Mediaboss Marketing

Common Dreams

NSA Tools, Built Despite Warnings, Used in Global Cyber Attack Common Dreams Apparent National Security Agency (NSA) malware has been used in a global cyber-attack, including on British hospitals, in what whistleblower Edward Snowden described as the repercussion of the NSA's reckless decision to build the tools. "Despite ... NHS cyber attack: Edward Snowden says NSA should have prevented cyber attackThe Independent Edward Snowden: Congress needs to grill NSA on hospital software ...Washington Examiner Edward Snowden points blame at NSA for not preventing NHS cyber ...Telegraph.co.uk Sputnik International -India Today -International Business Times UK all 9 news articles »

Continued here:
NSA Tools, Built Despite Warnings, Used in Global Cyber Attack - Common Dreams

Patrick Ward, 47, a sales director at Purbeck Ice Cream, from Dorset in England, poses for photographs after giving media interviews after his heart operation scheduled today was cancelled because of a cyberattack, outside St Bartholomews Hospital in London, Friday, May 12, 2017. A large cyberattack crippled computer systems at hospitals across England on Friday, with appointments canceled, phone lines down and patients turned away. CREDIT: AP Photo/Matt Dunham

Employees and patients across multiple UK National Health Service facilities were displaced on Friday thanks to a large-scale cyberattack on network computers across Eurasia, including Great Britain, Portugal, Spain, Russia, Turkey, Vietnam, the Philippines, and Japan.

Doctors and hospital staff were locked out of patient files and forced to relocate emergency patients, the Guardian reported. The attack made use of ransomware, a type of malware that restricts file and system access by encrypting data. The hackers then demand payment in exchange for decrypting the data and restoring access. Patient records, emails, schedules, and phone lines were all ensnared in the attack.

British health officials said its systems were not the target of the attack. But security experts believe the vulnerability exploited during the attack was discovered by the NSA, and was included among the many cyber tools previously stolen from the American intelligence community earlier this year, the New York Times reported. The ransomware was distributed via email.

Hospitals and telecom companies in western Europe, Russia, and Asia were also affected, the MalwareHunterTeam told the New York Times.

The hackers demanded each user pay $300 in bitcoin to a specific bitcoin account in the next three days, potentially totaling thousands of dollars worth of bitcoin. The ransom doubles if payments arent made in that time, according to the hackers message obtained by the Guardian, and files will be kept restricted forever if payment isnt received in seven days.

Ransomware attacks arent a new occurrence, and they often work. U.S. hospital systems were recently victimized by similar attacks. A Los Angeles hospital systemHollywood Presbyterian Medical Centerpaid a $17,000 bitcoin ransom in February 2016 after patient files and data were held hostage for two weeks. The systems CEO Allen Stefanek said paying was in the best interest of restoring normal operations.

Medstar, a Washington, D.C. area hospital system, was attacked the following month and had to turn away patients. Hackers gave the hospital system, which treats 30,000 people across 10 hospitals and 250 outpatient centers, 10 days to pay $19,000 in bitcoin, the Washington Post reported.

The FBI investigated both attacks, and previously reported an uptick in ransomware hacks in recent years.

See the article here:
Hackers breach computers in several countries worldwide using ... - ThinkProgress

NSA Director Adm. Mike Rogers cast a dash of doubt Tuesday on the intelligence community's conclusion that Russia-tied hackers sought to help Donald Trump in the 2016 election, explaining for the first time in public testimony why his agency had only "moderate confidence" in that judgment.

Testifying before a Senate Armed Services Committee hearing, Rogers affirmed he and the NSA were highly confident the Russians sought to hurt Hillary Clinton in the election. But Sen. Tom Cotton, R-Ark., asked Rogers who also heads U.S. Cyber Command -- why the NSA differed on the related conclusion about Trump in the Jan. 6 intelligence report on alleged Russian interference in the election.

That conclusion stated that the Russian government aspired to help President-elect Trumps election chances when possible by discrediting Secretary Clinton and publicly contrasting her unfavorably to him.

The FBI and CIA backed that with high confidence, but the NSA only held that judgment with moderate confidence.

Cotton noted that fellow Sen. Elizabeth Warren, D-Mass., during the hearing called Trump Russias preferred candidate and asked Rogers to explain the discrepancy.

I wouldnt call it a discrepancy, Id call it an honest difference of opinion between three different organizations and in the end I made that call, Rogers said.

He added that when he looked at the data, for each of the other judgments there were multiple sources and he could exclude every other alternative rationale. But for this particular conclusion, it didnt have the same level of sourcing and the same level of multiple sources, he said.

He noted that he still agreed with the judgment, but he wasnt at the same confidence level as CIA Director John Brennan and FBI Director James Comey.

Probed further by Sen. Tim Kaine, D-Va. -- who was Clintons running mate Rogers clarified that while he was highly confident the Russians wanted to prevent Clinton from winning, and to undercut her effectiveness if she did win, he was only moderately confident the Russians actively wanted Trump to win.

The FBI, CIA and NSA were all in complete agreement about the Clinton-related conclusion in the report, which stated: Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election. Russias goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.

Earlier at Monday's hearing, Rogers also testified that there has been no reduction in Russian efforts to affect the outcome of other countries' elections, and warned about the dangers of state and non-state actors moving from data "extraction" to data "manipulation."

