Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Wednesday April 12 2017, @01:58PM   Printer-friendly
from the look-at-all-the-wonderful-toys dept.

Last August, an unknown group called the Shadow Brokers released a bunch of NSA tools to the public. The common guesses were that the tools were discovered on an external staging server, and that the hack and release was the work of the Russians (back then, that wasn't controversial). This was me:

Okay, so let's think about the game theory here. Some group stole all of this data in 2013 and kept it secret for three years. Now they want the world to know it was stolen. Which governments might behave this way? The obvious list is short: China and Russia. Were I betting, I would bet Russia, and that it's a signal to the Obama Administration: "Before you even think of sanctioning us for the DNC hack, know where we've been and what we can do to you."

They published a second, encrypted, file. My speculation:

They claim to be auctioning off the rest of the data to the highest bidder. I think that's PR nonsense. More likely, that second file is random nonsense, and this is all we're going to get. It's a lot, though.

I was wrong. On November 1, the Shadow Brokers released some more documents, and two days ago they released the key to that original encrypted archive:

EQGRP-Auction-Files is CrDj"(;Va.*NdlnzB9M?@K2)#>deB7mN

-- submitted from IRC


Original Submission

Related Stories

"Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS 88 comments

NSA-created cyber tool spawns global ransomware attacks

From Politico via Edward Snowden via Vinay Gupta:

Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia and the U.S., with Russia among the hardest-hit countries.

The unique malware causing the attacks - which has spread to tens of thousands of companies in 99 countries, according to the cyber firm Avast - have forced some hospitals to stop admitting new patients with serious medical conditions and driven other companies to shut down their networks, leaving valuable files unavailable.

The source of the world-wide digital assault seems to be a version of an apparent NSA-created hacking tool that was dumped online in April by a group calling itself the Shadow Brokers. The tool, a type of ransomware, locks up a company's networks and holds files and data hostage until a fee is paid. Researchers said the malware is exploiting a Microsoft software flaw.

Thoughts on a similar scenario were published by the Harvard Business Review two days before this incident.

One or more anti-virus companies may have been hacked prior to WannaCrypt infecting 75000 Microsoft Windows computers in 99 countries. First, anti-virus software like Avast fails to make HTTP connections. Second, five million of ransomware emails are rapidly sent. Although many centralized email servers were able to stem the onslaught, many instances of anti-virus software had outdated virus definitions and were defenseless against the attack. Indeed, successful attacks were above 1%. Of these, more than 1% have already paid the ransom. Although various governments have rules (or laws) against paying ransom, it is possible that ransoms have been paid to regain access to some systems.

Also, file scrambling ransomware has similarities to REAMDE by Neal Stephenson. Although the book is extremely badly written, its scenarios (offline and online) seem to come true with forceful regularity.

Further sources: BBC (and here), Russia Today, DailyFail, Telegraph, Guardian.

Telefónica reportedly affected. NHS failed to patch computers which affected US hospitals in 2016. 16 divisions of the UK's NHS taken offline with aid of NSA Fuzzbunch exploit. The fun of a public blockchain is that ransom payments of £415,000 have been confirmed. Cancellation of heart surgery confirmed. Doctors unable to check allergies or prescribe medication. Patient access to emergency treatment denied in part due to hospital telephone exchange being offline.

It also appears that one of the affected parties refused to answer a Freedom of Information request in Nov 2016 about cyber-security due to impact on crime detection. Similar parties provided responses to the same request.

Kaspersky Lab and Lax Contractor Blamed for Russian Acquisition of NSA Tools 23 comments

According to unverifiable sources, an NSA contractor stored classified data and hacking tools on his home computer, which were made available to Russian hackers through the contractor's use of Kaspersky Lab anti-virus software:

Russian government-backed hackers stole highly classified U.S. cyber secrets in 2015 from the National Security Agency after a contractor put information on his home computer, two newspapers reported on Thursday.

As reported first by The Wall Street Journal, citing unidentified sources, the theft included information on penetrating foreign computer networks and protecting against cyber attacks and is likely to be viewed as one of the most significant security breaches to date.

In a later story, The Washington Post said the employee had worked at the NSA's Tailored Access Operations unit for elite hackers before he was fired in 2015.

[...] Citing unidentified sources, both the Journal and the Post also reported that the contractor used antivirus software from Moscow-based Kaspersky Lab, the company whose products were banned from U.S. government networks last month because of suspicions they help the Kremlin conduct espionage.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough

Mark All as Read

Mark All as Unread

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2) by DannyB on Wednesday April 12 2017, @05:05PM (8 children)

    by DannyB (5839) on Wednesday April 12 2017, @05:05PM (#492888)

    Doesn't the NSA and other TLAs have opposing objectives?

    The NSA for example is to collect intelligence signals from foreign sources, and to protect our government signals from interception.

    The NSA uses exploits to get into foreign systems. To protect our systems, vulnerabilities need to be public so that vendors can patch and anti-malware tools can detect and block. These are conflicting objectives.

