CR4 - The Engineer's Place for News and Discussion ®


Previous in Forum: Have Any of You Been Watching the Show Genius?   Next in Forum: 2004 Malibu Hunts for Correct Gear
Close
Close
Close
19 comments
Guru

Join Date: Dec 2016
Posts: 2710
Good Answers: 97

Leaked NSA Tools Used in Global Cyberattack

05/12/2017 6:37 PM

From ABC News:

Companies around the world, including at least one major U.S. company, were hit by a sophisticated cyberattack on Friday that continues to sweep across the globe.

Cybersecurity experts told ABC News that the unidentified attackers exploited a vulnerability in Microsoft Windows that was identified by the U.S. National Security Agency (NSA) and leaked to the public by the hacker group The Shadow Brokers in April.

Microsoft released a patch to address the vulnerability, but networks that did not adopt it would have remained vulnerable. The tech company did not immediately respond to ABC News' request for comment.

“This appears to be the first incidence of the use of an NSA exploit in a broad and far reaching cybercriminal campaign,” John Bambenek of Fidelis Cybersecurity said.

According to Ryan Kalember, senior Vice President of cyber security strategy at the cybersecurity firm Proofpoint, a “ransomware worm” using the essentially unaltered NSA code is spreading across corporate networks in at least 74 countries, with European and Asian countries among the hardest hit. Russia, he said, was particularly vulnerable because many of its networks use older versions of Microsoft Windows.

Register to Reply
Interested in this topic? By joining CR4 you can "subscribe" to
this discussion and receive notification when new comments are added.

Comments rated to be Good Answers:

These comments received enough positive ratings to make them "good answers".

Comments rated to be "almost" Good Answers:

Check out these comments that don't yet have enough votes to be "official" good answers and, if you agree with them, rate them!
Guru

Join Date: Aug 2007
Location: Earth - I think.
Posts: 1950
Good Answers: 150
#1

Re: Leaked NSA Tools Used in Global Cyberattack

05/12/2017 9:14 PM

Welcome to my nightmare, Alice.

__________________
TANSTAAFL (If you don't know what that means, Google it - yourself)
Register to Reply
Guru

Join Date: Dec 2016
Posts: 2710
Good Answers: 97
#2

Re: Leaked NSA Tools Used in Global Cyberattack

05/12/2017 10:34 PM

More details here ...

Register to Reply
Guru
United Kingdom - Member - New Member

Join Date: Aug 2010
Location: Resting under the Major Oak
Posts: 4227
Good Answers: 171
#3

Re: Leaked NSA Tools Used in Global Cyberattack

05/13/2017 2:10 AM

The UK's health service has been hit.

__________________
Pessimists are rarely disappointed.
Register to Reply
Guru
United Kingdom - Member - New Member

Join Date: Aug 2010
Location: Resting under the Major Oak
Posts: 4227
Good Answers: 171
#4
In reply to #3

Re: Leaked NSA Tools Used in Global Cyberattack

05/14/2017 5:13 AM

Back up and running now

__________________
Pessimists are rarely disappointed.
Register to Reply Score 1 for Good Answer
Active Contributor

Join Date: Feb 2017
Posts: 11
Good Answers: 1
#5

Re: Leaked NSA Tools Used in Global Cyberattack

05/14/2017 9:35 AM

It's 2017. I'm sorry, but if you still use Microsoft Windows, you get what you deserve when (not if) you get hacked.

Register to Reply
2
Guru

Join Date: Dec 2016
Posts: 2710
Good Answers: 97
#7
In reply to #5

Re: Leaked NSA Tools Used in Global Cyberattack

05/14/2017 2:09 PM

Be realistic: switching to a different OS is expensive proposition - extremely expensive for large organisations. Not everyone has those funds just sitting around with nothing to do. Not only, but thousands of large-scale apps that don't have a non-Windows counterpart must be ported and debugged to work under the new OS. Then you have the learning curve of all the organisations' users and the lost productivity from that meanwhile. Very, very, very expensive. It's not just a matter of strolling down to the corner store and getting new stuff.

All operating systems are vulnerable to hacking. Microsoft issued a patch before this but not everybody updated their systems. *nix systems that aren't patched get hacked too. IOS gets hacked. Windows is a huge target. Smaller targets don't hacked as often because of the unfavourable risk/benefit ratio. You don't see ransomware hackers going after KolibriOS or Bada users, do you? What would be the point?

According to reports this was a leaked NSA tool and deployed in relatively unaltered form. Assuming it was unaltered, my question then becomes: Why is the NSA writing ransomware? Hacking into systems for intelligence purposes I can understand, but ransomware?

Register to Reply Good Answer (Score 2)
Guru
Popular Science - Cosmology - Let's keep knowledge expanding Engineering Fields - Instrumentation Engineering - New Member Engineering Fields - Software Engineering - New Member

Join Date: Dec 2006
Location: Colorado, USA
Posts: 3271
Good Answers: 78
#8
In reply to #7

Re: Leaked NSA Tools Used in Global Cyberattack

05/14/2017 4:13 PM

I certainly hope the NSA is not writing ransomware, but nothing surprises me anymore. Somebody's got to pay for the promises Hillary made when she was campaigning.

Register to Reply Score 1 for Good Answer
2
Guru

Join Date: Aug 2007
Location: Earth - I think.
Posts: 1950
Good Answers: 150
#9
In reply to #7

Re: Leaked NSA Tools Used in Global Cyberattack

05/14/2017 4:52 PM

"Why is the NSA writing ransomware?"

