to classified reports cited by U.S. intelligence officials.
...
The hackers worked for the military spy service's GTsST, or Main Center for Special
Technology, the CIA reported. That unit is highly involved in the GRU's cyberattack program,
including the enabling of influence operations.
What could have been the motive of the "Russian military" to release a (badly written)
malware that destroys computer-files of random companies all over the world including at the
all important Russian oil-giant Rosneft
. To assume that Ukraine's financial system was the target is almost certainly wrong. There is
also no evidence that this was the case. Ukraine's Central Bank was just one of thousands of
victims of the attack.
Only some 50% of the affected companies were in Ukraine. Most of them were not financial
firms. The attack was initiated through an update mechanism of an accounting software that is
also used in Russia. That original attack vector was probably chosen simply because it was easy
to use. The accounting software company had a lousy security protection. The first infected
computers then applied a different mechanism to spread the malware to other machines. The
attack was launched on a Ukrainian national holiday which is not optimal if one wants to spread
it as wide as possible throughout the Ukraine.
That the Ukraine and Russia were hit first by the malware was also likely just a time-of-day
question. The
timeline shows that the U.S. and most of western-Europe were still asleep when the virus
started to proliferate. The anti-virus organizations, the Russian company Kaspersky among them , took only a
few hours to diagnose the attacking software. A solution to prevent further damage was found
within some twelve hours. By the time the U.S. working day started anti-virus companies were
already releasing advise and protective code against it. If the attack had not been stopped by
protective software it would have effected many more computers. Most of these would not have
been in the Ukraine.
The U.S. attribution of the NotPetya attack to some Russian organization is extremely
doubtful. In general a certain attribution of any such cyber attack is impossible. It is easy
for any sophisticated virus writer to modify the code so that it looks as if it was written by
some third party. The CIA even develops tools to do exactly that.
The attacking software seemed to be of relatively low quality. It was a badly designed
mishmash created from earlier known malware and spy tools. It was not confined to a certain
country or target. It can at best be described as an act of random vandalism on a global scale.
There is no discernible motive for any Russian state organizations to release such
nonsense.
In 2009 Russia offered
an international treaty to prohibit cyber attacks. It was the U.S. under Obama which rejected
it as "unnecessary" while it was expanding its own attack capabilities.
The U.S. government has launched a Cold War 2.0 against Russia. The motive for that seems to
be mostly monetary. Hunting a few 'terrorists' does not justify big military budgets, opposing
a nuclear power does.
The now released accusations against Russia have as much foundation in reality as the claims
of alleged Iraqi WMDs. We can only hope that these new accusations will have less severe
consequences.
Posted by b on February 16, 2018 at 04:30 AM |
Permalink
Trump has made a fool of himself by agreeing to be the mouth for some looney security
briefing. Why the White House releasing this? why not the NSA or some slightly distant body
so the president can be kept clear of blowback if the accusation is proven to be wrong (as it
has and was at the time of its spread). A gullible fool is spouting at the behest of the five
anuses. They certainly aren't eyes with that sh!t coming out.
Some of the smartest hackers I seen are Russians, although a lot of kids will just do it for
kicks, professionals would have a target rather than random targets that can back fire aka
how the US does things as we seen off their Iranian attack.
Kaspersky being the best of the best, Kremlin would know and would make great effort to
make sure they stay as far away from them as possible. To give it a fighting chance. That
Kaspersky found it so fast shows it was not Russian. Since you want them to be last on the
list to know about it. Kaspersky for some strange reason also works with their partners in
the US/UK etc sharing information. So Russians themselves would work to defeat a Russian
attack even if its made. Which any smart cookie would say is self defeating and they would
not waste the effort to try.
Could the attack have been co-ordinated by parties in different countries but in the same
time zone or in neighbouring time zones, with one or two of these being the same time zones
that European Russia is in?
It seems possible that at least one of these parties might be based in Ukraine. For
Ukrainian-based pro-Maidan cyber-hackers to release the virus on a Ukrainian public holiday,
when most major public and private institutions and businesses are closed, but Russian ones
are not, would make sense. Another party could be based in a different country with
sophisticated cyber-technology and experience in creating and spreading cyber-viruses that is
in the same time zone as Ukraine. Israel comes to mind.
I don't believe anything will come of it. I see these accusations as petty attempts to get
under Russia's skin. Frankly, I can't see anybody believing the crap that comes out of
Washington's mouth, especially after what Snowden/Wikileaks has revealed to the public.
"Some of the smartest hackers I seen are Russians, ....."
I am curious where have you seen them?
Second thing which I've never understood about hacking is, why all this noise about it. It
is like a pc and network infrastructures are like holly grail and untouchable. The
fetishization of this particular technology which comes from the west is unbearable, it is
like the life on earth depend on it. Than can not be further from the truth. The US behaves
as the owner and guardian of the IT sector, and they handsomely profited from it.
If someone leave its nodes exposed or on the Internet than it is their fault, why not hack
it. To hell with them. If someone leave sensitive documents on server than again that's the
owner problem, and so on. It is not a bigger crime than "regular" spying activity.
The Russian hacking is beyond the point. Two big powers, capitalist countries with almost
identical political structure are competing in the world arena. One of them in decline big
time, the second one resurgent but stagnant in development and to gain wider influence. The
USA is clearly unable to bribe (as used to) Russia although countries such North Korea still
suffer from their collusion in the Security council.
Hacking someone's IT infrastructure is mature skill and there is nothing new in it so just
like everything else everything the US and its organs are saying is plain lie. Now, the
problem is that after a lie follow some kind of coercion. It that doesn't work - if you are
small and defenseless country - than they will kill you.
There are at least two tactics in cyberwarfare (which this is).
First, to attack and destroy infrastructure of an enemy or opponent or resistant vassal.
Second, to place blame on others for the use of cyber as a weapon.
The US is at cyber war with Russia and China. This is not Cold War.
Neither was Stuxnet. That was cyber war on Iran. It got out beyond Iran because its careless
design sought Seimens equipment everywhere on the Internet. It went to many other countries
far beyond Iran and attacked the equipment there.
This malware was not well-designed either. It may have been meant for Russian targets.
Rosneft is a huge economic target.
But this campaign using NotPetya had the value of being a Tactic #1 attack + #2 failure
against Russia. The CIA got to blame Russia even though the intended damage was quickly
reversed by Kaspersky. The irony is they attacked a nation with the best resources to combat
and defend against the weapon they used.
But make no mistake, the CyperWars are well underway. The US is sloppy, just like all
their Hegemon efforts are seriously flawed in classic terms of execution. The Russians are
far more elegant with cyber, as anyone who knows their software experts or products over the
years.
"But make no mistake, the CyperWars are well underway."
I doubt, I doubt very much. If there is a one than it is manufactured.
No vital and nationally sensitive or strategic IT nodes are exposed to the public net. All
this is bizarre and narrative created by the Deep State for idiots. Probably ~60% of drugs
infested Amerikkans do no care. The rest: https://medium.com/incerto/the-intellectual-yet-idiot-13211e2d0577
are somewhat interested. We can argue whether for domestic (in the light of another shooting,
if true) or international purposes (Syria, Iraq, Iran), or both.
The Class War is the Marx's term that is taboo and forbidden in capitalist's world everywhere
and in particular in the US where is social oppression and inequality is the greatest in the
world by far.
Maintain all kind of spins and propaganda along with political oppression i.e. help of
political police the American version of the Nazi's Gestapo is crucial for the ruling class
and regime.
While the looting of the drugged and non-drugged Americans continue unabated.
I would say that only 10% of the Amerikkans have clue what's hacking about, and very small
percentage understand in technical terms and details. Sadly, it is NOT important and even
more important those question should not be asked! Questioning the highest authority is no,
no. The more convoluted the better.
Now when the statement is out of the WH we might except refined follow up by the National
Security organs, TNYT, TWP, etc. An intended audience are https://en.wikipedia.org/wiki/Little_Eichmanns
It is very good that you posted that photo of Collin Powell in the context of the article.
It says it a lot, if not all.
In a Euromaidan Press article dated November 2nd, 2016, the hackers state enthusiastically
"Ukrainian hackers have a rather high level of work. So the help of the USA I don't know, why
would we need it? We have all the talent and special means for this. And I don't think that
the USA or any NATO country would make such sharp movements in international politics."
On the Tucker Carlson Show an FBI agent defended the fact that they could not identify the
school shooter, prior to the event, even after he was reported, because his one post did not
identify himself explicitly. Also, the threat was not enough to open an investigation.
So now the same group of people claim the ability to discover that people are 'Russian
Trolls' from a specific building in St. Petersburg simply based on the content of purely
political posts to facebook and twitter.
By following, little bit, the US National Security operation called Cryptocurrency (ies),
allegedly based in South Korea and Japan I noticed numbers of hacking of the companies' web
sites that are in this, let-call-it-business.
The most famous hacking was one of Mt.Gox (Japan based) one, where the French nationals
was the business' principal. A money never was recovered, and hacker is still unknown!? I
guess the place of business and the CEO meant (all US' client states) to give legitimacy to
cryptocurrency and lure fools into buying the "fog". But where did "investors" money goes?
Not to brilliant Russians...and how could that be? There is a lot of money in game, real
money.
Is the National Security State agencies has transfered looting from the domestic soil to
international one with help of the virtual reality. No trace of hackers, none!?
I use the term The US National Security State (or Deep State) and its apparatus as synonymous
to the Nazi Reich Main Security Office. Both of them, while differ in the methods and size,
the goals and objectives are the same.
Having just had a quick look into the NotPetya attack, it appears to have began on the
morning of the day before Ukraine's Constitution Day, and originated from the update server
of a Ukrainian tax accounting program called MeDoc. I expect this was another Ukrainian false
flag; a cyber warfare version of MH17. Sharp movements in international politics indeed.
Well that may mean that, under the new dictact (now the Unites States will not just use its
nuclear weapons as a response if the other party used them; now the United States has
declared that it will use nuclear weapons if, say, there should be a virus attack on its
networks), that the United States is about to declare war on Russia and proceed to nuke it.
"We can only hope that these new accusations will have less severe consequences."
The russophobic fake news push is not letting up and now the Trump administration has
jumped on board. And on top of targeting Iran has also ramped up targeting China.
This is how the last Cold War ramped up. The public was softened up by the media to fear
the USSR. It's a symptom of a disease in its psyche spreading throughout the West.
We see through this nonsense but I fear we underestimate the danger. This Cold War v2 is
already much hotter then v1. The West is approaching the throat of the East (Russia, China,
Iran, and others), and unfortunately for the world the West feels (it has limited capability
to think) it must prevail over the East or faces extinction. And what does that suggest might
happen?
CrowdStrike said Russians known as Fancy Bear hacked the DNC. U.S. Department of
Homeland Security identified one of the "Russian" malware tools used and named it "Grizzly
Steppe" or "PAS tool PHP web kit". Later it was also found to attack U.S. power utilities.
I tracked down the creator of the malware and found out that he was a 23-year old
Ukrainian university student at the Poltava National Technical University.
But while Profexer's online persona vanished, a flesh-and-blood person has emerged: a
fearful man who the Ukrainian police said turned himself in early this year, and has now
become a witness for the F.B.I.
Mr. Gerashchenko described the author only in broad strokes, to protect his safety, as a
young man from a provincial Ukrainian city. He confirmed that the author turned himself in
to the police and was cooperating as a witness in the D.N.C. investigation. "He was a
freelancer and now he is a valuable witness," Mr. Gerashchenko said.
"Fancy Bear" is not the Russian military intelligence agency GRU or any other Russian
government agency. It is simply a collection of hacking tools available online on Runet , the Russian language part of
the Internet and the Russian language darknet.
thanks b.. more of the same bullshit.. "The U.S. is simply asserting this while presenting
nothing to back it up."
from b's post - "In 2009 Russia offered an international treaty to prohibit cyber attacks.
It was the U.S. under Obama which rejected it as "unnecessary" while it was expanding its own
attack capabilities."
this from the link in the above quote..
"The United States argues that a treaty is unnecessary. It instead advocates improved
cooperation among international law-enforcement groups. If these groups cooperate to make
cyberspace more secure against criminal intrusions, their work will also make cyberspace more
secure against military campaigns, American officials say."
5 eyes is doing such a great job of being like some stupid chorus line in a bad movie...
all of them are beholden to the usa and the usa, as noted above - doesn't need any proof...
what does that say about the usa?
@24 shakesvshav - it's a good thing they weren't caught up in some allegation based in sweden
which the swedes wanted to drop, but the uk/usa discouraged them from doing... i am thinking
of julian assange here - stuck in the eqaudor embassy in the uk.. craig murray did a couple
of articles on this the past few days which kind of makes one want to puke especially if one
lives in the uk...
nice to see an opportunity for celebration come your way!
@integer 15 " I expect this was another Ukrainian false flag; a cyber warfare version of
MH17"
Not as crazy as it sounds. Hell, the CIA and SBU literally share a building! And this code
apparently does not have the hallmark elegance of Russian hackers. Why not get a good swipe
at Russian businesses, while destroying enough data (evidence) in Ukraine to cover a
multitude of sins (just like at least one of the ammo dump explosions is strongly suspected
as having been intentionally set to cover up missing inventory which now no doubt resides in
Syria). And then the icing on the cake is to get to blame Russia and try to bolster rapidly
failing support for sanctions. A lot more plausible than a half-baked Russian attack.
Dubbed "Marble," the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which is basically
an obfuscator or a packer used to hide the true source of CIA malware.
Notable quotes:
"... And the USA has indeed thoroughly developed means to falsely laying blame for cyber attacks it actually performs itself (next to it's proven credentials of falsely laying blame with chemical and terrorist attacks). ..."
"... And the USA has indeed thoroughly developed means to falsely laying blame for cyber attacks it actually performs itself (next to it's proven credentials of falsely laying blame with chemical and terrorist attacks). ..."
There indeed doesn't seem to be a motive to why the Russian authorities would launch a cyber attack that economically disrupts
both itself, allies and other countries. Either the virus writers didn't care for a solution, hoped that a solution that never
works might panic the victims even more so they make more cash transfers or enjoyed reaping money while seeing their victims suffer
of something where there is no solution for. The last 2 reasons are short term because news that there is no solution for the
ransomware will stop victims from making cash transfers. More convincing would be a cyber attack initiated by USA authorities
that would hit already crumbling Ukraine businesses even further and create even more mistrust between Ukraine and Russia.
And the USA has indeed thoroughly developed means to falsely laying blame for cyber attacks it actually performs itself
(next to it's proven credentials of falsely laying blame with chemical and terrorist attacks). On 31 March 2017:
WikiLeaks published hundreds of more files from the Vault 7 series today which, it claims, show how CIA can mask its hacking
attacks to make it look like it came from other countries, including Russia, China, North Korea and Iran.
Dubbed "Marble," the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which
is basically an obfuscator or a packer used to hide the true source of CIA malware.
The CIA's Marble Framework tool includes a variety of different algorithm with foreign language text intentionally inserted
into the malware source code to fool security analysts and falsely attribute attacks to the wrong nation.
...
The White House has condemned the revelations made by Wikileaks, saying that those responsible for leaking classified information
from the agency should be held accountable by the law.
There indeed doesn't seem to be a motive to why the Russian authorities would launch a cyber attack that economically disrupts
both itself, allies and other countries. Either the virus writers didn't care for a solution, hoped that a solution that never
works might panic the victims even more so they make more cash transfers or enjoyed reaping money while seeing their victims
suffer of something where there is no solution for. The last 2 reasons are short term because news that there is no solution
for the ransomware will stop victims from making cash transfers. More convincing would be a cyber attack initiated by USA authorities
that would hit already crumbling Ukraine businesses even further and create even more mistrust between Ukraine and Russia.
And the USA has indeed thoroughly developed means to falsely laying blame for cyber attacks it actually performs itself
(next to it's proven credentials of falsely laying blame with chemical and terrorist attacks). On 31 March 2017:
WikiLeaks published hundreds of more files from the Vault 7 series today which, it claims, show how CIA can mask its
hacking attacks to make it look like it came from other countries, including Russia, China, North Korea and Iran.
Dubbed "Marble," the part 3 of CIA files contains 676 source code files of a secret anti-forensic Marble Framework, which
is basically an obfuscator or a packer used to hide the true source of CIA malware.
The CIA's Marble Framework tool includes a variety of different algorithm with foreign language text intentionally inserted
into the malware source code to fool security analysts and falsely attribute attacks to the wrong nation.
...
The White House has condemned the revelations made by Wikileaks, saying that those responsible for leaking classified
information from the agency should be held accountable by the law.
Source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This
would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was
not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even
more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages.
The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and
Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware
creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators
even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages.
When the White House (doesn't matter who's ostensibly in charge) claims leaker's like Julian Assange should be accountable
by the law, it of course means the malleable arbitrary law which none of the serpents in the White House, Langley, ... are
accountable to.
The
latest Wikileaks Vault7 release reveals details of the CIA's alleged Cherry Blossom project, a
scheme that uses wireless devices to access users' internet activity.
As cyber security expert John McAfee told to RT and Natasha Sweatte:
Virtually, every router that's in use in the American home are accessible to hackers, to the
CIA, that they can take over the control of the router, they can monitor all of the traffic,
and worse, they can download malware into any device that is connected to that router.
I personally, never connect to any Wi-Fi system, I use the LTE on my phone. That's the only way
that I can be secure because every router in America has been compromised.
We've been warning about it for years, nobody pays attention until something like WikiLeaks
comes up and says 'look, this is what's happening'. And it is devastating in terms of the
impact on American privacy because once the router is compromised and it infects the cell
phones that are attached, your laptop, your desktop computer, your tablet, then they become
compromised and [someone] can watch the data, start listening to conversations, start watching
through the cameras on these devices.
We are in a situation with our government where they know everything about us and we know nothing about what the government
is doing. They have the right to privacy and secrecy, but the individual does not, anymore.
WannaCry and Petya both owe their effectiveness to a Microsoft Windows security
vulnerability that had been found by the NSA and code named EternalBlue, which was stolen and
released by a group calling themselves the Shadow Brokers. US agencies losing control of their
hacking tools has been a recurring theme in 2017. First companies, hospitals, and government
agencies find themselves targeted by re-purposed NSA exploits that we all rushed to
patch , then Wikileaks published Vault 7 , a collection of CIA hacking tools that had been
leaked to them, following it up with the publication of source code for tools in Vault 8.
...In December, Citizen Lab
published a report documenting the Ethiopian government's ongoing efforts to spy on
journalists and dissidents, this time with the help of software provided by Cyberbit, an
Israeli company. The report also tracked Cyberbit as their salespeople demonstrated their
surveillance product to governments including France, Vietnam, Kazakhstan, Rwanda, Serbia, and
Nigeria. Other perennial bad actors also made a splash this year, including Vietnam, whose
government was linked to Ocean Lotus, or APT 32 in a report from
FireEye . The earliest known samples from this actor were found by EFF in 2014 , when
they were used to target our activists and researchers.
Eva Galperin is EFF's Director of Cybersecurity. Prior to 2007, when she came to work
for EFF, Eva worked in security and IT in Silicon Valley and earned degrees in Political
Science and International Relations from SFSU. Her work is primarily focused on providing
privacy and security for vulnerable populations around the world.
It spreads via a fake Flash update on compromised
websites
The main way Bad Rabbit spreads is
drive-by downloads on hacked websites. No exploits are
used, rather visitors to compromised websites -- some of
which have been compromised since June
-- are told
that they need to install a Flash update. Of course, this
is no Flash update, but a dropper for the malicious
install.
A compromised website asking a user to install a fake
Flash update which distributes Bad Rabbit.
Image: ESET
Infected websites -- mostly based in Russia, Bulgaria,
and Turkey -- are compromised by having JavaScript
injected in their HTML body or in one of their .js files.
Bad Rabbit is a previously unknown ransomware family.
How is Bad Rabbit
distributed?
The ransomware dropper was distributed with the help of
drive-by
attacks . While the target is visiting a legitimate website, a malware dropper is being
downloaded from the threat actor's infrastructure. No exploits were used, so the victim would
have to manually execute the malware dropper, which pretends to be an Adobe Flash installer.
However, our analysis confirmed that Bad Rabbit uses the EternalRomance exploit as an infection
vector to spread within corporate networks. The same exploit was used in the ExPetr.
We've detected a number of compromised websites, all of which were news or media
websites.
Whom does it target?
Most of the targets are located in Russia. Similar but fewer attacks have also been seen in
other countries – Ukraine, Turkey and Germany. Overall, there are almost 200 targets,
according to the KSN statistics.
Since when does Kaspersky Lab detect the threat?
We have been proactively detecting the original vector attack since it began on the morning
of October 24. The attack lasted until midday, although ongoing attacks were detected at 19.55
Moscow time. The server from which the Bad rabbit dropper was distributed went down in the
evening (Moscow time).
How is it different to ExPetr? Or it is the same malware?
Our observations suggest that this been a targeted attack against corporate networks, using
methods similar to those used during the ExPetr attack . What's more, the
code analysis showed a notable similarity between the code of ExPetr and Bad Rabbit
binaries.
Technical details
According to our telemetry, the ransomware is spread via a drive-by attack.
The ransomware dropper is distributed from hxxp://1dnscontrol[.]com/flash_install.php
To abandon Amazon is unrealistic, but to control what you are buying (in view that all
purchases goes into your Dossier) is probably the necessary precaution.
Google as a search engine deteriorated (Any search engine based on advertizing revenue is
promoting spyware. and Google is especially bad in this respect due to its dominant position--
those guy pay Google and push themselves to the top of searches) , and alternative are
not much worse, if not batter. It might make sense to change engine
periodically, not to stick to a single one.
Facebook is intelligence collection company that masquerade itself as social site. So
anybody who use Facebook is actually making creation of a comprehensive dossier on him/her much
easier. You contacts are especially important. Same is true for Gmail and hotmail.
Notable quotes:
"... From the beginning of Zuckerberg's empire, I thought Facebook was an idiotic excuse to get people involved in trivia, even the name turned me off. ..."
I would like to posit that we stop with the Googling on
the internet. I have never "Googled" ever. Oh sure, Google is involved with connecting you when
you might click on some links. That you seemingly can't avoid. I also don't Face or Twitter. If
everyone could avoid doing that now, perhaps we could show our disdain with these entities
acquiescing to Feinstein, et. al. I am so fed up with the Clinton crime family getting away
with almost as much as the George H.W. crime family.
Skip Scott , November 1, 2017 at 8:46 am
geeyp-
That is a very good suggestion. Don't feed the beast. Duckduckgo is a good alternative to
google. And facebook and twitter's revenues are add based, so don't go there either, as they
have been shown to be caving to TPTB. Amazon is also one to avoid for Bezo's links to the
CIA.
From the beginning of Zuckerberg's empire, I thought Facebook was an idiotic excuse to
get people involved in trivia, even the name turned me off.
Now, Twitter is planning extending tweets to 280 characters, as if 140 is not bad enough.
Unfortunately, Twitter can work to tell lies as well as push back on lies, same for Facebook
and Google.
Seriously, this society has become unglued and as Lois says, "It ain't a pretty sight".
Bad choices are leading to the American empire's downfall.
There's an interesting article
from a week ago on Zero Hedge, "China's Rise, America's Fall", about China's launch of the petroyuan and other countries' desire to get off of dollar dominance.
Has a graph showing
empire dominance from Portugal in 15th century, then Netherlands followed by Spain, then
France, Great Britain, and finally the American empire, poised to be replaced by China.
What a great waste of taxpayers dollars. After Stuxnet any government that cares about
secrecy does not use open, connected to internet networks for sensitive information. Some switched
to typewriters, at least for highly sensitive operations, which is probably overkill. but good,
old DOS can still be used to above NSA spook pretty much like typewriter; and communication
via parallel port is not that easy to hack; UUCP is also pretty much available for serial port
communication ;-)
But the effect on undermining the US software and hardware sales is overwhelming. Why
anybody in foreign government would buy the US hardware or software, when it is clear that NSA can
put a backdoor into both "before arrival". In this sense the game is over and net beneficiary
might be Taiwanese and other East Asia firms as China is suspect too.
To say nothing about the effects of the US consumers and business when those tools are
incorporated by criminal hacking groups into commercial malware. And this is a real dnager
of NSA activities. Boomerang tends to return. And the security culture in most US
companies (including government security contractors) is simply rudimentary or non existent. In no
way they can withstand the attack of NSA tools. The sordid take of Hillary shadow IT and "bathroom
server" is actually not an exception. Creation of "Shadow IT" is pretty common in fossilized
and over-bureaucratized US enterprise It world.
Moreover operations like "Its operations that violate sovereignty of other nations, like
digging
into China's networks , developing
the tools British spies used to break into Belgium's largest telecom, and hacking
sections of the Mexican government " are clearly criminal, and are possible only due
to the status of the USA as a sole of superpower. But they can result is some shipment of arms to
anti-USA factions as a state-to-state retaliation. Moreover "There is no honor among
thieves" and sharing of this information should be assumed is always larger then
intended.
Like drone strikes they inflame anti-Americanism and has constrained U.S. foreign policy
options in ways that civilian and military planners neither imagined nor anticipated.
Last week, multiple outlets reported that the NSA's elite Tailored Access Operations unit --
tasked with breaking into foreign networks -- suffered another serious data breach. The theft
of computer code and other material by an employee in 2015 allowed the Russian government to
more easily detect U.S. cyber operations, according to the Washington Post. It's potentially
the fourth large scale incident at the NSA to be revealed in the last five years.
Now, multiple sources with direct knowledge of TAO's security procedures in the recent past
tell The Daily Beast just how porous some of the defenses were to keep workers from stealing
sensitive information -- either digitally or by simply walking out of the front door with
it.
One source described removing data from a TAO facility as "child's play." The Daily Beast
granted the sources anonymity to talk candidly about the NSA's security practices.
TAO is not your average band of hackers. Its operations have included digging
into China's networks , developing
the tools British spies used to break into Belgium's largest telecom, and hacking
sections of the Mexican government . While other parts of the NSA may focus on tapping
undersea cables or prying data from Silicon Valley giants, TAO is the tip of the NSA's
offensive hacking spear, and could have access to much more sensitive information ripped from
adversaries' closed networks. The unit deploys and creates sophisticated exploits that rely on
vulnerabilities in routers, operating systems, and computer hardware the general population
uses -- the sort of tools that could wreak havoc if they fell into the wrong hands.
That doesn't mean those tools are locked down, though. "TAO specifically had a huge amount
of latitude to move data between networks," the first source, who worked at the unit after
Edward Snowden's mega-leak, said. The former employee said TAO limited the number of USB drives
-- which could be used to steal data -- after that 2013 breach, but he still had used several
while working at TAO.
"Most operators knew how they could get anything they wanted out of the classified nets and
onto the internet if they wanted to, even without the USB drives," the former TAO employee
said.
A second source, who also worked at TAO, told The Daily Beast, "most of the security was
your co-workers checking to see that you had your badge on you at all times."
The NSA -- and recently TAO in particular -- have suffered a series of catastrophic data
breaches. On top of the Snowden incident and this newly-scrutinized 2015 breach, NSA contractor
Hal Martin allegedly hoarded a trove of computer code and documents from the NSA and other
agencies in the U.S. Intelligence Community. Martin worked with TAO, and he ended up storing
the material in his car and residence, according to prosecutors. Like Snowden, Martin was a
contractor and not an employee of the NSA, as was Reality Winner, who allegedly leaked a
top-secret report about Russian interference in the U.S. election to news site The
Intercept.
Then there's the incident now in the news. Israeli operatives broke into the systems of the
Russian cybersecurity firm Kaspersky Lab, officials told The Washington Post. On those systems
were samples of sophisticated NSA hacking tools; a TAO employee had brought them home and
placed them on his home computer. That machine was running Kasperky software, which allegedly
sent the NSA tools back to Moscow.
It's not totally clear how the breach overlaps with any others, but in 2016,
a group called The Shadow Brokers started publishing full NSA exploit and tool code.
Various hackers went on to incorporate a number of the dumped exploits in their own campaigns,
including some designed to break into computers and mine digital currency, as well as the
WannaCry ransomware, which crippled tens of thousands of computers around the world. (A handful
of other, smaller NSA-related disclosures, including a catalogue of TAO hacking gear from 2007
and 2008, as well as intelligence intercepts, were not attributed to the Snowden documents, and
the public details around where that information came from are muddy.)
Although not a data breach per se, in 2015 Kaspersky publicly revealed details on the
history and tools of the so-called Equation Group, which is widely believed to be part of the
NSA. A third source, who worked directly with TAO, said the fallout from that exposure meant
the hacking unit entered a "significant shutdown," and "ran on minimum ops for months."
Nevertheless, a report by the Defense Department's inspector general completed in 2016 found
that the NSA's "Secure the Net" project -- which aimed to restrict access to its most sensitive
data after the Snowden breach -- fell short of its stated aims. The NSA did introduce some
improvements, but it didn't effectively reduce the number of user accounts with 'privileged'
access, which provide more avenues into sensitive data than normal users, nor fully implement
technology to oversee these accounts' activities, the report reads.
Physical security wasn't much better, at least at one TAO operator's facility. He told The
Daily Beast that there were "no bag checks or anything" as employees and contractors left work
for the day -- meaning, it was easy smuggle things home. Metal detectors were present,
including before Snowden, but "nobody cared what came out," the second source added. The third
source, who visited TAO facilities, said bag checks were random and weak.
"If you have a thumb drive in your pocket, it's going to get out," they said.
Unsurprisingly, workers need to swipe keycards to access certain rooms. But, "in most cases,
it's pretty easy to get into those rooms without swipe access if you just knock and say who
you're trying to see," the third source added.
To be clear, The Daily Beast's sources described the state of security up to 2015 -- not
today. Things may have improved since then. And, of course, the NSA and TAO do of course have
an array of security protections in place. TAO operators are screened and people on campus are
already going to have a high level clearance, some of the sources stressed. The part of the NSA
network that TAO uses, and which contains the unit's tools, can only be accessed by those with
a designated account, according to the source who worked with TAO. Two of the sources believed
in the NSA's ability to track down where a file came from after a breach.
Indeed, the system TAO members use to download their hacking tools for operations has become
more heavily audited over the years too, although the network did have a known security issue,
in which users could make their own account and automatically gain access to additional
information, the source who worked with TAO said.
"The NSA operates in one of the most complicated IT environments in the world," an NSA
spokesperson told The Daily Beast in a statement. "Over the past several years, we have
continued to build on internal security improvements while carrying out the mission to defend
the nation and our allies."
"We do not rely on only one initiative. Instead, we have undertaken a comprehensive and
layered set of defensive measures to further safeguard operations and advance best practices,"
the spokesperson added.
The problem of securing this data from the inside is not an easy one to solve. If the NSA
was to lock down TAO systems more ferociously, that could hamper TAO's ability to effectively
build tools and capabilities in the first place, and two of the sources emphasised that
excessive searches would likely create a recruiting problem for the agency. "It's not prison,"
one of the former TAO employees said.
"The security is all predicated on you having a clearance and being trusted," the source who
has worked with TAO said.
"The system is just not setup to protect against someone with a clearance who is determined
to go rogue," they added.
Indiscriminate spying is a costly and not very efficient operation. The problem of drinking
form a fire hose arise. So a lot of money spend by US, GB and other countries on installation of
such software are wasted. If the user of such computers uses steganography this does not even
allow to detect the targeted activities.
It in not that elimination of Kaspersky software from the US market (due to current
anti-Russia witch hunt) is a big loss. The efficiency of AV program against new threats was
always problematic. But this hysteria points to a larger problem: threat from regular hackers to
your data, especially financial data and access to financial sites. I would say that the
person who does not use two separate computers for browsing and for his financial and other
confidential operations and data is reckless indeed. Now anybody with important
financial data can afford two laptops. A good used, enterprise class, Dell laptop is
around $400.
