The New York Times reports: Jake Williams awoke last April in an Orlando, Fla., hotel where he was leading a training session. Checking Twitter, Mr. Williams, a cybersecurity expert, was dismayed to discover that he had been thrust into the middle of one of the worst security debacles ever to befall American intelligence.
Mr. Williams had written on his company blog about the Shadow Brokers, a mysterious group that had somehow obtained many of the hacking tools the United States used to spy on other countries. Now the group had replied in an angry screed on Twitter. It identified him — correctly — as a former member of the National Security Agency’s hacking group, Tailored Access Operations, or T.A.O., a job he had not publicly disclosed. Then the Shadow Brokers astonished him by dropping technical details that made clear they knew about highly classified hacking operations that he had conducted.
America’s largest and most secretive intelligence agency had been deeply infiltrated.
“They had operational insight that even most of my fellow operators at T.A.O. did not have,” said Mr. Williams, now with Rendition Infosec, a cybersecurity firm he founded. “I felt like I’d been kicked in the gut. Whoever wrote this either was a well-placed insider or had stolen a lot of operational data.”
The jolt to Mr. Williams from the Shadow Brokers’ riposte was part of a much broader earthquake that has shaken the N.S.A. to its core. Current and former agency officials say the Shadow Brokers disclosures, which began in August 2016, have been catastrophic for the N.S.A., calling into question its ability to protect potent cyberweapons and its very value to national security. The agency regarded as the world’s leader in breaking into adversaries’ computer networks failed to protect its own. [Continue reading…]
The New York Times reports: It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs.
What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool — antivirus software made by a Russian company, Kaspersky Lab, that is used by 400 million people worldwide, including by officials at some two dozen American government agencies.
The Israeli officials who had hacked into Kaspersky’s own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers.
The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.
The current and former government officials who described the episode spoke about it on condition of anonymity because of classification rules.
Like most security software, Kaspersky Lab’s products require access to everything stored on a computer in order to scour it for viruses or other dangers. Its popular antivirus software scans for signatures of malicious software, or malware, then removes or neuters it before sending a report back to Kaspersky. That procedure, routine for such software, provided a perfect tool for Russian intelligence to exploit to survey the contents of computers and retrieve whatever they found of interest. [Continue reading…]
Even though the reporting is sloppy, where it says an NSA employee using his home computer “on which Kaspersky’s antivirus software was installed,” there’s little reason to doubt that this software had been installed by choice by that employee. Moreover, he most likely chose that software for the same reason most experienced users do: he believed it performs better than competing products. And as for the fact that the software detected the NSA hacking tools, that’s what antivirus software is designed to do.
In spite of the cloud of suspicion that now hangs over all-things-Russian, it’s hard not to wonder whether Kaspersky provoked the ire of Israeli and American intelligence through its work on exposing the operation of Stuxnet. Kaspersky’s role in raising public awareness about cyberwarfare operations can hardly have been welcomed by the agencies running those operations.
Given that “antivirus is the ultimate back door,” as Blake Darché, a former NSA operator, observes, this raises questions that aren’t touched upon in the reporting on Kaspersky: do all brands of antivirus software present serious security risks to their users? And do companies such as Symantec actively cooperate with the NSA?
Politico reports: The National Security Agency warned senior White House officials in classified briefings that improper use of personal cellphones and email could make them vulnerable to espionage by Russia, China, Iran and other adversaries, according to officials familiar with the briefings.
The briefings came soon after President Donald Trump was sworn into office on Jan. 20, and before some top aides, including senior adviser Jared Kushner, used their personal email and phones to conduct official White House business, as disclosed by POLITICO this week.
The NSA briefers explained that cyberspies could be using sophisticated malware to turn the personal cellphones of White House aides into clandestine listening devices, to take photos and video without the user’s knowledge and to transfer vast amounts of data via Wi-Fi networks and Bluetooth, according to one former senior U.S. intelligence official familiar with the briefings. [Continue reading…]
Video of Trump & Putin meeting—as disgusting as you'd think.
