Home » Posts tagged 'malware'
Tag Archives: malware
How UK Spies Hacked a European Ally and Got Away With It
FOR A MOMENT, it seemed the hackers had slipped up and exposed their identities. It was the summer of 2013, and European investigators were looking into an unprecedented breach of Belgium’s telecommunications infrastructure. They believed they were on the trail of the people responsible. But it would soon become clear that they were chasing ghosts – fake names that had been invented by British spies.
The hack had targeted Belgacom, Belgium’s largest telecommunications provider, which serves millions of people across Europe. The company’s employees had noticed their email accounts were not receiving messages. On closer inspection, they made a startling discovery: Belgacom’s internal computer systems had been infected with one of the most advanced pieces of malware security experts had ever seen.
As The Intercept reported in 2014, the hack turned out to have been perpetrated by U.K. surveillance agency Government Communications Headquarters, better known as GCHQ. The British spies hacked into Belgacom employees’ computers and then penetrated the company’s internal systems. In an eavesdropping mission called “Operation Socialist,” GCHQ planted bugs inside the most sensitive parts of Belgacom’s networks and tapped into communications processed by the company.
The covert operation was the first known example of a European Union member state hacking the critical infrastructure of another. The malware infection triggered a massive cleanup operation within Belgacom, which has since renamed itself Proximus. The company – of which the Belgian government is the majority owner – was forced to replace thousands of its computers at a cost of several million Euros. Elio di Rupo, Belgium’s then-prime minister, was furious, calling the hack a “violation.” Meanwhile, one of the country’s top federal prosecutors opened a criminal investigation into the intrusion.
…click on the above link to read the rest of the article…
“Worst-Ever Recorded” Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools
“Worst-Ever Recorded” Ransomware Attack Strikes Over 57,000 Users Worldwide, Using NSA-Leaked Tools
The ransomware has been identifed as WannaCry
* * *
Update 4: According to experts tracking and analyzing the worm and its spread, this could be one of the worst-ever recorded attacks of its kind. The security researcher who tweets and blogs as MalwareTech told The Intercept “I’ve never seen anything like this with ransomware,” and “the last worm of this degree I can remember is Conficker.” Conficker was a notorious Windows worm first spotted in 2008; it went on to infect over nine million computers in nearly 200 countries. As The Intercept details,
Today’s WannaCry attack appears to use an NSA exploit codenamed ETERNALBLUE, a software weapon that would have allowed the spy agency’s hackers to break into any of millions of Windows computers by exploiting a flaw in how certain version of Windows implemented a network protocol commonly used to share files and to print. Even though Microsoft fixed the ETERNALBLUE vulnerability in a March software update, the safety provided there relied on computer users keeping their systems current with the most recent updates. Clearly, as has always been the case, many people (including in governments) are not installing updates. Before, there would have been some solace in knowing that only enemies of the NSA would have to fear having ETERNALBLUE used against them–but from the moment the agency lost control of its own exploit last summer, there’s been no such assurance.Today shows exactly what’s at stake when government hackers can’t keep their virtual weapons locked up.
As security researcher Matthew Hickey, who tracked the leaked NSA tools last month, put it, “I am actually surprised that a weaponized malware of this nature didn’t spread sooner.”
Update 3: Microsoft has issued a statement, confirming the status the vulnerability:
Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt.
…click on the above link to read the rest of the article…
Leaked NSA Malware Threatens Windows Users Around the World
The ShadowBrokers, an entity previously confirmed by The Intercept to have leaked authentic malware used by the NSA to attack computers around the world, today released another cache of what appears to be extremely potent (and previously unknown) software capable of breaking into systems running Windows. The software could give nearly anyone with sufficient technical knowledge the ability to wreak havoc on millions of Microsoft users.
The leak includes a litany of typically codenamed software “implants” with names like ODDJOB, ZIPPYBEER, and ESTEEMAUDIT, capable of breaking into — and in some cases seizing control of — computers running version of the Windows operating system earlier than the most recent Windows 10. The vulnerable Windows versions ran more than 65 percent of desktop computers surfing the web last month, according to estimates from the tracking firm Net Market Share.
The crown jewel of the implant collection appears to be a program named FUZZBUNCH, which essentially automates the deployment of NSA malware, and would allow a member of agency’s Tailored Access Operations group to more easily infect a target from their desk.
via Matthew Hickey
According to security researcher and hacker Matthew Hickey, co-founder of Hacker House, the significance of what’s now publicly available, including “zero day” attacks on previously undisclosed vulnerabilities, cannot be understated: “I don’t think I have ever seen so much exploits and 0day [exploits] released at one time in my entire life,” he told The Intercept via Twitter DM, “and I have been involved in computer hacking and security for 20 years.” Affected computers will remain vulnerable until Microsoft releases patches for the zero-day vulnerabilities and, more crucially, until their owners then apply those patches.