In Windows each antivirus is simultaneously a backdoor. That's given. So usage by the US
government agencies of foreign AV software was an oversight; and the US government is doing the right
thing to prohibit such usage. Similarly it would be highly irresponsible for, say Russian government, to use MacAfee
software on government computers. Even with large transnational companies there are some tricky problems about
which AV software to use. And that was the problem already understood long ago, say in 1996.
For governments any large AV company represents tremendous asset as for surveillance. Also
intelligence community probably has close understanding of signature updaters and their vulnerabilities
and probably have agents in each of major AV company. And for government AV
signature updates are the best way to install malware on your computer. And much simpler then
hijacking OS updates.
So it is only natural that
AV companies are primary target of intelligence agencies. I remember being very surprised
the McAfee was bought by Intel. Now I know why ;-). In the past some mass deployed AV
companies software (Symantec) as well as Google software (Google bar) were spyware even without
intelligence agencies interference. In a way they were pioneers of mass surveillance.
In no way linux is a panacea. This is another monstrously complex OS with multiple
backdoors, especially on application level (Apache is one recent example). But it will be much
less attacked by non-government hackers. This is true. Security via obscurity does work. Still
if you need security against exfiltration of your data MS DOS and Windows 3.1 are also useful option
(any non-networked computer actually would work; you can exchange data via parallel port too. for
example Total Commander has such an option ).
Notable quotes:
"... The British spy agency regarded the Kaspersky software in particular as a hindrance to its hacking operations and sought a way to neutralize it. ..."
"... An NSA slide describing "Project CAMBERDADA" lists at least 23 antivirus and security firms that were in that spy agency's sights . They include the Finnish antivirus firm F-Secure, the Slovakian firm Eset, Avast software from the Czech Republic. and Bit-Defender from Romania. Notably missing from the list are the American anti-virus firms Symantec and McAfee as well as the UK-based firm Sophos ..."
"... That the NSA and the British GCHQ did not list U.S. and British made anti-virus products on their "to do" list lets one assume that these packages can already be controlled by them. ..."
"... The Kaspersky anti-virus software, which the NSA employee had installed, identified parts of these tools as malware and uploaded them for analysis to the Kapersky's central detection database. The Kaspersky software behaved exactly as it should . Any other anti-virus software behaves similar if it detects a possibly new virus. ..."
"... The only person in the tale who did something illegal was the NSA employee. The case also demonstrates that the NSA continues to have a massive insider security problem. There is no hint in the story to any evidence for its core claim of "Russian hackers". ..."
"... Meanwhile its a well reported established fact that american virus/antimalware corps have allowed the FBI and other agencies to compromize their software with silent signatures - as with Magic Lantern for example (and imagine how far its gone since then) ..."
"... In the network security world there is this concept of a honeypot where you entice/allow the world to attack/invade your honeypot so you can study the tools they use and insure the trail back to them is useful. ..."
The British spy agency regarded the Kaspersky software in particular as a hindrance to its
hacking operations and sought a way to neutralize it.
... An NSA slide describing "Project CAMBERDADA" lists at least 23 antivirus and security firms
that were in that spy agency's sights . They include the Finnish antivirus firm F-Secure, the
Slovakian firm Eset, Avast software from the Czech Republic. and Bit-Defender from Romania.
Notably missing from the list are the American anti-virus firms Symantec and McAfee as well
as the UK-based firm Sophos
That the NSA and the British GCHQ did not list U.S. and British made anti-virus products on
their "to do" list lets one assume that these packages can already be controlled by them.
In February 2015 Kaspersky
announced that it found U.S. and UK government spying and sabotage software infecting
computers in various foreign countries. Later that year the CIA and FBI tried to recruit
Kaspersky employees but were warned off. In June 2015 Kaspersky Lab detected a breach in its
own systems by an Israeli government malware. It published an
extensive autopsy of the breach and the malware programs used in it.
That the U.S. government now attempts to damage Kaspersky is likely a sign that Kaspersky
products continue to be a hard-target that the NSA and GCHQ find difficult to breach.
To justify the campaign against Kaspersky, which began in May, U.S. officials recently
started to provide a series of cover stories. A diligent reading of these stories reveals
inconsistencies and a lack of logic. On October 5 the Wall Street Journal reported: Russian
Hackers Stole NSA Data on U.S. Cyber Defense :
Hackers working for the Russian government stole details of how the U.S. penetrates foreign
computer networks and defends against cyberattacks after a National Security Agency
contractor removed the highly classified material and put it on his home computer, according
to multiple people with knowledge of the matter.
The hackers appear to have targeted the contractor after identifying the files through the
contractor's use of a popular antivirus software made by Russia-based Kaspersky Lab, these
people said.
A NSA employee copied code of top-secret NSA spy tools and put it on his private computer.
("It's just that he was trying to complete the mission, and he needed the tools to do it." said
'one person familiar with the case'
to WaPo.)
The Kaspersky anti-virus software, which the NSA employee had installed, identified parts of
these tools as malware and uploaded them for analysis to the Kapersky's central detection
database. The Kaspersky software behaved exactly as it should . Any
other anti-virus software behaves similar if it detects a possibly new virus.
The "multiple people with knowledge of the matter" talking to the WSJ seem to allege that
this was a "Russian hacker" breach of NSA code. But nothing was hacked. If the story is
correct, the Kaspersky tool was legally installed and worked as it should. The only person in
the tale who did something illegal was the NSA employee. The case also demonstrates that the
NSA continues to have a massive insider security problem. There is no hint in the story to any
evidence for its core claim of "Russian hackers".
The incident occurred in 2015 but wasn't discovered until spring of last year , said the
people familiar with the matter."
The stolen material included details about how the NSA penetrates foreign computer
networks, the computer code it uses for such spying and how it defends networks inside the
U.S., these people said.
If the last sentence is true the employee must have had top access to multiple NSA
programs.
It was a case of spies watching spies watching spies: Israeli intelligence officers looked on
in real time as Russian government hackers searched computers around the world for the code
names of American intelligence programs.
What gave the Russian hacking, detected more than two years ago , such global reach was
its improvised search tool -- antivirus software made by a Russian company, Kaspersky Lab,
...
The Israeli officials who had hacked into Kaspersky's own network alerted the United
States to the broad Russian intrusion, which has not been previously reported, leading to a
decision just last month to order Kaspersky software removed from government computers.
The Russian operation, described by multiple people who have been briefed on the matter,
is known to have stolen classified documents from a National Security Agency employee who had
improperly stored them on his home computer.
The Washington Post
version of the story is remarkable different. Unlike the NYT it does not claim any Russian
government involvement in Kaspersky systems:
In 2015, Israeli government hackers saw something suspicious in the computers of a
Moscow-based cybersecurity firm : hacking tools that could only have come from the National
Security Agency.
Israel notified the NSA, where alarmed officials immediately began a hunt for the breach,
according to people familiar with the matter, who said an investigation by the agency
revealed that the tools were in the possession of the Russian government
Israeli spies had found the hacking material on the network of Kaspersky Lab ...
While the NYT asserts that the Russian government had access to the Kaspersky systems, the
Washington Post does not assert that at all.
The NYT claims that the Israelis alerted the NSA of Russian government knowledge of its
tools while WaPo says that it was the NSA itself that found this out. That Israel alerts the
NSA when it has its hands on a valuable source that reveals NSA tools is not believable. There
is no love lost between Israeli and U.S. spy agencies. They spy on eachother whenever
they can with even
deadly consequences .
The NYT story is based on "current and former government officials", not on the usual " U.S.
officials". It might well be that Israeli spies are spinning the NYT tale.
We already knew that the Israeli government had in 2015 breached some Kaspersky systems.
Kaspersky Lab itself alarmed the public about it and provided an extensive forensic
report.
There are several important questions that the above quote stories do not ask:
If the Israelis detected NSA malware in the hand of the Russian government "more than two
years ago" (NYT) how come that the NSA hole was only found in 2016 (WSJ)? Did the Israelis use
their claimed knowledge for a year without alarming their "allies" at the NSA? Why?
And why would the detection of alleged Russian government intrusion into Kaspersky products
lead to a ban of these products only in fall 2017?
If the story were true the NSA should have reacted immediately. All Kaspersky products
should have been banned from U.S. government systems as soon as the problem was known. The NSA
allowed the Russian government, for more than a year, to sniff through all systems of the more
than two dozen American government agencies (including the military) which use the Kaspersky
products? That does not make sense.
These recently provided stories stink. There is no evidence provided for the assertions
therein. They make the false claim that the NSA employees computer was "hacked". Their
timelines make no sense. If not complete fantasies they are likely to be heavily spun to
achieve a specific goal: to justify the banning of Kaspersky products from U.S. markets.
I regard these stories as part of "blame Russia" campaign that is used by the
military-industrial complex to justify new defense spending. They may also be useful in
removing a good security product that the NSA failed to breach from the "western" markets.
Computers are dirt cheap these days. My first Mac cost me $3000 and the first clone PC I
built cost me $1500. Today, I can buy a super-duper-anti-pooper PC device for $500. Hell
folks, that is cheaper than an Iphone...
Use one computer for your critical work that has no internet connection, or use an old PC
that has no network card. The OS may be uncool by today's standards, but the dang business
software has hardly changed - just gotten more bloated with features.
Have one computer for exposure to wild viruses and all that crap, and another you can rely
on. Move files one-way using cheap, new memory sticks.
My old PC runs the last version of Windows NT - and never crashes or locks up. It uses MS
Office from that period, and the files are still readable by newer products.
My outward looking computer is either a Mac or a Linux box. I only transfer sensitive
files one-way - from isolated to unisolated. Periodically, I toss the hard drive and pop in a
new one. My 'sensitive' stuff is miniscule, as I don't work in the military or spook world.
It's patent stuff.
And run Kaspersky - it works and the other's don't. Unless you are working on sensitive
government crap, do you really even care if Russians can fish a few of your files? Do most
people have PLC devices hung off their computers that stuxnet things can access?
If you have Alexa and other IoT crap - get rid of it because they are gadgets that have
more downside than upside. Do you TRULY need a talking fridge? A washer you can turn on with
your phone? A talking link to Google?
I don't care if the alphabet guys get my files - because they aren't of use to them. Most
of the guys working at the alphabet agencies are spending their time on porno anyway or
looking for blackmail files and images - which is why they can't seem to ever do anything
useful except maybe foul a keyboard irretrievably.
It's hilarious to me that so much effort is put into all this when the old school ways of
passing notes and talking are such simple workarounds, IF you are truly wanting privacy and
fear for your precious files.
Isn't it to little to late for a payback, since it's been 5+ years since Kaspersky Labs
discovered and
revealed who is behind Stuxnet and Flame? Nah, this one smells more of a good
ole-fashioned fascist market protectionism where you simply ban "those vile Russians" from a
large portion of the market. Of course, all in context of the Empire's ongoing Blame
Russia! campaign.
Linux doesn't have many viruses - instead it has all manner of extremely dangerous 0-day bugs
that can be exploited, plus a multitude of open source library vulnerabilities and channel
attacks.
I was at a presentation by Paul Vixie - one of the 2 people who first proclaimed open source
as the best way to product good and secure products 10 years ago. He's Internet Hall of Fame,
ICANN Security Board, etc.
He no longer believes that for this reason: 10 years ago, there were 50 million lines of open
source code, and you could rely that it was reviewed regularly and reasonably widely.
Today there are 50 billion lines of open source code, and the majority is never reviewed by
anybody.
If you really want to go secure: don't use email. Don't use the internet. Just use your
computer with no outside connection. Of course, you can't read Moon of Alabama, either - a
fantastic way to nail all you paranoid types would be to watering hole attack this site.
As for the story: it is believable that one or more spy agencies hacked into Kaspersky's
systems.
What again is not being said is whether Kaspersky was actively participating or abetting this
activity.
While banning Kaspersky from US government and military isn't completely nonsensical, the
reality is that *all* AV and other type of security products - any ones which auto update
include FireEye, Palo Alto, Symantec, Microsoft and so forth all have the same vulnerability:
The ability to access all data on a computer is an inherent ability to spy.
Meanwhile its a well reported established fact that american virus/antimalware corps have
allowed the FBI and other agencies to compromize their software with silent signatures - as
with Magic
Lantern for example (and imagine how far its gone since then)
With such subservience by the corporations anything is possible with whats been buried in
these closed source systems.
I'm pretty sure the US establishment never accuses anyone of something if they aren't
already themselves doing the same in the extreme.
What you say may be correct in the most part. However, is it better to run an OS where
there is a possibility of someone reviewing the code to improve it or run an OS where the
vulnerabilities are intentionally left in the OS at the behest of the three-lettered agencies
? Only one choice gives the possibility of security even if it is remote.
The greater problem is the lack of maturity in so much of the software on Linux.
@Steve #11
I guess you didn't read far enough into Vixie's comment: No one is reviewing the code - there
is just too much.
Apache is an enormously widely used Linux platform with presumably an optimal reviewer
population - it has millions of installs worldwide and is used from huge corporations to
individuals, yet the Struts bug was also enormous (allows someone to remotely run code on any
Apache server via a command line in a browser).
From my view as a security professional: I'd rather have a platform where there are
thousands to tens of thousands of people actively trying to improve its security as opposed
to one where there might be a few hundred.
The reality is that iOS, for example, is far more secure than Android.
iOS is not open source, Android is.
But the relative security has nothing to do with open sourcedness - it has to do with the
architects of iOS continuously adding capabilities to make it more secure. iOS was the first
widespread OS to use signed firmware updates - which is why jailbreaking an iPhone is so much
harder than it used to be.
Despite that, there are still vulns which the 3 letter agencies likely know about and
use.
That doesn't change the overall fact that iOS is more secure than Android and will be for
the foreseeable future, because Android simply doesn't do all the things iOS can (and does)
do.
If your concern is 3 letter agencies, then you need to create your own OS.
If your concern is overall security except for the 3 letter agencies, open source is *not*
the way.
And lest you think I'm an Apple fanboi - I am not. I don't use iOS/iPhone/OSX or any of
the Apple products for reasons outside of security. It doesn't mean I do not recognize the
reality, however.
Well sure if the NSA or some super-hacker specifically targets your machine, you will get
owned (unless you invest in some kind of cyber Fort Knox, and are very lucky as well). These
people who rant that Linus is "unsafe" are 100% full of it. In the end NOTHING is "safe". But
Linux has astonishing advantages! Pay no heed to those naysayers!
I could write a book about how colossally dreadful Microsoft Windows is.
The BSD systems were clunky as hell so far.
So that leaves Linux. Big Problem: 98% of the Linuxes out there have been coerced into
adopting "systemd" (yikes!). This is an allegedly open source (so it might be "audited" for
trap doors and such) giant blob of 500,000+ lines of code (!) that has sneakily been
infiltrated into 98% of the Linux distributions (distros) by the Red Hat Corporation and
their NSA buddies. Obviously no one is ever going to "audit" it!
This Windows-like monster
infests all of the Ubuntu and Linux Mint brand distros. The real question becomes "how many
teams are you going to trust?"
Presumably the easiest distro to install and use "designed for home computer users" is
Devuan based, systemd-free "Refracta Linux": https://sourceforge.net/projects/refracta/files/isohybrid/
(I suggest ONLY the "refracta8.3_xfce_amd64-20170305_0250.iso" version for modern
machines.)
You can "unlock" the upper panel, and move it to the bottom with the mouse.
You have to launch Konqueror five seconds before Firefox or it will crash :(
My very best alternative is the systemd-free "Void Linux": https://repo.voidlinux.eu/live/current/
(I suggest ONLY the "void-live-x86_64-20171007-xfce.iso" version for most modern
machines.)
I think Void Linux is just as nice as Refracta Linux, and they have different available
programs (but they can work together) but it requires a bit more Linux chops to install. I
needed to get the "live DVD file" GParted, which is a free partition editor DVD that you can
burn yourself for free: http://linux.softpedia.com/get/System/System-Administration/GParted-3725.shtml
I had to create a "MS-DOS"-style primary ext4 partition (could be between 80 to 200 GiB)
with "boot" flag set, and a 20 GiB "Linux swap partition" with GParted before the install
(may have to fiddle with the "BIOS" first). Then insert the Void DVD, open the "command
window" and type "void-install". At some point the options look hopeless, but continue, and
when it starts to repeat go back and back and continue on to completion. It's a BEAUTIFUL
system! Have TWO passwords ready to use before starting (any Linux install) -- they might be
of the form: "hermitcabbagetorus
I would get a book(s) about Linux. Maybe "Linux Cookbook" from Alibris. This will all
prove to be VERY MUCH WORTH THE THE TROUBLE as time goes on!
In the network security world there is this concept of a honeypot where you entice/allow the
world to attack/invade your honeypot so you can study the tools they use and insure the trail
back to them is useful.
If I were a security vendor I would set up a honeypot that looked like my business as
simply one of many best practices. It is a great way to learn what others are doing while
honing your skills at staying secure and invisible to potential perps.
If I had to wade into the "which OS is more secure" discussion I would just note that,
IMO, in the long run open source is going to win the war world wide for most stuff but there
will always be room for proprietary OS's and application software.
The irony of stealing data from agency with which rational for existence is stealing data
from foreign governments (and as Snowden reveled not only foreign governments) was missed by the
authors of this propaganda peace.
While WSJ authors are probably just following talking point as for exaggerating Russian cyber
threat (as Trump correctly defined it this is a "witch hunt" which is a part of color revolution
launched to depose him) , the truth is that any antivirus software is a backdoor to your
computer. Be it Microsoft, MacAfee, Semantic (in the past this was especially spying prone
company with personal product being real spyware), or Kaspersky. So exfiltrating files from your
computer via anti-virus software is not only possible, but quite probable vector of attack. All
all major three letter agencies probably have dedicated teams which probe weaknesses in the way
major anti-virus program communicate with the "mothership" to exploit those weaknesses for their
own purposes.
The same is true about million of various updaters (such as Adobe -- a pretty nasty one, but
generally one per each major commercial application installed) which are also backdoors into your
system. So it is reasonable to view Windows as a "system that open user data to malicious third
parties". Actually to any more or less professional intruder. Thinking otherwise is just
stupid.
From security standpoints the terms "networked Windows computer" and "protection of personal
information" are incompatible.
Notable quotes:
"... Mr. Trump denies any impropriety and has called the matter a "witch hunt." ..."
The hackers appear to have targeted the contractor after identifying the files through the
contractor's use of a popular antivirus software made by Russia-based Kaspersky Lab, these
people said.
The theft, which hasn't been disclosed, is considered by experts to be one of the most
significant security breaches in recent years. It offers a rare glimpse into how the
intelligence community thinks Russian intelligence exploits a widely available commercial
software product to spy on the U.S.
The incident occurred in 2015 but wasn't discovered until spring of last year, said the
people familiar with the matter.
The stolen material included details about how the NSA penetrates foreign computer networks,
the computer code it uses for such spying and how it defends networks inside the U.S., these
people said.
Having such information could give the Russian government information on how to protect its
own networks, making it more difficult for the NSA to conduct its work. It also could give the
Russians methods to infiltrate the networks of the U.S. and other nations, these people
said.
The breach is the first known incident in which Kaspersky software is believed to have been
exploited by Russian hackers to conduct espionage against the U.S. government. The company,
which sells its antivirus products in the U.S., had revenue of more than half a billion dollars
in Western Europe and the Americas in 2016, according to International Data Corp. By
Kaspersky's own account it has more than 400 million users world-wide.
The revelation comes as concern over Russian infiltration of American computer networks and
social media platforms is growing amid a U.S. special counsel's investigation into whether
Donald Trump's presidential campaign sought or received assistance from the Russian government.
Mr. Trump denies any impropriety and has called the matter a "witch hunt."
Intelligence officials have concluded that a campaign authorized by the highest levels of
the Russian government hacked into state election-board systems and the email networks of
political organizations to damage the candidacy of Democratic presidential nominee Hillary
Clinton.
A spokesman for the NSA didn't comment on the security breach. "Whether the information is
credible or not, NSA's policy is never to comment on affiliate or personnel matters," he said.
He noted that the Defense Department, of which the NSA is a part, has a contract for antivirus
software with another company, not Kaspersky.
In a statement, Kaspersky Lab said it "has not been provided any information or evidence
substantiating this alleged incident, and as a result, we must assume that this is another
example of a false accusation."
Kremlin spokesman Dmitry Peskov in a statement didn't address whether the Russian government
stole materials from the NSA using Kaspersky software. But he criticized the U.S. government's
decision to ban the software from use by U.S. agencies as "undermining the competitive
positions of Russian companies on the world arena."
The Kaspersky incident is the third publicly known breach at the NSA involving a
contractor's access to a huge trove of highly classified materials. It prompted an official
letter of reprimand to the agency's director, Adm. Michael Rogers, by his superiors, people
familiar with the situation said.
Adm. Rogers came into his post in 2014 promising to staunch leaks after the disclosure that
NSA contractor Edward Snowden the year before gave classified documents to journalists that
revealed surveillance programs run by the U.S. and allied nations.
The Kaspersky-linked incident predates the arrest last year of another NSA contractor,
Harold Martin, who allegedly removed massive amounts of classified information from the
agency's headquarters and kept it at his home, but wasn't thought to have shared the data.
Mr. Martin pleaded not guilty to charges that include stealing classified information. His
lawyer has said he took the information home only to get better at his job and never intended
to reveal secrets.
The name of the NSA contractor in the Kaspersky-related incident and the company he worked
for aren't publicly known. People familiar with the matter said he is thought to have purposely
taken home numerous documents and other materials from NSA headquarters, possibly to continue
working beyond his normal office hours.
The man isn't believed to have wittingly worked for a foreign government, but knew that
removing classified information without authorization is a violation of NSA policies and
potentially a criminal act, said people with knowledge of the breach.
It is unclear whether he has been dismissed from his job or faces charges. The incident
remains under federal investigation, said people familiar with the matter.
Kaspersky software once was authorized for use by nearly two dozen U.S. government agencies,
including the Army, Navy and Air Force, and the departments of Defense, State, Homeland
Security, Energy, Veterans Affairs, Justice and Treasury.
NSA employees and contractors never had been authorized to use Kaspersky software at work.
While there was no prohibition against these employees or contractors using it at home, they
were advised not to before the 2015 incident, said people with knowledge of the guidance the
agency gave.
For years, U.S. national security officials have suspected that Kaspersky Lab, founded by a
computer scientist who was trained at a KGB-sponsored technical school, is a proxy of the
Russian government, which under Russian law can compel the company's assistance in intercepting
communications as they move through Russian computer networks.
Kaspersky said in its statement: "As a private company, Kaspersky Lab does not have
inappropriate ties to any government, including Russia, and the company has never helped, nor
will help, any government in the world with its cyberespionage efforts."
Suspicions about the company prompted the Department of Homeland Security last month to take
the extraordinary step of banning all U.S. government departments and agencies from using
Kaspersky products and services. Officials determined that "malicious cyber actors" could use
the company's antivirus software to gain access to a computer's files, said people familiar
with the matter.
The government's decision came after months of intensive discussions inside the intelligence
community, as well as a study of how the software works and the company's suspected connections
to the Russian government, said people familiar with the events. They said intelligence
officials also were concerned that given the prevalence of Kaspersky on the commercial market,
countless people could be targeted, including family members of senior government officials, or
that Russia could use the software to steal information for competitive economic advantage.
"The risk that the Russian government, whether acting on its own or in collaboration with
Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal
information and information systems directly implicates U.S. national security," the DHS said
Sept. 13 in announcing the government ban.
All antivirus software scans computers looking for malicious code, comparing what is on the
machine to a master list housed at the software company. But that scanning also gives makers of
the software an inventory of what is on the computer, experts say.
"It's basically the equivalent of digital dumpster diving," said Blake Darché, a
former NSA employee who worked in the agency's elite hacking group that targets foreign
computer systems.
Kaspersky is "aggressive" in its methods of hunting for malware, Mr. Darché said, "in
that they will make copies of files on a computer, anything that they think is interesting." He
said the product's user license agreement, which few customers probably read, allows this.
"You're basically surrendering your right to privacy by using Kaspersky software," said Mr.
Darché, who is chief security officer for Area 1, a computer security company.
"We aggressively detect and mitigate malware infections no matter the source and we have
been proudly doing it for 20 years," the company said in its statement. "We make no apologies
for being aggressive in the battle against malware and cybercriminals."
U.S. investigators believe the contractor's use of the software alerted Russian hackers to
the presence of files that may have been taken from the NSA, according to people with knowledge
of the investigation. Experts said the software, in searching for malicious code, may have
found samples of it in the data the contractor removed from the NSA.
But how the antivirus system made that determination is unclear, such as whether Kaspersky
technicians programed the software to look for specific parameters that indicated NSA material.
Also unclear is whether Kaspersky employees alerted the Russian government to the finding.
Investigators did determine that, armed with the knowledge that Kaspersky's software
provided of what files were suspected on the contractor's computer, hackers working for Russia
homed in on the machine and obtained a large amount of information, according to the people
familiar with the matter.
The breach illustrates the chronic problem the NSA has had with keeping highly classified
secrets from spilling out, former intelligence personnel say. They say they were rarely
searched while entering or leaving their workplaces to see if they were carrying classified
documents or removable storage media, such as a thumb drive.
The incident was considered so serious that it was given a classified code name and set off
alarms among top national security officials because it demonstrated how the software could be
used for spying. Members of Congress also were informed, said people familiar with the
matter.
Then-Defense Secretary Ash Carter and then-Director of National Intelligence James Clapper
pushed President Barack Obama to remove Adm. Rogers as NSA head, due in part to the number of
data breaches on his watch, according to several officials familiar with the matter.
The NSA director had fallen out of White House favor when he traveled to Bedminster, N.J.,
last November to meet with president-elect Donald Trump about taking a job in his
administration, said people familiar with the matter. Adm. Rogers didn't notify his superiors,
an extraordinary step for a senior military officer, U.S. officials said.
Adm. Rogers wasn't fired for a number of reasons, including a pending restructuring of the
NSA that would have been further complicated by his departure, according to people with
knowledge of internal deliberations. An NSA spokesman didn't comment on efforts to remove Adm.
Rogers.
"... When a target of surveillance was downloading the software, they would be silently redirected to a version infected with FinFisher, research found. ..."
"... The software's brochure boasted: "FinFly ISP is able to patch files that are downloaded by the target on-the-fly or send fake software updates for popular software. ..."
Legitimate downloads of popular software including WhatsApp, Skype and VLC
Player are allegedly being hacked at an internet service provider (ISP) level
to spread an advanced form of surveillance software known as "FinFisher",
cybersecurity researchers warn.
FinFisher is sold to global governments and
intelligence agencies and can be used to snoop on webcam feeds, keystrokes,
microphones and web browsing. Documents, previously
published by WikiLeaks,
indicate that one tool called "FinFly ISP" may be
linked to the case.
The digital surveillance tools are peddled by an international firm called
Gamma Group
and have in the past been sold to repressive regimes including
Bahrain, Egypt and the United Arab Emirates (UAE). In March this year, the
company attended a security conference sponsored by the UK Home Office.
This week (21 September), experts from cybersecurity firm Eset claimed that
new FinFisher variants had been discovered in seven countries, two of which
were being targeted by "man in the middle" (MitM) attacks at an ISP level –
packaging real downloads with spyware.
Companies hit included WhatsApp, Skype, Avast, VLC Player and WinRAR, it
said, adding that "virtually any application could be misused in this way."
When a target of surveillance was downloading the software, they would be
silently redirected to a version infected with FinFisher, research found.
When downloaded, the software would install as normal – but Eset found it
would also be covertly bundled with the surveillance tool. The stealthy
infection process was described as being "invisible to the naked eye." The
seven countries were not named for security reasons, Eset said. WhatsApp and
VLC Player did not respond to request for comment by the time of publication. A
Microsoft spokesperson, referencing the Skype infections, told
IBTimes
UK
: "Windows Defender antivirus cloud protection already automatically
identifies and blocks the malware. "For non-cloud customers, we've deployed
signatures to protect against this in our free antivirus software," the
statement added.
An Avast spokesperson said: "Attackers will always focus on the most
prominent targets. "Wrapping official installers of legitimate apps with
malware is not a new concept and we aren't surprised to see the PC apps
mentioned in this report. "What's new is that this seems to be happening at a
higher level. "We don't know if the ISPs are in cooperation with the malware
distributors or whether the ISPs' infrastructure has been hijacked."
The
latest version of FinFisher
was spotted with new customised code which kept
it from being discovered, what Eset described as "tactical improvements." Some
tricks, it added, were aimed at compromising end-to-end (E2E) encryption
software and known privacy tools. One such application was Threema, a secure
messaging service.
"The geographical dispersion of Eset's detections of FinFisher variants
suggests the MitM attack is happening at a higher level – an ISP arises as the
most probable option," the team said. "One of the main implications of the
discovery is that they decided to use the most effective infection method and
that it actually isn't hard to implement from a technical perspective," Filip
Kafka, a malware researcher at Eset, told IBTimes UK. "Since we see have
seen more infections than in the past surveillance campaigns, it seems that
FinFisher is now more widely utilised in the monitoring of citizens in the
affected countries."
Breaking encryption has become a major talking point of governments around
the world, many of which conduct bulk communications collection. Politicians
argue, often without evidence, that software from companies such as WhatsApp
has become a burden on terror probes
.
Whatsapp, Skype and VLC all
targeted by FinFisher spyware.
One
WikiLeaks document on FinFly ISP
touted its ability to conduct surveillance
at an ISP level.
The software's brochure boasted: "FinFly ISP is able to
patch files that are downloaded by the target on-the-fly or send fake software
updates for popular software.
" It added that it "can be installed on an
internet service provider's network" and listed one use case when it was
previously deployed by an unnamed intelligence agency. Eset found that all
affected targets within one of the countries were using the same ISP.
"... Intel has confirmed a Remote Elevation of Privilege bug (CVE-2017-5689) in its Management Technology, on 1 May 2017.[12] Every Intel platform with either Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the IME (Intel Management Engine) ..."
Colonel I have refrained from any posting anywhere for any reason for months, but since the discussion
seems to turn to decryption so often I thought you might be interested in knowing about network
management systems built into Intel and AMD based machines for years,
https://en.wikipedia.org/wiki/Intel_Active_Management_Technology
Hardware-based management does not depend on the presence of an OS or locally installed management
agent. Hardware-based management has been available on Intel/AMD based computers in the past,
but it has largely been limited to auto-configuration using DHCP or BOOTP for dynamic IP address
allocation and diskless workstations, as well as wake-on-LAN (WOL) for remotely powering on
systems.[6] AMT is not intended to be used by itself; it is intended to be used with a software
management application.[1] It gives a management application (and thus, the system administrator
who uses it) access to the PC down the wire, in order to remotely do tasks that are difficult
or sometimes impossible when working on a PC that does not have remote functionalities built
into it.[1][3][7]
... Intel has confirmed a Remote Elevation of Privilege bug (CVE-2017-5689) in its Management
Technology, on 1 May 2017.[12] Every Intel platform with either Intel Standard Manageability,
Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake
in 2017 has a remotely exploitable security hole in the IME (Intel Management Engine)
.[13][14]
I think our second O in OODA is getting fuzzed if we don't consider some of the observations found
in "Powershift" by Toffler as well.
The point being is that many Intel and AMD based computers can and have been owned by various
governments and groups for years, and at this level have access to any information on these machines
before the encryption software is launched to encrypt any communications.
If this known software management tool is already on board, then extrapolation Toffler's chipping
warning to unannounced or unauthorized by various actors, one begins to see where various nation
states have gone back to typewriters for highly sensitive information, or are building their own
chip foundries, and writing their own operating systems and TCP/IP protocols, and since these
things are known knowns, one would not be too far fetched in assuming the nation state level players
are communicating over something entirely different than you and I are using. How that impacts
the current news cycle, and your interpretation of those events, I leave to your good judgment.