— Scott Dworkin (@funder) July 7, 2017
The New York Times reports: President Trump said on Thursday that only “three or four” of the United States’ 17 intelligence agencies had concluded that Russia interfered in the presidential election — a statement that while technically accurate, is misleading and suggests widespread dissent among American intelligence agencies when none has emerged.
The “three or four” agencies referred to by Mr. Trump are the Central Intelligence Agency, the National Security Agency, the F.B.I. and the Office of the Director of National Intelligence, all of which determined that Russia interfered in the election. Their work was compiled into a report, and a declassified version was released on Jan. 6 by the director of national intelligence. It said that all four agencies had “high confidence” that Russian spies had tried to interfere in the election on the orders of President Vladimir V. Putin.
The reason the views of only those four intelligence agencies, not all 17, were included in the assessment is simple: They were the ones tracking and analyzing the Russian campaign. The rest were doing other work.
The intelligence community is a sprawling enterprise that includes military officers who track enemy troop movements, accountants who analyze the finances of Islamist militants and engineers who design spy satellites. There are soldiers, sailors and Marines; tens of thousands of civilian government employees and tens of thousands of private contractors.
Asked about Russia’s election meddling during a news conference on Thursday in Poland, Mr. Trump repeated his familiar refrain that “it could” have been Russia or other countries that interfered in the election, and then appeared to suggest that there was hardly an intelligence community consensus on the matter.
“Let me just start off by saying I heard it was 17 agencies,” he said when asked about the intelligence assessment.
“I said, ‘Boy, that’s a lot.’ Do we even have that many intelligence agencies, right? Let’s check it. And we did some very heavy research,” Mr. Trump continued. “It turned out to be three or four — it wasn’t 17 — and many of your compatriots had to change their reporting, and they had to apologize, and they had to correct.”
Mr. Trump was also correct about inaccurate news reports. Some, including an article in The New York Times, incorrectly reported that all 17 American intelligence agencies had endorsed the assessment.
But there is no evidence that significant uncertainty or dissent exists across the intelligence community, simply because not all 17 were involved in the assessment of Russian interference. [Continue reading…]
CNN reports: As President Donald Trump lashes out at former President Barack Obama for failing to take a harder line against Russia for election meddling, Trump’s own advisers are struggling to convince him that Russia still poses a threat, according to multiple senior administration officials.
“I just heard today for the first time that Obama knew about Russia a long time before the election, and he did nothing about it,” Trump told Fox News in an interview that aired Sunday. “To me — in other words — the question is, if he had the information, why didn’t he do something about it? He should have done something about it.”
But the Trump administration has taken no public steps to punish Russia for its interference in the 2016 election. Multiple senior administration officials said there are few signs the President is devoting his time or attention to the ongoing election-related cyber threat from Russia.
“I’ve seen no evidence of it,” one senior administration official said when asked whether Trump was convening any meetings on Russian meddling in the election. The official said there is no paper trail — schedules, readouts or briefing documents — to indicate Trump has dedicated time to the issue.
Top intelligence officials have raised alarm about Russia’s cyberattacks, calling them a “major threat” to the US election system. In public hearings on Capitol Hill and classified briefings behind closed doors, intelligence officials have drawn the same conclusions: Russia launched an unprecedented attack on America’s electoral process during the 2016 presidential campaign and — barring a full-throated response from the US — the Russians are almost certain to do so again.
It’s a warning some fear the White House isn’t taking seriously.
In a recent closed-door briefing on Capitol Hill, National Security Agency Director Mike Rogers expressed frustration to lawmakers about his inability to convince the President to accept US intelligence that Russia meddled in the election, according to a congressional source familiar with the meeting. [Continue reading…]
CNN reports: Two of the nation’s top intelligence officials told Special Counsel Robert Mueller’s team and Senate investigators, in separate meetings last week, that President Donald Trump suggested they say publicly there was no collusion between his campaign and the Russians, according to multiple sources.
Director of National Intelligence Dan Coats and National Security Agency Director Adm. Mike Rogers described their interactions with the President about the Russia investigation as odd and uncomfortable, but said they did not believe the President gave them orders to interfere, according to multiple sources familiar with their accounts.
