As A New Wave Of Cyberattacks Rolls Out, Rep. Ted Lieu Asks What The NSA's Going To Do About It
from the ETERNALPWNAGE dept
Leaked NSA exploits have now been the basis for two massive cyberattacks. The first — Wannacry — caught hospitals and other critical infrastructure across several nations in the crossfire, using a tool built on the NSA’s ETERNALBLUE exploit backbone. The second seems to be targeting Ukraine, causing the same sort of havoc but with a couple of particularly nasty twists.
This one, called Petya, demanded ransom from victims. Things went from bad to worse when email provider Posteo shut down the attacker’s account. Doing so prevented affected users from receiving decryption keys, even if they paid the ransom.
It soon became apparent it didn’t matter what Posteo did, no matter how clueless or ill-advised. There was no retrieving files even if ransoms were paid. Two separate sets of security researchers examined the so-called ransomware and discovered Petya is actually a wiper. Once infected, victims’ files are as good as gone. No amount of bitcoin is going to reverse the inevitable. The ransomware notices were only there to draw attention to the infection and away from the malware’s true purpose.
Both cases are considered to be attacks by nation states. Inconsistently-applied patches — most of them released with zero information by Microsoft — have led to an insane amount of damage.
Through it all, the NSA — whose tools were leaked — has remained consistently silent. There’s been no indication if the agency is working to mitigate the ongoing threat or whether it’s far more concerned with discovering who left behind the malware toolkit first exposed by the ShadowBrokers.
It’s unlikely we’ll hear much being said publicly by the agency, but Rep. Ted Lieu has sent a letter to NSA chief Mike Rogers demanding answers. The letter [PDF] points out both attacks have been based on NSA exploits (ETERNALBLUE and ETERNALROMANCE). Lieu also states he fears the attacks seen in the past few weeks are only the “tip of the iceberg.” The agency’s refusal to discuss the attacks apparently isn’t going to fly anymore.
Lieu makes two requests: the first is for the agency to see if it has some sort of magic “OFF” switch just laying around.
My first and urgent request is that if the NSA knows how to stop this global malware attack, or has information that can help step the attack, NSA should immediately disclose it. If the NSA has a kill switch for this new malware attack, the NSA should deploy it now.
It’s far more likely the NSA has information it would rather not share than it is the agency has a way to shut down this attack, much less prevent future variations on its ETERNAL theme. But that’s directly related to the second part of Lieu’s request: work with companies whose software is being exploited to prevent further attacks. If the NSA still has security holes it’s hoping won’t be patched anytime soon, the current situation would seem to call for a rethink of its exploit-hoarding M.O.
What may be in order is the NSA stepping up and playing defense. It has stated a desire to be a larger cog in the US cyberwar machinery, but often seems more interested in playing offense than pitching in to help on the defensive end. That may need to change quickly if the NSA isn’t going to be seen as more of a problem than a solution.
Filed Under: attacks, cyberattacks, exploits, leaks, nsa, ransomware, russia, ted lieu, ukraine, vulnerabilities, warfare
Comments on “As A New Wave Of Cyberattacks Rolls Out, Rep. Ted Lieu Asks What The NSA's Going To Do About It”
Lieu to NSA...
“Nerd harder.”
Actually, they did find a vaccine.
Re: Re:
It’s the same AC again – well, the NSA didn’t. Security researchers did. Or is that Not Petya I’m thinking of.
Re: %WINDIR%perfc.dat
It can be an empty file, as long as that filename exists.
So long as governments work on the principle that need to spy on and coerce each other, these problems will continue.
Re: Re:
Well they don’t know it yet, but that attitude will only last another 13 years before it no longer is applicable.
Re: Re:
Amen
I KNOW
they are gonna make mroe exploits to attack them YA YA YA
what can they do
Re: I KNOW
-selves
Yep, we should totally give these guys back doors into everything we do. Nothing bad will ever come from that right?
Yes, if the NSA only had backdoors into everything, then they could keep those backdoors secret, and only share them with Trusted People(TM). That way, Bad People couldn’t use them.
Unless the Bad People discovered the backdoor on their own. Which they wouldn’t try to do. Because, for one thing, it would be so much easier to pay a Trusted Person to reveal the backdoor. As everyone knows, Bad People cannot do Arithmetic or Logic, and so anything concealed by Arithmetic or Logic is forever safe from them.
I heard, one time, about a math professor who had a falling-out with his neighbors and joined the Nazi Party out of spite. He immediately forgot his multiplication tables. That’s always the way it works.
Temporary Pain
Dear Rep Lieu:
There’s no such thing as an “off” switch for an exploit, and even if there was, anyone with the source code can find it and remove it. That’s trivial compared to finding the vulnerability in the first place.
The only thing that can stop the pain in the short term is getting all the holes being exploited by these tools patched, and even that will take awhile, since patching my system also represents a risk and takes effort.
In the long term, we need more basic research into how error prone computer hardware and software exposed to malicious inputs from everywhere can be better secured and controlled.
To give you an idea of the problem, everyone has computers and phones that are so complicated and fast there’s no way to be even reasonably sure they are only doing what they are supposed to be doing and haven’t been taken over by someone and doing their bidding 10% of the time.
Re: Temporary Pain
There was on WannaCry, but that had nothing to do with the NSA zero-day that it implemented.