I would urge all of my fellow Americans, especially those with a megaphone, to also take care
that we are not the subject of the idiom divide and conquer instead of its' master. To that end
I think the concept of information overload induced by the internet may in fact be part of the
increasing polarization and information bubbles we see forming with liberals and conservatives.
This too fuzzes the second O in OODA and warps the D and thus the A, IMHO.
(macrumors.com)
Posted by BeauHD on Friday September
22, 2017 @10:05PM from the remote-control dept. AmiMoJo shares a report from Mac Rumors: Over the last
day or two, several Mac users appear to have been locked out of their machines after hackers
signed into their iCloud accounts and initiated a remote lock using Find My iPhone. With access
to an iCloud user's username and password, Find My iPhone on iCloud.com can be used to "lock" a
Mac with a passcode even with two-factor authentication turned on , and that's what's going
on here. Affected users who have had their iCloud accounts hacked are receiving messages
demanding money for the passcode to unlock a locked Mac device. The usernames and passwords of
the iCloud accounts affected by this "hack" were likely found through various site data
breaches and have not been acquired through a breach of Apple's servers. Impacted users likely
used the same email addresses, account names, and passwords for multiple accounts, allowing
people with malicious intent to figure out their iCloud details.
(theguardian.com)
66 Posted by msmash on Friday September 22, 2017 @02:41PM from the up-next dept. Alex Hern,
writing for The Guardian: A "category one" cyber-attack,
the most serious tier possible, will happen "sometime in the next few years" , a director
of the National Cybersecurity Centre has warned. According to the agency, which reports to GCHQ
and has responsibly for ensuring the UK's information security, a category one cybersecurity
incident requires a national government response. Speaking at an event about the next decade of
information security, Levy warned that "sometime in the next few years we're going to have our
first category one cyber-incident." The only way to prevent such a breach, he said, was to
change the way businesses and governments think about cybersecurity. Rather than obsessing
about buying the right security products, Levy argued, organisations should instead focus on
managing risk: understanding the data they hold, the value it has, and how much damage it could
do if it was lost, for instance.
(bleepingcomputer.com) Posted by EditorDavid on Saturday September 23, 2017 @02:34PM from
the yours-and-mining dept. An anonymous reader writes: SafeBrowse, a Chrome extension with
more than 140,000 users,
contains an embedded JavaScript library in the extension's code that mines for the Monero
cryptocurrency using users' computers and without getting their consent. The additional
code drives CPU usage through the roof, making users' computers sluggish and hard to use.
Looking at the SafeBrowse extension's source code, anyone can easily spot the embedded Coinhive
JavaScript Miner, an in-browser implementation of the CryptoNight mining algorithm used by
CryptoNote-based currencies, such as Monero, Dashcoin, DarkNetCoin, and others. This is
the same technology that The Pirate Bay experimented with as an alternative to showing ads
on its site. The extension's author claims he was "hacked" and the code added without his
knowledge.
"... But whether Russia retaliates or not, mistrust of the cybersecurity field has risen, and U.S. adversaries are likely to avoid U.S.-built software, believing that U.S. intelligence agencies may have special access ..."
"... "If you're China, if you're Russia, do you want to run American-built stuff? Probably not," Clark said at a presentation hosted by the Center for Cyber & Homeland Security at The George Washington University. ..."
The Trump administration's ban on the use of a Russian cybersecurity
firm's software is heightening suspicion worldwide that private internet firms might be in
league with their home governments, an industry leader said Wednesday.
The Trump administration last week told U.S. government agencies to remove Kaspersky Lab
products from their networks, citing alleged ties between officials at Moscow-based Kaspersky
and Russian intelligence. Non-government entities and individuals may still use Kaspersky
products.
But whether Russia retaliates or not, mistrust of the cybersecurity field has risen, and
U.S. adversaries are likely to avoid U.S.-built software, believing that U.S. intelligence
agencies may have special access , Greg Clark, chief executive of Symantec , said Wednesday.
"If you're China, if you're Russia, do you want to run American-built stuff? Probably
not," Clark said at a presentation hosted by the Center for Cyber & Homeland Security at The George Washington
University.
Computer-optimization software is supposed to keep your computer running smoothly. Well, in
this case, maybe not so much. Monday, the company that makes CCleaner, Avast's Piriform,
announced that their free software was infected with malware . If you use CCleaner, here's
what you need to know.
What does the malware do?
It gathers information like your IP address, computer name, a list of installed software on
your computer, a list of active software and a list of network adapters and sends it to a
third-party computer server. Your credit card numbers, social security number and the like seem
to be safe.
"Working with US law enforcement, we caused this server to be shut down on the 15th of
September before any known harm was done," said the company in
the announcement .
Who was infected?
According to Piriform, around 3 percent -- roughly 2.27 million computers -- used the
infected software. Specifically, computers running 32-bit Windows 10. If that applies to you,
don't panic. The company believes that they were able to disarm the malware before any harm was
done.
How do I know if I have the corrupted version?
The versions that were affected are CCleaner v5.33.6162 or CCleaner Cloud v1.07.3191 for
32-bit Windows PCs. The Android version for phones doesn't seem to be affected.
If you've updated your software since September 12, you should be okay. This is when the
new, uncorrupted version was released. Also, if you have the Cloud version, it should have
automatically updated itself by now to the clean version.
I don't use the cloud version.
What should I do?
CCleaner v5.33.6162 does not update on its own, so if you use the non-cloud version you may
have the corrupted software. Piriform recommends deleting your current version and downloading a clean version
from their website .
After you have your new software downloaded, run a check on your system using malware
protection software to be sure that CCleaner didn't leave any nasty invader behind.
"... "Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a service to capture information. ..."
"... The malware's modules -- including FOGGYBOTTOM and GROK -- can perform tasks including listening in and monitoring communication, capturing keystrokes and both webcam and microphone usage, the impersonation users, stealing diagnostics information and self-destructing once tasks are completed. ..."
"Able to compromise Windows PCs running on XP, Windows Server 2003
and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack
tool acts as a service to capture information.
The malware's modules -- including FOGGYBOTTOM and GROK -- can perform tasks including listening
in and monitoring communication, capturing keystrokes and both webcam and microphone usage, the impersonation
users, stealing diagnostics information and self-destructing once tasks are completed."
"... Security researchers have discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. Researchers say the vulnerabilities are undetectable and unstoppable by traditional security solutions. No user interaction is needed for an attacker to use the BleuBorne flaws, nor does the attacker need to pair with a target device. ..."
An anonymous reader quotes a report from Bleeping Computer:
Security researchers have discovered eight vulnerabilities -- codenamed collectively as
BlueBorne -- in the Bluetooth
implementations used by over 5.3 billion devices. Researchers say the vulnerabilities are undetectable
and unstoppable by traditional security solutions. No user interaction is needed for an attacker
to use the BleuBorne flaws, nor does the attacker need to pair with a target device.
They
affect the Bluetooth implementations in Android, iOS, Microsoft, and Linux , impacting almost
all Bluetooth device types, from smartphones to laptops, and from IoT devices to smart cars. Furthermore,
the vulnerabilities can be concocted into a self-spreading BlueTooth worm that could wreak havoc
inside a company's network or even across the world. "These vulnerabilities are the most serious
Bluetooth vulnerabilities identified to date," an Armis spokesperson told Bleeping Computer via email.
"Previously identified flaws found in Bluetooth were primarily at the protocol level," he added.
"These new vulnerabilities are at the implementation level, bypassing the various authentication
mechanisms, and enabling a complete takeover of the target device."
Consumers are recommended to disable Bluetooth unless you need to use it, but then turn it off
immediately.
When a pat
oid App on the Google Play Store will be able to determine if a user's Android device is vulnerable.
A technical report on the BlueBorne flaws is available
here
(PDF).ch or update is issued and installed on your device, you should be able to turn Bluetooth
back on and leave it on safely. The
BlueBorne Andr
"... Equifax has also lobbied Congress and regulatory agencies on issues around "data security and breach notification" and "cybersecurity threat information sharing," according to its lobbying disclosures. ..."
"... The amount Equifax spent in the first half of this year appears to be in line with previous spending. In 2016 and 2015, the company's reports show it spent $1.1 million and $1.02 million, respectively, on lobbying activities. ..."
(wsj.com) Posted by msmash on Tuesday September 12, 2017
WSJ reports: Equifax was lobbying lawmakers and federal agencies to ease up on regulation of credit-reporting
companies in the months before its massive data breach. Equifax
spent at least $500,000 on lobbying Congress and federal regulators in the first half of 2017
, according to its congressional lobbying-disclosure reports. Among the issues on which it lobbied
was limiting the legal liability of credit-reporting companies.
That issue is the subject of a bill that a panel of the House Financial Services Committee, which
oversees the industry, discussed the same day Equifax disclosed the cyberattack that exposed personal
financial data of as many as 143 million Americans.
Equifax has also lobbied Congress and regulatory agencies on issues around "data security
and breach notification" and "cybersecurity threat information sharing," according to its lobbying
disclosures.
The amount Equifax spent in the first half of this year appears to be in line with previous
spending. In 2016 and 2015, the company's reports show it spent $1.1 million and $1.02 million, respectively,
on lobbying activities.
While the company had broadly similar lobbying issues in those years, the liability matter was
new in 2017.
(buzzfeed.com)
128
Posted by EditorDavid on Monday August 28, 2017 @06:30AM from the fraudulent-funding
dept. An anonymous reader quote BuzzFeed:
The vast majority of money raised to pay for the
legal defense of beloved British cybersecurity researcher Marcus Hutchins
was
donated with stolen or fake credit card numbers
, and all donations, including legitimate
ones, will be returned, the manager of the defense fund says. Lawyer Tor Ekeland, who managed
the fund, said at least $150,000 of the money collected came from fraudulent sources, and that
the prevalence of fraudulent donations effectively voided the entire fundraiser. He said he'd
been able to identify only about $4,900 in legitimate donations, but that he couldn't be
certain even of those. "I don't want to take the risk, so I just refunded everything," he
said.
Two days later, Hutchins posted the following
on Twitter
. "When sellouts
are talking shit about the 'infosec community' remember that someone I'd never met flew to
Vegas to pay $30K cash for my bail." Hutchins is facing up to 40 years in prison, and at first
was only allowed to leave his residence for four hours each week. Thursday a judge
lifted some restrictions
so that Hutchins is now allowed to travel to Milwaukee, where his
employer is located. According to Bloomberg, government prosecutors complain Hutchins now "
has too much freedom while awaiting trial
and may skip the country." Clickthrough for
a list of the evidence government prosecutors submitted to the court
this week.
An
anonymous reader writes: The author of the original Petya ransomware -- a person/group going
by the name of Janus Cybercrime Solutions -- has
released the master decryption key of all past Petya versions
. This key can decrypt all
ransomware families part of the Petya family except NotPetya,
Most (original) Petya campaigns happened in 2016, and very few campaigns have been active
this year. Users that had their files locked have wiped drives or paid the ransom many months
before. The key will only help those victims who cloned their drives and saved a copy of the
encrypted data. Experts believe that Janus released Petya's decryption key as a result of the
recent NotPetya outbreak, and he might have decided to shut down his operation to avoid further
scrutiny, or being accused of launching NotPetya.
The article's central message is plausible: Russia running a cyberwar against Ukraine and at
the same time trying to build up knowhow. But at the same time the author knows that he can write
anything about Russia and it will be believed. At the same time the story is part of a large anti-Russia
and anti Trump campaign.
I don't keep track so I don't have a lot of links ready but I know the news about a russian
cyberattack on US powerplant was bogus. Russian hacking of DNC was bogus.Russian-Trump links are
bogus. Russian hacking of french elections was bogus. But these debunkings only come through very
slowly. On the other side there is a barrage of claims that is so overwhelming nobody can begin
to debunk them.
And I see good reasons why the democrats and the military industrical complex prefer to have
high tensions with Russia and why they want to blame Russia for the failed elections. And I see
why the press goes along with it.
And I think that whatever Russia is doing(a lot less than claimed, but certainly a lot of business
as usual nasty stuff) it's a good idea to improve the ties with them rather than deteriorate them.
That is my opinion about policy. That it's in the west's interest. I also think they're open for
chances for improvement , at least as long as Putin is there.
But look at this thread. It's almost unanimous against Russia. Any outsider looking here without
any knowledge of the situation would know, this is bad. It means no good thinking will come out
of it.(there's more reasons for that though). It also means propaganda is still very effective
here and now.
So the article of the topic here may have a good degree of truth, but it's all part of an anti-russian
frenzy which I think is a very bad idea.
Here's a new link about a lot of the hacking stories. It covers quite some ground. I'd have
to dig for the rest. The ones I mentioned are some I'm pretty certain of although one can debate
how convincing the proof is.
https://consortiumnews.com/201... [consortiumnews.com]
I didn't discuss Trump. I'd like to get rid of him but I'm convinced the current campaign to
link him to Russia is extremely dishonest. He's right about that. Maybe he'll go down because
in his efforts to stop them he'll do something very illegal. Or maybe he'll stay in power because
he made the right friends. The Saudis and the weapons manufacturers for instance. Then all that
the anti Russia campaign will have achieved is to give us the worst of both worlds. Thanks for
cooperating everyone.
Whatever it was, that Petya thing hit bunch of Russian companies as well. For example, it hit
Russia's top oil providers Rosneft and Bashneft. Some of them suffered quite a bit. Invitro, a
nationwide network of private medical laboratories, temporarily ceased samples collection due
to the cyberattack.
"... Recent hearings by the Senate and House Intelligence Committees reflected the rising tide of Russian-election-hacking hysteria and contributed further to it. Both Democrats and Republicans on the two committees appeared to share the alarmist assumptions about Russian hacking, and the officials who testified did nothing to discourage the politicians. ..."
"... The Department of Homeland Security (DHS) has a record of spreading false stories about alleged Russian hacking into US infrastructure , such as the tale of a Russian intrusion into the Burlington, Vermont electrical utility in December 2016 that DHS later admitted was untrue. There was another bogus DHS story about Russia hacking into a Springfield, Illinois water pump in November 2011. ..."
"... So, there's a pattern here. Plus, investigators, assessing the notion that Russia hacked into state electoral databases, rejected that suspicion as false months ago. Last September, Assistant Secretary of DHS for Cybersecurity Andy Ozment and state officials explained that the intrusions were not carried out by Russian intelligence but by criminal hackers seeking personal information to sell on the Internet. ..."
"... Illinois is the one state where hackers succeeded in breaking into a voter registration database last summer. The crucial fact about the Illinois hacking, however, was that the hackers extracted personal information on roughly 90,000 registered voters, and that none of the information was expunged or altered. ..."
"... "Any time you more carefully monitor a system you're going to see more bad guys poking and prodding at it," he observed, " because they're always poking and prodding." [Emphasis added] ..."
"... Reagan further revealed that she had learned from the FBI that hackers had gotten a user name and password for their electoral database, and that it was being sold on the "dark web" – an encrypted network used by cyber criminals to buy and sell their wares. In fact, she said, the FBI told her that the probe of Arizona's database was the work of a "known hacker" who had been closely monitored "frequently." ..."
"... The sequence of events indicates that the main person behind the narrative of Russian hacking state election databases from the beginning was former FBI Director James Comey. In testimony to the House Judiciary Committee on Sept. 28, Comey suggested that the Russian government was behind efforts to penetrate voter databases, but never said so directly. ..."
"... The media then suddenly found unnamed sources ready to accuse Russia of hacking election data even while admitting that they lacked evidence. The day after Comey's testimony ABC headlined , "Russia Hacking Targeted Nearly Half of States' Voter Registration Systems, Successfully Infiltrating 4." The story itself revealed, however, that it was merely a suspicion held by "knowledgeable" sources. ..."
"... But that claim of a "likely" link between the hackers and Russia was not only speculative but highly suspect. The authors of the DHS-ODNI report claimed the link was "supported by technical indicators from the US intelligence community, DHS, FBI, the private sector and other entities." They cited a list of hundreds of I.P. addresses and other such "indicators" used by hackers they called "Grizzly Steppe" who were supposedly linked to Russian intelligence. ..."
"... But the highly classified NSA report made no reference to any evidence supporting such an attribution. The absence of any hint of signals intelligence supporting its conclusion makes it clear that the NSA report was based on nothing more than the same kind of inconclusive "indicators" that had been used to establish the original narrative of Russians hacking electoral databases. ..."
"... Russian intelligence certainly has an interest in acquiring intelligence related to the likely outcome of American elections, but it would make no sense for Russia's spies to acquire personal voting information about 90,000 registered voters in Illinois. ..."
Cyber-criminal efforts to hack into U.S. government databases are epidemic, but this ugly reality
is now being exploited to foist blame on Russia and fuel the New Cold War hysteria
Recent
hearings by the Senate and House Intelligence Committees reflected the rising tide of Russian-election-hacking
hysteria and contributed further to it. Both Democrats and Republicans on the two committees appeared
to share the alarmist assumptions about Russian hacking, and the officials who testified did nothing
to discourage the politicians.
On June 21, Samuel Liles, acting director of the Intelligence and Analysis Office's Cyber Division
at the Department of Homeland Security, and Jeanette Manfra, acting deputy under secretary for cyber-security
and communications, provided the main story line for the day in testimony before the Senate committee
- that efforts to hack into election databases had been found in 21 states.
Former DHS Secretary Jeh Johnson and FBI counterintelligence chief Bill Priestap also endorsed
the narrative of Russian government responsibility for the intrusions on voter registration databases.
But none of those who testified offered any evidence to support this suspicion nor were they pushed
to do so. And beneath the seemingly unanimous embrace of that narrative lies a very different story.
The Department of Homeland Security (DHS) has a record of spreading false stories about alleged
Russian hacking into US infrastructure , such as the tale of a Russian intrusion into the Burlington,
Vermont electrical utility in December 2016 that DHS later admitted was untrue. There was another
bogus DHS story about Russia hacking into a Springfield, Illinois water pump in November 2011.
So, there's a pattern here. Plus, investigators, assessing the notion that Russia hacked into
state electoral databases, rejected that suspicion as false months ago. Last September, Assistant
Secretary of DHS for Cybersecurity Andy Ozment and state officials explained that the intrusions
were not carried out by Russian intelligence but by criminal hackers seeking personal information
to sell on the Internet.
Both Ozment and state officials responsible for the state databases revealed that those databases
have been the object of attempted intrusions for years. The FBI provided information to at least
one state official indicating that the culprits in the hacking of the state's voter registration
database were cyber-criminals.
Illinois is the one state where hackers succeeded in breaking into a voter registration database
last summer. The crucial fact about the Illinois hacking, however, was that the hackers extracted
personal information on roughly 90,000 registered voters, and that none of the information was expunged
or altered.
The Actions of Cybercriminals
That was an obvious clue to the motive behind the hack. Assistant DHS Secretary Ozment testified
before the House Subcommittee on Information Technology on Sept. 28 ( at 01:02.30 of the video )
that the apparent interest of the hackers in copying the data suggested that the hacking was "possibly
for the purpose of selling personal information."
Ozment 's testimony provides the only credible motive for the large number of states found to
have experienced what the intelligence community has called "scanning and probing" of computers to
gain access to their electoral databases: the personal information involved – even e-mail addresses
– is commercially valuable to the cybercriminal underworld.
That same testimony also explains why so many more states reported evidence of attempts to hack
their electoral databases last summer and fall. After hackers had gone after the Illinois and Arizona
databases, Ozment said, DHS had provided assistance to many states in detecting attempts to hack
their voter registration and other databases.
"Any time you more carefully monitor a system you're going to see more bad guys poking and prodding
at it," he observed, " because they're always poking and prodding." [Emphasis added]
State election officials have confirmed Ozment's observation. Ken Menzel, the general counsel
for the Illinois Secretary of State, told this writer, "What's new about what happened last year
is not that someone tried to get into our system but that they finally succeeded in getting in."
Menzel said hackers "have been trying constantly to get into it since 2006."
And it's not just state voter registration databases that cybercriminals are after, according
to Menzel. "Every governmental data base – driver's licenses, health care, you name it – has people
trying to get into it," he said.
Arizona Secretary of State Michele Reagan told Mother Jones that her I.T. specialists had detected
193,000 distinct attempts to get into the state's website in September 2016 alone and 11,000 appeared
to be trying to "do harm."
Reagan further revealed that she had learned from the FBI that hackers had gotten a user name
and password for their electoral database, and that it was being sold on the "dark web" – an encrypted
network used by cyber criminals to buy and sell their wares. In fact, she said, the FBI told her
that the probe of Arizona's database was the work of a "known hacker" who had been closely monitored
"frequently."
James Comey's Role
The sequence of events indicates that the main person behind the narrative of Russian hacking
state election databases from the beginning was former FBI Director James Comey. In testimony to
the House Judiciary Committee on Sept. 28, Comey suggested that the Russian government was behind
efforts to penetrate voter databases, but never said so directly.
Comey told the committee that FBI Counterintelligence was working to "understand just what mischief
Russia is up to with regard to our elections." Then he referred to "a variety of scanning activities"
and "attempted intrusions" into election-related computers "beyond what we knew about in July and
August," encouraging the inference that it had been done by Russian agents.
The media then suddenly found unnamed sources ready to accuse Russia of hacking election data
even while admitting that they lacked evidence. The day after Comey's testimony ABC headlined , "Russia
Hacking Targeted Nearly Half of States' Voter Registration Systems, Successfully Infiltrating 4."
The story itself revealed, however, that it was merely a suspicion held by "knowledgeable" sources.
Similarly, NBC News headline announced, "Russians Hacked Two US Voter Databases, Officials Say."
But those who actually read the story closely learned that in fact none of the unnamed sources it
cited were actually attributing the hacking to the Russians.
It didn't take long for Democrats to turn the Comey teaser - and these anonymously sourced stories
with misleading headlines about Russian database hacking - into an established fact. A few days later,
the ranking Democrat on the House Intelligence Committee, Rep. Adam Schiff declared that there was
"no doubt" Russia was behind the hacks on state electoral databases.
On Oct. 7, DHS and the Office of the Director of National Intelligence issued a joint statement
that they were "not in a position to attribute this activity to the Russian government." But only
a few weeks later, DHS participated with FBI in issuing a "Joint Analysis Report" on "Russian malicious
cyber activity" that did not refer directly to scanning and spearphishing aimed of state electoral
databases but attributed all hacks related to the election to "actors likely associated with RIS
[Russian Intelligence Services]."
Suspect Claims
But that claim of a "likely" link between the hackers and Russia was not only speculative but
highly suspect. The authors of the DHS-ODNI report claimed the link was "supported by technical indicators
from the US intelligence community, DHS, FBI, the private sector and other entities." They cited
a list of hundreds of I.P. addresses and other such "indicators" used by hackers they called "Grizzly
Steppe" who were supposedly linked to Russian intelligence.
But as I reported last January, the staff of Dragos Security, whose CEO Rob Lee, had been the
architect of a US government system for defense against cyber attack, pointed out that the vast majority
of those indicators would certainly have produced "false positives."
Then, on Jan. 6 came the "intelligence community assessment" – produced by selected analysts from
CIA, FBI and National Security Agency and devoted almost entirely to the hacking of e-mail of the
Democratic National Committee and Hillary Clinton's campaign chairman John Podesta. But it included
a statement that "Russian intelligence obtained and maintained access to elements of multiple state
or local election boards." Still, no evidence was evinced on this alleged link between the hackers
and Russian intelligence.
Over the following months, the narrative of hacked voter registration databases receded into the
background as the drumbeat of media accounts about contacts between figures associated with the Trump
campaign and Russians built to a crescendo, albeit without any actual evidence of collusion regarding
the e-mail disclosures.
But a June 5 story brought the voter-data story back into the headlines. The story, published
by The Intercept, accepted at face value an NSA report dated May 5, 2017 , that asserted Russia's
military intelligence agency, the GRU, had carried out a spear-phishing attack on a US company providing
election-related software and had sent e-mails with a malware-carrying word document to 122 addresses
believed to be local government organizations.
But the highly classified NSA report made no reference to any evidence supporting such an attribution.
The absence of any hint of signals intelligence supporting its conclusion makes it clear that the
NSA report was based on nothing more than the same kind of inconclusive "indicators" that had been
used to establish the original narrative of Russians hacking electoral databases.
A Checkered History
So, the history of the US government's claim that Russian intelligence hacked into election databases
reveals it to be a clear case of politically motivated analysis by the DHS and the Intelligence Community.
Not only was the claim based on nothing more than inherently inconclusive technical indicators but
no credible motive for Russian intelligence wanting personal information on registered voters was
ever suggested.
Russian intelligence certainly has an interest in acquiring intelligence related to the likely
outcome of American elections, but it would make no sense for Russia's spies to acquire personal
voting information about 90,000 registered voters in Illinois.
When FBI Counterintelligence chief Priestap was asked at the June 21 hearing how Moscow might
use such personal data, his tortured effort at an explanation clearly indicated that he was totally
unprepared to answer the question.
"They took the data to understand what it consisted of," said Priestap, "so they can affect better
understanding and plan accordingly in regards to possibly impacting future election by knowing what
is there and studying it."
In contrast to that befuddled non-explanation, there is highly credible evidence that the FBI
was well aware that the actual hackers in the cases of both Illinois and Arizona were motivated by
the hope of personal gain.
Gareth Porter, an investigative historian and journalist specializing in US national security
policy, received the UK-based Gellhorn Prize for journalism for 2011 for articles on the U.S. war
in Afghanistan. His new book is
Manufactured Crisis: the Untold Story of the Iran Nuclear Scare . He can be contacted at
[email protected]. Reprinted from
Consortium News with the author's permission.
We should introduce pretty harsh penalty for lying about hacking by government officials...
Because this became their favorite pasture. NYT presstitutes, of course, try to push "Putin-did-it"
meme. What else you can expect from neocon stooges...
Notable quotes:
"... The N.S.A. has kept quiet, not acknowledging its role in developing the weapons. White House officials have deflected many questions, and responded to others by arguing that the focus should be on the attackers themselves, not the manufacturer of their weapons. ..."
"... But the silence is wearing thin for victims of the assaults, as a series of escalating attacks using N.S.A. cyberweapons have hit hospitals, a nuclear site and American businesses. Now there is growing concern that United States intelligence agencies have rushed to create digital weapons that they cannot keep safe from adversaries or disable once they fall into the wrong hands. ..."
"... On Wednesday, the calls for the agency to address its role in the latest attacks grew louder, as victims and technology companies cried foul . Representative Ted Lieu, a California Democrat and a former Air Force officer who serves on the House Judiciary and Foreign Affairs Committees, urged the N.S.A. to help stop the attacks and to stop hoarding knowledge of the computer vulnerabilities upon which these weapons rely ..."
"... "When these viruses fall into the wrong hands, people can use them for financial gain, or whatever incentive they have - and the greatest fear is one of miscalculation, that something unintended can happen," Mr. Panetta said. ..."
Twice in the past month,
National Security Agency cyberweapons stolen from its arsenal have been turned against two very
different partners of the United States - Britain and
Ukraine .
The N.S.A. has kept quiet, not acknowledging its role in developing the weapons. White House officials
have deflected many questions, and responded to others by arguing that the focus should be on the
attackers themselves, not the manufacturer of their weapons.
But the silence is wearing thin for victims of the assaults, as a series of escalating attacks
using N.S.A. cyberweapons have hit hospitals, a nuclear site and American businesses. Now there is
growing concern that United States intelligence agencies have rushed to create digital weapons that
they cannot keep safe from adversaries or disable once they fall into the wrong hands.
On Wednesday, the calls for the agency to address its role in the latest attacks grew louder,
as victims and
technology companies cried foul . Representative Ted Lieu, a California Democrat and a former
Air Force officer who serves on the House Judiciary and Foreign Affairs Committees, urged the N.S.A.
to help stop the attacks and to stop hoarding knowledge of the computer vulnerabilities upon which
these weapons rely.
Though the original targets of Tuesday's attacks appear to have been government agencies and businesses
in Ukraine, the attacks inflicted enormous collateral damage, taking down some 2,000 global targets
in more than 65 countries, including Merck, the American drug giant, Maersk, the Danish shipping
company, and Rosneft, the Russian state owned energy giant. The attack so crippled operations at
a subsidiary of Federal Express that trading had to be briefly halted for FedEx stock.
"When these viruses fall into the wrong hands, people can use them for financial gain, or whatever
incentive they have - and the greatest fear is one of miscalculation, that something unintended can
happen," Mr. Panetta said.
The world's most reprehensible newspaper, The New York Times , is quick to blame the
ransomeware attack which crippled computers in Ukraine
on Russia . Never mind the evidence; Ukrainians say Russia did it, and Ukrainians never lie.
Moreover, they say it was Russia because just a couple of days ago a senior government official
was blown up in a car bomb attack, and that was Russia, so they probably did this, too. QED.
Curiously enough, another Times story from just a little over a month ago reported
a near-identical attack, which it said was executed using malicious software
'stolen' from the NSA's tickle trunk .
Uh huh. Sure it was. And Cisco Systems is right there in Kiev, 'helping' Ukraine pin down the
origin of the attack.
For what it's worth, one of our favouritest authors, Molly McKew – at the Washington Post
, the world's second-most-reprehensible newspaper – quickly makes the connection between
Shapoval's murder and Russia , which she says is the wide assumption of experts.
While there are still plenty of unknowns regarding Petya, security researchers have pinpointed
what they believe to be the first target of the attack: M.E.Doc, a Ukrainian company that develops
tax accounting software.
The initial attack took aim the software supply chain of the tax software MEDoc, which then spread
through a system updater process that carried malicious code to thousands of machines, including
those who do business in Ukraine.
U.S. delivery firm FedEx Corp said its TNT Express division had been significantly affected by
the virus, which also wormed its way into South America, affecting ports in Argentina operated by
China's Cofco.
The malicious code locked machines and demanded victims post a ransom worth $300 in bitcoins or
lose their data entirely, similar to the extortion tactic used in the global WannaCry ransomware
attack in May.
More than 30 victims paid up but security experts are questioning whether extortion was the goal,
given the relatively small sum demanded, or whether the hackers were driven by destructive motives
rather than financial gain.
Hackers asked victims to notify them by email when ransoms had been paid but German email provider
Posteo quickly shut down the address, a German government cyber security official said.
While the malware seemed to be a variant of past campaigns, derived from code known as Eternal Blue
believed to have been developed by the U.S. National Security Agency (NSA), experts said it was not
as virulent as May's WannaCry attack.
Security researchers said Tuesday's virus could leap from computer to computer once unleashed
within an organisation but, unlike WannaCry, it could not randomly trawl the internet for its next
victims, limiting its scope to infect.
Bushiness that installed Microsoft's latest security patches from earlier this year and turned
off Windows file-sharing features appeared to be largely unaffected. A number of the international
firms hit have operations in Ukraine, and the virus is believed to have spread within global corporate
networks after gaining traction within the country. ... ... ...
Shipping giant A.P. Moller-Maersk, which handles one in seven containers shipped worldwide, has
a logistics unit in Ukraine.
Other large firms affected, such as French construction materials company Saint Gobain and Mondelez
International Inc, which owns chocolate brand Cadbury, also have operations in the country.
Maersk was one of the first global firms to be taken down by the cyber attack and its operations
at major ports such as Mumbai in India, Rotterdam in the Netherlands and Los Angeles on the U.S.
west coast were disrupted.
Other companies to succumb included BNP Paribas Real Estate , a part of the French bank that provides
property and investment management services.
"The international cyber attack hit our non-bank subsidiary, Real Estate. The necessary measures
have been taken to rapidly contain the attack," the bank said on Wednesday.
Production at the Cadbury factory on the Australian island state of Tasmania ground to a halt
late on Tuesday after computer systems went down.
