It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Leaked NSA malware is helping hijack computers across the world.

page: 1
6

log in

join
share:

posted on May, 19 2017 @ 02:27 PM
link   
Hey, thanks shady government!

The NSA and CIA prove time after time they are autonomous and operate under their own guidelines. Causing wars, bringing drugs to our nations, who are they really working for? And who are they trying to help? (definitely not citizens)


In mid-April, an arsenal of powerful software tools apparently designed by the NSA to infect and control Windows computers was leaked by an entity known only as the “Shadow Brokers.” Not even a whole month later, the hypothetical threat that criminals would use the tools against the general public has become real, and tens of thousands of computers worldwide are now crippled by an unknown party demanding ransom.



The malware worm taking over the computers goes by the names “WannaCry” or “Wanna Decryptor.” It spreads from machine to machine silently and remains invisible to users until it unveils itself as so-called ransomware, telling users that all their files have been encrypted with a key known only to the attacker and that they will be locked out until they pay $300 to an anonymous party using the cryptocurrency Bitcoin.



Reuters said that “hospitals across England reported the cyberattack was causing huge problems to their services and the public in areas affected were being advised to only seek medical care for emergencies,” and that “the attack had affected X-ray imaging systems, pathology test results, phone systems and patient administration systems.”

The worm has also reportedly reached universities, a major Spanish telecom, FedEx, and the Russian Interior Ministry. In total, researchers have detected WannaCry infections in over 57,000 computers across over 70 countries (and counting — these things move extremely quickly).


The Intercept




posted on May, 19 2017 @ 02:45 PM
link   

originally posted by: CriticalStinker
Hey, thanks shady government!

The NSA and CIA prove time after time they are autonomous and operate under their own guidelines. Causing wars, bringing drugs to our nations, who are they really working for? And who are they trying to help? (definitely not citizens)


In mid-April, an arsenal of powerful software tools apparently designed by the NSA to infect and control Windows computers was leaked by an entity known only as the “Shadow Brokers.” Not even a whole month later, the hypothetical threat that criminals would use the tools against the general public has become real, and tens of thousands of computers worldwide are now crippled by an unknown party demanding ransom.



The malware worm taking over the computers goes by the names “WannaCry” or “Wanna Decryptor.” It spreads from machine to machine silently and remains invisible to users until it unveils itself as so-called ransomware, telling users that all their files have been encrypted with a key known only to the attacker and that they will be locked out until they pay $300 to an anonymous party using the cryptocurrency Bitcoin.



Reuters said that “hospitals across England reported the cyberattack was causing huge problems to their services and the public in areas affected were being advised to only seek medical care for emergencies,” and that “the attack had affected X-ray imaging systems, pathology test results, phone systems and patient administration systems.”

The worm has also reportedly reached universities, a major Spanish telecom, FedEx, and the Russian Interior Ministry. In total, researchers have detected WannaCry infections in over 57,000 computers across over 70 countries (and counting — these things move extremely quickly).


The Intercept


Er, Um er, this is correct.



posted on May, 19 2017 @ 02:55 PM
link   
That's some very malicious ransomware.

Microsoft claims that if you have the latest updates you are protected.

Everyone with Windows needs to update if they haven't been regularly.
If you get the warnings and put it off - then get infected - guess who's fault it is?
Not the NSA's and not Microsoft's...

Just update now if you haven't been.
Problem solved.



posted on May, 19 2017 @ 02:58 PM
link   
This attack could have positive results, according to this in the article:


The infection will surely reignite arguments over what’s known as the Vulnerabilities Equity Process, the decision-making procedure used to decide whether the NSA should use a security weakness it discovers (or creates) for itself and keep it secret, or share it with the affected companies so that they can protect their customers. Christopher Parsons, a researcher at the University of Toronto’s Citizen Lab, told The Intercept plainly: “Today’s ransomware attack is being made possible because of past work undertaken by the NSA,” and that “ideally it would lead to more disclosures that would improve the security of devices globally.”


So if this pushed the NSA towards disclosing more of it's information to the public domain, it will make everyone more secure and could create some good will between the NoSuchAgency and the civilian population.



posted on May, 19 2017 @ 03:08 PM
link   
Additional info:
EternalBlue


EternalBlue, sometimes stylized as ETERNALBLUE,[1] is an exploit generally believed to have been developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on 14 April 2017, and was used as part of the worldwide WannaCry ransomware attack on 12 May 2017.[1][2][3][4][5]

EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. This vulnerability is denoted by entry CVE-2017-0144 in the Common Vulnerabilities and Exposures (CVE) catalog. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows accepts specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer.[6]

The Windows security update on 14 March 2017 resolved the issue via security update MS17-010, for all Windows versions that were currently supported at that time, these being Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016.[7][8]

On May 13, 2017, a day after the attack, Microsoft took the highly unusual step of also providing a security update for Windows XP, Windows 8, and Windows Server 2003



Who are The Shadow Brokers ?


The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016.[1][2] They published several leaks containing hacking tools from the National Security Agency (NSA), including several zero-day exploits.[1] Specifically, these exploits and vulnerabilities[3][4] targeted enterprise firewalls, anti-virus products, and Microsoft products.[5] The Shadow Brokers originally attributed the leaks to the Equation Group threat actor, who have been tied to the NSA's Tailored Access Operations unit.[6][7][8][9]


Lots more info on that wiki.

Now here's some crazy stuff:
Equation Group


The Equation Group, classified as an advanced persistent threat, is a highly sophisticated threat actor suspected of being tied to the United States National Security Agency (NSA).[1][2][3] Kaspersky Labs describes them as one of the most sophisticated cyber attack groups in the world and "the most advanced ... we have seen", operating alongside but always from a position of superiority with the creators of Stuxnet and Flame.[4][5] Most of their targets have been in Iran, Russia, Pakistan, Afghanistan, India, Syria, and Mali.[5]


Tailored Access Operations

The Office of Tailored Access Operations (TAO) is a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA). It has been active since at least circa 1998.[1][2] TAO identifies, monitors, infiltrates, and gathers intelligence on computer systems being used by entities foreign to the United States.[3][4][5][6]

The NSA terms these activities "computer network exploitation". TAO is reportedly "now the largest and arguably the most important component of the NSA's huge Signals Intelligence Directorate (SID)[7] (SIGINT), consisting of more than 1,000 military and civilian computer hackers, intelligence analysts, targeting specialists, computer hardware and software designers, and electrical engineers."[1]


Talk about leaks of classified dangerous information!



posted on May, 19 2017 @ 03:15 PM
link   
What makes you think it's not our government doing it? I would not put anything past them. Maybe they aren't making enough money in the drug trade and need to buy some friends of theirs a swimming pool. I mean, after all, what's morality to them.



posted on May, 19 2017 @ 08:50 PM
link   
I blame Microsoft. SMB 1.0 (or CIFS) is a network protocol that's cobbled together from different earlier network protocols built on top of each other in the same way that Victorian builders would incorporate walls and other existing structures into their designs. That would lead to all sorts of backdoors, secret corridors and hidden rooms.

SMB/CIFS is built from the original DOS BIOS (Interrupt 33h), NetBios, IPX, LAN Manager, Windows for Workgroups and TCP/IP. With a software stack that tall, any backdoors or vulnerabilities would just get buried, hidden and forgotton about.

en.wikipedia.org...



new topics

top topics



 
6

log in

join