Sources say both men went further than they did in June 7 public hearings, when they provided little detail about the interactions.
The sources gave CNN the first glimpse of what the intelligence chiefs said to Mueller’s investigators when they did separate interviews last week. Both men told Mueller’s team they were surprised the President would suggest that they publicly declare he was not involved in collusion, sources said. Mueller’s team, which is in the early stages of its investigation, will ultimately decide whether the interactions are relevant to the inquiry. [Continue reading…]
They made up a phony collusion with the Russians story, found zero proof, so now they go for obstruction of justice on the phony story. Nice
— Donald J. Trump (@realDonaldTrump) June 15, 2017
The Daily Beast reports: It’s exactly the circumstance Donald Trump tried to avoid. But Trump’s own actions have made an FBI investigation into the president himself a reality.
Firing James Comey, the FBI director, was, by Trump’s explanation, a way to stop a “witch hunt” against his team’s alleged ties to Russia. It led, within weeks, to the appointment of a special prosecutor, Comey’s FBI predecessor, Robert Mueller. And now Mueller is investigating Trump himself for possible obstruction of justice—by firing Comey, who had led the FBI inquiry.
With the crisis engulfing Trump’s young presidency intensifying, senators, Trump aides, former prosecutors, and FBI veterans are sending the White House an urgent warning: Whatever you do, don’t. Fire. Mueller.
News of the obstruction investigation, which was first reported by The Washington Post on Wednesday, comes just days after Trump himself began floating the possibility of firing the new head of the investigation: Robert Mueller, the Justice Department special counsel appointed in the wake of Comey’s firing.
The obstruction investigation has raised the stakes for Mueller’s potential ouster. Firing him now, which would require that Trump personally direct DOJ leadership to do so, would create a political firestorm.
“Firing Robert Mueller right now would be a direct attack on the rule of law by Donald Trump,” Ron Wyden, an Oregon Democrat on the Senate Intelligence Committee, told The Daily Beast. Wyden declined to directly address the Post report.
Trump reportedly floated the possibility of firing Mueller as a way to prod him toward exonerating the president and other Trump associates party to the investigation. The New York Times reported on Tuesday that aides dissuaded him from doing so.
For Ali Soufan, a retired FBI counterterrorism agent, word that Trump is now a target of Mueller’s inquiry explains the trial balloon.
“No wonder President Trump and his surrogates are getting nervous. This explains their sudden attacks on Mueller and the threats to fire him,” Soufan told The Daily Beast.
White House officials are still insisting to the president that he should leave Mueller in his post. “We are all advising him not to [get rid of] Mueller. That has not changed,” one Trump aide told The Daily Beast. “It would be an absolute nuclear explosion if he did.”
Firing Mueller would also put the president in greater legal jeopardy than he already may be in, said former United States attorney Barbara McQuade.
“If Trump were to fire Mueller and it could be shown that his purpose was to impede the investigation, it could be additional evidence of obstruction of justice,” McQuade, who was appointed by President Obama, told The Daily Beast.
But some privately concede that Trump is so unpredictable—and so frustrated with the persistence of the investigation and its cost in political capital—that they’re not ruling it out. Another White House official conceded that it would be “suicide” if Trump sacked Mueller at this point, but “I’d be insincere if I said it wasn’t a concern that the president would try to do it anyway.”
For now, officials are simply concerned with limiting fallout from what is sure to be a thunderous reaction from the president to news that he is personally the target of the FBI’s probe.
Asked what the internal game plan should be, one senior Trump administration official replied, “Keep him away from Twitter, dear God, keep him away from Twitter.”
“The president did this to himself,” the official added. [Continue reading…]
The Washington Post reports: The special counsel overseeing the investigation into Russia’s role in the 2016 election is interviewing senior intelligence officials as part of a widening probe that now includes an examination of whether President Trump attempted to obstruct justice, officials said.
