Slash Boxes

SoylentNews is people

posted by takyon on Saturday May 13 2017, @01:26PM   Printer-friendly
from the shadow-brokers-strike-back dept.

NSA-created cyber tool spawns global ransomware attacks

From Politico via Edward Snowden via Vinay Gupta:

Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia and the U.S., with Russia among the hardest-hit countries.

The unique malware causing the attacks - which has spread to tens of thousands of companies in 99 countries, according to the cyber firm Avast - have forced some hospitals to stop admitting new patients with serious medical conditions and driven other companies to shut down their networks, leaving valuable files unavailable.

The source of the world-wide digital assault seems to be a version of an apparent NSA-created hacking tool that was dumped online in April by a group calling itself the Shadow Brokers. The tool, a type of ransomware, locks up a company's networks and holds files and data hostage until a fee is paid. Researchers said the malware is exploiting a Microsoft software flaw.

Thoughts on a similar scenario were published by the Harvard Business Review two days before this incident.

One or more anti-virus companies may have been hacked prior to WannaCrypt infecting 75000 Microsoft Windows computers in 99 countries. First, anti-virus software like Avast fails to make HTTP connections. Second, five million of ransomware emails are rapidly sent. Although many centralized email servers were able to stem the onslaught, many instances of anti-virus software had outdated virus definitions and were defenseless against the attack. Indeed, successful attacks were above 1%. Of these, more than 1% have already paid the ransom. Although various governments have rules (or laws) against paying ransom, it is possible that ransoms have been paid to regain access to some systems.

Also, file scrambling ransomware has similarities to REAMDE by Neal Stephenson. Although the book is extremely badly written, its scenarios (offline and online) seem to come true with forceful regularity.

Further sources: BBC (and here), Russia Today, DailyFail, Telegraph, Guardian.

Telefónica reportedly affected. NHS failed to patch computers which affected US hospitals in 2016. 16 divisions of the UK's NHS taken offline with aid of NSA Fuzzbunch exploit. The fun of a public blockchain is that ransom payments of £415,000 have been confirmed. Cancellation of heart surgery confirmed. Doctors unable to check allergies or prescribe medication. Patient access to emergency treatment denied in part due to hospital telephone exchange being offline.

It also appears that one of the affected parties refused to answer a Freedom of Information request in Nov 2016 about cyber-security due to impact on crime detection. Similar parties provided responses to the same request.

UK National Health Service Paralysed by Windows Ransomware Attack

The Guardian and the BBC report respectively about a large-scale ransomware attack on its Microsoft Windows computer systems in England and Scotland. This particular piece of malware is called "WanaCryp0r 2.0" or WannaCry and encrypts the PC's hard disk and demands bitcoin to decrypt it.

About 40 hospitals, GP surgeries and other NHS organisations are affected. Patients have had operations cancelled, ambulances have been diverted and wards have been closed.

From one of the Guardian reports:

According to one junior doctor who works in a London hospital, the attack left hospitals struggling to care for people. "However much they pretend patient safety is unaffected, it's not true. At my hospital we are literally unable to do any x-rays, which are an essential component of emergency medicine."

The NHS has stressed that patients' electronic medical records have not been compromised.

From InfoSecurity, FastCompany and elsewhere:

A major ransomware attack has been reported, with targets including banks and NHS Trusts all being hit.

According to Russia Today, a number of NHS employees have been reported as being hit by the ransomware, while one user posted on Twitter a screenshot of the ransomware which asks for "$300 worth of Bitcoin".

Australian Brodcast Corporation reports:

'Biggest ransomware outbreak in history' hits nearly 100 countries with data held for ransom

A global cyberattack has hit international shipper FedEx, disrupted Britain's health system and infected computers in nearly 100 countries.

The ransomware attack hit Britain's health service, forcing affected hospitals to close wards and emergency rooms with related attacks also reported in Spain, Portugal and Russia. [...] [the attack] is believed to have exploited a vulnerability purportedly identified for use by the US National Security Agency (NSA) and later leaked to the internet. [...] Private security firms identified the ransomware as a new variant of "WannaCry"[pt] that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.
[...] Leading international shipper FedEx Corp said it was one of the companies whose system was infected with the malware that security firms said was delivered via spam emails.

[...] Only a small number of US-headquartered organisations were infected because the hackers appear to have begun the campaign by targeting organisations in Europe, a research manager with security software maker Symantec said. By the time they turned their attention to US organisations, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Vikram Thakur said.

Also at WLTX: Massive, Fast-moving Cyberattack Hits 74 Countries

Shadow Brokers Flaw Used in Ransomware

The Los Angeles Times reports that a security bug in Microsoft Windows, made public when the Shadow Brokers released exploits claimed to have been taken from the NSA, is being used in ransomware. According to the story, a patch for the bug was released by Microsoft in March.

