Prepared Society Forum banner

1 - 9 of 9 Posts

·
Registered
Joined
·
10,753 Posts
Discussion Starter · #1 ·
I found this interesting.

IT'S BEEN THREE days since WannaCry ransomware attacks began rippling across the world, affecting more than 200,000 people and 10,000 organizations in 150 countries. And the threat of further infection still looms.

The pervasiveness of WannaCry reveals just how insidious wide-scale ransomware attacks can be, endangering public infrastructure, commerce, and even human lives. But the implications of the incident don't end there. The attack has transformed from an acute situation to be dealt with by security experts to a symbol of how fundamentally vital cybersecurity protection is and the true scale of what can happen when systems and devices lack crucial defenses. The far-reaching consequences of WannaCry has also revived a nuanced and long-standing debate about just how much risk the public should be exposed to when intelligence agencies secretly take advantage of vulnerabilities in consumer products.

Stockpiling Vulnerabilities

WannaCry's evolution is the latest example. The attack spread by exploiting a Windows server vulnerability known as EternalBlue. The NSA discovered the bug and was holding on to it, but information about it and how to exploit it was stolen in a breach and then leaked to the public by a hacking group known as the Shadow Brokers. Microsoft issued a fix in mid-March, but many computers and servers never actually received the patch, leaving those systems open to attack. By holding on to this information instead of directly disclosing the vulnerability to manufacturers, this NSA espionage technique-ostensibly meant to protect people-caused a great deal of harm. And there's no sign that groups like the NSA will discontinue this practice in the future.

"Even if what the NSA and the US government did is entirely right, it's also OK for us to be outraged about this-we're angry if a cop loses his gun and then it gets used in a felony," says Jason Healey, a cyberconflict researcher at Columbia University, who studies the US government's existing vulnerability and exploit disclosure process. "I think the government's response to this is often 'Look, this is espionage, it's how the game is played, quit crying.' And that's just not cutting it. Everyone is right to be outraged and the government needs a better way of dealing with this."

There's certainly plenty of outrage that an NSA spy tool was stolen in the first place, then leaked, and then exploited to the detriment of individuals and businesses around the world.

"An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen," Brad Smith, the president and chief legal officer of Microsoft, wrote on Sunday. "This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. … We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."

It is vitally important that tech companies release patches in an accessible way and that customers-both individuals and institutions-apply those patches. Experts agree that the tech community and its users share responsibility for the WannaCry fallout given that Microsoft had released a protective patch that wasn't installed widely enough. But with intelligence agencies around the world essentially betting against this process, their decisions can have an outsized impact. Even Russian President Vladimir Putin invoked this reasoning while speaking in Beijing on Monday. "Genies let out of bottles like these, especially if they've been created by the secret services, can then harm even their own authors and creators," he said.

Who Determines the Greater Good?
For its part, the US has been developing and implementing a program called the Vulnerabilities Equities Process since 2010. It requires intelligence agencies that obtain zero-day (i.e. previously unknown) vulnerabilities and/or exploits to disclose them within the government for review. The idea is to determine on a case-by-case basis whether a greater public good is served by keeping a particular vulnerability secret for espionage purposes or by disclosing it so the manufacturer can issue a patch and protect users at large.

So far the process has proved imperfect, and in fact, there is evidence that some agencies have been shielding bugs from oversight. "How do you reconcile [intelligence agencies'] stated need to use these tools and keep them secret with the fact that they keep leaking or being stolen and with the fact that they don't seem to be accounting for that risk," says Andrew Crocker, a staff attorney at the Electronic Frontier Foundation. "We need to have a reform of VEP or something like it where those risks are properly accounted for."

Experts say that one possibility is to create a mechanism through which tech companies can participate in intelligence oversight when it comes to vulnerabilities in their products. Such an arrangement would be a major departure for spy groups used to extensive independence and secrecy, but companies that bear significant responsibility when spy tools leak could work as a check on agencies. "There just has to be balance," says Stephen Wicker, a computer engineering professor at Cornell University who studies privacy and regulation. "The corporations themselves have to be involved in this line drawing somehow."

There's no reason to think that intelligence groups will stop seeking out and using undisclosed vulnerabilities and exploits, but WannaCry may serve as a more effective wakeup call for the intelligence community than past incidents simply because of its scale and impact on vital services likes hospitals. "Whether it results in changing anything on the inside, we the public don't really have any way of knowing. There are mechanisms like congressional oversight and reporting, but it's all discretionary," EFF's Crocker says. "So I hope that's an actionable thing that comes out of this-it does seem like everyone agrees that transparency and reporting and oversight and auditing of this area of the intelligence community is very much needed."

And one concrete thing agencies can do to reduce incidental impact is devote even more resources and effort to securing their digital tools. Perfect security is impossible, but the more control intelligence groups can maintain, the less danger these spy tools pose.

"You cannot do modern espionage without these capabilities," Columbia's Healey says. "If you want to know what the Islamic State is doing if you want to keep track of loose nukes in central Asia, if you want to follow smugglers who are trying to sell plutonium, this is the core set of capabilities that you need to do that. [But] a minimum role of public policy is if you're going to weaponize the IT made by US companies and depended on by citizens, for ****'s sake at least keep it secret. If you're going to have to do this, then don't lose it."
https://www.wired.com/2017/05/governments-wont-let-go-secret-software-bugs/
 

·
Watching the world self-destruct!
Joined
·
3,044 Posts
I still have one computer still using Windows, the rest are all Ubuntu now. My Windows machine popped up a "critical warning" from my Advanced Care System about 3AM this morning, telling me a "security patch" was available for "WannaCry," and, of course, I immediately hit the install button. If the services are sending out warnings to all their private (civilian) customers, SOMEBODY, SOMEWHERE, is really worried about this thing....I've never gotten a "critical warning" until now. "Advisories", yes, "critical warnings," no.
 