Russia's Rosneft, one of the world's biggest crude producers by volume, said on Tuesday its systems
had suffered "serious consequences" but oil production had not been affected because it switched
to backup systems. (Additional reporting by Helen Reid in London, Teis Jensen in Copenhagen, Maya
Nikolaeva in Paris, Shadia Naralla in Vienna, Marcin Goettig in Warsaw, Byron Kaye in Sydney, John
O'Donnell in Frankfurt, Ari Rabinovitch in Tel Aviv and Noor Zainab Hussain in Bangalore; writing
by Eric Auchard and David Clarke; editing by David Clarke)
A massive cyber attack has disrupted businesses and services in Ukraine on Tuesday, bringing down
the government's website and sparking officials to warn that airline flights to and from the country's
capital city Kiev could face delays. Motherboard reports that the ransomware is quickly spreading
across the world.
From a report:
A number of Ukrainian banks and companies, including the state power distributor,
were hit by a cyber attack on Tuesday that disrupted some operations (
a non-paywalled source ) , the Ukrainian central bank said. The latest disruptions follow
a spate of hacking attempts on state websites in late-2016 and repeated attacks on Ukraine's power
grid that prompted security chiefs to call for improved cyber defences. The central bank said
an "unknown virus" was to blame for the latest attacks, but did not give further details or say
which banks and firms had been affected. "As a result of these cyber attacks these banks are having
difficulties with client services and carrying out banking operations," the central bank said
in a statement.
BBC reports that Ukraine's aircraft manufacturer Antonov, two postal services, Russian oil producer
Rosneft and Danish shipping company Maersk
are also facing "disruption,
including its offices in the UK and Ireland ." According to local media reports, the "unknown
virus" cited above is a ransomware strain known as Petya.A .
"We are seeing several thousands of infection attempts at the moment, comparable in size
to Wannacry's first hours," Costin Raiu, a security researcher at Kaspersky Lab, told Motherboard
in an online chat. Judging by photos posted to Twitter and images provided by sources, many of
the alleged attacks involved a piece of ransomware that displays red text on a black background,
and demands $300 worth of bitcoin. "If you see this text, then your files are no longer accessible,
because they are encrypted," the text reads, according to one of the photos. "Perhaps you are
busy looking for a way to recover your files, but don't waste your time. Nobody can recover your
files without our decryption service."
(cbslocal.com)
23 Posted by msmash on Tuesday June 27, 2017 @03:20PM from the aggressive-expansion dept.
The Heritage Valley Health System says it has been hit with a cyber attack. From a report: A spokeswoman
confirmed the attack Tuesday morning. "Heritage Valley Health System
has been affected by a cyber security incident . The incident is widespread and is affecting
the entire health system including satellite and community locations. We have implemented downtime
procedures and made operational adjustments to ensure safe patient care continues un-impeded." Heritage
Valley is a $480 million network that provides care for residents of Allegheny, Beaver, Butler and
Lawrence counties, in Pennsylvania; parts of eastern Ohio; and the panhandle of West Virginia.
Also read:
Ukrainian Banks, Electricity Firm Hit by Fresh Cyber Attack; Reports Claim the Ransomware Is Quickly
Spreading Across the World .
(vice.com)
143 Posted by msmash on Tuesday June 27, 2017 @04:41PM from the interesting-turns dept.
Joseph Cox, reporting for Motherboard: On Tuesday, a new,
worldwide ransomware outbreak took off, infecting targets in Ukraine, France, Spain, and elsewhere
. The hackers hit everything from international law firms to media companies. The ransom note
demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly
have their files decrypted. But the email company the hacker happened to use, Posteo, says
it has decided to block the attacker's account, leaving victims with no obvious way to unlock their
files . [...] The hacker tells victims to send $300 worth of bitcoin. But to determine who exactly
has paid, the hacker also instructs people to email their bitcoin wallet ID, and their "personal
installation key." This is a 60 character code made up of letters and digits generated by the malware,
which is presumably unique to each infection of the ransomware. That process is not possible now,
though. "Midway through today (CEST) we became aware that ransomware blackmailers are currently using
a Posteo address as a means of contact," Posteo, the German email provider the hacker had an account
with, wrote in a blog post. "Our anti-abuse team checked this immediately -- and blocked the account
straight away.
An anonymous reader quotes a report from Bleeping Computer:
Today's massive ransomware outbreak was
caused by a malicious software update for M.E.Doc , a popular accounting software used by Ukrainian
companies. According to several researchers, such as
Cisco Talos ,
ESET ,
MalwareHunter
, Kaspersky Lab
, and others
, an unknown attacker was able to compromise the software update mechanism for M.E.Doc's servers,
and deliver a malicious update to customers. When the update reached M.E.Doc's customers, the tainted
software packaged delivered the Petya ransomware -- also referenced online as NotPetya, or Petna.
The Ukrainian software vendor appears to have inadvertently confirmed that something was wrong when,
this morning, issued a
security advisory . Hours later, as the ransomware outbreak
spread all over Ukraine and other countries across the globe causing huge damages, M.E.Doc
denied on
Facebook its servers ever served any malware. According to security researcher MalwareHunter, this
is not the first time M.E.Doc has carried a malicious software update that delivered ransomware.
Back in May, the company's software update mechanism also helped spread the
XData ransomware .
Ransomware known as Petya seems to have re-emerged to affect computer systems across Europe,
causing issues primarily in Ukraine, Russia, England and India, a Swiss government information technology
agency has told Reuters.
"There have been indications of late that Petya is in circulation again, exploiting the SMB (Server
Message Block) vulnerability," the Swiss Reporting and Analysis Centre for Information Assurance
(MELANI) said in an e-mail.
I t said it had no information that Swiss companies had been impacted, but said it was following
the situation. The Petya virus was blamed for disrupting systems in 2016.
Russia's top oil producer Rosneft said a large-scale cyber attack hit its servers on Tuesday,
with computer systems at some banks and the main airport in neighbouring Ukraine also disrupted.
3:48PM 'A multi-pronged attack' "This appears to be a multi-pronged attack that started
with a phishing campaign targeting infrastructure in the Ukraine," said Allan Liska, a security analyst
at Recorded Future.
"There is some speculation that, like WannaCry, this attack is being spread using the EternalBlue
exploit which would explain why it is spreading so quickly (having reached targets in Spain and France
in addition to the Ukraine).
This story was being reported as an attack on Ukraine alone by this a- wipe earlier today
(and Russia were being put in the frame for it)
The attack was always a global one and indeed many Russian companies have been hit – but of
course the 1% want the world to believe it is all down to the Russian government.
Add to that bit of knowledge – the extra bits of knowledge that the 1% are all buying up properties
in New Zealand all of a sudden – and the US are suddenly pushing hard against the Syrian government,
notwithstanding the fact that Russia are allied to Syria and Iran in their fight against terrorism
(i.e. the US)
Can you all now see what is going on in the minds of those that would rule the world?
Actually, they blame North Korea for it, although that seems pretty unlikely to me and is more
likely just capitalizing on an event to do a little bashing.
Why is Fallon only prepared to respond militarily to the next attack? Why not this one? Come
on, Mikey, get your finger out! What're they paying you for?
Early analysis of the attack points towards a variant of the known
Petya ransomware
, a strain of
malware
that encrypts the filesystem tables and hijacks the Master Boot Record to
ensure it starts before the operating system on infected Windows PCs. Early reports
suggest the malware is spreading using by network shares and email but this remains
unconfirmed. The outbreak is centred but not confined to the Ukraine. Victims in
Spain, France and Russia
have also been reported.
Victims include Ukrainian power distribution outfit Ukrenergo, which said the
problem is confined to its computer network and is not affecting its power supply
operations, Reuters
reports
. Other victims include Oschadbank, one of Ukraine's largest state-owned
lenders.
Global shipping outfit Maersk Group is also under the cosh.
Hackers behind the
attack
are demanding $300 (payable in Bitcoin) to unlock each computer. It's easy
to ascribe any computing problem in Ukraine to Russia because of the ongoing conflict
between the two countries, but the culprits behind the latest attack are just as
likely to be cybercriminals as state-sponsored saboteurs, judging by the evidence
that's emerged this far.
"While ransomware can be (and has been) used to cover other attacks, I think it's
wise to consider Ukraine attack cybercriminal for now,"
said
Martijn Grooten, editor of Virus Bulletin and occasional security
researcher. ®
Updated at 1500 UTC to add
: Allan Liska, intelligence architect at Recorded
Future, said the attack has multiple components including an attack to steal login
credentials as well as trash compromised computers.
"This appears to be a multi-pronged attack that started with a phishing campaign
targeting infrastructure in the Ukraine," Liska said. "The payload of the phishing
attack is twofold: an updated version of the Petya ransomware (older version of Petya
are well-known for their viciousness, rather than encrypt select files Petya
overwrote the master boot record on the victim machine, making it completely
inoperable)."
There is some speculation that, like WannaCrypt, this attack is being spread using
the EternalBlue exploit, which would explain why it is spreading so quickly (having
reached targets in Spain and France in addition to the Ukraine). "Our threat
intelligence also indicated that we are now starting to see US victims of this
attack," according to Liska.
There are also reports that the payload includes a variant of Loki Bot in addition
to the ransomware. Loki Bot is a banking Trojan that extracts usernames and passwords
from compromised computers. This means this attack not only could make the victim's
machine inoperable, it could steal valuable information that an attacker can take
advantage of during the confusion, according to Recorded Future.
Updated at 1509 UTC to add
:
Reg
sources from inside London firms
have been notifying us that they've been infected. We were sent this screenshot
(cropped to protect the innocent) just minutes ago:
This previously secret order involved having US intelligence design and implant a series of cyberweapons
into Russia's infrastructure systems, with officials saying they are meant to be activated remotely
to hit the most important networks in Russia and are designed to "
cause them pain and discomfort ."
The US has, of course, repeatedly threatened "retaliatory" cyberattacks against Russia, and promised
to knock out broad parts of their economy in doing so. These appear to be the first specific plans
to have actually infiltrate Russian networks and plant such weapons to do so.
Despite the long-standing nature of the threats, by the end of Obama's last term in office this
was all still in the "planning" phases. It's not totally clear where this effort has gone from there,
but officials say that the intelligence community, once given Obama's permission, did not need further
approval from Trump to continue on with it, and he'd have actually had to issue a countermanding
order, something they say he hasn't.
The details are actually pretty scant on how far along the effort is, but the goal is said to
be for the US to have the ability to retaliate at a moment's notice the next time they have a cyberattack
they intend to blame on Russia.
Unspoken in this lengthy report, which quotes unnamed former Obama Administration officials substantially,
advocating the effort, is that in having reported that such a program exists, they've tipped off
Russia about the threat.
This is, however, reflective of the priority of the former administration, which is to continuing
hyping allegations that Russia got President Trump elected, a priority that's high enough to sacrifice
what was supposed to be a highly secretive cyberattack operation.
The IT security researchers at Trend Micro recently discovered malware that has the potential to
infect Linux-based servers. The malware, called Erebus, has been
responsible for hijacking
153 Linux-based networks of a South Korean web-hosting company called NAYANA. NAYANA's clients
affected
Erebus is a ransomware capable of infecting Linux operating systems. As such, around 3,400 of
NAYANA's clients were affected due to the attack with databases, websites and other files being encrypted.
The incident took place on 10th June. As of now, NAYANA has not received the keys to decrypt their
files despite having paid three parts of the ransom. The fourth one, which is allegedly the last
installment, is yet to be paid. However, according to NAYANA, the attackers claimed to provide the
key after three payments.
According to
Trend Micro's report , Erebus was originally found back in September 2016. At the time, the malware
was not that harmful and was being distributed through malware-containing advertisements. Once the
user clicked on those ads, the ransomware would activate in the usual way.
The initial version of the Erebus only affected 423 file types and did so using the RSA-2048 encryption
algorithm, thereby encrypting the files with the .encrypt extension. Furthermore, it was this variant
that was using a number of websites in South Korea as a command-&-control (C&C) center.
Later, in February 2017, the malware had
seemingly evolved as now it had the ability to bypass User Account Control (UAC). For those who
may be unfamiliar with UAC, it is primarily a Windows privacy protection system that restricts anyone
who is not authorized, to alter the user's computer.
However, this later version of the Erebus was able to do so and inject ransomware ever so conveniently.
The campaign in which this version was involved demanded a ransom of 0.085 bitcoins – equivalent
to USD 216 at present – and threatened to delete the files in 96 hours if the ransom was not paid.
Now, however, Erebus has reached new heights by having the ability to bypass not only UAC but
also affect entire networks that run on Linux. Given that most organizations today use Linux for
their networks, it is no surprise to see that the effects of the malware are far-reaching.
How does the latest Erebus work?
According to Trend Micro, the most recent version of Erebus uses RSA algorithm to alter the AES
keys in Windows and change the encryption key as such. Also, the attack is accompanied by a Bluetooth
service so as to ensure that the ransomware does not break, even after the computer is rebooted.
This version can affect a total of 433 file types including databases, archives, office documents,
email files, web-based files and multimedia files. The ransom demanded in this campaign amounts to
5 bitcoins, which is USD 12,344 currently.
Although ransomware affecting Linux based networks are rare, they are, however, not new. Erebus
is not the first ransomware to have affected networks running on Linux. In fact, Trend Micro claims
that such ransomware was discovered as far back as in 2014.
Some of the ransomware include Linux.Encoder, Encrypter RaaS, KillDisk, KimcilWare and much more.
All of these were allegedly developed from an open-source code project that was available as part
of an educational campaign.
The ransomware for Linux, despite being somewhat inferior to
those for Windows , are still potent enough to cause damage on a massive scale. This is because,
a number of organizations and data centers use Linux, and hijacking such high-end systems can only
mean catastrophe.
Safety precautions
To avoid any accidents happening, IT officials and organizations running Linux-based networks
need to take some serious precautions. The most obvious one is to simply keep the server updated
with the latest firmware and anti-virus software.
Furthermore, it is always a good idea to keep a back-up of your data files in two to three separate
locations. It is also repeatedly advised to avoid installing unknown third-party programs as these
can act as potential gateways for such ransomware.
Lastly, IT administrators should keep monitoring the traffic that passes through the network and
looks for anomalies by identifying any inconsistencies in event logs.
Report warns lack of security talent, glut of legacy hardware pose imminent threat.
A congressionally mandated healthcare industry task force has published the findings of its investigation
into the state of health information systems security, and the diagnosis is dire.
The
Health Care Industry Cybersecurity Task Force report (PDF), published on June 1, warns that all
aspects of health IT security are in critical condition and that action is needed both by government
and the industry to shore up security. The recommendations to Congress and the Department of Health
and Human Services (HHS) included programs to drive vulnerable hardware and software out of health
care organizations. The report also recommends efforts to inject more people with security skills
into the healthcare work force, as well as the establishment of a chain of command and procedures
for dealing with cyber attacks on the healthcare system.
The problems healthcare organizations face probably cannot be fixed without some form of government
intervention. As the report states, "The health care system cannot deliver effective and safe care
without deeper digital connectivity. If the health care system is connected, but insecure, this connectivity
could betray patient safety, subjecting them to unnecessary risk and forcing them to pay unaffordable
personal costs. Our nation must find a way to prevent our patients from being forced to choose between
connectivity and security."
At the same time, government intervention is part of what got health organizations into this situation-by
pushing them to rapidly adopt connected technologies without making security part of the process.
"The HHS stance is pretty much that we got incredibly lucky in the US [with WannaCry], and our
luck is going to run out," Joshua Corman, co-founder of the information security non-profit organization
I Am The Cavalry and a member of the task force, told Ars. The report was delayed by the WannaCry
outbreak, Corman said, who observed that the task force members were disappointed that they hadn't
gotten the report out sooner: "because if the report had been out a week or two prior to WannaCry,
you could have bet that every Congressional staffer would have been reading it during the outbreak."
The task force was co-chaired by Emery Csulak, the chief information security officer for the
Centers for Medicare and Medicaid Services, and Theresa Meadows, who is a registered nurse and chief
information officer of the Cook Children's Health Care System. The task force also included representatives
from the security industry, government and private health care organizations, pharmaceutical firms,
medical device manufacturers, insurers, and others from the wider health care industry-as well as
healthcare data journalist and patient advocate
Fred Trotter . Corman said that the task force was "probably the hardest thing I've ever done
and maybe the most important thing I'll ever do-especially if some of these recommendations are acted
upon."
But it's not certain that the report will spur any immediate action, given the current debate
over healthcare costs in Congress and the stance of the Trump administration on regulation. Even
so, Corman explained:
When we were working on this, we realized that if it was summarily ignored by the next administration,
or if it was ignored for being too costly, the report could still be a backstop-in that when the
first crisis happens, this will be the most recently available report that will be the blueprint
for what to do next. It's just an indicator of how many minutes to midnight we are on this particular
clock-we may be out of time to get in front of it, but we can certainly try to see which of these
measures can be put in place in parallel [with a security crisis].
Brace for impact
The ransomware attack on Hollywood Presbyterian Medical Center, which happened just a few weeks
after President Obama signed the legislation that established the task force, helped establish the
urgency of the work the group was doing (
Ars' coverage of the ransomware attack is cited in the task force's final report). At the task
force's first in-person meeting in April, Corman said he brought up the Boston Marathon bombing.
"I said, imagine if you combined something like this physical attack with something like the logical
attack [at Hollywood Presbyterian]." The impact-disrupting the ability to give urgent medical care
during a physical attack-could potentially magnify the loss of life and shatter public confidence,
he suggested.
The recommendations generated by the task force amount to a Herculean to-do list:
Define and streamline leadership, governance, and expectations for health care industry cybersecurity.
Increase the security and resilience of medical devices and health IT. Develop the healthcare
workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities.
Increase health care industry readiness through improved cybersecurity awareness and education.
Identify mechanisms to protect research and development efforts, as well as intellectual property,
from attacks or exposure. Improve information sharing of industry threats, weaknesses, and mitigations.
That list is no short order. And it may already be too late to prevent another major incident.
In the wake of the
Hollywood Presbyterian ransomware attack last year, "the obscurity we've enjoyed is gone," Corman
explained. "We've always been prone, we've always been prey-we just lacked predators. Once the Hollywood
Presbyterian attack happened, there were a lot more sharks because they smelled blood in the water."
As a result, hospitals went from being off attackers' radar to "the number-one attacked industry
in less than a year," he said.
The task force's long-term target is to get the health industry to adopt the risk management strategies
of NIST's
Critical Infrastructure Cybersecurity Framework . But that's a long way off, considering the
potential costs associated and the bare-bones nature of many health providers' IT. Many healthcare
delivery organizations "are target rich and resource poor, and [they] can't fathom further investment
in cyber hygiene, period," said Corman.
The challenges to securing health IT identified by the task force, including some of the problems
exposed by the Hollywood Presbyterian attack, are substantial:
A severe lack of security talent in the industry. As the report points out, "The majority of health
delivery organizations lack full-time, qualified security personnel." Small, mid-sized, and rural
health providers may not even have full-time IT staff, or they depend on a service provider and have
little in the way of resources to attract and retain a skilled information security staff.
Premature and excessive connectivity. Health providers rapidly embraced networked systems, in
many cases without thought to secure design and implementation. As the report states, "Over the next
few years, most machinery and technology involved in patient care will connect to the Internet; however,
a majority of this equipment was not originally intended to be Internet accessible, nor designed
to resist cyber attacks."
In some significant ways, this is a problem that Congress helped create with the unintended consequences
of the Health Information Technology for Economic and Clinical Health (HITECH) Act. Passed in 2009
as part of the American Recovery and Reinvestment Act, it gave financial incentives for hospitals
to rapidly deploy electronic health records and offered billions of dollars in incentives for quickly
demonstrating "meaningful use" of EHRs. Combined with the Merit-Based Incentive Payment System used
by Medicare and Medicaid, the HITECH Act forced many health providers to quickly adopt technology
they didn't fully understand. While EHRs have likely improved patient care, they also introduced
technology that care providers couldn't properly secure or support.
Legacy equipment running on old, unsupported, and vulnerable operating systems . Since a large
number of medical systems rely on older versions of Windows-Windows 7, and in many cases, Windows
XP-"there's zero learning curve for an ideological adversary," Corman said. "There's nothing new
to learn." The systems were never intended to be connected to the Internet in many cases-or to any
network at all. Some systems, Corman said, "have such interoperability issues-forget security issues-that
they're so brittle, most hospitals will say that, even if you just do a port scan, you'll crash them-you
don't even need to hack them."
On top of that, some of the legacy medical devices on hospitals' networks now are unpatchable
or unsecurable, and they would have to be completely retired and replaced. The task force recommended
government incentives to get rid of these devices, following a "cash for clunkers" model. But that
may not be effective in luring some health organizations to get rid of them, simply because of the
other costs associated with getting new hardware in. And many of the newer systems they would use
to replace older ones with are still based on legacy software anyway.
A wealth of vulnerabilities, and it only takes one to disrupt patient care. The increased connectivity
of health providers without proper network segmentation and other security measures exposed other
systems that were never meant to touch the network-medical devices powered by embedded operating
systems that may never have been patched and have 20-year lifecycles. According to the task force
report, one legacy medical technology system they documented had more than 1,400 vulnerabilities
on its own. And the exploitation of a single vulnerability on a single system was able to affect
patient care during the Hollywood Presbyterian attack.
Furthermore, because these legacy systems are often based on older, common technologies, virtually
no special set of skills is required to perform such an attack. Basic, common hacking tools could
be used to gain access and wreak havoc. This is
demonstrated in attacks like the one at MedStar hospitals in Maryland last March, in which an
old JBoss vulnerability was exploited (likely with an open source tool) to give attackers access
to the medical network's servers.
It was clear to everyone on the task force, Corman noted, that there were no technical barriers
to a "sustained denial of patient care like what happened at Hollywood Presbyterian, on purpose"
at virtually any healthcare facility in the United States. "I said we all make fun of security through
obscurity, but what if that's all we have?" Corman recounted. "Seriously. What if that's all we have?"
Planning for "right of boom"
Given that untargeted and incidental attacks on hospitals have already happened, it seems inevitable
that someone will carry out a targeted attack at some point. Corman said that increases the importance
of doing disaster planning and simulations now to optimize responses, "so we can see who needs to
have control-is it FEMA, the White House, DHS, HHS, the hospitals? We drill with our kids what you're
supposed to do in a fire. Before we have a boom, we need to prioritize simulations, practice, and
disaster planning."
Another part of planning for the post-attack scenario-or "right of boom"-is to make sure that
the right supports are in place to quickly recover. "We need to make sure that we've done enough
scaffolding now so that we can have a more elegant response," Corman said, "because if this looks
like Deepwater Horizon, and we're on the news every night, every week, gushing into the Gulf, that's
going to shatter confidence. If we have a prompt and agile response, maybe we can mitigate the harm."
Sean Gallagher
Sean is Ars Technica's IT Editor. A former Navy officer, systems administrator, and network systems
integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.
"... the group's malware requires AMT to be enabled and serial-over-LAN turned on before it can work. ..."
"... Using the AMT serial port, for example, is detectable. ..."
"... Do people really admin a machine through AMT through an external firewall? ..."
"... Businesses demanded this technology and, of course, Intel beats the drum for it as well. While I understand their *original* concerns I would never, ever connect it to the outside LAN. A real admin, in jeans and a tee, is a much better solution. ..."
When you're a bad guy breaking into a network, the first problem you need to solve is, of course,
getting into the remote system and running your malware on it. But once you're there, the next challenge
is usually to make sure that your activity is as hard to detect as possible. Microsoft has detailed
a
neat technique used by a group in Southeast Asia that abuses legitimate management tools to evade
firewalls and other endpoint-based network monitoring.
The group, which Microsoft has named PLATINUM, has developed a system for sending files -- such
as new payloads to run and new versions of their malware-to compromised machines. PLATINUM's technique
leverages Intel's Active Management Technology (AMT) to do an end-run around the built-in Windows
firewall. The AMT firmware runs at a low level, below the operating system, and it has access to
not just the processor, but also the network interface.
The AMT needs this low-level access for some of the legitimate things it's used for. It can, for
example, power cycle systems, and it can serve as an IP-based KVM (keyboard/video/mouse) solution,
enabling a remote user to send mouse and keyboard input to a machine and see what's on its display.
This, in turn, can be used for tasks such as remotely installing operating systems on bare machines.
To do this, AMT not only needs to access the network interface, it also needs to simulate hardware,
such as the mouse and keyboard, to provide input to the operating system.
But this low-level operation is what makes AMT attractive for hackers: the network traffic that
AMT uses is handled entirely within AMT itself. That traffic never gets passed up to the operating
system's own IP stack and, as such, is invisible to the operating system's own firewall or other
network monitoring software. The PLATINUM software uses another piece of virtual hardware-an AMT-provided
virtual serial port-to provide a link between the network itself and the malware application running
on the infected PC.
Communication between machines uses serial-over-LAN traffic, which is handled by AMT in firmware.
The malware connects to the virtual AMT serial port to send and receive data. Meanwhile, the operating
system and its firewall are none the wiser. In this way, PLATINUM's malware can move files between
machines on the network while being largely undetectable to those machines.
Enlarge / PLATINUM uses AMT's serial-over-LAN (SOL) to bypass the operating system's network
stack and firewall.
Microsoft
AMT has been
under scrutiny recently after the discovery of a long-standing remote authentication flaw that
enabled attackers to use AMT features without needing to know the AMT password. This in turn could
be used to enable features such as the remote KVM to control systems and run code on them.
However, that's not what PLATINUM is doing: the group's malware requires AMT to be
enabled and serial-over-LAN turned on before it can work. This isn't exploiting any flaw in
AMT; the malware just uses the AMT as it's designed in order to do something undesirable.
Both the PLATINUM malware and the AMT security flaw require AMT to be enabled in the first place;
if it's not turned on at all, there's no remote access. Microsoft's write-up of the malware expressed
uncertainty about this part; it's possible that the PLATINUM malware itself enabled AMT-if the malware
has Administrator privileges, it can enable many AMT features from within Windows-or that AMT was
already enabled and the malware managed to steal the credentials.
While this novel use of AMT is useful for transferring files while evading firewalls, it's not
undetectable. Using the AMT serial port, for example, is detectable. Microsoft says that
its own Windows Defender Advanced Threat Protection can even distinguish between legitimate uses
of serial-over-LAN and illegitimate ones. But it's nonetheless a neat way of bypassing one of the
more common protective measures that we depend on to detect and prevent unwanted network activity.
potato44819 , Ars Legatus Legionis
Jun 8, 2017 8:59 PM Popular
"Microsoft says that its own Windows Defender Advanced Threat Protection can even distinguish
between legitimate uses of serial-over-LAN and illegitimate ones. But it's nonetheless a neat
way of bypassing one of the more common protective measures that we depend on to detect and prevent
unwanted network activity."
It's worth noting that this is NOT Windows Defender.
Windows Defender Advanced Threat Protection is an enterprise product.
This is pretty fascinating and clever TBH. AMT might be convenient for sysadmin, but it's proved
to be a massive PITA from the security perspective. Intel needs to really reconsider its approach
or drop it altogether.
"it's possible that the PLATINUM malware itself enabled AMT-if the malware has Administrator
privileges, it can enable many AMT features from within Windows"
I've only had 1 machine that had AMT (a Thinkpad T500 that somehow still runs like a charm despite
hitting the 10yrs mark this summer), and AMT was toggled directly via the BIOS (this is all pre-UEFI.)
Would Admin privileges be able to overwrite a BIOS setting? Would it matter if it was handled
via UEFI instead? 1810 posts | registered 8/28/2012
Always on and undetectable. What more can you ask for? I have to imagine that and IDS system at
the egress point would help here. 716 posts | registered 11/14/2012
Using SOL and AMT to bypass the OS sounds like it would work over SOL and IPMI as well.
I only have one server that supports AMT, I just double-checked that the webui for AMT does not
allow you to enable/disable SOL. It does not, at least on my version. But my IPMI servers do allow
someone to enable SOL from the web interface.
But do we know of an exploit over AMT? I wouldn't think any router firewall would allow packets
bound for an AMT to go through. Is this just a mechanism to move within a LAN once an exploit
has a beachhead? That is not a small thing, but it would give us a way to gauge the severity of
the threat.
Do people really admin a machine through AMT through an external firewall? 178 posts
| registered 2/25/2016
Hi there! I do hardware engineering, and I wish more computers had serial ports. Just because
you don't use them doesn't mean their disappearance is "fortunate".
Just out of curiosity, what do you use on the PC end when you still do require traditional serial
communication? USB-to-RS232 adapter? 1646 posts | registered 11/17/2006
This PLATINUM group must be pissed about the INTEL-SA-00075 vulnerability being headline news.
All those perfectly vulnerable systems having AMT disabled and limiting their hack. 175 posts
| registered 8/9/2002
Intel AMT is a fucking disaster from a security standpoint. It is utterly dependent on security
through obscurity with its "secret" coding, and anybody should know that security through obscurity
is no security at all.
Businesses demanded this technology and, of course, Intel beats the drum for it as well. While
I understand their *original* concerns I would never, ever connect it to the outside LAN. A real
admin, in jeans and a tee, is a much better solution.
Hopefully, either Intel will start looking into improving this and/or MSFT will make enough noise
that businesses might learn to do their update, provisioning in a more secure manner.
Nah, that ain't happening. Who am I kidding? 1644 posts | registered 3/31/2012
But do we know of an exploit over AMT? I wouldn't think any router firewall would allow packets
bound for an AMT to go through. Is this just a mechanism to move within a LAN once an exploit
has a beachhead? That is not a small thing, but it would give us a way to gauge the severity
of the threat. Do people really admin a machine through AMT through an external firewall?
The interconnect is via W*. We ran this dog into the ground last month. Other OSs (all as far
as I know (okay, !MSDOS)) keep them separate. Lan0 and lan1 as it were. However it is possible
to access the supposedly closed off Lan0/AMT via W*. Which is probably why this was caught in
the first place.
Note that MSFT has stepped up to the plate here. This is much better than their traditional silence
until forced solution. Which is just the same security through plugging your fingers in your ears
that Intel is supporting. 1644 posts | registered 3/31/2012
But do we know of an exploit over AMT? I wouldn't think any router firewall would allow packets
bound for an AMT to go through. Is this just a mechanism to move within a LAN once an exploit
has a beachhead? That is not a small thing, but it would give us a way to gauge the severity
of the threat. Do people really admin a machine through AMT through an external firewall?
The catch would be any machine that leaves your network with AMT enabled. Say perhaps an AMT managed
laptop plugged into a hotel wired network. While still a smaller attack surface, any cabled network
an AMT computer is plugged into, and not managed by you, would be a source of concern. 55 posts
| registered 11/19/2012
Serial ports are great. They're so easy to drive that they work really early in the boot process.
You can fix issues with machines that are otherwise impossible to debug.
This is pretty fascinating and clever TBH. AMT might be convenient for sysadmin, but it's proved
to be a massive PITA from the security perspective. Intel needs to really reconsider its approach
or drop it altogether.
"it's possible that the PLATINUM malware itself enabled AMT-if the malware has Administrator
privileges, it can enable many AMT features from within Windows"
I've only had 1 machine that had AMT (a Thinkpad T500 that somehow still runs like a charm
despite hitting the 10yrs mark this summer), and AMT was toggled directly via the BIOS (this
is all pre-UEFI.) Would Admin privileges be able to overwrite a BIOS setting? Would it matter
if it was handled via UEFI instead?
I'm not even sure it's THAT convenient for sys admins. I'm one of a couple hundred sys admins
at a large organization and none that I've talked with actually use Intel's AMT feature. We have
an enterprise KVM (raritan) that we use to access servers pre OS boot up and if we have a desktop
that we can't remote into after sending a WoL packet then it's time to just hunt down the desktop
physically. If you're just pushing out a new image to a desktop you can do that remotely via SCCM
with no local KVM access necessary. I'm sure there's some sys admins that make use of AMT but
I wouldn't be surprised if the numbers were quite small. 273 posts | registered 5/5/2010
Hi there! I do hardware engineering, and I wish more computers had serial ports. Just because
you don't use them doesn't mean their disappearance is "fortunate".
