Slash Boxes

SoylentNews is people

posted by takyon on Saturday May 13 2017, @01:26PM   Printer-friendly
from the shadow-brokers-strike-back dept.

NSA-created cyber tool spawns global ransomware attacks

From Politico via Edward Snowden via Vinay Gupta:

Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia and the U.S., with Russia among the hardest-hit countries.

The unique malware causing the attacks - which has spread to tens of thousands of companies in 99 countries, according to the cyber firm Avast - have forced some hospitals to stop admitting new patients with serious medical conditions and driven other companies to shut down their networks, leaving valuable files unavailable.

The source of the world-wide digital assault seems to be a version of an apparent NSA-created hacking tool that was dumped online in April by a group calling itself the Shadow Brokers. The tool, a type of ransomware, locks up a company's networks and holds files and data hostage until a fee is paid. Researchers said the malware is exploiting a Microsoft software flaw.

Thoughts on a similar scenario were published by the Harvard Business Review two days before this incident.

One or more anti-virus companies may have been hacked prior to WannaCrypt infecting 75000 Microsoft Windows computers in 99 countries. First, anti-virus software like Avast fails to make HTTP connections. Second, five million of ransomware emails are rapidly sent. Although many centralized email servers were able to stem the onslaught, many instances of anti-virus software had outdated virus definitions and were defenseless against the attack. Indeed, successful attacks were above 1%. Of these, more than 1% have already paid the ransom. Although various governments have rules (or laws) against paying ransom, it is possible that ransoms have been paid to regain access to some systems.

Also, file scrambling ransomware has similarities to REAMDE by Neal Stephenson. Although the book is extremely badly written, its scenarios (offline and online) seem to come true with forceful regularity.

Further sources: BBC (and here), Russia Today, DailyFail, Telegraph, Guardian.

Telefónica reportedly affected. NHS failed to patch computers which affected US hospitals in 2016. 16 divisions of the UK's NHS taken offline with aid of NSA Fuzzbunch exploit. The fun of a public blockchain is that ransom payments of £415,000 have been confirmed. Cancellation of heart surgery confirmed. Doctors unable to check allergies or prescribe medication. Patient access to emergency treatment denied in part due to hospital telephone exchange being offline.

It also appears that one of the affected parties refused to answer a Freedom of Information request in Nov 2016 about cyber-security due to impact on crime detection. Similar parties provided responses to the same request.

UK National Health Service Paralysed by Windows Ransomware Attack

The Guardian and the BBC report respectively about a large-scale ransomware attack on its Microsoft Windows computer systems in England and Scotland. This particular piece of malware is called "WanaCryp0r 2.0" or WannaCry and encrypts the PC's hard disk and demands bitcoin to decrypt it.

About 40 hospitals, GP surgeries and other NHS organisations are affected. Patients have had operations cancelled, ambulances have been diverted and wards have been closed.

From one of the Guardian reports:

According to one junior doctor who works in a London hospital, the attack left hospitals struggling to care for people. "However much they pretend patient safety is unaffected, it's not true. At my hospital we are literally unable to do any x-rays, which are an essential component of emergency medicine."

The NHS has stressed that patients' electronic medical records have not been compromised.

From InfoSecurity, FastCompany and elsewhere:

A major ransomware attack has been reported, with targets including banks and NHS Trusts all being hit.

According to Russia Today, a number of NHS employees have been reported as being hit by the ransomware, while one user posted on Twitter a screenshot of the ransomware which asks for "$300 worth of Bitcoin".

Australian Brodcast Corporation reports:

'Biggest ransomware outbreak in history' hits nearly 100 countries with data held for ransom

A global cyberattack has hit international shipper FedEx, disrupted Britain's health system and infected computers in nearly 100 countries.