·
RockyMountainCanadian
Joined
·
4,288 Posts
:brickwall:I still don't understand why critical systems are on computers hooked to the internet.

maybe a little thought would go a long way:brickwall:
 

·
Internet Princess
Joined
·
2,809 Posts
:brickwall:I still don't understand why critical systems are on computers hooked to the internet.

maybe a little thought would go a long way:brickwall:
I've always wondered that.
 

·
Watching the world self-destruct!
Joined
·
3,044 Posts
New updates on the AV/ASW programs.

On the one machine that's still running Windows, I have (a) Advanced Care System, (b) Wise 365, (c) Adaware AV, (d) SuperAntiSpyware. At 3 AM, I got the alert from Advanced, and installed the security patch. My Super is set to run automatically at 11 AM daily, and the Adaware is set to run automatically at 9 PM daily. BOTH of them informed me that a new "antivirus definition" was needed specifically for "wannacrypt", and did I want to install it immediately. (Which, of course, I did.) Wise 365 doesn't do "antivirus/antispyware," and so it remained silent!

Has anyone else gotten a "specific warning" via their AV/ASW programs regarding "wannacry/wannacrypt?" I have never had specific warnings like this before today....plenty of "generic update/definition advisories," yes, but specific warning about ONE gremlin, no!!:eek:

I'm thinking this is a very nasty bug, and SOMEONE, SOMEWHERE is pretty worried about it. It is classified as "ransomware" according to my programs, which is, indeed, a real nasty form.

And now they are suggesting that North Korea is the source.

https://www.theverge.com/2017/5/15/15643226/wannacry-ransomware-north-korea-attribution-wannacrypt

Excerpt: "Researchers at Kaspersky Lab have uncovered new evidence linking the WannaCry ransomware code to North Korea. In a post today, the group detailed a segment of code used in both an early WannaCry variant and a February 2015 sample attributed to the Lazarus Group, a Kaspersky-tracked actor tied to the North Korean government. The overlap was first spotted by Google researcher Neal Mehta, and Kaspersky believes the similarity goes far beyond shared code."

"We strongly believe the February 2017 sample was compiled by the same people," Kaspersky writes, "or by people with access to the same source code as the May 2017 WannaCry encryptor used in the May 11th wave of attacks.""Symantec found similar connections, according to a report in Cyberscoop, although the company said it was difficult to suss out the meaning of the shared code. "While these connections exist, they so far only represent weak connections," the company said in a statement. "We are continuing to investigate for stronger connections."

"On some level, it's hard to know what to make of this. WannaCry behaves like standard criminal ransomware, and before this latest finding, there was no reason to suspect a nation state was behind it. This kind of early code analysis is necessarily speculative, and it's entirely plausible that the WannaCry authors lifted the relevant code from a North Korean sample just like they lifted the EternalBlue code from the NSA. Even if all of Kaspersky's assumptions are true, it could be the result of an internal data breach rather than a government operation."

"Still, it's a tantalizing clue toward the origins of one of the most damaging worms the internet has ever seen. If there is some connection between WannaCry and North Korea, it would suggest the origins of the attack are far more unusual than anyone suspected."

Microsoft also fell down on the job...video is very good!
http://fortune.com/2017/05/16/wannacry-news-exploit-ransomware-wanna-cry-attack/

And the "Mirror" give a lot of info about it and how it works.
http://www.mirror.co.uk/tech/what-wanna-decryptor-look-ransomware-10410236
Excerpt....The malware is delivered as a Trojan through a loaded hyperlink that can be accidentally opened by a victim through an email, advert[isement] on a webpage or a Dropbox link. Once it has been activated, the program spreads through the computer and locks all the files with the same encryption used for instant messages."Once the files have been encrypted it deletes the originals and delivers a ransom note in the form of a readme file. It also changes the victim's wallpaper to a message demanding payment to return the files."

We have not seen the last of this, or a variant, I would hazard a guess. And if N. Korea is doing this, I'd say they are gonna end up targeting the U.S., think hospitals, LEA's, banks, power grid, and government agencies of all types....now wouldn't THAT be fun for everyone!?!? :eek:
 

·
Junior Member
Joined
·
1,292 Posts
I will be fine, wife's computer maby nit but all I'll have to do is nuke it and start over. Problem solved.
 

·
Watching the world self-destruct!
Joined
·
3,044 Posts
I will be fine, wife's computer maby nit but all I'll have to do is nuke it and start over. Problem solved.
What if it won't let you INTO "System Restore??" :eek:
 

·
Junior Member
Joined
·
1,292 Posts
What I'm talking about is a fresh install. Won't hurt my feelings because that means I get to play with Computer all day long lol
 

·
Seeking The Truth
Joined
·
7,938 Posts
Don't know much about software but I do know I'm tired of seeing my Pizzagate thread. So I'm bringing this one up top.:wave:
 
1 - 9 of 9 Posts
Top