Mediaboss Marketing

Enlarge / A computer screen displaying Eternalromance, one of the hacking tools dumped Friday by Shadow Brokers.

The people behind Tuesday's massive malware outbreak had access to two National Security Agency-developed exploits several weeks before they were published on the Internet, according to evidence unearthed by researchers from antivirus F-Secure.

On Thursday, F-Secure researchers said they have evidence that the still-unknown developers of Tuesday's NotPetya malware had access to EternalBlue and EternalRomance as early as February, when they finished work on the malware component that used the stolen NSA exploits. The timeline is all the more significant considering the quality of the component, which proved surprisingly adept in spreading the malware from computer to computer inside infected networks. The elegance lay in the way the component combined the NSA exploits with three off-the-shelf tools including Mimikatz, PSExec, and WMIC. The result: NotPetya could infect both patched and unpatched computers quickly. Code that complex and effective likely required weeks of development and testing prior to completion.

"February is many weeks before the exploits EternalBlue and EternalRomance (both of which this module utilizes) were released to the public (in April) by the Shadow Brokers," F-Secure researcher Andy Patel wrote in a blog post. "And those exploits fit this component like a glove."

Whereas the two other main components of NotPetyaan encryption component and a component for attacking a computer's master boot recordwere "pretty shoddy and seem kinda cobbled together," Patel said the spreading component seems "very sophisticated and well-tested." For developers to finish work on the spreader by February, they clearly had the NSA exploits in hand by then. By contrast, Patel added:

WannaCry clearly picked [the NSA] exploits up after the Shadow Brokers dumped them into the public domain in April. Also WannaCry didn't do the best job at implementing these exploits correctly.

By comparison, this "Petya" looks well-implemented, and seems to have seen plenty of testing. It's fully-baked.

The weeks leading up to February's completion of the NotPetya spreader was a particularly critical time for computer security. A month earlier, the Shadow Brokers advertised an auction that revealed some of the names of the exploits they had, including EternalBlue. NSA officials responded by warning Microsoft of the theft so that the company could patch the underlying vulnerabilities. In February, Microsoft abruptly canceled that month's Patch Tuesday. The unprecedented move was all the more odd because exploit code for an unpatched Windows 10 flaw was already in the wild and Microsoft gave no explanation for the cancellation.

"Meanwhile, 'friends of the Shadow Brokers' were busy finishing up development of a rather nifty network propagation component, utilizing these exploits," Patel wrote.

When Patch Tuesday resumed in March, Microsoft released a critical security update that fixed EternalBlue. As the WCry outbreak would later demonstrate, large numbers of computersmainly running Windows 7failed to install the updates, allowing the worm to spread widely.

If the timeline is correct, it would mean the NotPetya developers had some sort of tie to the Shadow Brokers, possibly as customers, colleagues, acquaintances, or friends. It would also make NotPetya the first piece of in-the-wild malware that had known early access to the NSA exploits. Patel didn't say how the NotPetya developers got hold of EternalBlue and EternalRomance prior to their public release in April.

Early speculation was that Shadow Brokers members acquired a small number of hacking tools that NSA personnel stored on one or more staging servers used to carry out operations. The volume and sensitivity of the exploits and documents released over the next several months slowly painted a much grimmer picture. It's now clear that the group has capitalized on what is likely the worst breach in NSA history. There's no indication the agency has identified how it lost control of such a large collection of advanced tools or that it knows much at all about the Shadow Brokers' membership. The group, meanwhile, continues to publish blog posts written in deliberately broken English, with the most recent one on Wednesday.

The F-Secure evidence adds a new unsettling entry on the Shadow Brokers' resume. The world already knew the group presided over a breach of unprecedented scope and leaked exploits to the world. Now, we know it also provided crucial private assistance in developing one of the most virulent worms in recent memory.

Go here to read the rest:
NotPetya developers obtained NSA exploits weeks before their public leak - Ars Technica

The Shadow Brokers have been relatively quiet over the past few weeks, which is never a good sign. It now appears the infamous hacker collective is looking to expose a former NSA hackers identity. That is a very troublesome development if true. Moreover, it appears the group is quite upbeat regarding their monthly dump service subscription, which has seen significant interest since it launched.