The ransomware attack hit Britain's health service, forcing affected hospitals to close wards and emergency rooms with related attacks also reported in Spain, Portugal and Russia. [...] [the attack] is believed to have exploited a vulnerability purportedly identified for use by the US National Security Agency (NSA) and later leaked to the internet. [...] Private security firms identified the ransomware as a new variant of "WannaCry"[pt] that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft's Windows operating system.
[...] Leading international shipper FedEx Corp said it was one of the companies whose system was infected with the malware that security firms said was delivered via spam emails.

[...] Only a small number of US-headquartered organisations were infected because the hackers appear to have begun the campaign by targeting organisations in Europe, a research manager with security software maker Symantec said. By the time they turned their attention to US organisations, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, Vikram Thakur said.

Also at WLTX: Massive, Fast-moving Cyberattack Hits 74 Countries

Shadow Brokers Flaw Used in Ransomware

The Los Angeles Times reports that a security bug in Microsoft Windows, made public when the Shadow Brokers released exploits claimed to have been taken from the NSA, is being used in ransomware. According to the story, a patch for the bug was released by Microsoft in March.

The Spanish government said several companies, including Telefonica, were targeted [...] a message that was purportedly sent to workers at Telefonica carried a subject line referencing a wire transfer and asked them to check a website for more details. That link — when launched on a Windows computer suffering from the vulnerability discovered by the NSA — unleashed the program that rendered files inaccessible.

As recently as last week, about 1.7 million computers connected to the Internet were susceptible to such an attack [...]

Among the organisations compromised by the ransomware were the UK's National Health Service and Russia's Interior Ministry.

Related: Windows Servers at Risk [UPDATED]
"Shadow Brokers" Release the Rest of Their NSA Hacking Tools
Former NSA Contractor May Have Stolen 75% of TAO's Elite Hacking Tools
The Shadow Brokers Identify Hundreds of Targets Allegedly Hacked by the NSA
NSA Contractor Accused of "Stealing" Terabytes of Information, Charged Under Espionage Act
Probe of Leaked U.S. NSA Hacking Tools Examines Operative's `Mistake'
Cisco Begins Patching an NSA Exploit Released by the Shadow Brokers
NSA `Shadow Brokers' Hack Shows SpyWar With Kremlin is Turning Hot
"The Shadow Brokers" Claim to Have Hacked NSA

Extra: 'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack
Threat seen fading for now

Original Submission #1Original Submission #2Original Submission #3Original Submission #4Original Submission #5Original Submission #6Original Submission #7

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by looorg on Saturday May 13 2017, @02:17PM (10 children)

    by looorg (578) on Saturday May 13 2017, @02:17PM (#509156)

    Isn't it a bit misleading to try and pin this on the NSA? I might have misunderstood the entire news story but from what I can tell it's not the NSA that developed the Malware, they found the feature - I'm certain they exploited it for something - they even gave it a cool name (eternalblue). But this isn't or wasn't some fast way to increase some black budget post. If someone should be blamed for this it would be the Shadow Brokers that released it after their blackmail scheme backfired (as I recall they wanted to sell it, didnt work - so they just released parts of it). Microsoft for writing shitty code. Whomever wrote the Malware. So there is enough blame to go around really. I just don't see any of it landing on the NSA. Do we blame other people that find faults (or bugs) in software (and possibly exploit it -- possibly some blame in that particular case)? Normally we don't. So to blame the NSA for this seems a bit of a stretch to me, even tho it's apparently the popular thing to do.

    Interesting parts in the story is the lax attitude towards patches, updating and security in several large organizations and companies. But then it costs a lot of money. Like this won't. If they are not working around the clock now it's going to be an interesting Monday at the office when this thing start to spread like wildfire again as people come back to work.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by kaszz on Saturday May 13 2017, @02:21PM

    by kaszz (4211) on Saturday May 13 2017, @02:21PM (#509160) Journal

    Patches and updates too often make software needed in production to stop working. And security in several large organizations is decided by people that lack insight (MBA, PHB the kit).

