Monthly Archives: May 2017

20

Let friends in your social network know what you are reading about

The National Security Agency has an answer to Microsoft blaming it for the attack that hit 150 countries.

Try Another

Audio CAPTCHA

Image CAPTCHA

Help

CancelSend

A link has been sent to your friend's email address.

A link has been posted to your Facebook feed.

These simple steps will help keep your computer from becoming the next ransomware target. USA TODAY

A screen shot of the page computers infected with the WannaCry ransomware variant display.(Photo: Proofpoint)

SAN FRANCISCO The National Security Agency has an answer to Microsoft blaming it for a global ransomware attack.

In a White House press briefing onMonday,U.S. homeland security adviser Tom Bossert said the code "was not a tool developed by the NSA to hold ransom data. This was a tool developed by culpable parties, potentially criminals or foreign nation-states."

He did not address the issue of whether the original exploitable flaw the ransomware was based on came from NSA cyber tools.

How U.S. dodged a bullet in Friday's massive global ransomware attack

Microsoft on massive ransomware attack: nations must not hoard cyberweapons

Symantec later said there were indications the ransomware-inspired attack was associated with the Lazarus group, which is tied to North Korea.

On Sunday, the software giant said the WannaCry malware program that spread to more than 200,000 machines in 150 countries last weekendwas the latest example of what happens whenvulnerabilities stockpiled by organizations such as NSA escape into the virtual wild.The malware behind WannaCry was reported to have been stolen from the NSA in April.

"We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world," Brad Smith, Microsoft's chief legal counsel, said in a blog post. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage."

The ransomware relies on a flawin the Windows 10 code for whichMicrosoft issued apatchon March 14.

Read or Share this story: https://usat.ly/2qlKHqp

Read this article:
NSA says it was not origin of ransomware that hit Microsoft's Windows - USA TODAY

The group that released the likely NSA-designed hacking tool used in the international "Wanna Cry" ransomware attack announced a monthly subscription service Tuesday for its remaining cache of stolen documents.

The anonymous ShadowBrokers, who have been periodically releasing source code and documents believed to have been stolen from the National Security Agency since the summer, announced the new monetizationscheme in a post early Tuesday morning. The message was written in broken English typical of the group.

"Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members," the Brokers wrote.

Ransomware is a type of malware that encrypts a target's files, with the attacker providing the decryption key only after a ransom is paid, usually in bitcoins.

ShadowBrokers first leaked files in August it claimed were from a vaunted NSA-affiliated hacking operation known as the Equation Group, advertising an auction for the files. The files contained previously unknown, working techniques to bypass security hardware from major manufacturers. The release lead to a scramble to patch those products.

The Intercept reported that evidence within the leaked source code showed that the Brokers were correct about the files' provenance.

Though the files appeared to be real, ShadowBrokers failed multiple times to sell the tools, in part because of the lopsided terms they required for potential buyers.

In January the group sent a goodbye post, but returned in April to release a package of Windows hacking tools that included the one used in Wanna Cry. The April release was presented as a protest against President Trump for becoming more centrist and turning his back on the hard-right base that got him elected. In it, the Brokers claimed to be Trump voters.

In their Tuesday post, the Brokers say data from that hacking operation and from other high-profile hacking operations might be included in the "wine of the month" club.

Tuesday's post, titled "OH LORDY! Comey Wanna Cry Edition," also takes shots at Windows network administrators that did not update their software in time to stave off Wanna Cry noting that the group announced early on in their campaign what files it had to release, giving people some notice to patch their systems.

"TheShadowBrokers is feeling like being very responsible party about Windows dump. Do thepeoples be preferring theshadowbrokers dump windows in January or August? No warning, no time to patch? this is being theshadowbrokers version of alternative facts," wrote the group.

Read this article:
NSA leakers to offer monthly 'wine' club for stolen hacking tools - The Hill

An international cyberattack that occurred during the weekend is believedto have been perpetrated with tools that were stolen from the National Security Agency.

The so-called ransomware attack impacted more than 200,000 computers in more than 150 countries by freezing hard drives and servers until a ransom was paid, according to a report by The Week. The main victim was theRussian cybersecurity firm Kaspersky Lab, which has caused consternation among many Russian officials.