The move by special counsel Robert S. Mueller III to investigate Trump’s conduct marks a major turning point in the nearly year-old FBI investigation, which until recently focused on Russian meddling during the presidential campaign and on whether there was any coordination between the Trump campaign and the Kremlin. Investigators have also been looking for any evidence of possible financial crimes among Trump associates, officials said.
Trump had received private assurances from then-FBI Director James B. Comey starting in January that he was not personally under investigation. Officials say that changed shortly after Comey’s firing.
Five people briefed on the requests, speaking on the condition of anonymity because they were not authorized to discuss the matter publicly, said Daniel Coats, the current director of national intelligence, Mike Rogers, head of the National Security Agency, and Rogers’s recently departed deputy, Richard Ledgett, agreed to be interviewed by Mueller’s investigators as early as this week. The investigation has been cloaked in secrecy, and it is unclear how many others have been questioned by the FBI. [Continue reading…]
Bloomberg reports: Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.
In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said.
The scope and sophistication so concerned Obama administration officials that they took an unprecedented step — complaining directly to Moscow over a modern-day “red phone.” In October, two of the people said, the White House contacted the Kremlin on the back channel to offer detailed documents of what it said was Russia’s role in election meddling and to warn that the attacks risked setting off a broader conflict.
The new details, buttressed by a classified National Security Agency document recently disclosed by the Intercept, show the scope of alleged hacking that federal investigators are scrutinizing as they look into whether Trump campaign officials may have colluded in the efforts. But they also paint a worrisome picture for future elections: The newest portrayal of potentially deep vulnerabilities in the U.S.’s patchwork of voting technologies comes less than a week after former FBI Director James Comey warned Congress that Moscow isn’t done meddling.
“They’re coming after America,” Comey told the Senate Intelligence Committee investigating Russian interference in the election. “They will be back.” [Continue reading…]
NPR reports: Reality Winner, the government contractor accused of leaking a secret NSA report to the media, plans to enter a plea of not guilty, her lawyer Titus Nichols tells NPR.
She hopes to be released on bond Thursday.
Winner, 25, works for a private contractor, Pluribus International Corp., in Augusta, Ga., and is an Air Force veteran who speaks three languages. She was arrested Saturday.
The federal government has charged her with “removing classified material from a government facility and mailing it to a news outlet.” That material, presumably because of the timing of Winner’s arrest, is an NSA report about efforts by Russian military intelligence to execute a cyberattack on an American election software company, as well as sending “spear-phishing” emails to local election officials, just before the presidential election. That leaked report was the basis of an article published Monday by The Intercept. [Continue reading…]
Following its publication of a top-secret document apparently sent by Reality Leigh Winner who was arrested on Saturday, The Intercept doesn’t want to respond to allegations that its handling of that document led to Winner’s arrest.
The Intercept issued a statement — though apparently doesn’t want to encourage readers of the original report to read that statement since there are no links connecting the two pages.
The Intercept warns that the FBI’s allegations against Winner “contain unproven assertions and speculation designed to serve the government’s agenda and as such warrant skepticism.” Which sounds like Glenn Greenwald whispering, “Deep State, Deep State….”
But the claims that The Intercept mishandled this document aren’t coming from the government — they’re coming from security analysts such as Rob Graham who explains exactly how the document could be traced back to Winner once The Intercept had provided authorities with a copy.
Maybe when The Intercept says, “because of the continued investigation, we will make no further comment on it at this time,” its promised silence will be in Winner’s best legal interests, but they are certainly creating the appearance that their primary interest at this juncture is in ducking for cover.
It’s unusual for a major intelligence leak to be reported at almost the same time as the leaker gets arrested — but that’s what happened to NSA contractor Reality Leigh Winner after she leaked a top-secret document to The Intercept.
Whenever a whistleblower gets arrested, this is bound to have a chilling effect on the prospects for future leaks.
In its handling of this NSA document, reporters for The Intercept might have naively thought they were not putting their source in jeopardy because they didn’t know their source’s identity. What they apparently didn’t realize was that by sharing the document in the form in which they had received it, they were revealing information that helped investigators quickly identify and arrest Winner.