    Even if the two functions were split into two groups: (1) protect signals, and (2) gather signals; the protect group would constantly be undermining the gather group. And then vice versa: The gather group would get congressional authority to prevent the protect group from publishing certain vulnerabilities because it undermines the mission of gather. We end up with the same problem.

    If I believed that the NSA was working in our national interest, then I would be in favor of the gather mission. As it is, I lean far more in favor of the protect mission. But making our systems secure also means, even with with a delay, making foreign systems more secure.

    • (Score: 2) by bob_super on Wednesday April 12 2017, @05:45PM

      by bob_super (1357) on Wednesday April 12 2017, @05:45PM (#492926)

      The NSA does spend a lot of time reviewing and advising on security of military electronics.
      People with a Clearance get to know what the NSA found and deems high-risk or not worth keeping secret. They don't know what the NSA keeps to itself, but they can fix more issues than the rest of us (including the other guys).

    • (Score: 0) by Anonymous Coward on Wednesday April 12 2017, @06:04PM (1 child)

      by Anonymous Coward on Wednesday April 12 2017, @06:04PM (#492951)

      and to protect our government signals from interception

      What if the US government signal is communicating with Russia? (grin)

      • (Score: 2) by frojack on Wednesday April 12 2017, @06:21PM

        by frojack (1554) Subscriber Badge on Wednesday April 12 2017, @06:21PM (#492965) Journal

        What if the US government signal is communicating with Russia? (grin)

        I guarantee that such communications routinely exist and are routinely encrypted. Its SOP since the Eisenhower administration.
        Was there an actual point you were trying to make?

         

        --
        No, you are mistaken. I've always had this sig.
    • (Score: 2) by frojack on Wednesday April 12 2017, @06:48PM (3 children)

      by frojack (1554) Subscriber Badge on Wednesday April 12 2017, @06:48PM (#492977) Journal

      The NSA uses exploits to get into foreign systems.

      If that were only true, or if it were the only truth, there wouldn't be any controversy.
      But you can't have been paying attention for the last 5 years if you believe this.

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 2) by DannyB on Wednesday April 12 2017, @07:46PM (2 children)

        by DannyB (5839) on Wednesday April 12 2017, @07:46PM (#493006)

        Are you saying that the NSA had no part at all in either Flame or Stuxnet (and God only knows what else) and that exploits / vulnerabilities are not used to penetrate the targeted systems?

        Or am I not understanding you correctly?

        • (Score: 2) by frojack on Wednesday April 12 2017, @08:06PM (1 child)

          by frojack (1554) Subscriber Badge on Wednesday April 12 2017, @08:06PM (#493025) Journal

          I was replying to your sentence which I quoted.

          That sentence is certainly true, and is the Congressionally-mandated mission of the NSA and CIA.

          The controversy arises because the Congressionally mandated prohibition against using these methods against US Citizens on US soil is being ignored, and that is what has triggered the whistle blowing.

          The NSA is not JUST using exploits to get into foreign systems.

          --
          No, you are mistaken. I've always had this sig.
          • (Score: 2) by DannyB on Wednesday April 12 2017, @09:25PM

            by DannyB (5839) on Wednesday April 12 2017, @09:25PM (#493072)

            Ok, thanks for clarification. I am well aware of the domestic spying and am a frequent critic. For example where I wrote:

            If I believed that the NSA was working in our national interest

            Back when the Snowden revelations broke, there were people who thought building a massive domestic spying apparatus was just fine. The problem is that even if you trust the person in power (which I don't and didn't), imagine if one day that apparatus falls into the hands of an insane madman -- and I don't mean kim jong un. Building a massive domestic spying apparatus is not in our national interest.

    • (Score: 2) by linkdude64 on Wednesday April 12 2017, @09:54PM

      by linkdude64 (5482) Subscriber Badge on Wednesday April 12 2017, @09:54PM (#493090)

      "Doesn't the NSA and other TLAs have opposing objectives?"

      If only it were as simple as them doing their jobs.

      They are also competing for funding. The bigger their cut of the taxpayer-funded pie, the more each agency can advance their own interests and "create demand" for their security services around the globe.

      OT:
      It's really interesting to see how the regime change is totally fucking with each agency's projected game plan, at least, it was for the past couple months. Now the MIC may have begun to regain control, but I'm still withholding opinions on the whole Syria thing. The dust has not nearly settled, yet MSM wants to say they can see clear paths to the future through the dustcloud as they spiral into irrelevance. Taking in their "reporting" is like drinking salt water.

  • (Score: 2, Insightful) by DmT on Wednesday April 12 2017, @06:22PM (3 children)

    by DmT (6439) on Wednesday April 12 2017, @06:22PM (#492967)

    Who else thinks that the name Shadow Brokers is awesome?

    • (Score: 2) by kaszz on Wednesday April 12 2017, @06:27PM (1 child)

      by kaszz (4211) on Wednesday April 12 2017, @06:27PM (#492969) Journal

      Sounds totally like the movie Swordfish from 2001.

    • (Score: 2) by c0lo on Wednesday April 12 2017, @09:49PM

      by c0lo (156) Subscriber Badge on Wednesday April 12 2017, @09:49PM (#493088)

      An even awesomer one: Shadow Borkers

(1)