Re: Temporary Pain
‘In the long term, we need more basic research into how error prone computer hardware and software exposed to malicious inputs from everywhere can be better secured and controlled.’
I think thats a good approach, not surprising since ive had those similar thoughts as soon as snowden confirmed our suspicions……and i doubt that were alone on that
Say, talking about suspicions, is it not suspicious that this common sense approach is not being explained to us by our suposedly intelligent leaders in its planned implementation
Perish the thought that they dont care, or have a vested interest in keeping things less secure….perish the thought
At least our leaders might actually have intelligence, just no ethics or morality
Mmmmm……much better alternative
lose:lose
Re: Re: Temporary Pain
The problem with software is that it can only be analyzed or tested for problems that are thought of ahead of time. By comparison, hardware can, and often is, subject to bake and shake type testing, which will show up any weaknesses in the design, even if nobody thought of the weakness ahead of time.
New models of cars are subject to such holistic testing, and still the odd design flaw gets through, and as flaws in software are harder to discover, more should be expected to pass any testing procedure than occur with hardware.
"[BADNESS] is threatening our nation! Must stop!"
Congressperson sends a letter…
(Yawn) What’s that overused "definition of insanity" trope… "repeating the same behavior but expecting different results". The write-a-letter thing is only one step removed from calling a Congressional hearing, the pure embodiment of doing nothing at all.
Real action would come from mobilizing a ruthless, cutthroat squad to neutralize the threat. Maybe teaching young Mafiosa to code… or an afterschool MS13 Hacker Club.
NSA's mindset
“The best defense is a good offense” – Mel Sharples, Mel’s Diner
The NSA must have grown up watching Alice.
Microsoft still have their part of the blame
When the leak was official, Microsoft were pretty silent. They should have pushed media a lot harder to warn companies about the big threat. I highly doubt NSA was holding Microsoft back after the leak was out in the wild.
Why would there be an off switch?
The NSA probably didn’t create an off switch for this software. The purpose of the software could be to disable specific target systems and if the IT folks were able to examine the code they might find the off switch. That doesn’t mean one couldn’t be developed but that would take time for both the NSA and particularly the folks managing the targeted systems. The intention may also be to shut down targeted systems for a fairly short time so some activity can’t take place until the systems are replaced with redundant hardware. This could include shutting down defensive hardware during a military attack, or some such thing.
Microsoft not that silent anymore
https://blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis/
Re: Microsoft not that silent anymore
Jesus, are they all named after Sega Genesis games?
r/stallmanwasright
That’s all.
Dissolve NSA
Can we dissolve the NSA already?
Re: Dissolve NSA
That actually would be a great pre-emptive move to lower the likelyhood such attacks happening in the future.
However, all similar zero-day hoarding outfits like GCHQ, BND, Mossad, NBD would need to be dissolved as well. But you got to start somewhere.
Re: Dissolve NSA
I feel that any government agency that feels it can only operate with secrecy needs disbanding
World peace wont come around with secrecy, but truth and honesty
One planet, one unity
If the NSA hadnt and wouldnt produce the malware that allows these cyber attacks in the first place and would stop insisting that back doors into every bit of software that everyone is using (that then puts us all at risk and actually is nothing to do with anything sinister thats going on, just a means of watching everyone, of enslaving everyone!)are needed, we wouldnt have a problem
Re: Re:
We still would have a problem. But by publishing each and every security hole it found or got hold of, the NSA would be part of the solution, not (a big) part of the problem.
There will be more of these
And many of them, perhaps all of them, will target Microsoft products because they’re all horribly vulnerable. So it really doesn’t matter what the NSA does this time or the next time or the time after that: the parade will continue.
The solution is obvious and of course will never be implemented: stop using Microsoft products. Of course those of us with a superior grasp of security don’t need to do this, because we never started using them. But the inferior people who’ve built their entire IT operations around Microsoft now have a choice: either continue doing so and whine incessantly when it’s their turn to be hacked, or listen to those of us with superior expertise and get out NOW.
My guess is that they’ll almost exclusively do the former: they’re not intelligent enough to do the latter, and their bloated egos will stop them anyway, since it would require admitting that they’ve been wrong the entire time.
I’m sure the attackers behind these know this just as well as I do. They can sleep well, knowing that their intended victims will do everything possible to remain victims. So whatever the next attack is, and whenever it happens, it will succeed in large measure due to complacency, stupidity, ignorance, and hubris.
Wyden was too busy to grandstand on this one?
Re: Re:
Log back in, My_Name_Here.
The 0th law of sys admin ...
is backup.
With apply patches coming it at a close 1st.
/?
Once again, playing offense, when defence leads to less destruction
Never should of horded the exploits
Should have informed the relevant software creators
And……lifetime security updates/patches for life, by law, should have been implemented…….or open source everything os/hardware related……fk the monopoly/profit/greed/propriety road blocks…..
In Lieu of a back door,
…
The current score: 2^64-1 (offense) to 1 (defense).
There’s no upside to defense; you do grunt work anonymously for years, and then you get fired.
It used to be that falling asleep during night watch duty was punishable by a firing squad. Perhaps it’s time to utilize that punishment for allowing your command to get hacked — starting with the CO himself/herself.