As A New Wave Of Cyberattacks Rolls Out, Rep. Ted Lieu Asks What The NSA's Going To Do About It

from the ETERNALPWNAGE dept

Leaked NSA exploits have now been the basis for two massive cyberattacks. The first -- Wannacry -- caught hospitals and other critical infrastructure across several nations in the crossfire, using a tool built on the NSA's ETERNALBLUE exploit backbone. The second seems to be targeting Ukraine, causing the same sort of havoc but with a couple of particularly nasty twists.

This one, called Petya, demanded ransom from victims. Things went from bad to worse when email provider Posteo shut down the attacker's account. Doing so prevented affected users from receiving decryption keys, even if they paid the ransom.

It soon became apparent it didn't matter what Posteo did, no matter how clueless or ill-advised. There was no retrieving files even if ransoms were paid. Two separate sets of security researchers examined the so-called ransomware and discovered Petya is actually a wiper. Once infected, victims' files are as good as gone. No amount of bitcoin is going to reverse the inevitable. The ransomware notices were only there to draw attention to the infection and away from the malware's true purpose.

Both cases are considered to be attacks by nation states. Inconsistently-applied patches -- most of them released with zero information by Microsoft -- have led to an insane amount of damage.

Through it all, the NSA -- whose tools were leaked -- has remained consistently silent. There's been no indication if the agency is working to mitigate the ongoing threat or whether it's far more concerned with discovering who left behind the malware toolkit first exposed by the ShadowBrokers.

It's unlikely we'll hear much being said publicly by the agency, but Rep. Ted Lieu has sent a letter to NSA chief Mike Rogers demanding answers. The letter [PDF] points out both attacks have been based on NSA exploits (ETERNALBLUE and ETERNALROMANCE). Lieu also states he fears the attacks seen in the past few weeks are only the "tip of the iceberg." The agency's refusal to discuss the attacks apparently isn't going to fly anymore.

Lieu makes two requests: the first is for the agency to see if it has some sort of magic "OFF" switch just laying around.

My first and urgent request is that if the NSA knows how to stop this global malware attack, or has information that can help step the attack, NSA should immediately disclose it. If the NSA has a kill switch for this new malware attack, the NSA should deploy it now.

It's far more likely the NSA has information it would rather not share than it is the agency has a way to shut down this attack, much less prevent future variations on its ETERNAL theme. But that's directly related to the second part of Lieu's request: work with companies whose software is being exploited to prevent further attacks. If the NSA still has security holes it's hoping won't be patched anytime soon, the current situation would seem to call for a rethink of its exploit-hoarding M.O.

What may be in order is the NSA stepping up and playing defense. It has stated a desire to be a larger cog in the US cyberwar machinery, but often seems more interested in playing offense than pitching in to help on the defensive end. That may need to change quickly if the NSA isn't going to be seen as more of a problem than a solution.

Filed Under: attacks, cyberattacks, exploits, leaks, nsa, ransomware, russia, ted lieu, ukraine, vulnerabilities, warfare

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 1 Jul 2017 @ 4:54am

    There will be more of these

    And many of them, perhaps all of them, will target Microsoft products because they're all horribly vulnerable. So it really doesn't matter what the NSA does this time or the next time or the time after that: the parade will continue.

    The solution is obvious and of course will never be implemented: stop using Microsoft products. Of course those of us with a superior grasp of security don't need to do this, because we never started using them. But the inferior people who've built their entire IT operations around Microsoft now have a choice: either continue doing so and whine incessantly when it's their turn to be hacked, or listen to those of us with superior expertise and get out NOW.

    My guess is that they'll almost exclusively do the former: they're not intelligent enough to do the latter, and their bloated egos will stop them anyway, since it would require admitting that they've been wrong the entire time.

    I'm sure the attackers behind these know this just as well as I do. They can sleep well, knowing that their intended victims will do everything possible to remain victims. So whatever the next attack is, and whenever it happens, it will succeed in large measure due to complacency, stupidity, ignorance, and hubris.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.