Anyone who decides to leak classified information needs to fully understand the risks they are taking and it is the individual who is ultimately responsible for protecting their own security.
At the same time, journalists who handle leaked information need to have adequate knowledge about data security — knowledge that the staff at The Intercept appear to be lacking.
The Washington Post reports: Winner was arrested Saturday. When FBI agents questioned her at her home, she admitted “removing the classified intelligence reporting from her office space, retaining it, and mailing it from Augusta, Georgia, to the news outlet,” court documents read. She remains in jail pending a detention hearing. Her lawyer declined to comment on the charges.
After the charges were announced Monday, some cybersecurity experts remarked on the apparent ease with which investigators were able to trace the leak back to Winner. Some went so far as to say the Intercept had “outed” her by posting copies of the document online. The Intercept said the materials were submitted anonymously.
According to Rob Graham, who writes for the blog Errata Security, the Intercept’s scanned images of the intelligence report contained tracking dots — small, barely visible yellow dots that show “exactly when and where documents, any document, is printed.” Nearly all modern color printers feature such tracking markers, which are used to identify a printer’s serial number and the date and time a page was printed. [Continue reading…]
So far, The Intercept has not acknowledged its role in Winner’s arrest.
Just to be clear, since Winner was arrested before The Intercept published the document, the lead the FBI used came as a result of the document being shared beforehand. “It started on May 30, when the news outlet showed authorities the printed materials and asked them to comment, according to the affidavit,” the Washington Post reported.
Given Winner’s field of expertise, it’s not surprising she didn’t understand well enough how to cover her tracks.
CNN reports: — Winner was a linguist in the US Air Force in Maryland who speaks Pashto, Farsi and Dari, her mother, Billie Winner said.
— She was raised in Kingsville, Texas, and served in the Air Force in Columbia, Maryland. Her mother confirmed she was a federal contractor in Augusta but did not know the nature of her work, or if she had contracted for the NSA.
— Winner is an athlete who loves animals, her mother said, through tears.
— She also said her daughter wasn’t especially political and hadn’t ever praised past leakers like Edward Snowden to her.
— “She’s never ever given me any kind of indication that she was in favor of that at all,” her mother said. “I don’t know how to explain it.”
— Winner spent six years in the military, said Titus Nichols, her court-appointed attorney. [Continue reading…]
Hopefully a jury will recognize that at this time there are many ways in which Americans believe they are called to serve their country — there seems little doubt that this is exactly what Winner felt she was doing.
The Intercept can’t correct the mistakes they already made, but at the very least I think Pierre Omidyar should establish and generously contribute towards a legal defense fund for Winner.
The Intercept reports: Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.
The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.
While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.
The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document:
Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.
This NSA summary judgment is sharply at odds with Russian President Vladimir Putin’s denial last week that Russia had interfered in foreign elections: “We never engaged in that on a state level, and have no intention of doing so.” Putin, who had previously issued blanket denials that any such Russian meddling occurred, for the first time floated the possibility that freelance Russian hackers with “patriotic leanings” may have been responsible. The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU. [Continue reading…]
CNN reports: Russian government officials discussed having potentially “derogatory” information about then-presidential candidate Donald Trump and some of his top aides in conversations intercepted by US intelligence during the 2016 election, according to two former intelligence officials and a congressional source.
One source described the information as financial in nature and said the discussion centered on whether the Russians had leverage over Trump’s inner circle. The source said the intercepted communications suggested to US intelligence that Russians believed “they had the ability to influence the administration through the derogatory information.”
But the sources, privy to the descriptions of the communications written by US intelligence, cautioned the Russian claims to one another “could have been exaggerated or even made up” as part of a disinformation campaign that the Russians did during the election.
The details of the communication shed new light on information US intelligence received about Russian claims of influence. The contents of the conversations made clear to US officials that Russia was considering ways to influence the election — even if their claims turned out to be false. [Continue reading…]
The Washington Post reports: President Trump asked two of the nation’s top intelligence officials in March to help him push back against an FBI investigation into possible coordination between his campaign and the Russian government, according to current and former officials.