The Spanish government said several companies, including Telefonica, were targeted [...] a message that was purportedly sent to workers at Telefonica carried a subject line referencing a wire transfer and asked them to check a website for more details. That link — when launched on a Windows computer suffering from the vulnerability discovered by the NSA — unleashed the program that rendered files inaccessible.

As recently as last week, about 1.7 million computers connected to the Internet were susceptible to such an attack [...]

Among the organisations compromised by the ransomware were the UK's National Health Service and Russia's Interior Ministry.

Related: Windows Servers at Risk [UPDATED]
"Shadow Brokers" Release the Rest of Their NSA Hacking Tools
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
Probe of Leaked U.S. NSA Hacking Tools Examines Operative's `Mistake'
Cisco Begins Patching an NSA Exploit Released by the Shadow Brokers
NSA `Shadow Brokers' Hack Shows SpyWar With Kremlin is Turning Hot
"The Shadow Brokers" Claim to Have Hacked NSA

Extra: 'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack
Threat seen fading for now

Original Submission #1Original Submission #2Original Submission #3Original Submission #4Original Submission #5Original Submission #6Original Submission #7

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by The Mighty Buzzard on Saturday May 13 2017, @01:34PM (13 children)

    I hope the shit admins and beancounters who command them end up having to explain paying millions for not giving a flying fuck about securing some of our most sensitive personal information. It's never going to change until their pockets get hit.

    My rights don't end where your fear begins.
    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by takyon on Saturday May 13 2017, @01:39PM (1 child)

    by takyon (881) <{takyon} {at} {}> on Saturday May 13 2017, @01:39PM (#509138) Journal

    Judging by turgid's bit, it will become apparent soon if anybody died as a result of this. That's what we need: cyber deaths in hospitals. Long predicted, now delivered to you courtesy of the NSA's competing and counterproductive missions.

    [SIG] 10/28/2017: Soylent Upgrade v14 []
    • (Score: 0) by Anonymous Coward on Saturday May 13 2017, @04:31PM

      by Anonymous Coward on Saturday May 13 2017, @04:31PM (#509200)

      It'll only be a reason for jacking up healthcare costs even more.

  • (Score: 1, Insightful) by Anonymous Coward on Saturday May 13 2017, @02:00PM

    by Anonymous Coward on Saturday May 13 2017, @02:00PM (#509144)

    They'll just use it as a new excuse to curtail internet freedoms.

  • (Score: 3, Informative) by c0lo on Saturday May 13 2017, @02:05PM (2 children)

    by c0lo (156) Subscriber Badge on Saturday May 13 2017, @02:05PM (#509147) Journal

    Jeremy Cunt 'ignored warning signs' before cyber-attack hit NHS []

    Jeremy Hunt has been accused of ignoring “extensive warning signs” that could have an unprecedented global cyber-attack that plunged the NHS into chaos this weekend.
    The shadow health secretary, Jonathan Ashworth, said concerns had been flagged repeatedly about the NHS’s outdated computer systems, which he said had left it vulnerable to the virus. In a letter to Hunt on Saturday, he wrote: “As secretary of state, I urge you to publicly outline the immediate steps you’ll be taking to significantly improve cybersecurity in our NHS.


    "Nobody was fired for buying Microsoft". I think there will be some heads to roll for not buying Microsoft [] (don't go there if you can avoid it).

    The Tories cut security support for the NHS’s outdated computer system a year ago, despite warnings it would leave hospitals open to hackers , it was claimed.

    The Government Digital Service, set up by David Cameron , decided not to extend a £5.5million one-year support deal with Microsoft for Windows XP.

    NHS bosses were told to replace the 14-year-old system or take out a separate deal with Microsoft.

    An April 2014 letter from the Cabinet Office and Department of Health to health­care chiefs read: “It is imperative your organisation understands the risk placed on it should the decision be not to take out a [new Microsoft deal].
    GDS said at the time: “All departments have had seven years’ warning of the 2014 end of normal support and this one-year agreement was put together... to give everyone a chance to get off XP.”
    A Sky News probe found seven NHS trusts spent nothing on cyber security in 2015.


    It's not only an IT related disease []

    Somewhere in the UK there is a warehouse stuffed full of GPs’ referral letters and blood test results diagnosing the health secretary with terminal incompetence. But as it has yet to be found, Jeremy Hunt had to limit his scope to the 700,000 NHS documents that have just turned up after going missing in action for five years in answer to Labour’s urgent question in the Commons.

    “Absolutely nothing went missing,” he reassured MPs. All that had happened was that hundreds of thousands of confidential pieces of medical information had accidentally been sent to the wrong place without anyone noticing. But it was no biggy. As far as he knew, no one had died – or if they had, their death certificates had also gone AWOL, so it was much the same thing. And what it really proved was how many unnecessary tests the NHS were conducting each year. Just think of the potential savings. A couple of avoidable deaths had to be a price worth paying for not bothering with 700,000 bits of paperwork.

