Global attack uses a Microsoft vulnerability …
Leaked NSA exploit blamed for global ransomware cyberattack | RT |
A zero-day vulnerability tool, covertly exploited by US intelligence agencies and exposed by the Shadow Brokers hacking group has been blamed for the massive spread of malware that infected tens of thousands of computer systems globally.
○ LIVE UPDATES: Mass cyberattack strikes computer systems worldwide
The ransomware virus which extorts Windows users by blocking their personal files and demanding payment to restore access, allegedly exploits a vulnerability that was discovered and concealed for future use by the National Security Agency (NSA), according to a range of security experts.
« Image: @fendifille/Twitter/PA »
“Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017,” Russian cybersecurity firm, Kaspersky Lab, wrote in a blog post about the attack.
Although Microsoft had already patched the backdoor roughly a month before it became public, many users who did not install the latest security updates seem to have become the primary victims of the attack.
○ WannaCry ransomware used in widespread attacks all over the world | Kaspersky Lab |
○ U.S. intel officials slam Kaspersky in fear for Russian spying | Cyberscoop |
NHS services in England and Scotland hit by global cyber-attack | The Guardian |
The NHS has been hit as part of a global cyber-attack that threw hospitals and businesses in the UK and around the world into chaos.
The unprecedented attacks appeared to have been carried out by hackers using a tool stolen from the National Security Agency (NSA) in the US. They affected at least 16 NHS trusts in the UK, compromising IT systems that underpin patient safety. Staff across the NHS were locked out of their computers and trusts had to divert emergency patients.
As the prime minister, Theresa May, confirmed that the NHS disruption was part of a wider international event, the attack was declared a major incident by NHS England. In Scotland, the first minister, Nicola Sturgeon, chaired a resilience meeting on the issue.
The same malicious software that hit NHS networks attacked some of the largest companies in Spain and Portugal, including phone company Telefónica, and has also been detected on computers in Russia, Ukraine and Taiwan among other countries. The international shipping company FedEx was also affected.
In the UK, computers in hospitals and GP surgeries simultaneously received a pop-up message demanding a ransom in exchange for access to the PCs.
A warning was circulated on Friday within at least one NHS trust of “a serious ransomware threat currently in circulation throughout the NHS”, but the attack proved impossible to stop. Patient records, appointment schedules, internal phone lines and emails were rendered inaccessible and connections between computers and medical equipment were brought down. Staff were forced to turn to pen and paper and to use their own mobile phones.
Ransomware works by infecting a computer, locking users out of the system (usually by encrypting the data on the hard drive), and then holding the decryption or other release key ransom until the victim pays a fee, usually in bitcoin. In this case, the NHS experienced hobbled computer and phone systems, system failures, and widespread confusion after hospital computers started showing a ransom message demanding $300 worth of bitcoin.
Source: The Ransomware Meltdown Experts Warned About | Wired |
○ Major ‘ransomware’ attack strikes worldwide targets | DW |
[Update-1] ‘Accidental hero’ halts ransomware attack
Continued below the fold …
WannaCry Doomed by Its ‘Kill Switch’
‘Accidental hero’ halts ransomware attack and warns: this is not over | The Guardian |
The “accidental hero” who halted the global spread of an unprecedented ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted.
The ransomware used in Friday’s attack wreaked havoc on organisations including FedEx and Telefónica, as well as the UK’s National Health Service (NHS), where operations were cancelled, X-rays, test results and patient records became unavailable and phones did not work.
But the spread of the attack was brought to a sudden halt when one UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a “kill switch” in the malicious software.
The researcher, who identified himself only as MalwareTech, is a 22-year-old from south-west England who works for Kryptos logic, an LA-based threat intelligence company.
The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.
○ How an Accidental ‘Kill Switch’ Slowed Friday’s Massive Ransomware Attack | Wired |
○ Ransomware attack: Recap after unprecedented global hack spreads from NHS to car manufacturers | The Mirror |
Edward Snowden
It’s just as accurate to say “despite warnings, Microsoft sold products that could be easily attacked by criminals”.
smart users and businesses that back up their data can tell the ransomware fuckers to kiss their ass.
Two issues:
The NSA isn’t like the FDA (or what the FDA is supposed to be). It doesn’t test and monitor computer software for the safety and efficacy of the public. No governmental body has been assigned that task (we prefer to spend our money on war making operations).
Windows (often nicknamed Windoze) has wide-open security by default. Linux has security closed by default. MacOs is also good.
Linux has vulnerabilities also, but is considered more secure because you have to open holes and grant access. Windows, in contrast, requires the user to close holes and deny access.
To be fair, most Linux users are familiar with computers and how they work, while most Windows users assume it’s magic.
I’m posting this from Linux. Earlier today, I was posting from Win XP. You can’t tell the difference, can you? Same browser, running from a similar desktop.
https:/mate-desktop.org/gallery/themes/1.6
Windows users share some blame too. There are some Windows security features that nobody uses, though partly because Microsoft doesnt make it easy (for normal users).