Chairman John McCain, R-Ariz., asked Rogers if he had seen a reduction in Russian efforts to meddle in elections and pointed toward alleged interference in Sundays French presidential race.

No I have not, Rogers said, adding that U.S. needs to publicly out Russian behavior.

They need to know we will publicly identify this behavior, he said.

Emmanuel Macron, the eventual winner of the French election, was hit by a hack Friday which revealed a number of his campaign team's emails. It was not clear who was behind the hack, but it was reminiscent of hacks that hit the 2016 U.S. election that exposed Democratic National Committee staff emails, and the private emails of Clinton campaign Chairman John Podesta. Both the Clinton campaign and the Obama administration have blamed Russia for those hacks.

Rogers was also asked by lawmakers to lay out his worst-case scenario for future cyber attacks. Rogers said he was concerned about outright destructive activity on critical infrastructure as well as cyberattacks moving from the obtaining and revealing data to data manipulation on a massive scale.

Such as changing voter rolls? asked McCain.

Yes, said Rogers. Thats a very different kind of challenge for us.

He also warned about a possible situation in which, as the effectiveness of cyberattacks becomes clearer, non-state actors decide cyber is an attractive weapon with which to destroy the status quo.

During further questioning, Rogers said the National Security Agency became aware of Russian attempts to interfere with political institutions in the summer of 2015.

He said that when he came aware of Russian actions, he informed the FBI, and also in his role as head of the U.S. Cyber Command, informed the Pentagon to make sure its systems were optimized in order to be able to withstand such an attack.

Adam Shaw is a Politics Reporter and occasional Opinion writer for FoxNews.com. He can be reached here or on Twitter: @AdamShawNY.

See the rest here:
NSA chief explains 'discrepancy' over claim that Russia ...

New York Times

How Trump's NSA Came to End a Disputed Type of Surveillance New York Times The Foreign Intelligence Surveillance Court was delaying its annual reauthorization because the N.S.A. had discovered widespread violations of a rule for how analysts could handle Americans' emails collected under the program. Now, the agency director, ... This Is the Secret Court Order That Forced the NSA to Delete the Data It Collected About YouMotherboard Election Hack: NSA Chief Says FISA Revealed Russian Interference ...Fortune Their View: NSA stops one abuse, but many remainHesperia Star all 5 news articles »

Read this article:
How Trump's NSA Came to End a Disputed Type of Surveillance - New York Times

Despite plentiful advice online about how to protect your privacy and keep your data safe, we all make mistakes now and then. We leave that text file of passwords in our Dropbox folder. We forget the password of our home router set to 'password.' But at least most of us can say we never left extensive software and documentation for one of the most powerful codebreaking systems in the worlda supercomputer collaboration between IBM, NYU and the Department of Defensecasually lying around on a completely unsecured public server. That's a pretty big oops, especially when someone finds it.

The Intercept published a fascinating story today about WindsorGreen, an encryption-breaking computer designed by brilliant mathematicians and likely used by the NSA. Specifically, the fascinating part is how easily a security researcher, with a hobby of poking around the internet looking for out-of-place files, found some pretty high-level Department of Defense stuff. Under the alias Adam, he told The Intercept "The fact that this software, these spec sheets, and all the manuals to go with it were sitting out in the open for anyone to copy is just simply mind blowing."

"All of this leaky data is courtesy of what I can only assume are misconfigurations in the IMAS (Institute for Mathematics and Advanced Supercomputing) department at NYU. Not even a single username or password separates these files from the public internet right now. Its absolute insanity," Adam wrote to The Intercept over email.

The only tool Adam used to find the NYU trove was Shodan.io, a website thats roughly equivalent to Google for internet-connected, and typically unsecured, computers and appliances

Adam didn't find this server full of secrets by hacking through NYU firewalls or anything so complex. According to The Intercept, "the only tool Adam used to find the NYU trove was Shodan.io, a website thats roughly equivalent to Google for internet-connected, and typically unsecured, computers and appliances around the world, famous for turning up everything from baby monitors to farming equipment. Shodan has plenty of constructive technical uses but also serves as a constant reminder that we really ought to stop plugging things into the internet that have no business being there."

That last line is the kicker here. You may have read about how botnets comprised of Internet of Things devices are being used in massive DDOS attacks, like the ones instigated by squabbles over Minecraft servers last year. Shodan.io is a reminder that anyone could easily find a hole through your weak home router, and more importantly, your internet-connected refrigerator or lightbulbs could someday be used to DDOS a website you care about, like Steam.

In other words, Juicero wasn't just a sign that Silicon Valley spends millions of dollars reinventing basic shit we already have, but with internet connectivity. It's a harbinger of a bleak, bleak future where your coffee maker and your $400 juice bot can and will be taken hostage by a 17-year-old and next thing you know we're living a version of Maximum Overdrive we made for ourselves.

Adam informed NYU about the unsecured server and the files were removed, but experts have reviewed the documentation (which was the property of IBM and didn't appear to be classified by the DOD) and suggested that WindsorGreen is likely the best cryptography system in the world. The NSA is doubtless giving it a workout.

View original post here:
Man finds NSA supercomputer info sitting on an unsecured server ... - PC Gamer