It isn't. Most likely they found an existing bug in the software, and wrote the code used to take advantage of the bug. This is the "attack vector" (to take access of, or deliver their own code), which is what the hackers used to deliver the "payload" (the ransomware).

So it (normally) comes down to 3 things: 1. Vulnerability 2. Exploiting the vulnerability to gain access 3. Delivery of that code that takes control/'eavesdrops'.

I took a DHS course on security for SCADA systems last year. By the end of the first day, I felt like I was wearing the "Emperors New Clothes" - at a gay bar.

__________________
TANSTAAFL (If you don't know what that means, Google it - yourself)
Register to Reply Good Answer (Score 2)
Guru

Join Date: May 2006
Location: Placerville, CA (38° 45N, 120° 47'W)
Posts: 4337
Good Answers: 156
#6

Re: Leaked NSA Tools Used in Global Cyberattack

05/14/2017 11:39 AM

A major reminder of the wisdom of maintaining multiple and frequent backups, some of which are NOT continuously connected to the computer being backed up, or to its network.

__________________
Teaching is a great experience, but there is no better teacher than experience.
Register to Reply
Guru
Popular Science - Weaponology - New Member Fans of Old Computers - PDP 11 - New Member Technical Fields - Architecture - New Member Hobbies - HAM Radio - New Member

Join Date: Oct 2009
Location: Maine, USA
Posts: 2023
Good Answers: 62
#10

Re: Leaked NSA Tools Used in Global Cyberattack

05/14/2017 7:00 PM

I'm amazed that no-one has yet to describe the method, with an example, of how the systems got infected. If it's via a phishing e-mail, show an example so non-PC adept people can be alert to it.

__________________
Tom - "Hoping my ship will come in before the dock rots!"
Register to Reply
Guru

Join Date: Dec 2016
Posts: 2710
Good Answers: 97
#11
In reply to #10

Re: Leaked NSA Tools Used in Global Cyberattack

05/14/2017 7:55 PM

The news outlets have not given out an example.

Register to Reply
Guru

Join Date: Dec 2016
Posts: 2710
Good Answers: 97
#12
In reply to #10

Re: Leaked NSA Tools Used in Global Cyberattack

05/14/2017 11:19 PM

A Google search reveals that quite a few outlets have published examples/descriptions of how WANNACRY works.

One of the more technically-detailed analyses can be found here.

Register to Reply
Member

Join Date: May 2017
Posts: 6
#13

Re: Leaked NSA Tools Used in Global Cyberattack

05/15/2017 5:42 PM

Do you think this is only the beginning?

It's bad enough that this hit hospitals, but it could've been seriously worse. With networks as large as they are nowadays and with vulnerable PCs and such out there -- I feel like it's only a matter of time before a power facility gets hit and all hell breaks loose at numerous critical infrastructure facilities.

I sincerely hope I'm wrong - but it does feel like it's inevitable at this point.

Register to Reply
Guru

Join Date: Dec 2016
Posts: 2710
Good Answers: 97
#14
In reply to #13

Re: Leaked NSA Tools Used in Global Cyberattack

05/15/2017 6:09 PM

"Do you think this is only the beginning?"

Is this a rhetorical question or are you asking me specifically?

Register to Reply
Member

Join Date: May 2017
Posts: 6
#15

Re: Leaked NSA Tools Used in Global Cyberattack

05/15/2017 6:12 PM

Asking you & the community, generally on the topic, for thoughts on what the future holds.

Register to Reply
Guru

Join Date: Dec 2016
Posts: 2710
Good Answers: 97
#16
In reply to #15

Re: Leaked NSA Tools Used in Global Cyberattack

05/15/2017 8:31 PM

It'll get worse, much worse with the hordes of IoT devices coming online with the usual lack of security precautions. Botnets will have a bloody field day.

Register to Reply
Guru

Join Date: May 2006
Location: Placerville, CA (38° 45N, 120° 47'W)
Posts: 4337
Good Answers: 156
#17
In reply to #16

Re: Leaked NSA Tools Used in Global Cyberattack

05/15/2017 8:38 PM

I totally agree!

...and welcome to CR4, greeksurfer.

__________________
Teaching is a great experience, but there is no better teacher than experience.
Register to Reply
Member

Join Date: May 2017
Posts: 6
#18
In reply to #17

Re: Leaked NSA Tools Used in Global Cyberattack

05/15/2017 9:35 PM

Thanks! Still getting used to the format (my apologies Andrew if my reply was confusing because I replied directly to the first post). Pretty cool forums! Excited to be here.

Register to Reply
Guru

Join Date: Dec 2016
Posts: 2710
Good Answers: 97
#19
In reply to #18

Re: Leaked NSA Tools Used in Global Cyberattack

05/15/2017 9:49 PM

You're just seeing the demo version, mate. Wait til the Devil says "Back on your heads!"

Register to Reply
Register to Reply 19 comments
Interested in this topic? By joining CR4 you can "subscribe" to
this discussion and receive notification when new comments are added.

Comments rated to be Good Answers:

These comments received enough positive ratings to make them "good answers".

Comments rated to be "almost" Good Answers:

Check out these comments that don't yet have enough votes to be "official" good answers and, if you agree with them, rate them!
Copy to Clipboard

Users who posted comments:

Andrew Westman (7); dkwarner (2); gnagy (1); greeksurfer (3); Kilowatt0 (2); StandardsGuy (1); Tom_Consulting (1); TonyS (2)

Previous in Forum: Have Any of You Been Watching the Show Genius?   Next in Forum: 2004 Malibu Hunts for Correct Gear

Advertisement