Trump made separate appeals to the director of national intelligence, Daniel Coats, and to Adm. Michael S. Rogers, the director of the National Security Agency, urging them to publicly deny the existence of any evidence of collusion during the 2016 election.
Coats and Rogers refused to comply with the requests, which they both deemed to be inappropriate, according to two current and two former officials, who spoke on the condition of anonymity to discuss private communications with the president. [Continue reading…]
The Washington Post reports: When the National Security Agency began using a new hacking tool called EternalBlue, those entrusted with deploying it marveled at both its uncommon power and the widespread havoc it could wreak if it ever got loose.
Some officials even discussed whether the flaw was so dangerous they should reveal it to Microsoft, the company whose software the government was exploiting, according to former NSA employees who spoke on the condition of anonymity given the sensitivity of the issue.
But for more than five years, the NSA kept using it — through a time period that has seen several serious security breaches — and now the officials’ worst fears have been realized. The malicious code at the heart of the WannaCry virus that hit computer systems globally late last week was apparently stolen from the NSA, repackaged by cybercriminals and unleashed on the world for a cyberattack that now ranks as among the most disruptive in history. [Continue reading…]
It's simple: Individuals who are ‘extremely careless’ w/ classified info should be denied further access to it. https://t.co/XWuvfDugly
— Paul Ryan (@SpeakerRyan) July 7, 2016
The Washington Post reports: President Trump revealed highly classified information to the Russian foreign minister and ambassador in a White House meeting last week, according to current and former U.S. officials, who said Trump’s disclosures jeopardized a critical source of intelligence on the Islamic State.
The information the president relayed had been provided by a U.S. partner through an intelligence-sharing arrangement considered so sensitive that details have been withheld from allies and tightly restricted even within the U.S. government, officials said.
The partner had not given the United States permission to share the material with Russia, and officials said Trump’s decision to do so endangers cooperation from an ally that has access to the inner workings of the Islamic State. After Trump’s meeting, senior White House officials took steps to contain the damage, placing calls to the CIA and the National Security Agency.
“This is code-word information,” said a U.S. official familiar with the matter, using terminology that refers to one of the highest classification levels used by American spy agencies. Trump “revealed more information to the Russian ambassador than we have shared with our own allies.” [Continue reading…]
The Washington Post reports: Computers around the world are suffering an attack from malicious software. The compromised computers have been hit by “ransomware” — software that encrypts the computer’s hard drive so that all the information on it is unavailable, and refuses to release it until a ransom is paid in Bitcoin, an online currency that is difficult to trace. Among the victims are FedEx, Britain’s National Health Service and computers belonging to Russia’s Ministry for the Interior.
Ransomware attacks have happened before. What is unusual is how quickly this attack is compromising large numbers of critical computers. It has been so successful because it has made use of a so-called “zero-day exploit” — a previously unknown flaw in Windows software that makes it easy to take control of vulnerable systems. This zero day exploit became publicly known last month, when it was released as part of a treasure trove of NSA data by the “Shadow Brokers,” a shadowy group of hackers who many believe are associated with Russian intelligence. Criminal hackers appear to have combined this exploit with ransomware tools to mount a worldwide campaign. Here’s what you need to know to understand what happened. [Continue reading…]
The Guardian reports: An “accidental hero” has halted the global spread of the WannaCry ransomware, reportedly by spending a few dollars on registering a domain name hidden in the malware.
The ransomware has wreaked havoc on organizations including FedEx and Telefonica, as well as the UK’s National Health Service (NHS), where operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work.
The switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.
“I saw it wasn’t registered and thought, ‘I think I’ll have that’,” he is reported as saying. The purchase cost him $10.69. Immediately, the domain name was registering thousands of connections every second.
“They get the accidental hero award of the day,” said Proofpoint’s Ryan Kalember. “They didn’t realize how much it probably slowed down the spread of this ransomware.”
The time that @malwaretechblog registered the domain was too late to help Europe and Asia, where many organizations were affected. But it gave people in the US more time to develop immunity to the attack by patching their systems before they were infected, said Kalember. [Continue reading…]