    Hunt was rather less cavalier with his own reputation. “I was made aware of the situation in March last year,” he sobbed. And he had begged and begged his departmental officials to let him tell the country. But they had said to him: “You mustn’t do that, Jeremy, because otherwise every hypochondriac in the country will be ringing up their GP to find out if they’ve got cancer after all and we’ll never get round to finding out just how big a cock-up you’ve made. Not that you have made a cock-up, of course.”

    • (Score: 2) by kaszz on Sunday May 14 2017, @05:56AM (1 child)

      by kaszz (4211) on Sunday May 14 2017, @05:56AM (#509371) Journal

      The Government Digital Service, set up by David Cameron , decided not to extend a £5.5million one-year support deal with Microsoft for Windows XP.

      Amber Rudd, minister of interior says it's a prioritized questions to find out who's responsible and put them to justice. Britain were hit hard when IT-systems in hospitals went inoperable.

      That 5.5 million GBP could have saved a lot of trouble. Not to mention a program to transform all Microsoft Windows usage everywhere in hospitals into solid Unix platforms. Perhaps even ReactOS or Wine is a alternative.

      I can really see when the military get the same kind of infection. They will just sue the enemy! ;-)
      It's a way to operate that just won't work.

      • (Score: 0) by Anonymous Coward on Sunday May 14 2017, @09:16AM

        by Anonymous Coward on Sunday May 14 2017, @09:16AM (#509400)

        Amber Rudd, minister of interior says it's a prioritized questions to find out who's responsible and put them to justice.

        I mean... the person who blocked the support deal with Microsoft?
        Oh, sorry, silly me.

  • (Score: 5, Insightful) by bradley13 on Saturday May 13 2017, @02:55PM (6 children)

    by bradley13 (3053) on Saturday May 13 2017, @02:55PM (#509170) Homepage Journal

    Well, yes, the admins who were running insecure networks carry some fault. So does the government, that failed to disclose a weakness so that it could be repaired. This ought to be a lesson (but won't be) for all those clueless politicians who think that backdoors in encryption algorithms are a good idea. Backdoors never stay hidden, period.

    But you know what strikes me? This is where international agencies like the NSA should be earning their keep. If they, and their counterparts in other affected countries, cannot trace the people behind this, then WTF are we paying their salaries for?

    The people behind these ransomware attacks are certainly all part of an extended community. If their members were to after another, the community might just decide that the risk isn't worth the payday.

    Everyone is somebody else's weirdo.
    • (Score: 3, Insightful) by AthanasiusKircher on Saturday May 13 2017, @06:03PM (3 children)

      by AthanasiusKircher (5291) on Saturday May 13 2017, @06:03PM (#509217) Journal

      This is where international agencies like the NSA should be earning their keep. If they, and their counterparts in other affected countries, cannot trace the people behind this, then WTF are we paying their salaries for?

      Uh, to spy on citizens, thereby increasing and consolidating governmental power, with the ultimate aim of producing a "benign" police state.

      I thought that was their obvious purpose. The only thing more nefarious-sounding than "National Security Agency" is the term "Homeland Security."

      • (Score: 3, Insightful) by kaszz on Sunday May 14 2017, @05:59AM (2 children)

        by kaszz (4211) on Sunday May 14 2017, @05:59AM (#509372) Journal

        You always has to ask yourself who's security against whom. There's no such thing as a universal security that makes all bad things go away.

        • (Score: 3, Informative) by mcgrew on Sunday May 14 2017, @03:04PM (1 child)

          by mcgrew (701) <> on Sunday May 14 2017, @03:04PM (#509469) Homepage Journal

          I'm offtopic here, but "Who's" is a contraction for "who is". The word you want is whose.

          I see this far too often on the internet.


    • (Score: 2) by Runaway1956 on Sunday May 14 2017, @12:42AM (1 child)

      by Runaway1956 (2926) Subscriber Badge on Sunday May 14 2017, @12:42AM (#509302) Journal

      "If their members were to start...disappearing..."

      I kinda like that idea - but if they start on one community, who is to say they won't start on another community? They came for the Jews, and I didn't speak up . . . .

      But, you're right. The NSA has all those resources available, which are wasted on silly crap. Make a phone call, so that Grandma can talk to her distant cousin in Fuckistan, and the NSA starts tracking all your phone calls? FFS, what a waste.

      • (Score: 0) by Anonymous Coward on Sunday May 14 2017, @03:53PM

        by Anonymous Coward on Sunday May 14 2017, @03:53PM (#509498)

        oh, it's not wasted on silly crap. it's spent on exactly what they mean to spend it on. a supranational surveillance state. has nothing to do with national defense.