  • (Score: 5, Insightful) by c0lo on Saturday May 13 2017, @02:41PM (8 children)

    by c0lo (156) Subscriber Badge on Saturday May 13 2017, @02:41PM (#509163) Journal

    Isn't it a bit misleading to try and pin this on the NSA? I might have misunderstood the entire news story but from what I can tell it's not the NSA that developed the Malware, they found the feature - I'm certain they exploited it for something

    Hold right there... because there is why NSA bears responsibility.
    If you, a governmental agency find a vulnerability, the best way to protect your citizens is not to exploit/weaponize it but to responsibly disclose it to the author to have it plugged ASAP.
    No ifs, no buts... any other ways will expose the people you sworn to protect to risks like this.

    • (Score: 0) by Anonymous Coward on Saturday May 13 2017, @03:35PM

      by Anonymous Coward on Saturday May 13 2017, @03:35PM (#509181)

      The thing is, if you don't do it then somebody else will.

      Yes, fix the holes. But yes, also try and hack the fuck out of them so you know what is possible.

    • (Score: 5, Insightful) by Thexalon on Saturday May 13 2017, @04:10PM (5 children)

      by Thexalon (636) on Saturday May 13 2017, @04:10PM (#509191)

      Regardless of appearances, the US national security state isn't really interested in defense of anybody but themselves. Their idea of defense is "kill them before they kill us", which means their real interest is in offense, and that is why they keep any and all vulnerabilities they discover to themselves. Not disclosing leaves citizens vulnerable, of course, but that helps out the portion of the national security state that treats the citizens as a potential enemy because they are outside of the national security state.

      Why oh why didn't we listen to Ike back in 1960?

      The only thing that stops a bad guy with a compiler is a good guy with a compiler.
      • (Score: 0) by Anonymous Coward on Saturday May 13 2017, @11:30PM

        by Anonymous Coward on Saturday May 13 2017, @11:30PM (#509284)

        Ike's farewell address was on January 17, 1961 []

        -- OriginalOwner_ []

      • (Score: 2) by butthurt on Sunday May 14 2017, @12:27AM (1 child)

        by butthurt (6141) on Sunday May 14 2017, @12:27AM (#509294) Journal

        > Why oh why didn't we listen to Ike back in 1960?

        Do you mean 1960 or 1961?


        The nations of the world have recently united in declaring the continent of Antarctica "off limits" to military preparations. We could extend this principle to an even more important sphere. National vested interests have not yet been developed in space or in celestial bodies.

        -- []


        IN THE COUNCILS of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex.

        The potential for the disastrous rise of misplaced power exists and will persist.

        --'s_farewell_address_%28reading_copy%29 []

        • (Score: 2) by Thexalon on Sunday May 14 2017, @03:22PM

          by Thexalon (636) on Sunday May 14 2017, @03:22PM (#509482)

          You are quite correct: I meant 1961.

          The only thing that stops a bad guy with a compiler is a good guy with a compiler.
      • (Score: 2) by kaszz on Sunday May 14 2017, @06:15AM (1 child)

        by kaszz (4211) on Sunday May 14 2017, @06:15AM (#509374) Journal

        Here's the Ike Eisenhowers (1890 - 1969) farewell message [] in 1961. He were president in 1953 - 1961. In 1942 he became a major general, so he also had hands on military experience.

        (at 8:50 the speech heats up)

        • (Score: 0) by Anonymous Coward on Sunday May 14 2017, @08:16AM

          by Anonymous Coward on Sunday May 14 2017, @08:16AM (#509391)

          That's 2 stars.
          Ike was one of a handful of 5-star general officers.
          Other places called those field marshals but that would have given us Field Marshal Marshall (the Marshall Plan guy).

          -- OriginalOwner_ []

    • (Score: 0) by Anonymous Coward on Saturday May 13 2017, @05:31PM

      by Anonymous Coward on Saturday May 13 2017, @05:31PM (#509210)
      The big mess here is that the other half of the NSA’s mission is actually to help protect the United States from cyberattack. Here they have not only failed utterly, but are in fact guilty of all but betraying that mission. But I suppose whatever military-type in charge here might well quip the way some Vietnam War major quipped about it becoming necessary to destroy the town in order to save it.