It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Ransomware Encrypts Victim Files With 1,024-Bit Key

page: 1
2

log in

join
share:

posted on Jun, 14 2008 @ 02:56 PM
link   

Ransomware Encrypts Victim Files With 1,024-Bit Key


blog.washingtonpost.com

A dangerous new strain of malicious software that holds the victim's computers files for ransom has been unleashed, and Kaspersky Lab is warning that security researchers have yet to crack the encryption key.

"We estimate it would take around 15 million modern computers, running for about a year, to crack such a key," writes Aleks Gostev, senior virus analyst at Kaspersky, on the company's blog.
(visit the link for the full news article)




posted on Jun, 14 2008 @ 02:56 PM
link   

"Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********@yahoo.com"


Yep, this is how it works. The hackers sends a virus that encrypts your files with a 2^1024 binary code which can takes as they said 15 million computers and 1 year to crack.

Hope I never get attacked by this
.

blog.washingtonpost.com
(visit the link for the full news article)



posted on Jun, 14 2008 @ 03:11 PM
link   
Would it not be very easy to track the emails to such a company? How would the money transfer work to pay for the decyption key? If they experienced inundation with cash-flow, how would they be able to keep their identities secret? How would they be able to run such a company and not be hunted down by every major crime fighting organisation in the world?

-ChriS



posted on Jun, 14 2008 @ 03:36 PM
link   
reply to post by die_another_day
 


What about the new IBM super duper computer they have. I'm sure it would crack that code in 2 seconds flat.



posted on Jun, 14 2008 @ 04:00 PM
link   
reply to post by Brothers
 


Or the NASA supercomputer even. If we needed to, we have the resources to make it work.

The problem is creating a software counter that nullifies any encryption attempt. I am not a computer genius so I have no idea where they would start.

-ChriS



posted on Jun, 14 2008 @ 04:08 PM
link   

Originally posted by BlasteR
reply to post by Brothers
 


Or the NASA supercomputer even. If we needed to, we have the resources to make it work.

-ChriS

I don't know which one are you talking about but the new IBM is the most powerful supercomputer in the world.


sty

posted on Jun, 14 2008 @ 04:16 PM
link   
very interesting! the new IBM computer is able to do 1 000 000 000 000 000 operations a second, but i am not sure it would be able to crack this password all that easy as they count together like 1 million good desk computers. I guess there must be a way easier than this : get the guy and put him to prison until he gives the pass haha.



posted on Jun, 14 2008 @ 04:17 PM
link   
This belongs in a DOS catagory for attaks. Denial of Service brought to a whole new level. Its not so much that you wouldnt beable to find files or what not till it was cracked its the fact that

IF THIS GETS INTO A PROPITERAY say UTILITY control grid or traffic grid ect. Were skrewed.

I know there isn't a complete second set of hardware sitting around to just swap it.. That contingency is not in any "disaster recovery" plan ive ever seen. I mean semi replacement ive seen like just a server , but not all the nodes too.

You may say im crazy and in any normal unix/linux/freebsd/windows environment this could be Remedied and your partially right but step back and think about the proprietary machines that run certain "grids" and say o # a few times to yourself.
Joe



posted on Jun, 14 2008 @ 04:35 PM
link   
The IBM supercomputer we are talking about is called "Roadrunner"
en.wikipedia.org...

It has a peak operating performance of about 1.7 petaflops. IBM built it for the Department of Energy and the National Nuclear Security Administration and it JUST became operational in May.

NASA has a supercomputing division called NAS (Nasa advanced supercomputing) division.
See links:

Nasa supercomputing home:
www.nas.nasa.gov...

Nasa supercomputers and specs:
www.nas.nasa.gov...

NASA has 3 supercomputing systems
-Columbia
-Schirra
-RT Jones
And then the storage computer they use which can hold 25 petabytes of information. Columbia is the most powerful NASA has (currently). It has a theoretical peak processing power of 88.88 teraflops, compared to the new IBM roadrunner which is about twice this. NASA is currently planning a new supercomputer to be built by Intel and SGI, which will be called the Pleiades, which would have a peak processing capability of about 1.0 petaflops.