Just out of curiosity, what do you use on the PC end when you still do require traditional serial
communication? USB-to-RS232 adapter?
We just got some new Dell workstations at work recently. They have serial ports. We avoid the
consumer machines. 728 posts | registered 9/23/2011
Physical serial ports (the blue ones) are fortunately a relic of a lost era and are nowadays
quite rare to find on PCs.
Not that fortunately.. Serial ports are still very useful for management tasks. It's simple and
it works when everything else fails. The low speeds impose little restrictions on cables.
Sure, they don't have much security but that is partly mitigated by them usually only using
a few metres cable length. So they'd be covered under the same physical security as the server
itself. Making this into a LAN protocol without any additional security, that's where the problem
was introduced. Wherever long-distance lines were involved (modems) the security was added at
the application level.
"... Targeting telco and ISP systems administrators goes well outside the bounds of "national security."
These people aren't suspected terrorists. They're just people inconveniently placed between the NSA
and its goal of " collecting it all ." ..."
"... The NSA's own documents say that QUANTUMHAND "exploits the computer of a target that uses Facebook."
The man-on-the-side attack impersonates a server , not the site itself. The NSA denies impersonating,
but that's not what The Intercept said or what its own documents state. This animated explanation, using
the NSA's Powerpoint presentation, shows what the attack does -- it tips the TURBINE servers, which
then send the malware payload before the Facebook servers can respond. ..."
"... To the end user, it looks as though Facebook is just running slowly. ..."
"... When the NSA says it doesn't impersonate sites, it truly doesn't. It injects malware by beating
Facebook server response time. It doesn't serve up faux Facebook pages; it simply grabs the files and
data from compromised computers. ..."
"... The exploit is almost wholly divorced from Facebook itself. The social media site is an opportunity
for malware deployment, and the NSA doesn't need to impersonate a site to achieve its aims. This is
the NSA maintaining deniability in the face of damning allegations -- claiming something was said that
actually wasn't and resorting to (ultimately futile) attempts to portray journalists as somehow less
trustworthy than the agency. ..."
"... At this point, the mere fact that the NSA denies doing something is almost enough to convince
me that they are doing it. I'm trying not to be paranoid. They just make it so difficult. ..."
"... considering how much access they seemed to have I think it is entirely possible for them to
do that. And the criminal energy to do it definitely there as well. ..."
"... And there is still the question if Facebook and similar sites might be at least funded, if
not run by intelligence agencies altogether. If that is the case that would put this denial in an entirely
different light. It would read "We don't impersonate companies. We ARE the companies."... ..."
"... Max level sophistry. I wonder if anyone at the NSA even remembers what the truth is, it's been
coated in so many layers of bullshit. ..."
"... As for its "national security directive," it made a mockery of that when it proudly announced
in its documents that "we hunt sys admins." ..."
The recent leaks published at Glenn Greenwald's new home, The Intercept, detailed the NSA's
spread of malware around the world, with a stated goal of sabotaging "millions" of computers.
As was noted then, the NSA hadn't issued a comment. The GCHQ, named as a co-conspirator, had already
commented, delivering the usual spiel about legality, oversight and directives -- a word salad that
has pretty much replaced "no comment" in the intelligence world.
The NSA has now issued a formal statement on the leaks, denying everything -- including something
that wasn't even alleged. In what has become the new "no comment" on the NSA side, the words "appropriate,"
"lawful" and "legitimate" are trotted out, along with the now de rigueur accusations that everything
printed (including, apparently, its own internal documents) is false.
Recent media reports that allege NSA has infected millions of computers around the world with
malware, and that NSA is impersonating U.S. social media or other websites, are inaccurate. NSA
uses its technical capabilities only to support lawful and appropriate foreign intelligence operations,
all of which must be carried out in strict accordance with its authorities. Technical capability
must be understood within the legal, policy, and operational context within which the capability
must be employed.
First off, for the NSA to claim that loading up "millions" of computers with malware is somehow targeted
(and not "indiscriminate") is laughable. As for its "national security directive," it made a mockery
of that when it proudly announced in its documents that "we hunt sys admins."
Targeting telco and ISP systems administrators goes well outside the bounds of "national security."
These people aren't suspected terrorists. They're just people inconveniently placed between the NSA
and its goal of "
collecting it all ."
Last, but not least, the NSA plays semantic games to deny an accusation that was never made, calling
to mind Clapper's denial of a
conveniently horrendous translation of a French article on its spying efforts there.
NSA does not use its technical capabilities to impersonate U.S. company websites.
This "denial" refers to this portion of The Intercept's article.
In some cases the NSA has masqueraded as a fake Facebook server, using the social media site
as a launching pad to infect a target's computer and exfiltrate files from a hard drive... In
one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook
server. When a target attempts to log in to the social media site, the NSA transmits malicious
data packets that trick the target's computer into thinking they are being sent from the real
Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA
is able to hack into the targeted computer and covertly siphon out data from its hard drive.
The NSA's own documents say that QUANTUMHAND "exploits the computer of a target that uses Facebook."
The man-on-the-side attack impersonates a server , not the site itself.
The NSA denies impersonating, but that's not what The Intercept said or what its own documents
state. This animated explanation, using the NSA's Powerpoint presentation, shows what the attack
does -- it tips the TURBINE servers, which then send the malware payload before the Facebook servers
can respond.
To the end user, it looks as though Facebook is just running slowly.
When the NSA says it doesn't impersonate sites, it truly doesn't. It injects malware by beating
Facebook server response time. It doesn't serve up faux Facebook pages; it simply grabs the files
and data from compromised computers.
The exploit is almost wholly divorced from Facebook itself. The social media site is an opportunity
for malware deployment, and the NSA doesn't need to impersonate a site to achieve its aims. This
is the NSA maintaining deniability in the face of damning allegations -- claiming something was said
that actually wasn't and resorting to (ultimately futile) attempts to portray journalists as somehow
less trustworthy than the agency.
NSA does not use its technical capabilities to impersonate U.S. company websites.
At this point, the mere fact that the NSA denies doing something is almost enough to convince
me that they are doing it. I'm trying not to be paranoid. They just make it so difficult.
Anonymous Coward , 14 Mar 2014 @ 9:48am
Re: Denial = Confirmation?
considering how much access they seemed to have I think it is entirely possible for them
to do that. And the criminal energy to do it definitely there as well.
By now you have to assume the worst when it comes to them, and once the truth comes out it
tends to paint and even worse picture then what you could imagine.
And there is still the question if Facebook and similar sites might be at least funded,
if not run by intelligence agencies altogether. If that is the case that would put this denial
in an entirely different light. It would read "We don't impersonate companies. We ARE the companies."...
I can not stress this poster's sentiment, as well as voiced in the article itself, of the CHILDISH
semantic games the alphabet spooks will play... they WILL (metaphorically speaking) look you straight
in the eye, piss on your leg, and INSIST it is raining; THEN fabricate evidence to 'prove' it
was rain...
In my readings about the evil done in our name, with our money, *supposedly* to 'protect and
serve' us, by the boys in black, you can NOT UNDERESTIMATE the most simplistic, and -to repeat
myself -- CHILDISH ways they will LIE AND DISSEMBLE...
They are scum, they are slime, they are NOT the best and the brightest, they are the worst
and most immoral...
YOU CAN NOT OVERSTATE THEIR MORAL VACUITY...
we do NOT deserve these pieces of shit...
Anonymous Coward , 14 Mar 2014 @ 11:17am
We know that the NSA, with the cooperation of the companies involved, has equipment co-located
at major backbones and POPs to achieve the goals for QUANTUMHAND, QUANTUMINSERT, and etc.
At what point will we start confronting these companies and pressuring them to discontinue
such cooperation? I know it's no easy task, but just as much as the government is reeling from
all the public pressure, so too will these companies if we press their hands. Make it affect their
bottom line.
Anonymous Coward , 14 Mar 2014 @ 1:49pm
is techdirt an hack target?
this page of your site tries to run scripts from
google
amazonaws
twitter
facebook
ajax.googleapis
techdirt
and install cookies from
techdirt
imigur
and request resources from
rp-api
vimeo
and install/use tracking beacons from
facebook connect
google +1
gravitar
nativo
quantcast
redit
repost.us
scorecard research beacon
twitter button.
...and who knows what else would run if all that was allowed to proceed. (I'm not going to
run them to find out the 2nd level stuff)
for all the great reporting techdirt does on spying/tracking/privacy- you need to get you shit
together already with this site; it seams like you're part of the problem. Please explain the
technical facts as to why these same types of hacks couldn't be done to your readers through this
clusterfuck of off site scripts/beacons/cookies/resources your forcing on people to ignorant to
know how to block them.
As for its "national security directive," it made a mockery of that when it proudly
announced in its documents that "we hunt sys admins."
Well, heck, that's easy. Since the computers of the sys admins are just means to an ends, simply
define "target" in a way that excludes anyone whose computers are compromised as a means to an
end.
Anonymous mouse , 14 Mar 2014 @ 1:56pm
I seem to remember some articles about why people who don't use Facebook are suspect. To wit,
Are these possible signs that the NSA and GHCQ planted those stories?
Anonymous Coward , 14 Mar 2014 @ 3:49pm
The fun has yet to really begin
On April 8th, this year, Microsoft will stop installing new security patches from Windows XP,
leaving computers running it totally vulnerable to such hacks. Anybody want to place bets on the
fact that the alphabet soup agencies of our wonderful gummint are going to be first in line to
exploit them? Just think what NSA could do with 300,000,000+ computers to play with!
"... But the point is that no matter where you turn the stuff is plain ass insecure and the probable most secure is Linux, and of all the distros if you remove the services you don't need, printing, etc.. most secure, and if it isn't perfect well you paid nothing! But most importantly you can control what is shared and communicated with very easy controls. ..."
"... What the NSA did in respect to recently disclosed leaks and congressional oversight in respect to their spying or collecting data upon Americans was wrong, but to be honest? ..."
"... They didn't need to because they could buy better data from Google, Facebook, Microsoft, and the cell companies. ..."
"... Using Linux and Firefox correctly with standard addons for privacy protects you pretty damn well. Just saying, and you can update a computer in less than one agonizing "Don't turn off your computer" screens from Microsoft with yet another Net Framework, Browser edge, Microsoft store, Bing.. all that shit we really just don't F0cking need! ..."
"... Shit is shit, and it was made with the INTENTION of exploitation. Why I'd say that was it's HIGHER purpose, to exploit .. and now of course that sword cuts both ways. The level of bullshit, is equal and proportionate to the level of actual shit. And hell, honesty being at shall we say a premium. folks just can't come out and admit to such things. Why whatever would people think!? So, so many ways, the masses of people, the sea of humanity, has been sold out, and sold down the river. ..."
"... Insecurity cuts both ways: For and against the surveillance state. For anonymity for those who know how to use it, against for everyone else. For those with the right tools, there is freedom in the dark spaces of that insecurity. And a base for rebelion. Think Everyman Hacker vs The Deep State. You should really read Thieves Emporium. It's a primer on where the dots are going delivered using technically-accurate fiction to keep you interested to the last page. ..."
I have sat through about 5 hours of MSFT loading up a VM getting ready to run a
SQL SERVER 2016 lab/VM. I believe nothing except that all tech with the exception
of Linux is pretty f0cked up.
... ... ...
That's just the truth. Most software is such garbage,
designed to leak information for corporate greed, you really have to blame
Microsoft and Google.
Damn, dude, I feel your pain! I have done more than one wipe of my OS and a
fresh install. It sucks.
I am looking to cut the cord, too. Found a nice handset that uses Bluetooth so I can have a
decent convo using my cellphone without actually holding the damned thing up to my skull! Less than
$50 on Amazon.
I guess reading over my comments and the responses is that new tech sucks,
is insecure, old tech sucks and is insecure, and no matter how much you
spend on MSFT it sucks and is insecure. (most people don't know better)
Android is improving an a Linux derivative, but the Google store tyranny has
me thinking getting as bad as MSFT.
But the point is that no matter where
you turn the stuff is plain ass insecure and the probable most secure is
Linux, and of all the distros if you remove the services you don't need,
printing, etc.. most secure, and if it isn't perfect well you paid nothing!
But most importantly you can control what is shared and communicated with
very easy controls.
What the NSA did in respect to recently disclosed
leaks and congressional oversight in respect to their spying or collecting
data upon Americans was wrong, but to be honest?
They didn't need to
because they could buy better data from Google, Facebook, Microsoft, and the
cell companies.
And guess what? Because these systems collect information
that is the basis for leaked information.
Using Linux and Firefox correctly with standard addons for privacy
protects you pretty damn well. Just saying, and you can update a computer
in less than one agonizing "Don't turn off your computer" screens from
Microsoft with yet another Net Framework, Browser edge, Microsoft store,
Bing.. all that shit we really just don't F0cking need!
It's just F0cking redonkulous, and I'm going to cert 2016 and I look at the courseware and I'm
like wtf? Redmond still shilling mobile data from SQL SERVER, as if nobody
got the F0cking message at MSFT that their phones are DEAD!
Or R inside Sql Server, yeah daddy.. I'm going to run some R on SQL SERVER just to buy
some more damn licenses... anybody smart enough for R not dumb enough to buy
lottsa SQL SERVER.. just f0cking saying the dumb shit, additional shit, that
adds really very little value except insecure stuff.
But yeah locked down Ubuntu loads up in about 1/10 the time and more
secure.. and that is a fact.
Excellent excellent points ...
Not as plugged in tech wise as you seem to be,
but understand the hightlights .. Shit is shit, and it was made with the INTENTION of exploitation. Why I'd
say that was it's HIGHER purpose, to exploit .. and now of course that sword
cuts both ways.
The level of bullshit, is equal and proportionate to the level of actual
shit.
And hell, honesty being at shall we say a premium. folks just can't come out
and admit to such things. Why whatever would people think!? So, so many ways,
the masses of people, the sea of humanity, has been sold out, and sold down the
river.
Funny thing is, aside from those on the government dole payroll (which is an
extensive list) lot's of folks will admit to the case, ie; "we been robbed!"
and are starting to wake up to the fact ...
But the ramifications as you have laid out, so simple to see, and
understand, and yet ... Well, like I mentioned, they're fightin for THEIR way of life, and THEIR
freedumbs ... Well done ..
So project the dots. Insecurity cuts both ways: For and against the
surveillance state. For anonymity for those who know how to use it, against
for everyone else.
For those with the right tools, there is freedom in the
dark spaces of that insecurity. And a base for rebelion.
Think Everyman Hacker vs The Deep State.
You should really read Thieves Emporium. It's a primer on where the dots
are going delivered using technically-accurate fiction to keep you interested
to the last page. Not nearly as detailed as your post, nor as specific, but
explains the broad-brush concepts on both sides of the new internet freedom
struggle very well.
"... However, our analysis of the metadata within these patches shows these files were built and digitally signed by Microsoft on February 11, 13 and 17, the same week it had prepared updates for its supported versions of Windows. In other words, Microsoft had fixes ready to go for its legacy systems in mid-February but only released them to the public last Friday after the world was engulfed in WannaCrypt. ..."
And it took three months to release despite Eternalblue leak 16 May 2017 at 01:44, When the WannaCrypt ransomware exploded across the world over the weekend,
infecting Windows systems using a stolen NSA exploit, Microsoft president Brad Smith
quickly blamed the spy agency . If the snoops hadn't stockpiled hacking tools and details of
vulnerabilities, these instruments wouldn't have leaked into the wild, sparing us Friday's cyber
assault, he said.
"This attack provides yet another example of why the stockpiling of vulnerabilities by governments
is such a problem," said Smith.
Speaking of hoarding, though, it's emerged Microsoft was itself stockpiling software – critical
security patches for months.
Around January this year, Microsoft was tipped off by
persons unknown that the NSA's Eternalblue cyber-weapon,
which can compromise pre-Windows 10 systems via an SMBv1 networking bug, had been stolen and was
about to leak into the public domain. In March, Microsoft
emitted security fixes for supported versions of Windows to kill off the SMB vulnerability, striking
Eternalblue dead on those editions.
In April, exactly a month later, an NSA toolkit of
hacking weapons , including Eternalblue, was dumped online by the Shadow Brokers: a powerful
loaded gun was now in the hands of any willing miscreant.
In May, just last week in fact, the WannaCrypt ransomware, equipped with this weapon,
spread
across networks and infected tens of thousands of machines worldwide, from hospital computers
in the UK and Fedex terminals in the US, to railways in Germany and Russia, to cash machines in China.
On Friday night, Microsoft
issued emergency
patches for unsupported versions of Windows that did not receive the March update – namely WinXP,
Server 2003, and Windows 8 RT. Up until this point, these systems – and all other unpatched pre-Windows
10 computers – were being menaced by WannaCrypt, and variants of the software nasty would be going
after these systems in the coming weeks, too.
The Redmond tech giant was praised for issuing the fixes for its legacy Windows builds. It stopped
supporting Windows XP in
April 2014 , and
Server 2003 in
July 2015 , for instance, so the updates were welcome.
However, our analysis of the metadata within these patches shows these files were built and
digitally signed by Microsoft on February 11, 13 and 17, the same week it had prepared updates for
its supported versions of Windows. In other words, Microsoft had fixes ready to go for its legacy
systems in mid-February but only released them to the public last Friday after the world was engulfed
in WannaCrypt.
Here's the dates in the patches:
Windows 8 RT (64-bit x86): Feb 13, 2017 Windows 8 RT (32-bit x86): Feb 13, 2017 Windows Server
2003 (64-bit x86): Feb 11, 2017 Windows Server 2003 (32-bit x86): Feb 11, 2017 Windows XP: Feb
11, 2017 Windows XP Embedded: Feb 17, 2017
The SMBv1 bug is
trivial , by the way: it is a miscalculation from a 32-bit integer to a 16-bit integer that can
be exploited by an attacker to overflow a buffer, push too much information into the file networking
service, and therefore inject malicious code into the system and execute it. Fixing this programming
blunder in the Windows codebase would have been easy to back port from Windows 8 to XP.
If you pay Microsoft a wedge of cash, and you're important enough, you can continue to get security
fixes for unsupported versions of Windows under a custom support license. It appears enterprises
and other organizations with these agreements got the legacy fixes months ago, but us plebs got the
free updates when the house was already on fire.
Smith actually alluded to this in his
blog post over the weekend: "We are taking the highly unusual step of providing a security update
for all customers to protect Windows platforms that are in custom support only , including
Windows XP, Windows 8, and Windows Server 2003." [Italics are ours.]
Money talks
Custom support is a big earner: Microsoft
charged Britain's National Health Service $200 per desktop for year one, $400 for year two and
$800 for a third year as part of its contract. UK Health Secretary Jeremy Hunt cancelled the contract
after a year as a cost-saving measure. The idea was that a year would give NHS trusts time to manage
their upgrades and get modern operating systems, but instead it seems some trusts
preferred
to spend the money not on IT upgrades but on executive remuneration, nicer offices, and occasionally
patient care. Defence Secretary Michael Fallon claimed on Sunday that "less than five per cent of
[NHS] trusts" still use Windows XP.
Naturally, Microsoft doesn't want to kill the goose that lays such lovely golden eggs, by handing
out patches for old gear for free. And supporting a 16-year-old operating system like Windows XP
must be a right pain in the ASCII for its engineers. And we appreciate that computers still running
out-of-date operating systems are probably doing so for a reason – perhaps it's a critical device
or an MRI scanner that can't be upgraded – and thus it doesn't matter if a patch landed in February,
March or May: while every little helps, the updates are unlikely to be applied anyway.
On the other hand, we're having to live with Microsoft's programming mistakes nearly two decades
on, mistakes that Microsoft is seemingly super reluctant to clean up, unless you go the whole hog
and upgrade the operating system.
Most crucially, it's more than a little grating for Microsoft, its executives, and its PR machine,
to be so shrill about
the NSA stockpiling zero-day exploits when the software giant is itself nesting on a pile of
fixes – critical fixes it's keeping secret unless you pay it top dollar. Suddenly, it's looking more
like the robber baron we all know, and less like the white knight in cyber armor.
"... Thus, amid the hysterical propaganda campaign over Russian hacking, Washington has been developing an array of cyber-weapons that have the capability of crippling entire countries. Through the carelessness of the NSA, some of these weapons have now been placed in the hands of criminals. US authorities did nothing to warn the public, much less prepare it to protect itself against the inevitable unleashing of the cyber weapons it itself had crafted. ..."
"... There was no question then of an investigation taking months to uncover the culprit, much less any mystery going unsolved. Putin and Russia were declared guilty based upon unsubstantiated allegations and innuendo. Ever since, the Times ..."
"... Since Trump's inauguration, the Democratic Party has only intensified the anti-Russian propaganda. It serves both as a means of pressuring the Trump administration to abandon any turn toward a less aggressive policy toward Moscow, and of smothering the popular opposition to the right-wing and anti-working class policies of the administration under a reactionary and neo-McCarthyite campaign painting Trump as an agent of the Kremlin. ..."
The cyberattack that hit some 200,000 computers around the world last Friday, apparently using
malicious software developed by the US National Security Agency, is only expected to escalate and
spread with the start of the new workweek.
The cyber weapon employed in the attack, known as "WannaCrypt," has proven to be one of the most
destructive and far-reaching ever. Among the targets whose computer systems were hijacked in the
attack was Britain's National Health Service, which was unable to access patient records and forced
to cancel appointments, treatments and surgeries.
Major corporations hit include the Spanish telecom Telefonica, the French automaker Renault, the
US-based delivery service Fedex and Germany's federal railway system. Among the worst affected countries
were reportedly Russia, Ukraine and Japan.
The weaponized software employed in the attacks locks up files in an infected computer by encrypting
them, while demanding $300 in Bitcoin (digital currency) to decrypt them and restore access.
Clearly, this kind of attack has the potential for massive social disruption and, through its
attack on institutions like Britain's NHS, exacting a toll in human life.
This event, among the worst global cyberattacks in history, also sheds considerable light on issues
that have dominated the political life of the United States for the past 10 months, since WikiLeaks
began its release of documents obtained from the hacked accounts of the Democratic National Committee
and John Podesta, the chairman of Hillary Clinton's presidential campaign.
The content of these leaked documents exposed, on the one hand, the DNC's machinations to sabotage
the presidential campaign of Bernie Sanders, and, on the other, the subservience of his rival, Hillary
Clinton, to Wall Street through her own previously secret and lavishly paid speeches to financial
institutions like Goldman Sachs.
This information, which served to discredit Clinton, the favored candidate of the US military
and intelligence apparatus, was drowned out by a massive campaign by the US government and the corporate
media to blame Russia for the hacking and for direct interference in the US election, i.e., by allegedly
making information available to the American people that was supposed to be kept secret from them.
Ever since then, US intelligence agencies, Democratic Party leaders and the corporate media, led
by the New York Times , have endlessly repeated the charge of Russian hacking, involving
the personal direction of Vladimir Putin. To this day, none of these agencies or media outlets have
provided any probative evidence of Russian responsibility for "hacking the US election."
Among the claims made to support the allegations against Moscow was that the hacking of the Democrats
was so sophisticated that it could have been carried out only by a state actor. In a campaign to
demonize Russia, Moscow's alleged hacking was cast as a threat to the entire planet.
Western security agencies have acknowledged that the present global cyberattack-among the worst
ever of its kind-is the work not of any state agency, but rather of a criminal organization. Moreover,
the roots of the attack lie not in Moscow, but in Washington. The "WannaCrypt" malware employed in
the attack is based on weaponized software developed by the NSA, code-named Eternal Blue, part of
a bundle of documents and computer code stolen from the NSA's server and then leaked by a hacking
group known as "Shadow Brokers."
Thus, amid the hysterical propaganda campaign over Russian hacking, Washington has been developing
an array of cyber-weapons that have the capability of crippling entire countries. Through the carelessness
of the NSA, some of these weapons have now been placed in the hands of criminals. US authorities
did nothing to warn the public, much less prepare it to protect itself against the inevitable unleashing
of the cyber weapons it itself had crafted.
In its report on the global cyberattacks on Saturday, the New York Times stated: "It
could take months to find out who was behind the attacks-a mystery that may go unsolved."
The co-author of these lines was the New York Times chief Washington correspondent David
E. Sanger, who, in addition to writing for the "newspaper of record," finds time to lecture at Harvard's
Kennedy School of Government, a state-connected finishing school for top political and military officials.
He also holds membership in both the Council on Foreign Relations and the Aspen Strategy Group, think
tanks that bring together capitalist politicians, military and intelligence officials and corporate
heads to discuss US imperialist strategy.
All of this makes Sanger one of the favorite media conduits for "leaks" and propaganda that the
CIA and the Pentagon want put into the public domain.
It is worth contrasting his treatment of the "WannaCrypt" ransomware attack with the way he and
the Times dealt with the allegations of Russian hacking in the run-up to and aftermath of
the 2016 US presidential election.
There was no question then of an investigation taking months to uncover the culprit, much less
any mystery going unsolved. Putin and Russia were declared guilty based upon unsubstantiated allegations
and innuendo. Ever since, the Times, serving as the propaganda outlet of the US intelligence
services, has given the lead to the rest of the media by endlessly repeating the allegation of Russian
state direction of the hacking of the Democratic Party, without bothering to provide any evidence
to back up the charge.
With the entire world now under attack from a weapon forged by Washington's cyberwarfare experts,
the hysterical allegations of Russian hacking are placed in perspective.
From the beginning, they have been utilized as war propaganda, a means of attempting to promote
popular support for US imperialism's steady escalation of military threats and aggression against
Russia, the world's second-largest nuclear power.
Since Trump's inauguration, the Democratic Party has only intensified the anti-Russian propaganda.
It serves both as a means of pressuring the Trump administration to abandon any turn toward a less
aggressive policy toward Moscow, and of smothering the popular opposition to the right-wing and anti-working
class policies of the administration under a reactionary and neo-McCarthyite campaign painting Trump
as an agent of the Kremlin.
As soon as DuckDuckGo shows ads and you have Javascript enabled your privacy evaporate the same
way it evaporated in Google, unless you use VPN. But even in this case there are ways to "bound" your
PC to you via non IP based methods.
There are other search engines, browsers, email services, etc. besides those operated by the
giants. DuckDuckGo, protonmail, and the Opera browser (with free built-in VPN!) work well for
me.
The problem is, if these other services ever do get popular enough, the tech giants will either
block them by getting their stooges appointed to Federal agencies and regulating them out of existence,
or buy them.
I've been running from ISP acquisitions for years, as the little guys get bought out I have
to find an even littler one.
Luckily I've found a local ISP, GWI, that I've used for years now. They actually came out against
the new regulations that would allow them to gather and sell their customers' data. Such anathema
will probably wind up with their CEO publicly flayed for going against all that is good and holy
according to the Five Horsemen.
WannaCrypt may be exclusively a problem for Windows users, but the worm/virus combination could hit
a Mac user with a Boot Camp partition or Windows virtual machines in VMware Fusion, Parallels, or
other software. If you fit that bill and haven't booted your Windows system since mid-March or you
didn't receive or install Microsoft's vital security update (MS17-010) released at that time, read
on.
It's critical that you don't start up a Windows XP or later installation that's unpatched and
let it connect to the Internet unless you're absolutely sure you have the SMB file-sharing service
disabled or firewall or network-monitoring software installed that will block any attempt from an
outside connection.
Also, if you use Windows XP or a few later releases of Windows that are past Microsoft's end of
support since mid-March, you wouldn't have received the security updates that Microsoft was reserving
only for corporate subscribers
until last Friday . At that point, they made these updates generally available. If you booted
any of those systems between mid-March and Friday, you're unprotected as well.
If your Mac is on a network that uses NAT and DHCP to provide private IP addresses, which is most
home networks and most small-office ones, and your router isn't set up to connect the SMB file service
from outside the local private network to your computer (whether Boot Camp or a VM), then the WannaCrypt
worm can only attack your system from other computers on the same network. If they're already patched
or there are no other Windows instances of any kind, you can boot up the system, disable SMBv1, and
apply the patches.
If you don't want to take that chance or you have a system that can be reached from the greater
Internet directly through whatever method (a routable IP or router port mapping to your Mac), you
should disable networking on your computer before restarting into Boot Camp or launching a VM. This
is easy with ethernet, but if you're using Wi-Fi for your Windows instance, you need to unplug your
network from the Internet.
After booting, disable SMBv1. This prevents the worm from reaching your computer, no matter where
it is. Microsoft offers instructions for Windows 7 and later
at this support note . If you have a Windows XP system, the process requires directly editing
the registry, and you will want to install firewall software to prevent incoming connections to SMB
(port 445) before proceeding. The firewall approach is a good additional method for any Windows instance.
Once you've either disabled SMBv1 or have a firewall in place, you can enable network access and
install all the patches required for your release, including MS17-010.
In some cases, you no longer need SMBv1, already known to be problematic, and can leave it disabled.
If for legacy reasons you have to re-enable it, make sure you have both networking monitoring and
firewall software (separately or a single app) that prevents unwanted and unexpected SMB access.
"... Danish firm Heimdal Security warned on Sunday that the new Uiwix strain doesn't include a kill-switch domain, like the one that proved instrumental in minimising the harm caused by WannaCrypt last week, although this is subject to some dispute. ..."
"... Other researchers, including Kevin Beaumont, are also telling us they haven't yet seen a variant of WannaCrypt without a kill switch. ..."
"... Certainly the NSA should have reported it to Microsoft but they apparently didn't ... ..."
"... Implying that Windows 8, and Windows 10 are better than an unmaintained Windows XP SP3 Installation. Which can still do it's job. Probably better than those other Two numbskull OSs. Assuming Microsoft were kind enough to continue supporting it. But, alas that way only madness lay. As XP does not contain Tracker's, and (Cr)App Stores to take your Moneyz. ..."
"... It's clear the NSA intended to not inform Microsoft at all as this was part or their arsenal, a secret tool on their version of a Bat Belt. We must blame the NSA as they developed it, hoarded it and then lost control of it when it got out. This should be an example of how such organisations should not be using such methods. ..."
"... The NSA found it. Kept it secret, then lost the code due to real humans making mistakes or breaking in who discover a pot of "hacker gold" runnable and mature from the fist double click. ..."
"... In my experience with embedded systems there is nothing particularly fancy about the way the PC talks to the special hardware. There is nothing that says it can't be upgraded to say 32 bit Windows 7 or even rewritten for Linux. Much of the code is written in C or Delphi. It would take a bit of work but not impossible. ..."
"... The problem is that like Microsoft the manufacturers have moved on. They are playing with their next big thing and have forgotten about that old stuff. ..."
"... And in a few years it will all be forgotten. Nachi / Blaster anyone? ..."
"... Patching and AV inevitably often is bolting the stable door after horses gone for the first hit. Yet proper user training and proper IT configuration mitigates against almost all zero day exploits. I struggle to think of any since 1991. ..."
"... Firewalls, routers, internal email servers (block anything doubtful), all superfluous services and applications removed, no adhoc sharing. users not administrators, and PROPER training of users. ..."
"... Went to the doctor's surgery this morning. All the computers were down. I queried if they'd been hit with the malware, but apparently it was as a preventative measure as their main NHS trust has been badly hit, so couldn't bring up any records or even know what the wife's blood test was supposed to be for. Next I'm expecting the wife's hospital appt to be canceled due to the chaos it is causing. ..."
"... The answer is not to avoid Windows. It's for our so-called security agencies to get to understand that they are not supposed to be a dirty tricks department collecting weapons for use against others, but that they are supposed to work on our national security - which includes public and private services and businesses as well as the Civil Service. ..."