As Frants Klintsevich, a high-ranking official in the Russian Senates defense committee, told the state-run news agency Tass, Humanity is dealing here with cyberterrorism. Its an alarming signal, and not just a signal but a direct threat to the normal functioning of society, and important life-support systems.

Russian officials are divided as to whether the United States government was responsible for the attack. Some claim that it was retaliation for the alleged Russian meddling in the 2016 presidential election (which the Russian government denies), while others argue that the United States wouldnt engage in actions that would so clearly be considered an act of war.

Either way, the perpetrator of the attacks is believed to have used NSA tools that were stolen from the American agency. Most of the damage inflicted by the cyberattacks occurred in Europe and Asia.

The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits, said Europol in a statement. The Joint Cybercrime Action Taskforce (JCAT), at EC3 is a group of specialist international cyber investigators and is specially designed to assist in such investigations and will play an important role in supporting the investigation.

Read more here:
Stolen NSA tools used in international cyberattack - Salon.com - Salon

The U.S. National Security Agency could have headed off the global ransomware attack that has crippled hospitals, train stations and other infrastructure around the world, according to Edward Snowden, the former CIA contractor and whistleblower.

They knew about this flaw in U.S. software, U.S. infrastructure, hospitals around the world, these auto plants and so on and so forth, but they did not report it to Microsoft until after the NSA learned that that flaw had been stolen by some outside group, Snowden said Monday.

Related: What is ransomware? Computers around the world infected by malware demanding money

Subscribe to Newsweek from $1 per week

The fugitive former private security contractor made his remarks during a speech on privacy and security delivered via satellite from Moscow to a Washington, D.C., conference on big data. The conference, organized by a former Google executive, Travis Jarae, founder and CEO of One World Identity, has drawn 800 industry experts from data collection and cybersecurity firms, as well as government lawyers, to discuss questions about online identity, security and privacy.

Snowden in 2013 downloaded and then publicized an estimated 1.7 million documents related to global and domestic U.S. surveillance programs, which the Pentagon has said is the largest trove of American secrets ever purloined. Federal prosecutors subsequently charged him with theft and Espionage Act violations. Since 2013, he has been living in Moscow.

Beamed by satellite onto huge screens in the Ronald Reagan Building and International Trade Center, a federal building a few blocks from the White House, Snowden blamed the NSA for the unprecedented power of the so-called wannacry virus, which is being blamed for the worlds biggest cyberattack, affecting 150 countries so far. Among the affected in the U.S. have been Fedex and Nissan; in China, colleges and gas stations; in India, the state police; in Russia, the Central Bank, Russian railways and the Interior Ministry; and in the U.K., at least 16 National Health System hospitals.

It is still unclear who released the virus or exactly why.

Had the NSA not waited until our enemies already had this exploit to tell Microsoft, [so that] Microsoft could begin the patch cycle, we would have had years to prepare hospital networks for this attack rather than a month or two, which is what we actually ended up with, Snowden said.

Members of the audience submitted questions to the 33-year-old. One asked for his number one piece of advice for balancing privacy and security. Snowden said companies should opt for the bare minimum in determining what information they harvest and save about customer behavior, and urged them provide users with an opt-out from data collection upfront. He accused companies that say they are collecting data to improve products and services of using a legal fiction to collect data in order to monetize it, generating an extra source of revenue.

He compared the psychological effects of unchecked mass data collection to an errant high school kid being threatened that certain behavior would remain on his or her record. In a world of mass tracking and commercial and government data collection, he said, you have a permanent record that can never be erased.

A child thats born in this world wont have the same benefit you had of saying something stupid that they can move on from, he said. When people can be tracked and have no way to live outside this chain of records, what we have become is a quantified spiderweb. Its a very negative thing for a free and open society. Now, everybody in the world will think twice before they even open their mouth. That is a very, very dark future. But its not inevitable. You should reflect: Is that something we can do? Or should do?

See more here:
Edward Snowden Slams NSA Over Ransomware Attack - Newsweek