As A New Wave Of Cyberattacks Rolls Out, Rep. Ted Lieu Asks What The NSA's Going To Do About It

from the ETERNALPWNAGE dept

Leaked NSA exploits have now been the basis for two massive cyberattacks. The first — Wannacry — caught hospitals and other critical infrastructure across several nations in the crossfire, using a tool built on the NSA’s ETERNALBLUE exploit backbone. The second seems to be targeting Ukraine, causing the same sort of havoc but with a couple of particularly nasty twists.

This one, called Petya, demanded ransom from victims. Things went from bad to worse when email provider Posteo shut down the attacker’s account. Doing so prevented affected users from receiving decryption keys, even if they paid the ransom.

It soon became apparent it didn’t matter what Posteo did, no matter how clueless or ill-advised. There was no retrieving files even if ransoms were paid. Two separate sets of security researchers examined the so-called ransomware and discovered Petya is actually a wiper. Once infected, victims’ files are as good as gone. No amount of bitcoin is going to reverse the inevitable. The ransomware notices were only there to draw attention to the infection and away from the malware’s true purpose.

Both cases are considered to be attacks by nation states. Inconsistently-applied patches — most of them released with zero information by Microsoft — have led to an insane amount of damage.

Through it all, the NSA — whose tools were leaked — has remained consistently silent. There’s been no indication if the agency is working to mitigate the ongoing threat or whether it’s far more concerned with discovering who left behind the malware toolkit first exposed by the ShadowBrokers.

It’s unlikely we’ll hear much being said publicly by the agency, but Rep. Ted Lieu has sent a letter to NSA chief Mike Rogers demanding answers. The letter [PDF] points out both attacks have been based on NSA exploits (ETERNALBLUE and ETERNALROMANCE). Lieu also states he fears the attacks seen in the past few weeks are only the “tip of the iceberg.” The agency’s refusal to discuss the attacks apparently isn’t going to fly anymore.

Lieu makes two requests: the first is for the agency to see if it has some sort of magic “OFF” switch just laying around.

My first and urgent request is that if the NSA knows how to stop this global malware attack, or has information that can help step the attack, NSA should immediately disclose it. If the NSA has a kill switch for this new malware attack, the NSA should deploy it now.

It’s far more likely the NSA has information it would rather not share than it is the agency has a way to shut down this attack, much less prevent future variations on its ETERNAL theme. But that’s directly related to the second part of Lieu’s request: work with companies whose software is being exploited to prevent further attacks. If the NSA still has security holes it’s hoping won’t be patched anytime soon, the current situation would seem to call for a rethink of its exploit-hoarding M.O.

What may be in order is the NSA stepping up and playing defense. It has stated a desire to be a larger cog in the US cyberwar machinery, but often seems more interested in playing offense than pitching in to help on the defensive end. That may need to change quickly if the NSA isn’t going to be seen as more of a problem than a solution.

Filed Under: , , , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “As A New Wave Of Cyberattacks Rolls Out, Rep. Ted Lieu Asks What The NSA's Going To Do About It”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Yes, if the NSA only had backdoors into everything, then they could keep those backdoors secret, and only share them with Trusted People(TM). That way, Bad People couldn’t use them.

Unless the Bad People discovered the backdoor on their own. Which they wouldn’t try to do. Because, for one thing, it would be so much easier to pay a Trusted Person to reveal the backdoor. As everyone knows, Bad People cannot do Arithmetic or Logic, and so anything concealed by Arithmetic or Logic is forever safe from them.

I heard, one time, about a math professor who had a falling-out with his neighbors and joined the Nazi Party out of spite. He immediately forgot his multiplication tables. That’s always the way it works.

Christenson says:

Temporary Pain

Dear Rep Lieu:

There’s no such thing as an “off” switch for an exploit, and even if there was, anyone with the source code can find it and remove it. That’s trivial compared to finding the vulnerability in the first place.

The only thing that can stop the pain in the short term is getting all the holes being exploited by these tools patched, and even that will take awhile, since patching my system also represents a risk and takes effort.

In the long term, we need more basic research into how error prone computer hardware and software exposed to malicious inputs from everywhere can be better secured and controlled.