"... Windows 10 STILL has SMBv1 needlessly enabled by default. Should either be disabled by default or removed all together. Wonder when someone will find another exploitable weakness. Staying secure means turning off protocols you don't need. ..."
"... Instead of that, criminally stupid idots at NHS IT in the affected trusts as well as other enterprises which were hit: 1. Put these unpatchable and unmaintainable machines in the same flat broadcast domain with desktop equipment. There was no attempt at isolation and segmentation whatsoever. ..."
"... Each of these should be a sackable offense for the IT staff in question. ..."
"... Systems vendors to the NHS are borderline criminal. In pharmacy, there are only 1 of 4 mandated systems vendors you can choose. The 3 desktop based ones have so much legacy crap etc that they still only work on windows 7. They also insist on bundling in a machine to just a stupid high cost to a tech illiterate customer base - generally a cut down crappier version of something you could by uin argos for 300 quid they will charge over a grand for. Their upgrade cycles are a f**king joke and their business model makes their customers very reluctant to do so as they have fork out silly money ..."
"... Firstly, a state actor attack would be far better targeted. Stuxnet, for example, actually checked the serial numbers of the centrifuges it targeted to ensure that it only hit ones created in the right date span to impact only those bought by Iran. The vector on this attack, on the other hand, literally just spammed itself out to every available IP address that had port 445 open. ..."
"... most of the original bits of this were actually quite shittily written. Oh sure, there was a genuine bit of high-tech NSA code in there from the shadow broker leak... but there was also a fair load of primitive crap there too. It's a bit like an 16 year old came into possession of an F-16; it was destructive as hell but he didn't really know how to fly it. ..."
"... there's literally 5 different layers of my SMB's security that blocked this (patching, permissions, firewall, commercial AV, VLANs). And we're not exactly cutting-edge - just running best practice. ..."
"... In short, if this was state-backed, then the state in question would have to be somewhere like Honduras, not one of the big-league infosec powers. ..."
"... I read the Malwaretech log (excellent description of why you'd look for a nonexistent domain to determine if you're sandboxed) and thought: OK, so the virus writer should check a randomly generated domain, instead of a fixed one. That way, they can't all be registered, your virus can't be kill-switched the way this one was, and your virus can still tell if it's being run in a sandbox. ..."
"... the code is not proxy aware and the kill switch would not work in well structured environments where the only access to the net is via a configured non transparent proxy. ..."
"... In this case, knowing there are a number of nation state backed cyber defence teams looking into this... they either a) have balls big enough to need a wheelbarrow and believe that they wont get caught no matter what and cyber defence is really too hard to deliver effectively, regardless of backers. or b) that they are insanely stupid and greedy and are not following the news... ..."
"... Given that the only safe/undetected way of laundering the bitcoins will be to buy drugs or guns or other such illegal goods on the darkweb and then turn that into cash by selling it on then the perps are as you say both greedy and insanely (criminally) stupid. ..."
"... If Microsoft had an update channel for security patches only, not unwanted features and M$'s own brand of malware, people would but alot more inclined to stay up to date. ..."
"... Rumors running around that this is Deep State sponsored coming out of various cliques in intelligence agencies in retaliation for the Vault 7 leaks. ..."
15 May 2017 at 09:42, John Leyden
Miscreants have launched a ransomware worm variant that abuses the same vulnerability as the
infamous
WannaCrypt
malware .
Danish firm Heimdal Security
warned
on Sunday that the new Uiwix strain doesn't include a kill-switch domain, like the one that proved
instrumental in minimising the harm caused by WannaCrypt last week, although this is subject to some
dispute.
"As far as I know there's only been two variants (one this morn) and none without [a kill]switch,"
security researcher Dave Kennedy
told El Reg
. Other researchers, including Kevin Beaumont, are also telling us they haven't yet
seen a variant of WannaCrypt without a kill switch.
What isn't in question is that follow-up attacks based on something similar to WannaCrypt are
likely and that systems therefore really need protecting. Black hats might well create a
worm that attacks the same Windows vulnerability more stealthily to install a backdoor on the many
vulnerable systems still out there, for example.
The WannaCrypt ransomware spread to devastating effect last week using worm -like capabilities
that relied on a recently patched vulnerability in Microsoft's SMB file-sharing services (MS17-010).
WannaCrypt used a purloined EternalBlue exploit originally developed by the US National Security
Agency before it was leaked by the Shadow Brokers last month.
WannaCrypt's victims included the National Health Service, Spain's Telefónica and numerous other
organisations across the world. A techie at Telefónica confirmed that the initial infection vector
was a
phishing email . The scale of the attack prompted Microsoft to take the highly unusual step of
releasing patches
for unsupported operating systems , including Windows XP. ®
Re: Inevitable
Don't blame the NSA - anyone could have discovered this issue and weaponized it. Certainly
the NSA should have reported it to Microsoft but they apparently didn't ... who knows.
The real issue here is that Microsoft stopped has patching XP and Vista systems in an attempt
to force users to upgrade -- that's where the real money is in these vulnerabilities. So who's
going to make out like a bandit from WannaCry et al? Expect Microsoft Win 10 share to increase
over the next few months - they are the real winners here.
Your Comment: "Yes, the NSA is criminal for making these immoral and unlawful cyber weapons..."
Unlawful? By what law, specifically? (NOTE: Title 10 and Title 50 authorities directly - and
legally - trump certain US laws.) As an analogy - It's not "illegal" for a policeman to speed
to catch up to a criminal. It's not "illegal" for the NSA to create tools to compromise computers.
You can argue all day as to whether it is illegal to DEPLOY tools, once created, against CERTAIN
computers, but I don't think you have a leg to stand on calling the fact that NSA *creates* such
a tool - if they even did create one themselves - in any way an illegal act.
Implying that Windows 8, and Windows 10 are better than an unmaintained Windows XP SP3 Installation.
Which can still do it's job. Probably better than those other Two numbskull OSs. Assuming Microsoft
were kind enough to continue supporting it. But, alas that way only madness lay. As XP does not
contain Tracker's, and (Cr)App Stores to take your Moneyz.
"Don't blame the NSA - anyone could have discovered this issue and weaponized it. Certainly
the NSA should have reported it to Microsoft but they apparently didn't ... who knows."
It's clear the NSA intended to not inform Microsoft at all as this was part or their arsenal,
a secret tool on their version of a Bat Belt. We must blame the NSA as they developed it, hoarded
it and then lost control of it when it got out. This should be an example of how such organisations
should not be using such methods.
The only way Microsoft knew about this and patched this was because the NSA lost control of
the code to ShadowBrokers who then reported it to Microsoft giving them enough time to roll out
a patch before a public release.
As you correctly say, anyone could have developed code that exploits the flaw. But who detected
that flaw first? So who should have the social responsibility to improve the "cyber" defense of
at least their own nation by disclosing such a flaw?
The NSA found it. Kept it secret, then lost the code due to real humans making mistakes or
breaking in who discover a pot of "hacker gold" runnable and mature from the fist double click.
For this very reason Apple, correctly, refused to create a version of iOS that could be installed
on an iphone to weaken the pin entry screen to allow the FBI entry. Apple knew they could not
simply trust that this hacked version of iOS could be kept under control.
"blaming a commercial company for not patching a 13 year"
I think blaming and criticising a company that sold you buggy vulnerable crap and refuses to
fix bugs because someone else didn't find and advise them of them soon enough is entirely justified.
I have some compilers from a company with a policy that finding a bug in an obsolete unsupported
version of the compiler entitles you to a free upgrade to a current supported version. That would
be the policy of a decent company (which Microsoft clearly isn't). Of course Microsoft's current
supported version being a piece of shit that no one wants would stymie such a policy.
Re: So you're blaming a commercial company for not patching a 13 year old OS?
In my experience with embedded systems there is nothing particularly fancy about the way the
PC talks to the special hardware. There is nothing that says it can't be upgraded to say 32 bit
Windows 7 or even rewritten for Linux. Much of the code is written in C or Delphi. It would take
a bit of work but not impossible.
The problem is that like Microsoft the manufacturers have moved on. They are playing with their
next big thing and have forgotten about that old stuff.
What is needed is a commitment from the manufacturers to either support the gear for 30 years
or share the code and the schematics. Obviously a consideration would be required from the buyer,
I don't see why they should do that for free.
The easiest thing would be to keep XP going and Microsoft will do that if you pay them. The
next thing would be to fit each XP system with a hardware firewall. Don't expect XP to protect
itself, put a packet sniffing firewall in between.
You could look at an event such as that of the last few days as the Internet's version of a wildfire.
In the short run some damage is done but in the long run the fire's job is to clear out dead wood
and enable the regrowth of a stronger, healthier ecosystem. Short term pain for long term gain.
"We've installed the MS security patch, we've restored from back-up. Everything's OK now".
Papworth NHS Trust has had something like 16 of these ransomware attacks in the last 12 months,
and hasn't done anything. It is going to take a lot more than this to change management attitudes.
No, because very few organisations and users will learn the real lessons.
Patching and AV inevitably often is bolting the stable door after horses gone for the first
hit. Yet proper user training and proper IT configuration mitigates against almost all zero day
exploits. I struggle to think of any since 1991.
Firewalls, routers, internal email servers (block anything doubtful), all superfluous services
and applications removed, no adhoc sharing. users not administrators, and PROPER training of users.
I wish! The idiots who think it's fine to run XP are paid ten times more than me and they'll
still be in the same role this time next year. They'll be no getting rid of dead wood, just more
winging it and forcing underpaid Techies to work more weekends after more screw ups.
Its surely incredible that a lone pizza stuffed actor could get immediate access to the worm
and spend a night before he spotted the 'call home' vector? Is that really that hard? And beat
the best resourced detection agencies worldwide?
Surely every IT detective agency including GCHQ would have sandboxed it on first sight, thrown
their best at it if only to beat their friends across the pond, to save Jeremy Hunt & Mother Theresa's
bacon just ahead of a new funding opportunity (aka new government).
It all smells not only of pizza but planted news. And if it is genuine what on earth are we
paying this organisation and every anti-virus firm for?
Re: Experts all giving advice how how to stay secure
Went to the doctor's surgery this morning. All the computers were down. I queried if they'd
been hit with the malware, but apparently it was as a preventative measure as their main NHS trust
has been badly hit, so couldn't bring up any records or even know what the wife's blood test was
supposed to be for. Next I'm expecting the wife's hospital appt to be canceled due to the chaos
it is causing.
I wonder if we can get a go-fund-me page set up to hire someone to track down this hacker scum
and take out a hit on them? A bullet to the brain may give other scumbags something to think about.
Re: Experts all giving advice how how to stay secure
The answer is not to avoid Windows. It's for our so-called security agencies to get to understand
that they are not supposed to be a dirty tricks department collecting weapons for use against
others, but that they are supposed to work on our national security - which includes public and
private services and businesses as well as the Civil Service.
The fact that May and Rudd seem totally unable to get what could go wrong post-Snowden suggests
that when one of them became PM, a school somewhere missed the bullet of a particularly anal retentive
geography teacher.
Re: Experts all giving advice how how to stay secure
Actually Windows 10 was affected, but because it patches more aggressively the March fix was
already applied to must unless they had different WSUS settings in a business/edu environment.
Re: Experts all giving advice how how to stay secure
Windows 10 STILL has SMBv1 needlessly enabled by default. Should either be disabled by default
or removed all together. Wonder when someone will find another exploitable weakness. Staying secure
means turning off protocols you don't need.
I have a dual boot laptop that has not booted to Windows since before March - I need to review
what services it has enabled to make it a bit more secure before I connect it to the Internet
to download latest patches.
Patching and anti-virus software take time to apply after a vulnerability has been discovered.
That can be too late.
Re: Experts all giving advice how how to stay secure
Some people do not have any choice. When the X-ray machines in the affected hospital trusts
were bought using Windows XP (or even 2001) imaging software, that was state of the art. The issue
is that the life of a piece of equipment like this vastly exceeds the lifespan of the OS that
was used for the control system. On top of that, quite often these cannot be patched as the software
is written so badly that it will work only with a specific patch-level of the core OS.
That CAN and SHOULD be mitigated by:
0. Considering each and every one of those a Typhoid Mary in potentia
2. Preventing any communication except essential management and authentication/authorization
going out
3. Providing a single controlled channel to ship out results to a location which we CAN maintain
and keep up to date.
Instead of that, criminally stupid idots at NHS IT in the affected trusts as well as other
enterprises which were hit:
1. Put these unpatchable and unmaintainable machines in the same flat broadcast domain with
desktop equipment. There was no attempt at isolation and segmentation whatsoever.
2. In some cases allowed use of unrelated desktop applications (at ridiculously ancient patch-levels)
such as Outlook or even Outlook Express.
3. Opened file sharing on the machines in question.
Each of these should be a sackable offense for the IT staff in question.
Re: Experts all giving advice how how to stay secure
It's more than incompetent IT people and way worse and virtually impossible to fix.
There is a lot of niche or specialist custom software used in the nhs that can only work on
XP and ie 6 period. Most of the people who wrote are dead or retired etc
Systems vendors to the NHS are borderline criminal. In pharmacy, there are only 1 of 4 mandated
systems vendors you can choose. The 3 desktop based ones have so much legacy crap etc that they
still only work on windows 7. They also insist on bundling in a machine to just a stupid high
cost to a tech illiterate customer base - generally a cut down crappier version of something you
could by uin argos for 300 quid they will charge over a grand for. Their upgrade cycles are a
f**king joke and their business model makes their customers very reluctant to do so as they have
fork out silly money
for a new shit machine just cos their vendors tells they have to .. our superdupa crap shit
fuck software will only work on a machine we provide. Emis/proscript have alot to answer for ..
Lots of the staff and their employers are basically proud of being a digital numbskull. "I
am healthcare professional, why should i have to know anything about this" and the drones are
so poorly paid / bitched at incessantly about everything they just have an" i dunno i just work
here, that's not my job attitude" I have to screenshare to train people how to use our websites
.. this means i have to get them stick a url into their browser, that's it ... you have no idea
how many can't do that .. then get all offended when i ask them what browser they are using ..
"i don;t know, why should i know that, i just use google" is always the response .. when half
the nhs work force doesn't know what a f**king browser is and peversely proud of the fact they
can't type a url into a brower address bar, how on earth are we ever going to hav any sunnvbnf0ijgogjrnb;vzjnav;kjnnf;kqgfnjv;jnf;jjvn;w
Data Security has turned into one of these tick box things, everyone has dire warning, you
will be fined loads of money for doing something wrong that you don't understand and actively
don't want to understand so no one gives a f**k as long as they can say they ticked the right
boxes.
Firstly, a state actor attack would be far better targeted. Stuxnet, for example, actually
checked the serial numbers of the centrifuges it targeted to ensure that it only hit ones created
in the right date span to impact only those bought by Iran. The vector on this attack, on the
other hand, literally just spammed itself out to every available IP address that had port 445
open.
Second, US retaliation would almost certainly involve using a few zero-days. If you want to
prove that you have vastly more power than your opponent, then you want to do something that literally
resembles friggin' magic from his point of view. You want to show him that he can do nothing whatsoever
to defend his critical infrastructure from your attacks. This did not; nothing in this hadn't
already been discovered and patched. If the best thing the US can throw at Russia could be taken
out by just switching on your WSUS server in the past three months, then there's no point even
doing it because it would make them look weak, not strong.
Thirdly, and most importantly, most of the original bits of this were actually quite shittily
written. Oh sure, there was a genuine bit of high-tech NSA code in there from the shadow broker
leak... but there was also a fair load of primitive crap there too. It's a bit like an 16 year
old came into possession of an F-16; it was destructive as hell but he didn't really know how
to fly it.
I've just finished in a webinar on the incident, and there's literally 5 different layers of
my SMB's security that blocked this (patching, permissions, firewall, commercial AV, VLANs). And
we're not exactly cutting-edge - just running best practice.
In short, if this was state-backed, then the state in question would have to be somewhere like
Honduras, not one of the big-league infosec powers.
I can't help thinking that announcing the discovery of the kill switch might not have been
a good idea.
And you should see the number of downvotes I got in another thread for suggesting exactly that.
Another commentator stated (if I understood him correctly) that the "public announcement" was
more or less irrelevant because security experts' chatter on blogs would have given the game away
anyway.
In turn that made me think along the lines of " FFS what sort of security experts swap notes
on blogs that may be / almost certainly are open to being read by the hackers "
I think I despair... if the above is true then there is simply no hope.
points out, it was quite possibly not an intentional kill switch.
Some malware probes for the existence of a selection of randomly generated domains. Some sandbox
VMs respond to all DNS lookups by providing back the IP address of the sandbox VM instance. If
the malware sees a positive response to the DNS lookups (which should fail), then the logic is
that it is probably running in a sandbox VM, which may well be being used to analyse/investigate
the malware, so the malware stops running.
The single lookup of the unusual domain name was possibly a poor implementation of this technique.
Alternatively, it is an intentional kill switch, used during development, with a local DNS
server on the malware developer's LAN, the function of which was to prevent infection of other
devices on the same LAN. If anyone keeps records of DNS lookups, it might be interesting to see
where the first lookups came from.
@Norman Nescio : "...The single lookup of the unusual domain name was possibly a poor implementation
of this [sandbox detection] technique."
I read the Malwaretech log (excellent description of why you'd look for a nonexistent domain
to determine if you're sandboxed) and thought: OK, so the virus writer should check a randomly generated domain, instead of a fixed one. That
way, they can't all be registered, your virus can't be kill-switched the way this one was, and
your virus can still tell if it's being run in a sandbox.
Except the folks creating sandboxes might take the precaution of checking the domain. Instead
of returning a valid result for any garbage domain, check to see if it's been registered first.
Suddenly, the virus can no longer tell that it's running in a sandbox.
Except then, the virus author checks four or five valid domains; if they all return identical
results, you know you're running in a sandbox. (Reading further, I see that this method is actually
used in some cases.)
Except that _then_, the sandbox authors do some revisions so that seemingly accurate results
are returned that are actually remapped by the sandbox code.
This is all outside my area of expertise. Still, I could see a nearly endless cycle of fix/counter-fix
going on here.
Ransome code is not proxy aware, kill switch won't work in most enterprises.
the code is not proxy aware and the kill switch would not work in well structured environments
where the only access to the net is via a configured non transparent proxy.
Enterprises will need to think a bit harder about how they ensure the kill switch is effective
this time. The miscreants wont make this same mistake next time.
Talking about the kill switch is good, wouldn't have taken the miscreants long to work out
something was not right anyway.
What is the motivation here? Is all it seems to be...
<Black Helicopter Icon>
Ransomware usually works on a relatively widespread basis but usually SMB, and domestic users.
Big organisations and governments, generally are defended (although clearly some well publicised
exceptions)
The beneficiaries are usually relatively safe as law enforcement cannot usually be bothered
to investigate and the cash rolls in for the most desperate victims.
In this case, knowing there are a number of nation state backed cyber defence teams looking
into this... they either a) have balls big enough to need a wheelbarrow and believe that they
wont get caught no matter what and cyber defence is really too hard to deliver effectively, regardless
of backers. or b) that they are insanely stupid and greedy and are not following the news...
Or is this already a state backed exercise from somewhere and is simply a global experiment
at our expense? The fact the original flaw was used by the NSA is not really relevant, it simply
got it publicity but was clearly available for a long time.
Re: What is the motivation here? Is all it seems to be...
Given that the only safe/undetected way of laundering the bitcoins will be to buy drugs
or guns or other such illegal goods on the darkweb and then turn that into cash by selling it
on then the perps are as you say both greedy and insanely (criminally) stupid. No doubt they'll
have their comeuppance shortly - without being "caught" by any nation state backed cyber
defense
team - probably up some dark alley being stiffed by gangbangers.
In light of this threat I just got around to patching a somewhat neglected Windows 7 PC. And
now it's got a message from Microsoft (falsely) saying it's not genuine. It may not be registered
but it's certainly a legitimately purchased copy. So far it's just a tiny message in the corner
of the screen but who knows what else it'll do. I don't have time for this. Guess I'll roll back
the update and take my chances.
This bullshit is what I blame more than anything, even the NSA, for outbreaks like this. If
Microsoft had an update channel for security patches only, not unwanted features and M$'s own
brand of malware, people would but alot more inclined to stay up to date.
Everything else is gravy for the attackers. Rumors running around that this is Deep State sponsored
coming out of various cliques in intelligence agencies in retaliation for the Vault 7 leaks.
The scum are obviously in hiding - either on a luxury yacht on the Black Sea or in a basement
somewhere. I'd hazard a guess it is the latter. There must be other scum in the same racket who
know who the are. I wonder if they have earned any street creds for what they did?
- chaos (not really)
- financial bonanza (nope)
- media attention (big win)
- shit disturbing (yep - mostly stirred the NSA and Microsoft)
- rattle some chains (mostly IT departments)
- peer envy (I doubt it)
Their reward beyond the $30K they collected will be prison (blackmail and extortion are felonies).
Re: So the haul from this little operation is currently what $60K?
This is a fairly typical ratio of realized proceeds of crime to cost of crime and prevention
measures. The economic case for crime reduction is overwhelming. But it's easier said than done.
People are creative, even (especially?) criminals.
Its a sign of the times that no government is actually interested in Universal security, for the
greater good of human kind. We're at a point where everything is now based online, and everyone
in the world is connected.
The internet has removed the idea of 'borders' in the traditional sense!! I don't have to get
on a plane to Italy, to see Italy. I can log onto remote cameras and a host of other online services,
which mean I can be in the country without having to physically be in the country!
The NSA wasn't even bothered about protecting their own country... They didn't release this
data, to allow the problem to be solved. If I were American I would be Pissed that my own government
has been complicit in this entire debacle by keeping this quiet, and didn't release the information
to the wider security community when they found the holes!!
If your doctor found you had terminal cancer, but they had a product that would guaranteed
slowing of the cancer or entire removal of the disease then you would expect them to tell you
wouldn't you?! But when the shady NSA finds a potentially life threatening exploit, they keep
it to themselves?!... the middle letter of NSA stands for SECURITY for effs sake!!
There is no such thing as trust anymore between so called 'allies' as the NSA has just proved.
It has also proved that life is worthless to them. This is clearly due to their inability to see
the bigger picture of what they have A. Created, and B. Allowed to be released into the wild!!
Yes someone in their bedroom could have found the exploit, but that's a bedroom hacker/cracker.
But you put pretty much unlimited resources and man power behind a department, then they are clearly
going to come up with the exploit a billion times faster than a sole agent. Or even a collective
of agents separated over the globe.
So all this stupidity that the NSA shouldn't be held accountable should be rethought. Because
they CLEARLY are at fault here, for NOT DISCLOSING THE INFORMATION LAST YEAR!!!
"... At a minimum, Microsoft clearly should have provided the critical update in March to all its users, not just those paying extra. Indeed, " pay extra money to us or we will withhold critical security updates " can be seen as its own form of ransomware. ..."
"... This attack happened because the US Government didn't do it's job. It's primary task is national defense. It kept a vulnerability to itself to attack foreigners instead of protecting it's own infrastructure, businesses and individuals. The government had these tools taken and passed around for everyone to use. And crap like this is why governments can never be allowed to have backdoors. The secrets will always get out. Everyone is vulnerable. ..."
"... There are more than enough XP users in the world for Microsoft to dedicate resources and turn a profit supporting it. Arbitrary sunset dates disconnected from reality of who is still using software amount to nothing more than sales tools intended to extort upgrade revenue.... buy this or get owned. ..."
"... I personally don't believe vendors should be allowed to walk away from safety defects in products in order to make money on upgrades. Buffer overflows are entirely preventable classes of software failures. It is a tractable problem to solve. That it may not be in the case of XP isn't the end users problem. ..."
"... XP was far easier to lock down and fully secure than 8 or 10 with that bullshit telemetry, and it had far fewer hardware restrictions. It is smaller and faster and more capable at most of my tasks than most modern systems (example: I use ManyCam 3.0.80 - 2000/XP-Era multi-cam software. Runs like a champ on XP with 4 webcams, I go 7 [Ultimate] or higher, I can no longer use more than 2 webcams despite the software having the ability to access them and me having more than enough USB bandwidth for the uncompressed video streams.) ..."
"... Most real IT pros know that XP was far superior to the locked-down and (quite often) over-optimized (as in the optimizations go so far as to make the code more complex and actually runs slower due to shit like cache misses and what not) bullshit that is anything after Windows 7. ..."
"... Forever support isn't reasonable, but at the same time vendors using security update channels to push unwanted upgrades for the benefit of the vendor is equally bad. ..."
"... They already exist. They're called routers. Network routers can be configured to provide great deal of protection to machines that are older and cannot be patched. Many contain firewall software. Even simple ones can be configured to block traffic on vulnerable ports. ..."
"... Abandoning Operating Systems is a cruel trick played by vendors who want the new revenue from upgrades...no matter what the cost in lost-business, learning-curves, and incompatibilities with existing practices may be to the customers.. Spending money on maintaining the security (even excluding features) of superceded products distracts from development of improved products, and is not in the vendors' self-interest. ..."
"... do those devices NEED internet connection? serious question as i don't know. if not, no problem ..."
"... Bad car analogy. Firstly many old cars are banned from using critical infrastructure like highways (or in some cases any roads) for their obvious threat to third parties and their owners. ..."
In the
aftermath of ransomware spread
over the weekend, Zeynep Tufekci, an associate professor at the School of Information and
Library Science at the University of North Carolina, writes an opinion piece for The New York
Times:
In its defense, Microsoft probably could point out that its operating systems have
come a long way in security since Windows XP, and it has spent a lot of money updating old
software, even above industry norms.
However, industry norms are lousy to horrible, and it is reasonable to expect a company
with a dominant market position, that made so much money selling software that runs critical
infrastructure, to do more.
Microsoft supported Windows XP for over a decade before finally putting it to sleep.
In the wake of ransomware attacks, it stepped forward to release a patch --
a move that
has been lauded by columnists. That said, do you folks think it should continue to push
security updates to older operating systems as well?
acoustix ( 123925 ) on Monday May 15, 2017 @01:01PM (#54419597)
Wrong Approach (Score:2)
This attack happened because the US Government didn't do it's job. It's primary task is
national defense. It kept a vulnerability to itself to attack foreigners instead of protecting
it's own infrastructure, businesses and individuals. The government had these tools taken and
passed around for everyone to use. And crap like this is why governments can never be allowed
to have backdoors. The secrets will always get out. Everyone is vulnerable.
WaffleMonster ( 969671 ) on Monday May 15, 2017 @12:09PM (#54419177)
Artificial scarcity (Score:2)
There are more than enough XP users in the world for Microsoft to dedicate resources
and turn a profit supporting it. Arbitrary sunset dates disconnected from reality of who is
still using software amount to nothing more than sales tools intended to extort upgrade
revenue.... buy this or get owned.
I personally don't believe vendors should be allowed to walk away from safety defects
in products in order to make money on upgrades. Buffer overflows are entirely preventable
classes of software failures. It is a tractable problem to solve. That it may not be in the
case of XP isn't the end users problem.
jrifkin ( 100192 ) on Monday May 15, 2017 @11:55AM (#54419015)
Yes. It's like vaccinations (Score:2)
If the number of older systems is large enough, then Yes, Microsoft should release patches
for them.
They should do this for two reasons:
1) Reducing the number of infected systems helps protect others from infections
2) It protects the innocent, like those whose Medical Care was interrupted in the UK, from
collateral damage.
Who pays for it? Microsoft. They have benefited from the sale of all those systems, and
certainly have enough cash to divert some to supported old but prevalent systems. Also, the
fact that people still use MS systems, even if they're old, benefits MS in some way by helping
them maintain market share (and "mindshare"). Odds are that these systems will eventually be
replaced by more MS systems, representing future revenue for MS.
Khyber ( 864651 ) <[email protected]> on Monday May 15, 2017 @11:50AM (#54418981) Homepage
Journal
Re: Silly idea (Score:2)
"I think there is clearly one party at fault, and it is IT."
Why so? XP was far easier to lock down and fully secure than 8 or 10 with that bullshit
telemetry, and it had far fewer hardware restrictions. It is smaller and faster and more
capable at most of my tasks than most modern systems (example: I use ManyCam 3.0.80 -
2000/XP-Era multi-cam software. Runs like a champ on XP with 4 webcams, I go 7 [Ultimate] or
higher, I can no longer use more than 2 webcams despite the software having the ability to
access them and me having more than enough USB bandwidth for the uncompressed video streams.)
Most real IT pros know that XP was far superior to the locked-down and (quite often)
over-optimized (as in the optimizations go so far as to make the code more complex and
actually runs slower due to shit like cache misses and what not) bullshit that is anything
after Windows 7.
swb ( 14022 ) on Monday May 15, 2017 @12:20PM (#54419293)
It's an existential problem (Score:2)
Forever support isn't reasonable, but at the same time vendors using security update
channels to push unwanted upgrades for the benefit of the vendor is equally bad.
My guess is that we're going to be getting to the end of the road of the "nasty, brutish
and short" state of nature in the software industry and start seeing more regulations.
Vendors will be able to EOL their products, but will also have to supply security updates
for N years after the product is officially ended. Vendors will be required to maintain a
security update channel which may not be used for pushing upgrades or unrequested new
products.
An interesting solution would be to let vendors "expire" a version by inserting a patch
that boots the OS at a warning page requiring a firm verbal commitment ("I agree this is
obsolete") before booting any further. Vendors would be REQUIRED to do this for operating
systems they had obsoleted but only after their N years of post-EOL support had ended.
This way, nobody escapes the product being EOL. Customers can still use it, but must
affirmatively acknowledge it is obsolete. Vendors are required to keep supporting it for a
really long time after official EOL, but they can kill it more completely but only after the
EOL support period.
Anonymous Coward on Monday May 15, 2017 @10:44AM (#54418429)
No (Score:5, Insightful)
No. You can't support legacy software forever. If your customers choose to stay with it
past it's notified EOL then they are SOL. Any company using XP that got hit by this can only
blame themselves.
jellomizer ( 103300 ) on Monday May 15, 2017 @10:48AM (#54418451)
Re:No (Score:4, Insightful)
I will need to agree with conditions. If the Tech company is selling service contracts for
that product, they will need to update it. However like XP and older, where the company isn't
selling support, and had let everyone know that it off service, they shouldn't need to keep it
updated. Otherwise I am still waiting for my MS DOS 6 patch as it is still vulnerable to the
stoner virus.
AmiMoJo ( 196126 ) <mojo AT world3 DOT net> on Monday May 15, 2017 @12:11PM (#54419217)
Homepage Journal
Re:No (Score:4, Insightful)
The people providing support should be the ones making MRI scanners, ATMs and other expensive
equipment that only works with XP. Even when XP was brand new, did they really expect those
machines to only have a lifetime of around 10 years? Microsoft was clear about how long
support was going to be provided for.
It seems that people are only just waking up to the fact that these machines have software and
it needs on-going maintenance. The next decade or two will be littered with software bricked
but mechanically sound hardware, everything from IoT lightbulbs to multi-million Euro medical
equipment.
In fact it's already happening. You can buy DNA sequencers on eBay, less than a decade old and
original price $500,000, now barely worth the shipping because the manufacturer abandoned
support.
number6x ( 626555 ) on Monday May 15, 2017 @12:18PM (#54419269)
They already exist (Score:4, Insightful)
They already exist. They're called routers. Network routers can be configured to
provide great deal of protection to machines that are older and cannot be patched. Many
contain firewall software. Even simple ones can be configured to block traffic on vulnerable
ports.
In this case, a router could be configured to keep the SMB port (445) blocked. A router,
with updated software, and a firewall gateway can help protect even older devices with
embedded code that may no longer be supported.
Of course, it goes to say, that you must keep the router's software updated and not use
default credentials on the router.
The NHS decided to not upgrade many old systems because the threat was deemed minimal.
Offices were urged to upgrade but funds were not made available and infrastructure budgets
were cut again and again. Multiple bad decisions led to this result.