…click on the above link to read the rest of the article…
Malware Attacks Used By the US Government Retain Potency For Many Years, New Evidence Indicates
A NEW REPORT from Rand Corp. may help shed light on the government’s arsenal of malicious software, including the size of its stockpile of so-called “zero days” — hacks that hit undisclosed vulnerabilities in computers, smartphones, and other digital devices.
The report also provides evidence that such vulnerabilities are long lasting. The findings are of particular interest because not much is known about the U.S. government’s controversial use of zero days. Officials have long refused to say how many such attacks are in the government’s arsenal or how long it uses them before disclosing information about the vulnerabilities they exploit so software vendors can patch the holes.
Rand’s report is based on unprecedented access to a database of zero days from a company that sells them to governments and other customers on the “gray market.” The collection contains about 200 entries — about the same number of zero days some experts believe the government to have. Rand found that the exploits had an average lifespan of 6.9 years before the vulnerability each targeted was disclosed to the software maker to be fixed, or before the vendor made upgrades to the code that unwittingly eliminated the security hole.
Some of the exploits survived even longer than this. About 25 percent had a lifespan of a decade or longer. But another 25 percent survived less than 18 months before they were patched or rendered obsolete through software upgrades.
Chart: RAND
Rand’s researchers found that there was no pattern around which exploits lived a long or short life — severe vulnerabilities were not more likely to be fixed quickly than minor ones, nor were vulnerabilities in programs that were more widely available.
…click on the above link to read the rest of the article…
Cisco is Shipping Equipment to Fake Addresses to Protect Customers; Meanwhile Amazon Refuses to Provide Any Transparency
Cisco is Shipping Equipment to Fake Addresses to Protect Customers; Meanwhile Amazon Refuses to Provide Any Transparency
Examining the distinct ways in which various technology/internet companies have responded to revelations that the U.S. government is grossly violating American citizens’ 4th Amendment rights with its unconstitutional mass surveillance can be quite telling. A really interesting case in point came across my screen today.
On the one hand, we have Cisco, which seems to be trying its best to get hardware from one place to another without the NSA intercepting it and implanting malware. On the other hand, we have Amazon, which refuses to provide even the most basic transparency report when it comes to government data requests. Thanks for nothing Bezos.
Let’s start with Cisco. The Register reports that:
Cisco will ship boxes to vacant addresses in a bid to foil the NSA, security chief John Stewart says.
The dead drop shipments help to foil a Snowden-revealed operation whereby the NSA would intercept networking kit and install backdoors before boxen reached customers.
The interception campaign was revealed last May.
Speaking at a Cisco Live press panel in Melbourne today, Stewart says the Borg will ship to fake identities for its most sensitive customers, in the hope that the NSA’s interceptions are targeted.
“We ship [boxes] to an address that’s has nothing to do with the customer, and then you have no idea who ultimately it is going to,” Stewart says.
Stewart says some customers drive up to a distributor and pick up hardware at the door.
After the hacking campaign Borg boss John Chambers wrote a letter to US President Barack Obama saying the spying would undermine the global tech industry.
…click on the above link to read the rest of the article…
FBI warned Year Ago of impending Malware Attacks—But Didn’t Share Info with Sony – The Intercept
FBI warned Year Ago of impending Malware Attacks—But Didn’t Share Info with Sony – The Intercept.
Nearly one year before Sony was hacked, the FBI warned that U.S. companies were facing potentially crippling data destruction malware attacks, and predicted that such a hack could cause irreparable harm to a firm’s reputation, or even spell the end of the company entirely. The FBI also detailed specific guidance for U.S. companies to follow to prepare and plan for such an attack.
But the FBI never sent Sony the report.
The Dec. 13, 2013 FBI Intelligence Assessment, “Potential Impacts of a Data-Destruction Malware Attack on a U.S. Critical Infrastructure Company’s Network,” warned that companies “must become prepared for the increasing possibility they could become victim to a data destruction cyber attack.”
The 16-page report includes details on previous malware attacks on South Korea banking and media companies—the same incidents and characteristics the FBI said Dec. 19th that it had used to conclude that North Korea was behind the Sony attack.
The report, a copy of which was obtained by The Intercept, was based on discussions with private industry representatives and was prepared after the 2012 cyber attack on Saudi Aramco. The report was marked For Official Use Only, and has not been previously released.