It is evident The Shadow Brokers are still on the right path to make media headlines. After remaining rather silent for a few weeks, the group has shared a new update. First of all, they mention how their monthly dump service is doing quite well, with plenty of customers signing up. Do keep in mind these reports always needto be taken with a grain of salt, as it is difficult to verify this information.

What is of bigger concern however, is how the hacker collective threatens to expose an NSA employee. Their blog postmentions how this individual used to be a hacker employed by the NSA. It appears The Shadow Brokers have had some beef with this person on Twitter, and are now prepared to take things to a whole new level. That is a very disturbing turn of events, to say the least.

According to the information shared with the world, this particular Twitter user was part of the Equation Group. It appears this group is one of the NSAs many hacking operations in recent years. The Shadow Brokers are convinced they know who this person is in real life, and how he or she built multiple tools to attack Chinese organizations on behalf of the NSA. Moreover, the collective claims this person is a co-founder of a new security firm, which recently received a significant injection of VC funding.

To make matters even more confusing, this person can effectively escape being exposed by The Shadow Brokers. All he or she has to do is sign up for the groups monthly dump service during the month of July. The person has to use a very specific email address, to do so, though. This appears to be a very strange marketing stunt, and it is doubtful the alleged NSA employee will follow these guidelines.

So far, the Twitter user in question is denying all of these allegations, which is not surprising. In fact, the user has even claimed to reveal his identity himself, which would thwart plans made by The Shadow Brokers. It is possible this is a case of misidentification. Then again, it is equally possible bigger things are at play here. We will probably never know the full truth, that much is evident at this stage.

Anyone can see The Shadow Brokers are playing a very dangerous game right now. The hacker collective seemingly has no scruples whatsoever. Threatening the safety of former and current NSA employees is very disturbing. Cyber warfare is scaling at an accelerated pace, which could be quite disastrous for everyone who gets swept up in the momentum. It will be interesting to see how this situation evolves over the coming weeks.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

View post:
The Shadow Brokers Threaten to Expose Alleged Former NSA Hacker - The Merkle

A pared-down version of President Trumps travel ban took effect Thursday night, barring immigrants and refugees from six majority-Muslim countries from entering the United States unless they can prove a relationship with a U.S. citizen or entity; late adjustments to the administrations rules included fiancs but not grandparents and other extended family. In an emergency filing, the state of Hawaii asked a federal court to clarify the scope of the ban, saying the governments latest restrictions go further than the Supreme Court allowed. [Tony Romm / Recode]

This weeks international malware attack has raised concerns that the National Security Agency has rushed to create digital weapons that it cannot keep safe or disable. [The New York Times]

Airbnb is launching a new service for luxury vacation rentals at mega-homes, mansions and penthouses. Airbnb Lux will begin testing in some markets at the end of the year. [Bloomberg]

Meal-kit delivery company Blue Apron raised $300 million in its first day of trading on the New York Stock Exchange, opening at about $10 a share. The five-year-old New York City-based company slashed its IPO price amid questions about the long-term feasibility of its model. [Jason Del Rey / Recode]

Blue Apron CEO Matt Salzberg will join Bonobos CEO Andy Dunn and Williams-Sonoma CEO Laura Amber at Septembers Code Commerce event in New York City, where retail and commerce industry leaders will explore the convergence of digital and physical in the realm of buying and selling stuff. [Jason Del Rey / Recode]

No single device will have as much impact as the iPhone in the next 10 years. Heres a look at which products in the market today might have a comparable effect over the next decade. [Jan Dawson / Recode]

A former Binary Capital employee is suing Justin Caldbeck and the VC firm.

Ann Lai alleges defamation and other claims.

Facebooks internet-beaming drone completed its second test flight and landed perfectly.

Its first Aquila flight ended in a crash landing.

A new drone route is now open in Malawi.

Drones can soar over roads in the flood-prone region to help deliver supplies to remote areas.

This new movie about an Instagram stalker looks both hilarious and terrifying.