Many things could have prevented it. Better funding, better threat assessment, the NSA
informing Microsoft of the vulnerability so it could have been patched years ago, and on and
on...
In the end we are here, and hopefully threats will be re-prioritized and better protections
will be put in place in the future (I could not keep a straight face while typing that and
finally burst out laughing).
bugs2squash ( 1132591 ) on Monday May 15, 2017 @10:45AM (#54418433)
Don't be silly (Score:2)
this did not need to be fixed with an OS patch, it could have been prevented with better
network security policies. I would be surprised if someone hadn't said something about
addressing the vulnerability earlier but probably got ignored because of some budgetary issue.
It would be more reasonable to call for continued money to be made available to address
these vulnerabilities after a system has gone into production and a move to use more open
source solutions where users can share patches.
CAOgdin ( 984672 ) on Monday May 15, 2017 @11:07AM (#54418613)
I recommend a Subscription model... (Score:3)
Abandoning Operating Systems is a cruel trick played by vendors who want the new revenue
from upgrades...no matter what the cost in lost-business, learning-curves, and
incompatibilities with existing practices may be to the customers.. Spending money on
maintaining the security (even excluding features) of superceded products distracts from
development of improved products, and is not in the vendors' self-interest.
Given that a new Operating system (retail) is in the $100-$150 range, I'd propose "Life
Extension" service subscription, solely for security updates in the $30-35/year range...with a
required minimum of 10,000 customers to keep maintaining the service. That provides enough
revenue ($1,000,000+ per annum) to support a small, dedicated staff.
Frankly, there's no reason that a M$ couldn't engage in a Joint Venture with a small
qualified, independent security firm to provide the service, with special access to
proprietary information within the O.S. vendor.
It would be an investment in the rehabilitation of the O.S. vendors' reputation, because M$
has gotten quite high-handed in recent years, dictating (or even forcing) software on
unwilling customers.who have existing businesses to run.
ToTheStars ( 4807725 ) on Monday May 15, 2017 @11:29AM (#54418801)
What if we tied support to copyright? (Score:5, Interesting)
Slashdot generally doesn't like ludicrously-long copyright terms, right? What if we made
maintenance a requirement for retaining copyright over software? If Microsoft (or whoever)
wants to retain a copyright on their software for 70 years, then they'd better be prepared to
commit to 70 years of support. If they want to EOL it after 5 years or 20 years or whatever,
and wash their hands of responsibility, that's fine, but then it's public domain. Why should
we let companies benefit from software they don't support anymore?
This could also work for art works, as well -- because copyright exists "To promote the
Progress of Science and useful Arts," we could make it a requirement that an author (or
company, or whatever) needs to be distributing (or licensing for distribution) a work to have
copyright on it. When it's out of print, it enters the public domain.
Hartree ( 191324 ) on Monday May 15, 2017 @11:07AM (#54418625)
Yes, because WinXP was never killed off. (Score:2)
It also lives on in many scientific instruments. An old mass spec that runs XP (or even
older. I regularly maintain X Ray diffraction machines that still run DOS) usually can still
do the day to day job just fine. The software usually hasn't been supported for many years and
won't run on anything newer. But replacing the instrument could cost a large amount of money
(250K or up in many cases).
Research budgets aren't growing and I work for a university in a state that can't pass a
budget. We just don't have the money to throw out older systems that work well just because
the software is outdated. We just take them off the network and use other means to get the
data transferred off of them.
ganjadude ( 952775 ) on Monday May 15, 2017 @11:37AM (#54418873) Homepage
Yes, because WinXP was never killed off. (Score:2)
do those devices NEED internet connection? serious question as i don't know. if not, no
problems
DontBeAMoran ( 4843879 ) on Monday May 15, 2017 @11:22AM (#54418727)
Re:Bitcoin is the problem (Score:2)
Because ransomware did not exist before Bitcoin. :rolleyes:
jellomizer ( 103300 ) on Monday May 15, 2017 @11:12AM (#54418661)
Re:Silly idea (Score:2)
What happens if a still used software isn't owned by anyone any more. The Company is out of
business, There is no source code available. There is a point where the end user has some
responsibility to update their system. Like the Model-T they may still keep it, and use it for
a hobby, but knowing full well if you take it on the Highway and get in an accident you are
probably going to get killed.
thegarbz ( 1787294 ) on Monday May 15, 2017 @12:08PM (#54419169)
Re:Silly idea (Score:3)
Bad car analogy. Firstly many old cars are banned from using critical infrastructure
like highways (or in some cases any roads) for their obvious threat to third parties and their
owners.
Also this isn't hobbies we're talking about. No one gives a crap if someone's Model T toy
breaks down, just like no one will cry about the Windows XP virtual machine I play with at
home.
The only complaints are against critical services, internet connected machines that operate
and provide livelihoods for the owners. If the software isn't owned by anyone, ... well I'm
sure the owner provided an unbiased risk assessment as to whether they should migrate to
something that is supported by someone right? Didn't think so.
The end user has 100% of the responsibility, and dollars don't change that.
WannaCry offers free decryption for some random number of files in the folder C:\Intel\<random
folder name>\f.wnry. We have seen 10 files decrypted for free.
In the first step, the malware checks the header of each encrypted file. Once successful, it calls
the decryption routine, and decrypts all the files listed in C:\Intel\<random folder name>\ f.wnry.
A code snippet of the header check:
The format of the encrypted file:
To decrypt all the files on an infected machine we need the file 00000000.dky, which contains
the decryption keys. The decryption routine for the key and original file follows:
Bitcoin activity
WannaCry uses three Bitcoin wallets to receive payments from its victims. Looking at the payment
activity for these wallets gives us an idea of how much money the attackers have made.
The current statistics as of May 13 show that not many people have paid to recover their files:
Wallet 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
Wallet 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Wallet 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
The attackers appear to have earned a little over BTC 15.44 (US$27,724.22). That is not much considering
the number of infected machines, but these numbers are increasing and might become much higher in
the next few days. It's possible that the sink holing of two sites may have helped slow things down:
"Cyber criminals may believe they are anonymous but we will use all the tools at our disposal
to bring them to justice," said Oliver Gower from the National Crime Agency.
The expert, known only as MalwareTech on Twitter, said hackers could upgrade the virus. "Version
1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw,"
he said on
Twitter . "You're only safe if you patch ASAP."
On Sunday, Microsoft issued a security bulletin marked "critical" including security updates that
it said "resolves vulnerabilities in Microsoft Windows".
It emerged over the weekend that NHS Digital last month emailed 10,000 individuals in NHS organisations
warning them to protect themselves against the specific threat of ransomware and included a software
patch to block such hacks on the majority of systems. However, it would not work with outdated Windows
XP systems that still run on about 5% of NHS devices.
NHS Digital said it did not yet know how many organisations installed the update and this would
be revealed in a later analysis of the incident.
... ... ...
Amber Rudd, the home secretary, who is leading the response to the attack, said the same day:
"I don't think it's to do with ... preparedness. There's always more we can all do to make sure we're
secure against viruses, but I think there have already been good preparations in place by the NHS
to make sure they were ready for this sort of attack."
In a blog post late Sunday, Microsoft President Brad Smith appeared to tacitly acknowledge
what researchers had already widely concluded: The ransomware attack leveraged a hacking tool,
built by the US National Security Agency, that leaked online in April.
He also poured fuel on a long-running debate over how government intelligence services should
balance their desire to keep software flaws secret – in order to conduct espionage and cyber
warfare – against sharing those flaws with technology companies to better secure the internet.
"This attack provides yet another example of why the stockpiling of vulnerabilities by
governments is such a problem," Smith wrote. He added that governments around the world should
"treat this attack as a wake-up call" and "consider the damage to civilians that comes from
hoarding these vulnerabilities and the use of these exploits."
The NSA and White House did not immediately respond to requests for comment about the Microsoft
statement.
A general view of the Dharmais hospital in Jakarta, Indonesia May 14, 2017. REUTERS/Darren
Whiteside
The Dharmais hospital in Jakarta was targeted by the Wannacry "ransomware" worm. Photo:
Reuters/Darren Whiteside
US President Donald Trump on Friday night ordered his homeland security adviser, Tom Bossert, to
convene an "emergency meeting" to assess the threat posed by the global attack, a senior
administration official told Reuters.
Senior US security officials held another meeting in the White House Situation Room on Saturday,
and the FBI and the National Security Agency were working to help mitigate damage and identify
the perpetrators of the massive cyber attack, said the official, who spoke on condition of
anonymity to discuss internal deliberations.
The investigations into the attack were in the early stages, however, and attribution for
cyberattacks is notoriously difficult.
The original attack lost momentum late on Friday after a security researcher took control of a
server connected to the outbreak, which crippled a feature that caused the malware to rapidly
spread across infected networks.
Infected computers appear to largely be out-of-date devices that organizations deemed not worth
the price of upgrading or, in some cases, machines involved in manufacturing or hospital
functions that proved too difficult to patch without possibly disrupting crucial operations,
security experts said.
Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm
to spread across networks, a rare and powerful feature that caused infections to surge on Friday.
Code for exploiting that bug, which is known as "Eternal Blue," was released on the internet last
month by a hacking group known as the Shadow Brokers.
The head of the European Union police agency said on Sunday the cyber assault hit 200,000 victims
in at least 150 countries and that number would grow when people return to work on Monday.
International investigators hunted for those behind an unprecedented cyber-attack that
affected systems in dozens of countries, including at banks, hospitals and government agencies, as
security experts sought to contain the fallout.
The assault, which began on Friday and was being described as the biggest-ever cyber ransom attack,
struck state agencies and major companies around the world - from Russian banks and British hospitals
to FedEx and European car factories.
"The recent attack is at an unprecedented level and will require a complex international investigation
to identify the culprits," said Europol, Europe's police agency. Europol said a special task force at its European Cybercrime Centre was "specially designed to
assist in such investigations and will play an important role in supporting the investigation".
The attacks used ransomware that apparently exploited a security flaw in Microsoft operating systems,
locking users' files unless they pay the attackers a designated sum in the virtual currency Bitcoin. Images appeared on victims' screens demanding payment of $300 in Bitcoin, saying: "Ooops, your
files have been encrypted!" Payment is demanded within three days or the price is doubled, and if none is received within
seven days the files will be deleted, according to the screen message.
But experts and government alike warn against ceding to the hackers' demands. "Paying the ransom does not guarantee the encrypted files will be released," the US Department
of Homeland Security's computer emergency response team said.
Mikko Hypponen, chief research officer at the Helsinki- based cyber security company F-Secure,
told AFP it was the biggest ransomware outbreak in history, saying that 130,000 systems in more than
100 countries had been affected.
... .... ....
French police said there were "more than 75,000 victims" around the globe, but cautioned that the number could increase "significantly".
on May 12, called "encryption" (Wannacry) "worm" blackmail software in large-scale spread around
the world.The software using the Windows SMB services vulnerabilities, documents, pictures, etc.
Of computer implementation of high-strength encryption, and ransom.Currently, including universities,
energy and other important information system, more class user attack, have serious security threat
to China's Internet network.
a, infected host emergency isolation methods given WannaCry worm has
a great risk, all the known infected host must isolate their work from the current network.
in view of the file has been damaged by worms, as of 2017/5/14 haven't found any effective means
to restore.To prevent further spread worms, it is forbidden to infected host any file copy to other
host or device, it is strictly forbidden to known infected host to access any network.
2, important documents emergency handling methods in order to ensure the important document is
not destroyed by WannaCry worms, minimize loss, all uninfected hosts or ban on uncertain whether
infected host.
the type host need to adopt the method of physical copy for processing, i.e., the host opens by
the professionals, remove all the hard disk where important files, and use the external devices mounted
to determine uninfected hosts will be copied.
to prevent secondary infection, copy the file must be in the isolation zone for processing.
it is strictly forbidden to hard disk may be infected by the IDE and SATA motherboard interface
mounted directly to the copy machine, in order to prevent the copying machine use the hard disk boot,
leading to possible infection.
existing in the network, have access to all Windows host should adopt the method of important
file backup.
after the physical copy process, in accordance with the: three, host, emergency detection strategy
is used to detect the emergency treatment.
the temporary absence of these conditions or because of some must be switched on, it is important
to ensure keep access to the Internet boot in out of the office network environment (such as 4 g
networks, ordinary broadband, etc.), at the same time must be the entire keep clear of the Internet.(access
to the Internet standard for success: can open the following web site in the browser, and see the
content as shown: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
)
for classified machine cannot access to the Internet, make sure the web server, network configuration
and the domain name resolution to access the Intranet server.
the Intranet server home page must return the following contents:
sinkhole. Tech - where the bots party hard and the researchers harder. & lt;!- h4 - & gt;At the
end of the temporary boot process, shutdown and physical copy process.
3, host, emergency detection strategies in view of the physical copy after the host, to make the
following treatment:
test be mounted hard drive Windows directory, see if there are files: mssecsvc. Exe, if there
are infected.
in view of the host other boot, check whether there is a file system disk Windows directory: mssecsvc.
Exe.Check whether there is a service in the system mssecsvc2.0 (see specific operation at the end
of this section).Any one is exists to prove that is infected.
for there is a firewall with other logging equipment in the network, check whether there is in
the log of domain name: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, if any, prove the existence
of network within the infected host.In view of the infected host detect, be sure to at the end of
the physical copy process format for all the hard disk.
similar to the host if there is a backup before 2017/4/13, full recovery operations can be performed
(including system disk as well as other all), a backup after this time may have been infected, not
for recovery.
in view of the network known to exist the infected host, prohibit open closed host, at the same
time to physical copies of the host process.For the host has been switched on, immediately shut down,
and the physical copy process.Attachment: the method of inspection service:
Windows + R key to open the "run" window:
input services. MSC enter, open the service administration page:
check all items in the" name "column, there mssecsvc2.0 suggests that infected.
4, uninfected hosts emergency defense strategy
to an infected host, there are four emergency defense strategy.
one strategy as the most effective means of defense, but takes longer.Other strategies for temporary
solution for unable to implement strategies for temporary use.
application strategy two or three in the host will not be able to access the network sharing,
please carefully use.
in no immediate application strategy and suggestion first application strategy four temporary
defence.No matter use what kind of temporary strategy, all must be application strategy as soon as
possible in order to achieve complete defense.
under 10 version for Windows host, suggest to upgrade to Windows 10 and update to the latest version
of the system.Because of the situation cannot upgrade, be sure to use an emergency defense strategy
for defense.
strategy one: install MS17-010 system patches
according to the system version, install patches MS17-010.With Windows 7 and above can be gained
through the automatic updates to install all patches, Windows xp, Windows 2003 and Windows vista
can be gained by installing temporary tools provided with the document.
by professionals using the following command to close loopholes related services:
sc stop LmHosts
sc stop lanmanworkstation
sc stop LanmanServer
sc config LmHosts start = DISABLED
sc config lanmanworkstation start = DISABLED
sc config LanmanServer start = DISABLE
strategy 3: configure the firewall ban vulnerabilities related port
for Windows 2003 or Windows xp system, click on the start menu, and open the "control panel".
double click the" Windows firewall "option in control panel, click on the" exception "TAB,
and uncheck the" file and printer sharing ", and click ok.
for Windows 7 and above system, click on the start menu, open the control panel, click on the"
system and security "" Windows firewall".
in Windows firewall configuration page, click the" allow the procedure or function through
Windows firewall "option, click at the top of the" change Settings ":
in the list to find" file and printer sharing "checkbox, uncheck the, click ok in the end.
strategy 4: use the vulnerability defense tool
360 company provides tools for temporary immune defense worm, this tool can be downloaded in the
360 site.
directly to perform this tool can be simple to defence, every time to restart the host must perform
this tool again.
5, emergency public server and network security defense strategy
on public server (such as web sites, public system, etc.) most can connect to the Internet, for
Windows server 2008 r2 and higher versions, suggested that open system "automatically update" function,
and install all patches.
for Windows server 2003, you can choose four, uninfected hosts emergency strategy of defense strategy
for defense, at the same time Suggestions as soon as possible to upgrade to higher version of the
server (such as Windows 2008 r2).
according to the internal network, need to ensure the safety of the host of the case to prevent
possible infection.
without using the sharing function, but on firewalls, routers and other equipment 445 port access
is prohibited.
since this worm using domain name: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com as "switch",
instantly attacks when unable to access the domain name.Therefore, the ban on the network security
devices such as firewall and IPS intercept this domain name, otherwise it will trigger the infected
host encryption process, cause irreparable damage.
use Intranet private DNS, be sure to configure the domain analysis, and point to survive in the
Intranet web server.The Intranet server home page should be returned the following contents:
sinkhole. Tech - where the bots party hard and the researchers harder.
& lt;!- h4 - & gt;
net letter tianjin municipal party committee office, network security and information technology
evaluation center
Renault said on Saturday it had halted
manufacturing at plants in Sandouville, France, and Romania to prevent the spread of
ransomware in its systems.
Among the other victims is a Nissan manufacturing plant in Sunderland, northeast
England, hundreds of hospitals and clinics in the British National Health Service,
German rail operator Deutsche Bahn and International shipper FedEx Corp
A Jakarta hospital said on Sunday that the cyber attack had infected 400 computers,
disrupting the registration of patients and finding records. The hospital said it
expected big queues on Monday when about 500 people were due to register.
'Ransom' paymentsmay rise
Account addresses hard-coded into the malicious WannaCry software code appear to show
the attackers had received just under US$32,500 in anonymous bitcoin currency as of 1100
GMT on Sunday, but that amount could rise as more victims rush to pay ransoms of US$300
or more to regain access to their computers, just one day before the threatened deadline
expires.
"I can confirm we've had versions without the kill switch domain connect since yesterday,"
Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on
Saturday.
The NSA (and other ABC agencies that are undoubtedly running the same game plan) are doing
what they are tasked with, finding ways to protect America and America's interests. Using hacking
as a tool to this end is (relatively) new in the old game of spycraft, so there are going to be
a few epic disasters like this before the black ops people start to figure out all the types of
blow back they can experience.
The US was really big on foreign covert action in the 50's, and it took the bay of pigs to
make people realize that there were ways that things could go horribly wrong. That didn't stop
covert action from being used, but I think it was employed more carefully afterwards. Having all
their shiny hacking toys stolen and having this happen is the hacking version of the 'Bay of Pigs'.
Also, while the NSA seems to have compiled a formidable array of exploits and tools to compromise
enemy systems, that doesn't mean that everyone else isn't playing the exact same game. The only
difference between the NSA and EVERY other state intelligence agency on the planet is that they
seem to be able to properly secure their black ops toys. Being one of the largest agencies of
this sort, there are going to be a lot of people in the know. And the more people involved, the
harder it is to keep a secret.
Mind you, that doesn't make this any less tragic or regrettable.
I sort of hope the CIA decides that it is in the US interest to find and vanish anyone connected
with this ransomware to make an example of them. Alas, that sort of thing only happens in implausible
Hollywood scripts.
Remotely exploitable network vulnerabilities shouldn't happen, but there seems no practical
hope that they'll stop anytime soon. It would be negligent of legitimate spy agencies to fail
to search for them and arguably be able to take advantage of them. Imagine you're trying to find
out when an ISIS group is planning a bombing and you discover they're running a messageboard on
a Windows machine with an SMB exploit, do you tell Microsoft to patch the exploit?
You never know which of the vulnerabilities you'll be able to use, but if you dedicate sufficient
resources to finding them and building exploits for them, then there is a good chance you'll be
able to spy on whichever bad guy your agency needs to spy on when the need arises. Getting all
the vendors to patch the exploits you find does limit your own agency's ability to spy but you
have to assume it doesn't impair your enemies as significantly since the enemy doubtless will
have exploits you don't have.
What's the best solution? I suspect the best thing to do is build force-patch worms for every
exploit. If you write an exploit, you should also dedicate resources to the task of writing a
version of the exploit which pressures the owner of the exploited system to fix the problem. So
in this instance, as soon as the attacks started being seen in the wild, the NSA servers should
have launched a MASSIVE attack against any and all systems with the vulnerability which would
disable the vulnerable systems in the least painful ways along with alerting the owners of the
need to update their systems. Instead of getting "your files are encrypted and give hackers bitcoin
to recover" messages, the people with exploitable systems should be seeing warnings like "Your
system has been temporarily patched by the NSA for your own protection, please secure or update
your device to protect it from malicious actors."
The
Hajime botnet [arstechnica.com] may actually already be just the thing I'm describing. I'd
prefer to see the NSA take public responsibility, and I'm doubtful the NSA is actually responsible
for that one, but it is an example of how it could be done.
If I have a vulnerable system, I'd much prefer to see it hacked by the NSA instead of some
ransomware writer. Do I wish it wasn't hackable? Of course, but I accept that anything plugged
into a network might be hackable. I do what I can to protect it from everyone, including the NSA.
It's not that I'm worried about the NSA (because they have the resources to gain physical access
if they really want it) but if I do my best to build secure systems, then it's less likely I'll
wake up to a ransomware message some morning
microsoft is partly guilty in this for sure because A LOT of people have the updates turned
off since the windows 10 debacle, the lies, the telemetry, the diagtrack process, the broken windows
update service that sits iddle consuming 25% of your cpu, etc
but even a monkey like me that hears about the smb vuln, even if i dont know what it means
exactly because im just a user and not an engineer, i could tell it was BAD, so i patched the
living shit out of my computer
sorry but if youve had experiences with blaster, conficker, etc, you should know about this
kind of things already, again, not an engineer at all, but just hearing about it, looking the
ports affected this thing looked really bad
Microsoft told lie after lie after lie about their intentions. There was absolutely no reason
to believe that setting your update threshold to "Critical Only" would save you from an unsolicited
Windows 10 installation.
The only rational course of action for those who didn't want Windows 10 was to turn off Windows
Update entirely. Deny this all you want, but be prepared for justified accusations of victim-blaming.
I'm a doctor in the NHS. It hit my hospital hard. The bosses triggered the MAJAX protocols
meaning everyone off work was called to come in and help. Computers are used for everything, so
blood tests, admissions, scan requests, referrals, all had to be done by hand. The public were
asked to keep away from A+E because hundreds of people were waiting. It was terrifying how little
failsafe infrastructure there was. The hospital just stopped working.
And you use unpatched computers in a hospital WHY?
Because patches are often broken . Imagine these hospitals had applied the patch when Microsoft
released it, but the patch was faulty in some way, and all of the hospital computers went down
as a result. Instead of complaining the hospitals were running unpatched, you and/or many people
like you would be bitching and moaning that they were negligent to install the patch too soon.
Updates from Microsoft frequently include at least one broken patch. There was one update last
year that broke millions of peoples' webcams. There have been several updates that interfered
with settings and reverted them back to default configurations, and several more updates that
seemingly deleted group policy objects that had been configured by the domain administrator. There
was a patch around the new year that inadvertently disabled the DHCP service, despite the update
itself having nothing to do with DHCP. (Things that make you go hmmm.) This particular fuck-up
rendered a lot of machines not only broken, but totally irreparable without manual human intervention,
i.e. dispatching someone clueful to each of your premises to clean up the mess.
Patch deployment in any enterprise environment requires extensive testing. You have to coordinate
with your software vendors to make sure their applications are compatible with the update. If
you install Patch XYZ without first getting approval from Vendor123, you wind up invalidating
your support contracts with them. All of this takes time. In 2016, there were several months
in a row where Microsoft had to un-issue, repair, supersede, and re-release a broken patch
they'd pushed out. Put yourself in the shoes of an admin team who got burned by Windows Update
breaking your systems, especially repeatedly. Are you going to be in any hurry to patch? If you
were bitten by the DHCP bug, do you trust that the "critical SMB patch" really only touches SMBv1,
and isn't going to inexplicably corrupt Office or remove IPV4 connectivity on every computer it
touches?
If the PC your kid plays Minecraft on gets hosed by a broken patch, it's not that big of a
deal. The business world is a different story.
Is that there are still 45k Windows machine that are directly connected to the Internet.
Any Windows machine I manage (mostly very specific medical software and medical machines) are
either VM (and thus behind a firewall and any service proxied to a BSD or Linux host) or airgapped.
1, Microsoft has always had a disclosure that their OS is not suitable for life-critical applications
2. NSA has a dual mission -- the second (neglected) mission is to ensure the security of domestic
computer networks
Officials have claimed in the wake of the global ransomware attack that patient care has been
unaffected despite 45 NHS sites
being hit.
But hospitals across England and Scotland were forced to cancel routine procedures and divert
emergency cases in the wake of the attack, which has shut down access to computers in almost 100
countries. Here, patients and NHS workers reveal how the crisis has affected them.
Bill, a doctor at a hospital in London
I have been unable to look after patients properly. However much they pretend patient safety is
unaffected, it's not true. At my hospital we are literally unable to do any X-rays, which are
an essential component of emergency medicine. I had a patient this evening who we could not do
an X-ray for, who absolutely should have had one. He is OK but that is just one example.
My hospital is good in many ways but the IT system is appalling. I was shocked when I started
in hospital at how bad the systems are. I know the staff will do their very best to keep looking
after everyone, but there are no robust systems in place to deal with blackouts like this, information-sharing
is hard enough in a clinical environment when everything works.
Without the IT systems I suspect test results will be missed, and definitely delayed. Handovers
are much more difficult. It will absolutely certainly impact patient safety negatively, even if
that impact can't be clearly measured. This is basically all the result of chronic underfunding
and crap, short-sighted management.
Theresa, 44, a breast cancer patient from Lincolnshire
I was halfway through my chemotherapy infusion when the attack happened. The treatment finished
without a hitch, but I then had to wait for a couple of hours for my medications to take home.
That's because all drugs have to be checked against prescriptions, and they are all computerised.
The hospital pharmacists worked quickly to produce paper copies, but it still took a while. The
horrible side-effects (nausea, exhaustion, dizziness) kicked in while I was stuck in rush-hour
traffic coming home. Fortunately, I wasn't driving.
There were other patients in the ward waiting to start their chemo whose drugs had been delivered
but again couldn't be checked, so administration was delayed. In some cases treatment had to be
postponed entirely for another day. The oncology nurses and the hospital staff were brilliant
throughout, reassuring patients and doing their best in difficult circumstances. They were also
deeply apologetic, frustrated that they couldn't do their job, and angry that such an act had
put patients treatment – and lives – at risk.
Amber, 40, a community nurse from Essex
We have been unable to check patient information and scheduled visits for this afternoon. I am
working this weekend and had to write down who we may see tomorrow from my own memory. Our own
call centre for community services is in lockdown and unable to receive any information regarding
authorisation for drug changes or referrals. We are also unable to look up patient addresses,
complete any documentation or check test results.
Alun Phillips, 45, a community pharmacist from Merseyside
Doctors in Liverpool have been advised to isolate their computer systems from the wider NHS network.
This has left many of our local surgeries unable to access patient records, which are cloud-based.
Surgeries are unable to issue prescriptions from their systems, most of which are now issued electronically
via the NHS spine. Even if they could, we (community pharmacy) are being advised to not connect
to the spine. We have had quite a few requests from local surgeries to tell them what medication
patient are on, as although they cannot access patient records we still have our copy of the patients'
medication records. We have also made some emergency supplies of medication to patients unable
to access GP services while they are down.
Kyle, 42, a patient from Maidestone
I am waiting for test results after a urine infection and pain in my kidneys. I called the doctors
this afternoon. They said it looks like I need a further prescription but the doctor will need
to call me back. Two hours later I get a call from the doctor advising me that they have had to
shut down their systems due to this hack, and that they can't give me any results till Monday.
I am now worried that my situation is going to get worse without any treatment.
Ben, 37, in the prescription team at a GP surgery in the north
We were unable to process any prescriptions for patients, including urgent requests. As a result
patients could potentially be left without asthma, epilepsy or diabetes medication over the weekend.
We also had a medical emergency on-site and waited over 40 minutes for an ambulance to attend.
Ali, a cardiologist from the north
I am a cardiology registrar. At work, on call for a tertiary cardiology centre. Treating patients
with heart attacks, attending cardiac arrests, seeing sick patients in resus. We are unable to
access to old notes, blood results, x-rays or order vital tests. Blood samples are being sent
to other hospitals. We have one working x-ray viewer for the entire hospital and emergency results
are being rung through already overloaded phone lines. All of which potentially delays vital treatment
and could jeopardise patient safety. Those with life-threatening problems are still receiving
appropriate care. Though this couldn't have happened at a worse time with the weekend looming,
patients are still being looked after safely thanks to the dedication of all the members of staff
at work tonight. It's been a stark reminder of the conditions we worked under over 20 years ago
– and on how reliant on computers we are even to do things as simple as prescribe basic drugs.
Kaley, 30, a receptionist at a large surgery in the north-west
Friday afternoons are usually one of our busiest times at the surgery. With already full clinics
and people ringing for emergency appointments there were five reception staff on duty. There was
no warning that there was anything wrong with the computer systems but at around 3pm the screens
all went black, indicating that the computers had crashed. We had no access to any patient information
for the GPs or nurses. There was no way of checking the patients in. Phones were still ringing.
The computers were down for about an hour but then we were able to get back on. We received notification
that there was a virus affecting the whole of the NHS. The practice manager received a text from
the CCG advising that we should invoke "emergency planning measures". This involves printing lists
out of patients due to attend all clinics from Friday afternoon until Monday afternoon. Then we
had to print out full medical information for each patient as the system was being taken down
to investigate the virus. It's been a difficult afternoon.
Today, May 12th 2017, WikiLeaks publishes "AfterMidnight" and "Assassin", two CIA malware frameworks
for the Microsoft Windows platform.
"AfterMidnight" allows operators to dynamically load and execute malware payloads on a target machine.
The main controller disguises as a self-persisting Windows Service DLL and provides secure execution
of "Gremlins" via a HTTPS based Listening Post (LP) system called "Octopus".
Once installed on a target machine AM will call back to a configured LP on a configurable schedule,
checking to see if there is a new plan for it to execute.
If there is, it downloads and stores all needed components before loading all new gremlins in
memory. "Gremlins" are small AM payloads that are meant to run hidden on the target and either subvert
the functionality of targeted software, survey the target (including data exfiltration) or provide
internal services for other gremlins.
The special payload "AlphaGremlin" even has a custom script language which allows operators to
schedule custom tasks to be executed on the target machine.
"Assassin" is a similar kind of malware; it is an automated implant that provides a simple collection
platform on remote computers running the Microsoft Windows operating system. Once the tool is installed
on the target, the implant is run within a Windows service process. "Assassin" (just like "AfterMidnight")
will then periodically beacon to its configured listening post(s) to request tasking and deliver
results.
Communication occurs over one or more transport protocols as configured before or during deployment.
The "Assassin" C2 (Command and Control) and LP (Listening Post) subsystems are referred to collectively
as" The Gibson" and allow operators to perform specific tasks on an infected target..
...The Barts Health Group, which helps manage some of the largest hospitals in London, said, "
We are experiencing a major IT disruption and there are delays at all of our hospitals. "
Patients had to be turned away from surgeries and appointments at medical facilities throughout
England, and ambulances had to be rerouted to other hospitals as well.
Telefonica, one of the largest telecommunications companies in Spain, was one target, though their
services and clients were not affected, as the malicious software only impacted certain computers
on an internal network.
(vice.com)
49 Posted by EditorDavid on Saturday May 13, 2017 @06:57PM from the wanna-cry-more? dept.
Remember that "kill switch" which
shut down the WannCry ransomware? An anonymous reader quotes Motherboard: Over Friday and
Saturday, samples of the malware emerged without that debilitating feature, meaning that
attackers may be able to resume spreading ransomware even though a security researcher cut off
the original wave. "I can confirm we've had versions without the kill switch domain connect since
yesterday," Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard
on Saturday... Another researcher confirmed they have seen samples of the malware without the killswitch.
Email is one of the main infection methods. Be wary of unexpected emails especially if
they contain links and/or attachments.