I think the main problem is cultural. We in the US prefer to get products out quick rather than correct. The software house that produces good code typically goes bankrupt since their competitor produces a flashy demo first. Our most popular software development processes also make it hard to develop secure software, since they are driven by customer features instead of a fundamentally safe and secure backbone. Research in safety and security is largely in Europe nowdays (though the very top US universities still led the world).
There is a sort of computer software “FDA.” — The Guardian – Ransomware attack reveals breakdown in US intelligence protocols, expert says
A hidden government subsidy for the tech industry that hides its profits offshore to avoid US taxes.
Windows provided a back door voor NSA spying …
The UK NHS was still running fucking Windows XP, and had not updated the security patches since 2015.
This isn’t the NSA’s fault.
And Windows security really sucks.
I heard on the radio about an hour ago that so many businesses are still running XP that Micro$oft has announced a “one time only” security update.
I don’t know if I’ll take it. I don’t trust them. I read the Win 10 license and I won’t have it in my house. They assert the right (and demand you agree) to search your computer and erase any file that they, in their sole judgement, is malicious or illegal.
If I ever buy a Win 10 laptop, I’ll boot from a USB stick and erase the disk and install Gentoo Linux (no systemd), where I and only I decide what files are allowed.
The UK NHS isn’t GCHQ — “austerity” has hidden costs.
Edward Snowden:
That was clear to me from the start. 🙂
Clearer than most instances and reports of cybercrime. In part because the NSA wasn’t able to refute the reports.
That said, we should always be cautious and not run too fast or far with the initial reports on computer leaks, hacks, etc. This is murky stuff and too many players with a political agenda are ever ready to pounce make use of whatever. ie let’s dump on the UK NHS.
Also, the NSA being a den of thieves doesn’t excuse what the ransom thieves did.
ransomware has been a big thing for a couple years now I think. bigger I think than is usually covered in the news because businesses who get caught pay up rather than let customers know their data wasn’t secure.
this recent release has clearly let some newbies into the market. seems to be working, reports say lots of bitcoin is changing hands.
The NSA has hackers? I’m shocked, schocked! Could those hackers hack the DNC and pretend to be Russians?
Who said the DNC hackers were Russian? The NSA?
Sure they COULD, but only a NSA rogue hacker or faction aligned with Michael Flynn and/or not with Obama, etc. and/or HER would have had a motive to do so.
Now for some facts mixed with total speculation. The timing of the DNC/Podesta “hacks” and leaks fits with a Flynn affiliated speculation.
And he and any possible associates wouldn’t have needed any help from Putin-Russia. But would they have left behind a mere hint of a false lead to Putin-Russia in the DNC “hack?” (Zero leads were left behind in the Podesta file theft.) No. If they left any false lead behind it would have been to Kiev, Iran, North Korea,… Kiev would have been the best of the lot for such a “Flynn” operation. It would also have been the one that the DNC/Clinton campaign/Obama administration would have covered up ASAP, and because the thief had gone public, they had to point a finger somewhere and for their purposes, Putin-Russia would have been nearly perfect.
(Personally, I don’t think the thief left behind any identifiable traces. The Putin-Russia allegation over the DNC files was likely concocted by Crowdstrike possibly with the assistance of an anti-Russian Ukrainian on the DNC staff.)
Interesting that it appears the Podesta files were nabbed first (assuming the thief(s) handed over everything to Wikileaks which has claimed that they published everything they received) but forwarded to Wikileaks later than the DNC files.
CrowdStrike is linked to Ukraine [Alperovitch] and the Clintons [Warburg Pincus]. I wouldn’t trust their review of the DNC hack. There are many state intelligence agencies with a motive to leak fake information about the US Election 2016. Crowdstrike, which derived all of its funding from venture capitalists linked to Hillary Clinton and the Clinton Foundation.
○ The Trail of VP Alperovitch @CrowdStrike
○ Moscow’s cyber warriors in Ukraine linked to US election according to CrowdStrike | FT |
○ CrowdStrike erroneously used IISS data as proof of the intrusion Ukrainian artillery by Jeffrey Carr
Or…everyoe is guilty.
The NSA is guilty.
The Russians are guilty.
Microsoft is guilty, as is every other tech company that has willingly cooperated with national intelligence operators of any kind.
The hackers…no matter whether they are state-supported entities or just dedicated thieves…are guilty. You can identify the hackers are who are not guilty fairly easily…they are the ones being imprisoned and/or actively hunted by major criminal enterprises like the U.S. and Russia.
And in the last analysis, we are all guilty. We have surrendered our political power and personal privacy…I believe that they used to call it “liberty” in the old days…for “the easy.” Why go to a library when it’s all online? Ditto why go to a political meeting or live artistic production? Why study when everything has already been “discovered?” Just go Google it. Why go meet with friends and talk when you can tweet them? We have seriously devolved in that sense, no matter how much
advertising…errrr, ahhh, I mean the media…tells us that we are getting better and better and better and better.We are not.
Look at the state of our government and country, and then look at what was happening the last time we woke up from a dream of riches and ease.
I’ll say it again:
Where is our FDR?
Or…are we this time going to take the role of a Hitler who causes the rise of an FDR somewhere else?
Stay tuned.
In the streets, where the real information is available.
Bet on it.
Later…
AG