Remember: People can see your public social media posts.

Google is still mostly white and male.

Thats according to the latest diversity report.

Kids these days.

On the latest Too Embarassed to Ask, Kara Swisher and Lauren Goode talk with The Verges Casey Newton and Karas older son, Louie Swisher, about how teens are using (or not using) apps like Instagram, Snapchat, Musical.ly and more.

Nice day for a Crunchwrap Supreme wedding

This lucky couple won a glamorous, all-expenses-paid wedding at Taco Bells chic Las Vegas Cantina location, catered with Doubledillas, Gorditas and a hot-sauce-packet bouquet. They werent the first; the fast-food company is now offering anyone the chance to get married at the Vegas franchise for $600. [Eric Vilas-Boas / Thrillist]

More:
Recode Daily: Trump's 'travel ban' goes into effect, and can the NSA control the cyber weapons it creates? - Recode

In January, Shelby rejected an attempt by the Department of Justice to dismiss the case.

In late May, a declaration by former NSA official Thomas A. Drake, affirming the allegations, was forwarded by Anderson to Justice Department attorneys.

Drake's statement contradicted assertions by Michael Hayden, the former director of the NSA, that said neither the President's Surveillance Program (PSP) nor any other NSA intelligence-gathering activity was involved in indiscriminate and wholesale surveillance in Salt Lake City or other Olympic venues during the 2002 Winter Games.

"I have reviewed the declaration of Michael V. Hayden dated March 8, 2017," Drake's statement said. "As a result of personal knowledge I gained as a long-time contractor and then senior executive (1989-2008) of the NSA, I know the statements made by Hayden in that declaration are false or, if not literally false, substantially misleading."

The NSA has the capability to seize and store electronic communications passing through U.S. intercept centers, according to the statement from Drake.

After Sept. 11, 2001, "the NSA's new approach was that the president had the authority to override the Foreign Intelligence Surveillance Act (FISA) and the Bill of Rights, and the NSA worked under the authority of the president," Drake said. "The new mantra to intercepting intelligence was 'just get it' regardless of the law."

Additional information on the NSA's intelligence-gathering came to light in 2013 when Edward Snowden, a contractor working for the agency, revealed to the Guardian newspaper the scope of U.S. and British global surveillance programs.

csmart@sltrib.com

See more here:
Utah judge orders NSA to provide documents and data on 2002 ... - Salt Lake Tribune

National Security Agency (NSA) Director Mike Rogers is frustrated that he has not yet convincedPresident Trump thatU.S. intelligence indicatesRussia interferedin the 2016 presidential election, CNN reported Wednesday.

Rogers vented frustration over his fruitlessefforts to lawmakers during a recent closed-door briefing on Capitol Hill,a congressional source familiar with the meeting told the news network.

The intelligence community continues to brief the president on new informationon Russia's election involvementas itcomes to light.

An intelligence official told CNN that while Trump does not seem less engaged when being briefed on the matter, he has expressed frustration outside of the briefings that too much attention is being paid to the ongoing probe into Russia's interference in the election.

Russia, as well as other countries such as China, Iran and North Korea are consideredpotential threats by U.S. intelligence.

CNN reported that other top administration officials have also tried to emphasize the importance of a foreign nation attempting to meddle in the U.S. elections.

The president has taken to social mediato criticize formerPresident Barack ObamaBarack ObamaObama ethics czar: Trump fundraiser at his DC hotel illegal Trump greeted by protesters at campaign fundraiser Six easy wins to improve transparency on Capitol Hill MORE after a bombshell report by The Washington Post revealed his predecessor was briefed about Russia's activities in August 2016 and was slow to respond.

"I just heard today for the first time that Obama knew about Russia a long time before the election, and he did nothing about it," Trump told Fox News in an interview that aired Sunday. "To me -- in other words -- the question is, if he had the information, why didn't he do something about it? He should have done something about it."

Trump has also repeatedly called the ongoing probe into Russia and possible ties between the Kremlin and hiscampaign a "witch hunt."

Read the original here:
NSA director frustrated Trump won't accept Russia interfered in election: report - The Hill