Be extremely wary of any Microsoft Office email attachment that advises you to enable macros
to view its content. Unless you are absolutely sure that this is a genuine email from a trusted
source, do not enable macros and instead immediately delete the email.
Backing up important data is the single most effective way of combating ransomware infection.
Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible.
If the victim has backup copies, they can restore their files once the infection has been cleaned
up. However organizations should ensure that back-ups are appropriately protected or stored off-line
so that attackers can't delete them.
Using cloud services could help mitigate ransomware infection, since many retain previous
versions of files, allowing you to "roll back" to the unencrypted form.
After encryption the Trojan then deletes the shadow copies of the encrypted files.
The Trojan drops the following files in every folder where files are encrypted:
•!WannaDecryptor!.exe.lnk
•!Please Read Me!.txt
The contents of the !Please Read Me!.txt is a text version of the ransom note with details of
how to pay the ransom.
The Trojan downloads Tor and uses it to connect to a server using the Tor network.
It then displays a ransom note explaining to the user what has happened and how to pay the ransom.
WannaCry encrypts files with the following extensions, appending .WCRY to the end of the file
name:
Thanks for the forensic deconstruction - a lot more info than the experts on Sky News!
Is it interesting the popup is written in accurate English with the correct use of capitals, commas
and full stops? Plus the grammar is correct. I understand the Italian version has the same grammatical
exactness. So not script kiddies from Chindia? This writers are well educated.
Anton, 10 hours ago
A kill switch already has been found in the code, which prevents new infections. This has been
activated by researchers and should slow the spread.
Colin Hardy, 8 hours ago
agree. Firstly, contain your network (block affected ports in/outbound), also look for compromised
hosts on your network using the various IOCs from the likes of Virus Total and other analysts
blogs. Remediate the machines, and rebuild the network - slowly, carefully and under good supervision!
Colin Hardy, 8 hours ago
this was an awesome find as well. see my new video https://youtu.be/d56g3wahBck
on how you can see it for yourself.
The WannaCry ransomware received and analyzed by US-CERT is a loader that contains an AES-encrypted
DLL. During runtime, the loader writes a file to disk named "t.wry". The malware then uses an embedded
128-bit key to decrypt this file. This DLL, which is then loaded into the parent process, is the
actual Wanna Cry Ransomware responsible for encrypting the user's files. Using this cryptographic
loading method, the WannaCry DLL is never directly exposed on disk and not vulnerable to antivirus
software scans.
The newly loaded DLL immediately begins encrypting files on the victim's system and encrypts the
user's files with 128-bit AES. A random key is generated for the encryption of each file.
The malware also attempts to access the IPC$ shares and SMB resources the victim system has access
to. This access permits the malware to spread itself laterally on a compromised network. However,
the malware never attempts to attain a password from the victim's account in order to access the
IPC$ share.
This malware is designed to spread laterally on a network by gaining unauthorized access to the
IPC$ share on network resources on the network on which it is operating.
References
Malwarebytes LABS: "WanaCrypt0r ransomware hits it big just before the weekend
Malwarebytes LABS: "The worm that spreads WanaCrypt0r"
Microsoft: "Microsoft Security Bulletin MS17-010"
Forbes: "An NSA Cyber Weapon Might Be Behind A Massive Global Ransomware Outbreak"
Reuters: "Factbox: Don't click - What is the 'ransomware' WannaCry worm?"
WanaCryptor 2.0, WannaCry, WCry or WCryp is currently a world-wide ransom-ware outbreak. These
are all versions of Crypto-locker, encrypting victim files and demanding payment via bit-coin.
This vulnerability was patched in the Microsoft March update (MS17-010).
The following links contain information about the exploit that the new malware is using (based
on ETERNAL BLUE) and the fix and temporary workaround for servers and local clients, as well as firewall
configuration recommendations.
SMB v1 is the current exploit mechanism being used for moving within enterprise. Movement has been
detected from Cloud Sync file-share as well. The link contains information on disabling SMBv1 (which
is the only recommended service to disable) via Servers, Powershell, and local Client Firewall Configuration,
Ensure that port 445 is blocked for firewall communications with all exceptions scrutinized
and verified before adding.
India was among the countries worst affected by the Wanna Cry attack, data shared by Kaspersky,
a Russian anti-virus company, showed. According to initial calculations performed soon after the
malware struck on Friday night, around five per cent of all computers affected in the attack were
in India.
Mikko Hypponen, chief research officer at a Helsinki-based cyber security company called F-Secure,
told news agency AFP that the it was the biggest ransomware outbreak in history and estimated that
130,000 systems in more than 100 countries had been affected.
Hypponen added that Russia and India were hit particularly hard, largely because Microsoft's Windows
XP - one of the operating systems most at risk - was still widely used there.
WanaCrypt0r has been most effective-not only does the ransomware loop through every open RDP session
on a system and run the ransomware as that user, but the initial component that gets dropped on systems
appears to be a worm that contains and runs the ransomware, spreading itself using the ETERNALBLUE
SMB vulnerability (
MS17-010
).
The WinMain of this
executable first tries to connect to the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com.
It doesn't actually download anything there, just tries to connect. If the connection succeeds,
the binary exits.
This was probably some kind of kill switch or anti-sandbox technique. Whichever it is, it has
backfired on the authors of the worm, as the domain has been sinkholed and the host in question now
resolves to an IP address that hosts a website. Therefore, nothing will happen on any new systems
that runs the executable. This only applies to the binary with the hash listed above; there may well
be new versions released in the future. UPDATE: The second argument to InternetOpenA is 1 (INTERNET_OPEN_TYPE_DIRECT),
so the worm will still work on any system that requires a proxy to access the Internet, which is
the case on the majority of corporate networks.
... ... ...
[after kill switch check pass] ...
the first thing the worm does is check the number of arguments it was launched with. If it was run
with less than two arguments passed, it installs a service called mssecsvc2.0 with display
name Microsoft Security Center (2.0) Service (where the binary ran is itself with two
arguments), starts that service, drops the ransomware binary located in the resources of the worm,
and runs it.
If it was run with two arguments or more-in other words, if it was run as a service-execution
eventually falls through to the worm function.
This from the author "accidental kill switch discovery" : "I was able to set up a live tracking
map and push it out via twitter (you can still see it
here )." Fascinating...
As of May 13 9 PM worm is still spreading with the date probably a hundred hits per hour, but kill
switch prevents newly found instances from running their own instance of the worm. An interesting
side effect is that if network has proxy that prevent access the kill switch domain then the work will
spread at full speed. So propagation into proxied network with an isolated root server
network can lead to increase in the worm infection rate as kill switch site will not work.
In other words the work is the most dangerous for private networks with the private DNS root.
Notable quotes:
"... When I returned home at about 2:30, the threat sharing platform was flooded with posts about various NHS systems all across the country being hit, which was what tipped me of to the fact this was something big. ..."
"... contrary to popular belief, most NHS employees don't open phishing emails which suggested that something to be this widespread it would have to be propagated using another method) ..."
"... Using Cisco Umbrella, we can actually see query volume to the domain prior to my registration of it which shows the campaign started at around 8 AM UTC. ..."
"... more interestingly was that after encrypting the fake files I left there as a test, it started connecting out to random IP addresses on port 445 (used by SMB). ..."
"... The mass connection attempts immediately made me think exploit scanner, and the fact it was scanning on the SMB port caused me to look back to the recent ShadowBroker leak of NSA exploits containing .an SMB exploit. ..."
So finally I've found enough time between emails and Skype calls to write up on the crazy events
which occurred over Friday, which was supposed to be part of my week off (I made it a total of 4
days without working, so there's that). You've probably read about the WannaCrypt fiasco on several
news sites, but I figured I'd tell my story.
I woke up at around 10 AM and checked onto the UK cyber threat sharing platform where i had been
following the spread of the Emotet banking malware, something which seemed incredibly significant
until today. There were a few of your usual posts about various organisations being hit with ransomware,
but nothing significant yet. I ended up going out to lunch with a friend, meanwhile the WannaCrypt
ransomware campaign had entered full swing.
When I returned home at about 2:30, the threat sharing platform was flooded with posts about various
NHS systems all across the country being hit, which was what tipped me of to the fact this was something
big.
Although ransomware on a public sector system isn't even newsworthy, systems being hit simultaneously
across the country is (contrary to popular belief, most NHS employees don't open phishing emails
which suggested that something to be this widespread it would have to be propagated using another
method). I was quickly able to get a sample of the malware with the help of Kafeine, a good friend
and fellow researcher.
Upon running the sample in my analysis environment I instantly noticed it
queried an unregistered domain, which i promptly registered.
Using Cisco Umbrella, we can actually see query volume to the domain prior to my registration
of it which shows the campaign started at around 8 AM UTC.
... ... ...
While the domain was propagating, I ran the sample again in my virtual environment to be met with
WannaCrypt ransom page; but more interestingly was that after encrypting the fake files I left there
as a test, it started connecting out to random IP addresses on port 445 (used by SMB).
The mass
connection attempts immediately made me think exploit scanner, and the fact it was scanning on the
SMB port caused me to look back to the recent ShadowBroker leak of NSA exploits containing .an SMB
exploit. Obvious I had no evidence yet that it was definitely scanning SMB hosts or using the
leaked NSA exploit, so I tweeted out my finding and went to tend to the now propagated domain.
... ... ...
Now one thing that's important to note is the actual registration of the domain was not on a whim.
My job is to look for ways we can track and potentially stop botnets (and other kinds of malware),
so I'm always on the lookout to pick up unregistered malware control server (C2) domains. In fact
I registered several thousand of such domains in the past year.
Our standard model goes something like this.
Look for unregistered or expired C2 domains belonging to active botnets and point it to our
sinkhole (a sinkhole is a server designed to capture malicious traffic and prevent control of
infected computers by the criminals who infected them).
Gather data on the geographical distribution and scale of the infections, including IP addresses,
which can be used to notify victims that they're infected and assist law enforcement.
Reverse engineer the malware and see if there are any vulnerabilities in the code which would
allow us to take-over the malware/botnet and prevent the spread or malicious use, via the domain
we registered.
In the case of WannaCrypt, step 1, 2 and 3 were all one and the same, I just didn't know it yet.
A few seconds after the domain had gone live I received a DM from a Talos analyst asking for the
sample I had which was scanning SMB host, which i provided. Humorously at this point we had unknowingly
killed the malware so there was much confusion as to why he could not run the exact same sample I
just ran and get any results at all. As curious as this was, I was pressed for time and wasn't able
to investigate, because now the sinkhole servers were coming dangerously close to their maximum load.
I set about making sure our sinkhole server were stable and getting the expected data from the
domain we had registered (at this point we still didn't know much about what the domain I registered
was for, just that anyone infected with this malware would connect to the domain we now own, allowing
us to track the spread of the infection). Sorting out the sinkholes took longer than expected due
to a very large botnet we had sinkholed the previous week eating up all the bandwidth, but soon enough
I was able to set up a live tracking map and push it out via twitter (you can still see it
here ).
Aris Adamantiadis > greggreen29 • 12 hours ago
To be fair, he said himself he thought at some point that registering the domain name triggered
the ransomware instead of disabling it. The story headline would have mentioned "Security research
accidentally armed a ransomware" in that case. His experience told him it was a good thing to
own domains used by C&C, his luck made it that it was a kill switch. I don't think "accidental"
is undeserved in this case.
Whatever, it's good job!
Dave > greggreen29 • 13 hours ago
The media is filled with people who don't do their research. This is both true in the IT world
along with the firearms world. Me being involved in both. Media however LOVES buzzwords without
even knowing what that word means nor use it in context correctly.
They make conclusions about things they don't even understand or refer to a real expert in
the field or multiple to get out of single sourced subjective analysis problems.
I am no total expert in either though I do know a lot, but I make my due diligience if I do
write aboit a subject, I do RESEARCH vs WEBSEARCH on it to draw conclusions. I also then employ
logic and personal experiences for supplimenting those conclusions if I have the experiences to
draw upon.
This is why I follow people I would deem as experts in the field, to learn more about what
we come across, to ask questions, and to constantly learn.
This is why I follow the Malwaretech crew and others like them in security and forensics.
Malwaretech, thank you for your service, not only for this incident, but all the research you
do.
Susan O'neill > Dave • 10 hours ago
Well said Dave. Whilst I struggled to follow the report on his progress, it would seem that
he is connected to people who can offer a service and using his own expertise and by a process
of elimination, find the answers, but because he caught on to something very quickly(which he
might easily have missed, had he not been so thorough and alert) would have allowed the worm to
continue it's travels. I think a lot of people should be very thankful to MalwareTech and his
expertise - even if it does generate more business for him, it's probably well deserved.
How to enable or disable SMB protocols on the SMB server 0 -- Windows 8 and Windows Server
2012 Windows 8 and Windows Server 2012 introduce the new Set-SMBServerConfiguration Windows PowerShell
cmdlet. The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the
server component.
Notes When you enable or disable SMBv2 in Windows 8 or in Windows Server 2012, SMBv3 is also enabled
or disabled. This behavior occurs because these protocols share the same stack.
You do not have to restart the computer after you run the Set-SMBServerConfiguration cmdlet.
To obtain the current state of the SMB server protocol configuration, run the following cmdlet:
Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol
To disable SMBv1 on the SMB server, run the following cmdlet: Set-SmbServerConfiguration -EnableSMB1Protocol
$false
... ... ...
Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008 To enable or disable
SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2, Windows Vista,
or Windows Server 2008, use Windows PowerShell or Registry Editor. Windows PowerShell 2.0 or a
later version of PowerShell
To disable SMBv1 on the SMB server, run the following cmdlet: Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"
SMB1 -Type DWORD -Value 0 -Force
... ... ...
Note You must restart the computer after you make these changes. Registry Editor Important
This article contains information about how to modify the registry. Make sure that you back up the
registry before you modify it. Make sure that you know how to restore the registry if a problem occurs.
For more information about how to back up, restore, and modify the registry, click the following
article number to view the article in the Microsoft Knowledge Base:
322756 How to back
up and restore the registry in Windows To enable or disable SMBv1 on the SMB server, configure the
following registry key: Registry subkey:
This is the vulnerability that Wanna Cry malware uses
March 14, 2017 Published: March 14, 2017
Version: 1.0
This security update is rated Critical for all supported releases of Microsoft Windows.
For more information, see the Affected Software and Vulnerability Severity Ratings section.
The security update addresses the vulnerabilities by correcting how SMBv1 handles specially
crafted requests.
For more information about the vulnerabilities, see the Vulnerability Information section.
In mid-April, an arsenal of powerful software tools apparently designed by the NSA to infect and
control Windows computers was leaked by an entity known only as the "Shadow Brokers." Not even a
whole month later, the hypothetical threat that criminals would use the tools against the general
public has become real, and tens of thousands of computers worldwide are now crippled by an unknown
party demanding ransom.
The malware worm taking over the computers goes by the names "WannaCry" or "Wanna Decryptor."
It spreads from machine to machine silently and remains invisible to users until it unveils itself
as so-called ransomware, telling users that all their files have been encrypted with a key known
only to the attacker and that they will be locked out until they pay $300 to an anonymous party using
the cryptocurrency Bitcoin.
At this point, one's computer would be rendered useless for anything other than paying said ransom.
The price rises to $600 after a few days; after seven days, if no ransom is paid, the hacker (or
hackers) will make the data permanently inaccessible (WannaCry victims will have a handy countdown
clock to see exactly how much time they have left).
Ransomware is not new; for victims, such an attack is normally a colossal headache. But today's
vicious outbreak has spread ransomware on a massive scale, hitting not just home computers but reportedly
health care, communications infrastructure, logistics, and government entities.
Cyber attacks on a global scale took place on Friday, May 12, 2017. The notable hits include computers
in 16 UK hospitals, Telefonica Telecom in Spain, Gas Natural, Iberdrola. Several thousand computer were
infected in 99 countries.
WannaCry ransomware attack - Wikipedia
Initial infection vector is either via
LAN, an email attachment, or drive-by
download.
A kill switch has been found
in the code, which since May 13 helps to prevent new infections. This swich was accidentally activated
by an anti-virus researcher from GB. However, different versions of the attack may be released and all
vulnerable systems still have an urgent need to be patched.
Notable quotes:
"... Hollywood Overwhelmed With Hack Attacks; FBI Advises 'Pay Ransom'... ..."
Update 4 : According to experts tracking and analyzing the worm and its spread, this could
be one of the worst-ever recorded attacks of its kind .
The security researcher who tweets and blogs as MalwareTech
told The Intercept "I've never seen anything like this with ransomware," and "the last worm
of this degree I can remember is Conficker." Conficker was a notorious Windows worm first spotted
in 2008; it went on to infect over nine million computers in nearly 200 countries.
As The Intercept details,
Today's WannaCry attack appears to use an NSA exploit codenamed ETERNALBLUE, a software weapon
that would have allowed the spy agency's hackers to break into any of millions of Windows computers
by exploiting a flaw in how certain version of Windows implemented a network protocol commonly
used to share files and to print. Even though Microsoft fixed the ETERNALBLUE vulnerability in
a March software update, the safety provided there relied on computer users keeping their systems
current with the most recent updates. Clearly, as has always been the case, many people (including
in governments) are not installing updates. Before, there would have been some solace in knowing
that only enemies of the NSA would have to fear having ETERNALBLUE used against them–but from
the moment the agency lost control of its own exploit last summer, there's been no such assurance.
Today shows exactly what's at stake when government hackers can't keep their virtual weapons
locked up.
As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it,
"I am actually surprised that a weaponized malware of this nature didn't spread sooner."
Update 3: Microsoft has issued a statement, confirming the status the vulnerability:
Today our engineers added detection and protection against new malicious software known as
Ransom:Win32.WannaCrypt.
In March, we provided a security update which provides additional protections against this
potential attack.
Those who are running our free antivirus software and have Windows updates enabled, are protected.
We are working with customers to provide additional assistance.
Update 2: Security firm
Kaspersky Lab has recorded more than 45,000 attacks in 74 countries in the past 10 hours
Seventy-four countries around the globe have been affected, with the number of victims still
growing, according to Kaspersky Lab. According to Avast, over 57,000 attacks have been detected
worldwide, the company said, adding that it "quickly escalated into a massive spreading."
According to Avast, the ransomware has also targeted Russia, Ukraine and Taiwan. The virus
is apparently the upgraded version of the ransomware that first appeared in February. Believed
to be affecting only Windows operated computers, it changes the affected file extension names
to ".WNCRY." It then drops ransom notes to a user in a text file, demanding $300 worth of bitcoins
to be paid to unlock the infected files within a certain period of time.
While the victim's wallpaper is being changed, affected users also see a countdown timer to
remind them of the limited time they have to pay the ransom. If they fail to pay, their data will
be deleted, cybercriminals warn. According to the New York Times, citing security experts, the
ransomware exploits a "vulnerability that was discovered and developed by the National Security
Agency (NSA)." The hacking tool was leaked by a group calling itself the Shadow Brokers, the report
said, adding, that it has been distributing the stolen NSA hacking tools online since last year.
Predictably, Edward Snowden - who has been warning about just such an eventuality - chimed
in on
Twitter, saying " Whoa: @NSAGov decision to build attack tools targeting US software now threatens
the lives of hospital patients."
* * *
Update 1 : In a shocking revelation,
The FT reports that hackers responsible for the wave of cyber attacks that struck organisations
across the globe used tools stolen from the US National Security Agency.
A hacking tool known as "eternal blue", developed by US spies has been weaponised by the hackers
to super-charge an existing form of ransomware known as WannaCry, three senior cyber security
analysts said. Their reading of events was confirmed by western security officials who are still
scrambling to contain the spread of the attack. The NSA's eternal blue exploit allows the malware
to spread through file-sharing protocols set up across organisations, many of which span the globe.
As Sam Coates summed up...
NHS hack: So NSA had secret backdoor into Windows. Details leaked few weeks ago. Now backdoor
being exploited by random criminals. Nightmare
Hospitals across the UK have been hit by what appears to be a major, nationwide cyber-attack,
resulting in the loss of phonelines and computers, with many hospitals going "dark" and some diverting
all but emergency patients elsewhere. At some hospitals patients are being told not to come to A&E
with all non-urgent operations cancelled, the
BBC reports .
The UK National Health Service said: "We're aware that a number of trusts that have reported potential
issues to the CareCERT team. We believe it to be ransomware ." It added that trusts and hospitals
in London, Blackburn, Nottingham, Cumbria and Hertfordshire have been affected and are reporting
IT failures, in some cases meaning there is no way of operating phones or computers.
At Lister Hospital in Stevenage, the telephone and computer system has been fully disabled in
an attempt to fend off the attack .
NHS England says it is aware of the issue and is looking into it.
UK Prime Minister Theresa May confirms today's massive cyber hit on NHS is part of wider international
attack and there is no evidence patient data has been compromised.
It's just a damn good thing the US spent all that time and money developing all that stuff.
Now that it's out, just pay the ransom to the Cyber-Barbary Pirates so that the government
can return to its main 1984 mass surveillance and control mission.
My son is an IT professional and has been inundated with new clients calling to rid their complex
systems of this plague.For his clients he has divised protection from it, but most of the calls
he gets are from large hospitals, corporations, etc. that have their own IT staff.
He can fix
it and prevent/firewall it so it doesn't happen but some of the systems are so complex with so
many open ends, his bill is sometimes as much as the hackers are asking for. He told me that in
some cases he is tempted to tell them to just pay it, however, he said all of the payoffs have
to be made with bitcoin on the "dark-web" and since you are dealing with known criminals he has
heard that more than half the time they do not fix it.
He was in New Orleans about a month ago, Thursday through Sunday clearing up a large companies
servers and systems, worked 70 hours and billed them 24k plus expenses
First thing I suggest to do if this happens to you, is to shut down your computer, take out the
HD, and boot it into a Linux system, so at least you can make a copy in a asafe environment, before
things get worse.
The ransomware uses a vulnerability first revealed to the public as part of a leaked stash of
NSA-related documents in order to infect Windows PCs and encrypt their contents, before demanding
payments of hundreds of dollars for the key to decrypt files.
How does it spread?
Most ransomware is spread hidden within Word documents, PDFs and other files normally sent via
email, or through a secondary infection on computers already affected by viruses that offer a back
door for further attacks.
The malware that has affected Telefónica in Spain and the NHS in Britain is the same software:
a piece of ransomware first spotted in the wild
by security
researchers MalwareHunterTeam , at 9:45am on 12 May.
Less than four hours later, the ransomware had infected NHS computers, albeit
originally only in Lancashire , and spread laterally throughout the NHS's internal network. It
is also being called Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2.
How much are they asking for?
WanaCrypt0r 2.0 is asking for $300 worth of the cryptocurrency Bitcoin to unlock the contents
of the computers.
The creators of this piece of ransomware are still unknown, but WanaCrypt0r 2.0 is their second
attempt at cyber-extortion. An earlier version, named WeCry, was
discovered
back in February this year : it asked users for 0.1 bitcoin (currently worth $177, but with a
fluctuating value) to unlock files and programs.
How is the NSA tied in to this attack?
Once one user has unwittingly installed this particular flavour of ransomware on their own PC,
it tries to spread to other computers in the same network. In order to do so, WanaCrypt0r uses a
known vulnerability in the Windows operating system, jumping between PC and PC. This weakness was
first revealed to the world as part of
a huge leak of NSA hacking tools and known weaknesses by an anonymous group calling itself "Shadow
Brokers" in April.
Was there any defence?
Yes. Shortly before the Shadow Brokers released their files, Microsoft issued a patch for affected
versions of Windows, ensuring that the vulnerability couldn't be used to spread malware between fully
updated versions of its operating system. But for many reasons, from lack of resources to a desire
to fully test new updates before pushing them out more widely, organisations are often slow to install
such security updates on a wide scale.
Who are the Shadow Brokers? Were they behind this attack?
In keeping with almost everything else in the world of cyberwarfare, attribution is tricky. But
it seems unlikely that the Shadow Brokers were directly involved in the ransomware strike: instead,
some opportunist developer seems to have spotted the utility of the information in the leaked files,
and updated their own software accordingly. As for the Shadow Brokers themselves, no-one really knows,
but fingers point towards Russian actors as likely culprits.
Will paying the ransom really unlock the files?
Sometimes paying the ransom will work, but sometimes it won't. For the
Cryptolocker ransomware that hit a few years ago, some users reported that they really did get
their data back after paying the ransom, which was typically around £300. But there's no guarantee
paying will work, because cybercriminals aren't exactly the most trustworthy group of people.
There are also a collection of viruses that go out of their way to look like ransomware such as
Cryptolocker, but which won't hand back the data if victims pay. Plus, there's the ethical issue:
paying the ransom funds more crime.
What else can I do?
Once ransomware has encrypted your files there's not a lot you can do. If you have a backup of
the files you should be able to restore them after cleaning the computer, but if not your files could
be gone for good.
Some badly designed ransomware, however, has been itself hacked by security researchers, allowing
recovery of data. But such situations are rare, and tend not to apply in the case of widescale professional
hits like the WanaCrypt0r attack.
How long will this attack last?
Ransomware often has a short shelf life. As anti-virus vendors cotton on to new versions of the
malware, they are able to prevent infections originating and spreading, leading to developers attempting
"Big Bang" introductions like the one currently underway.
Will they get away with it?
Bitcoin, the payment medium through which the hackers are demanding payment, is difficult to trace,
but not impossible, and the sheer scale of the attack means that law enforcement in multiple countries
will be looking to see if they can follow the money back to the culprits.
Why is the NHS being targeted?
The NHS does not seem to have been specifically targeted, but the service is not helped by its
reliance on old, unsupported software. Many NHS trusts still use Windows XP, a version of Microsoft's
operating system that has not received publicly available security updates for half a decade, and
even those which are running on newer operating systems are often sporadically maintained. For an
attack which relies on using a hole fixed less than three months ago, just a slight oversight can
be catastrophic.
Attacks on healthcare providers across the world are at an all-time high as they contain valuable
private information, including healthcare records.
[Jan 01, 2012] Every Intel platform with either Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the IME (Intel Management Engine).
Notable quotes:
"... Intel has confirmed a Remote Elevation of Privilege bug (CVE-2017-5689) in its Management Technology, on 1 May 2017.[12] Every Intel platform with either Intel Standard Manageability, Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the IME (Intel Management Engine) ..."
Colonel I have refrained from any posting anywhere for any reason for months, but since the discussion
seems to turn to decryption so often I thought you might be interested in knowing about network
management systems built into Intel and AMD based machines for years,
https://en.wikipedia.org/wiki/Intel_Active_Management_Technology
Hardware-based management does not depend on the presence of an OS or locally installed management
agent. Hardware-based management has been available on Intel/AMD based computers in the past,
but it has largely been limited to auto-configuration using DHCP or BOOTP for dynamic IP address
allocation and diskless workstations, as well as wake-on-LAN (WOL) for remotely powering on
systems.[6] AMT is not intended to be used by itself; it is intended to be used with a software
management application.[1] It gives a management application (and thus, the system administrator
who uses it) access to the PC down the wire, in order to remotely do tasks that are difficult
or sometimes impossible when working on a PC that does not have remote functionalities built
into it.[1][3][7]
... Intel has confirmed a Remote Elevation of Privilege bug (CVE-2017-5689) in its Management
Technology, on 1 May 2017.[12] Every Intel platform with either Intel Standard Manageability,
Active Management Technology, or Small Business Technology, from Nehalem in 2008 to Kaby Lake
in 2017 has a remotely exploitable security hole in the IME (Intel Management Engine)
.[13][14]
I think our second O in OODA is getting fuzzed if we don't consider some of the observations found
in "Powershift" by Toffler as well.
The point being is that many Intel and AMD based computers can and have been owned by various
governments and groups for years, and at this level have access to any information on these machines
before the encryption software is launched to encrypt any communications.
If this known software management tool is already on board, then extrapolation Toffler's chipping
warning to unannounced or unauthorized by various actors, one begins to see where various nation
states have gone back to typewriters for highly sensitive information, or are building their own
chip foundries, and writing their own operating systems and TCP/IP protocols, and since these
things are known knowns, one would not be too far fetched in assuming the nation state level players
are communicating over something entirely different than you and I are using. How that impacts
the current news cycle, and your interpretation of those events, I leave to your good judgment.
I would urge all of my fellow Americans, especially those with a megaphone, to also take care
that we are not the subject of the idiom divide and conquer instead of its' master. To that end
I think the concept of information overload induced by the internet may in fact be part of the
increasing polarization and information bubbles we see forming with liberals and conservatives.
This too fuzzes the second O in OODA and warps the D and thus the A, IMHO.
Searches for and deletes all processes matching the name given.
NewIP
Script suite that automates adding a second IP address to a
machine and later removing the original. Designed to be used in
a logon script to assist in moving a large number of machines to
a new IP range.
This suite does a few things. First, it contains Tripwire policy
files for two web servers that I setup. These would be a good place
to start when designing a Tripwire security policy. Second, it contains
a configuration file that implements a sendmail-type of service
for Tripwire running on Windows NT. The sendmail-type mail client
is "twmail.exe" and it is a very simple RFC822-compliant mailer
that allows you to set the From: address of the Tripwire report
to anything you want (fixes a potential SMTP/firewall security issue).
Third, it contains a Perl script that runs on the server end - the
destination address to which the Tripwire report is mailed. The
script parses the email and breaks it down into the added, changed
and removed files, and then breaks each of those lists down further.
If there are any files changed to the wwwroot directory, it emails
an alert to a pager. Also, if there were any registry changes, an
email page is sent.
Sets the date of the system to a variable %Date% in YYYYDDD
format where DDD is the day number of the year. For example, October
9, 2000, would be 2000283. Completely leap year compliant.
Just a script that sets little items on my desktop the way
I like them (Explorer settings, Control Panel, etc). An example
of file/folder access and registry editing.
To run the script,
click here, select Run and hit OK.
TimeSynch
VBScript-based suite that installs a time synchronization
process
Installs the NT Time Service and starts the service. Currently
(v1.15) requires the Time Service files and the INI file to
exist in a certain location. That can be edited, but I am working
on adding those settings automatically to the script and on
putting the TimeService files on the web, so the script will
automatically install everything with just a click.
To run the script,
click here, select Run and hit OK.
Goes through all the webs on the local IIS 4.0 server and
changes the directory where the web stores its log files to
the "\logs" subdirectory of the local path.
For example: Local Path = C:\InetPub\wwwroot LogFileDirectory = C:\InetPub\wwwroot\logs
Update to component by Michael Harris which encapsulated
QuickSort algorithms implemented in VBScript by Jim Staricka.
I added some basic error handling.
This ASP searches through an LDAP tree for accounts which
match the account name of the client and return accounts named
~*. The client can then set the password of the '~' account.
The account name is also added to a database which is parsed
nightly by a process which disables the passwords on all the
accounts whose passwords were set that day.
This is designed to be used in order to allow logon access
one a day-by-day basis.
Parses the logs from Netscape Proxy Server and creates a
comma-delimited report file. It handles nslookups, non-HTTP
protocol handling and translates requests from unknown users
into true users. Finally, it sends the report with BLAT (this
runs natively on NT).
The Last but not LeastTechnology is dominated by
two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt.
Ph.D
FAIR USE NOTICEThis site contains
copyrighted material the use of which has not always been specifically
authorized by the copyright owner. We are making such material available
to advance understanding of computer science, IT technology, economic, scientific, and social
issues. We believe this constitutes a 'fair use' of any such
copyrighted material as provided by section 107 of the US Copyright Law according to which
such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free)
site written by people for whom English is not a native language. Grammar and spelling errors should
be expected. The site contain some broken links as it develops like a living tree...
You can use PayPal to to buy a cup of coffee for authors
of this site
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or
referenced source) and are
not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society.We do not warrant the correctness
of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be
tracked by Google please disable Javascript for this site. This site is perfectly usable without
Javascript.