Some supercomputers have actually been designed around cracking ciphers like "Deep Crack" (:lol
which was designed solely for the purpose of cracking the DES cipher
See: en.wikipedia.org...
If nothing else, it is proof of concept that supercomputers can be built without having to cost millions of dollars and can still be extremely efficient at cracking.

from wikipedia

In 1998 the EFF built Deep Crack for less than $250,000.[1] In response to DES Challenge II-2, on July 17, 1998, Deep Crack decrypted a DES-encrypted message after only 56 hours of work, winning $10,000. This was the final blow to DES, against which there were already some published cryptanalytic attacks. The brute force attack showed that cracking DES was actually a very practical proposition. For well-endowed governments or corporations, building a machine like Deep Crack would be no problem.


The technology is much better today due to Moore's Law. If you aren't sure what Moore's Law is.. This is basically what it means..
en.wikipedia.org...


Moore's law describes an important trend in the history of computer hardware: that the number of transistors that can be inexpensively placed on an integrated circuit is increasing exponentially, doubling approximately every two years.[1] The observation was first made by Intel co-founder Gordon E. Moore in a 1965 paper.[2][3][4] The trend has continued for more than half a century and is not expected to stop for another decade at least and perhaps much longer.[5]

Almost every measure of the capabilities of digital electronic devices is linked to Moore's law: processing speed, memory capacity, even the resolution of digital cameras. All of these are improving at (roughly) exponential rates as well.[6] This has dramatically increased the usefulness of digital electronics in nearly every segment of the world economy.[7] Moore's law describes this driving force of technological and social change in the late 20th and early 21st centuries.


The technology is better for everyone, therefore the encryption obstacles thrown out by the creators of malicious software are also much more advanced. But supercomputing power has also been increasing due to Moore's Law, therefore any supercomputing application should, in theory, still be extremely effective at cracking/deciphering such insane encryption techniques..

-ChriS

[edit on 14-6-2008 by BlasteR]



posted on Jun, 14 2008 @ 10:03 PM
link   
2^1024 = 1.8 x (10^308)

A petaflop is 10^15

My interpretation may be wrong.
However... if that IBM computer is "only" that powerful, were screwed.



posted on Jun, 14 2008 @ 11:49 PM
link   
I am a huge fan of cryptography and cant believe no one has thought of this before. About ten or so years ago when I was really into the black hat scene I would see and hear of virus's that result in a one-way encryption scheme, rendering your data useless. This individual just took it a step further and is allowing the person a chance to get their data back... for a price.

Also, a 1024-bit key is in theory possible to break, although no body on earth has the computing power to do so in any realistic time frame. If this was a 4096-bit however, the key would be the only way I can think of to retrieve their data even with computers many times faster then the most powerful machines on the planet currently.

from Wikipedia regarding RSA encryption :


A theoretical hardware device named TWIRL and described by Shamir and Tromer in 2003 called into question the security of 1024 bit keys. It is currently recommended that n be at least 2048 bits long.


But, this is theoretical as the quote states and even if it was created, would take over a year to break the cipher. I do not see many people spending a year to retrieve their data at the cost of millions of dollars. We are currently so advanced in the field of cryptography that our computers are unable to keep up with the size of these keys, and until the age of quantum computing.. if you get infected with such a virus, you are in a very bad position.

One possible way to obtain the key is that Yahoo would be able to read their outgoing mail, although I am sure the people involved are not that stupid and most likely use their own SMTP server to send the keys to specific addresses.

Knowledge is power, and power corrupts.. as can be seen here.

[edit on 14-6-2008 by deadline527]

[edit on 14-6-2008 by deadline527]



posted on Jun, 14 2008 @ 11:53 PM
link   
The hackers hack, the crackers crack, the programmers program, the providers provide.

It would seem that 'teh intrawebz' has become as gimmicky as everything else in society.



posted on Jun, 15 2008 @ 12:19 AM
link   
Actually, this has been out for a while now.

Here is an article on it last August.


searchsecurity.techtarget.com...




[edit on 15-6-2008 by Quazga]



posted on Jun, 15 2008 @ 04:53 PM
link   
I wonder if, due to moore's law, the encryption techniques will eventually surpass the ability of ANY supercomputer to crack that encryption. That's pretty scary. Especially considering, as the man said, this was a story from last August. No telling what's going on right now behind the scenes.

-ChriS

[edit on 15-6-2008 by BlasteR]



new topics

top topics



 
2

log in

join