To give you an idea of the problem, everyone has computers and phones that are so complicated and fast there’s no way to be even reasonably sure they are only doing what they are supposed to be doing and haven’t been taken over by someone and doing their bidding 10% of the time.

Anonymous Coward says:

Re: Temporary Pain

‘In the long term, we need more basic research into how error prone computer hardware and software exposed to malicious inputs from everywhere can be better secured and controlled.’

I think thats a good approach, not surprising since ive had those similar thoughts as soon as snowden confirmed our suspicions……and i doubt that were alone on that

Say, talking about suspicions, is it not suspicious that this common sense approach is not being explained to us by our suposedly intelligent leaders in its planned implementation

Perish the thought that they dont care, or have a vested interest in keeping things less secure….perish the thought
At least our leaders might actually have intelligence, just no ethics or morality

Mmmmm……much better alternative


Anonymous Coward says:

Re: Re: Temporary Pain

The problem with software is that it can only be analyzed or tested for problems that are thought of ahead of time. By comparison, hardware can, and often is, subject to bake and shake type testing, which will show up any weaknesses in the design, even if nobody thought of the weakness ahead of time.

New models of cars are subject to such holistic testing, and still the odd design flaw gets through, and as flaws in software are harder to discover, more should be expected to pass any testing procedure than occur with hardware.

Vidiot (profile) says:

"[BADNESS] is threatening our nation! Must stop!"

Congressperson sends a letter…

(Yawn) What’s that overused "definition of insanity" trope… "repeating the same behavior but expecting different results". The write-a-letter thing is only one step removed from calling a Congressional hearing, the pure embodiment of doing nothing at all.

Real action would come from mobilizing a ruthless, cutthroat squad to neutralize the threat. Maybe teaching young Mafiosa to code… or an afterschool MS13 Hacker Club.

streetlight (profile) says:

Why would there be an off switch?

The NSA probably didn’t create an off switch for this software. The purpose of the software could be to disable specific target systems and if the IT folks were able to examine the code they might find the off switch. That doesn’t mean one couldn’t be developed but that would take time for both the NSA and particularly the folks managing the targeted systems. The intention may also be to shut down targeted systems for a fairly short time so some activity can’t take place until the systems are replaced with redundant hardware. This could include shutting down defensive hardware during a military attack, or some such thing.

Anonymous Coward says:

If the NSA hadnt and wouldnt produce the malware that allows these cyber attacks in the first place and would stop insisting that back doors into every bit of software that everyone is using (that then puts us all at risk and actually is nothing to do with anything sinister thats going on, just a means of watching everyone, of enslaving everyone!)are needed, we wouldnt have a problem

Anonymous Coward says:

There will be more of these

And many of them, perhaps all of them, will target Microsoft products because they’re all horribly vulnerable. So it really doesn’t matter what the NSA does this time or the next time or the time after that: the parade will continue.

The solution is obvious and of course will never be implemented: stop using Microsoft products. Of course those of us with a superior grasp of security don’t need to do this, because we never started using them. But the inferior people who’ve built their entire IT operations around Microsoft now have a choice: either continue doing so and whine incessantly when it’s their turn to be hacked, or listen to those of us with superior expertise and get out NOW.

My guess is that they’ll almost exclusively do the former: they’re not intelligent enough to do the latter, and their bloated egos will stop them anyway, since it would require admitting that they’ve been wrong the entire time.

I’m sure the attackers behind these know this just as well as I do. They can sleep well, knowing that their intended victims will do everything possible to remain victims. So whatever the next attack is, and whenever it happens, it will succeed in large measure due to complacency, stupidity, ignorance, and hubris.

Anonymous Coward says:

Once again, playing offense, when defence leads to less destruction

Never should of horded the exploits
Should have informed the relevant software creators
And……lifetime security updates/patches for life, by law, should have been implemented…….or open source everything os/hardware related……fk the monopoly/profit/greed/propriety road blocks…..

Anonymous Coward says:

In Lieu of a back door,

The current score: 2^64-1 (offense) to 1 (defense).

There’s no upside to defense; you do grunt work anonymously for years, and then you get fired.

It used to be that falling asleep during night watch duty was punishable by a firing squad. Perhaps it’s time to utilize that punishment for allowing your command to get hacked — starting with the CO himself/herself.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...