The Shadow Brokers, in new taunt, threaten to release even more NSA sourced malware

Topic

New Reply

If you thought WannaCry was bad, you ain’t seen nothin’ yet. Post coming in InfoWorld.
[See the full post at: The Shadow Brokers, in new taunt, threaten to release even more NSA sourced malware]

3 users thanked author for this post.

Fred, JDeC, AJNorth

Reply | Quote

Replies

Which of these is the worst part?

1. That the NSA had such stuff going on.
2. That the NSA, of all groups, got hacked.
3. That a group of sociopathic individuals like the Shadow Brokers (never mind hackers and virus programmers in general) exists in the first place

Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
A weatherman that can code

2 users thanked author for this post.

Fred, Noel Carboni

Reply | Quote

AlexN wrote:

Which of these is the worst part?

I think 1 is the worst. Our government shouldn’t be spying on us. We supposedly don’t live in a police state.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

I’m glad that it’s a source of fake news reporting this tripe, looks like they got bored with blaming Russia

http://www.dailymail.co.uk/news/article-4508736/North-Korea-global-cyber-hac.html

Reply | Quote

Linux year coming finally? 😉

Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insider

Reply | Quote

Linux has landed!  Old but quite serviceable x86 and x64 systems that came with Vista have now been updated to dual boot with Linux.  I had already updated the x86 system when the breaking news of Nvidia driver kernel mode vulnerabilities (for which updates do not exist) became known.  And now the specter of more malware exploits courtesy of Shadow Brokers is looming.  Enough is enough. I finished my backups this morning, and now all my systems run Linux.

1 user thanked author for this post.

MrJimPhelps

Reply | Quote

Isn’t it a (surprisingly?) small number of users, that was hit by wannacry?

200.000 is what I last saw, but compared to a win7 user base of.. what? 500.000.000?

Anyway, I’m prepared for anything anyone can come up with, so bring it on! 😀

Reply | Quote

@ Jan K

When the NHS in the UK got hit by the WannaCry ransomware on Friday, 12 May 2017, hundreds of sick patients could not get proper care, eg their Dr appointments, surgeries, etc had to be postponed.

As reported by Europol, “only” 200,000 computers worldwide, many in Europe, got hit because a very concerned Englishman/security-Pro accidentally chanced upon a kill-switch that immediately neutralized the WannaCry ransomware, thus sparing most of USA and the Americas, which are about 8 hours behind UK time, from being hit or becoming the next victims.
. . Imagine the scenario if there was no kill-switch.

4 users thanked author for this post.

lurks about, Karlston, David F, SueW

Reply | Quote

Yes, and we may never know all the trauma and potential tragedies caused by that. Big players fight it out, and small people get hurt.

Big lesson: These institutions need to have knowledge about vulnerable ports and protocols.

Reply | Quote

sparing most of USA and the Americas, which are about 8 hours behind UK time, from being hit or becoming the next victims.

Three words: Wake up call!

But don’t you just know that there will be some new malware that hits hundreds of thousands of people in the future?

People somehow never really seem to learn anything, especially from other people’s trauma.

-Noel

2 users thanked author for this post.

Bill C., NetDef

Reply | Quote

Remember Melissa? ILOVEYOU?  Nimda?  Slammer? MyDoom?  etc etc etc.  In light of some of those, this current crop was amazingly constrained . . . at least so far.  I am still convinced that this was a “small” (and accidentally released) test for something far bigger.

~ Group "Weekend" ~

1 user thanked author for this post.

John in Mtl

Reply | Quote

What is more worrisome is there appears to be more where Wannacry came from. Also, right now Windows appears to be the only target but it is unknown what is available for MacOS, iOS, Android, and Linux. For Windows user, it looks like a rough few weeks are shaping up and just because one missed the first rounds does not mean a later one will not nail you. For users of other OSes do not assume you are invulnerable and be wary. The media may not mention if other OSes are being hit at the same time.

Reply | Quote

@Jan_K yeah you have a point there its a small number of users but I wonder how many “Suffered in silence” i.e. restored from backup or even formatted and reinstalled?
I am still hazy about what would be the best recovery option. Normally periodically I will SYSPREP and save to a .wim file (yeah not ideal but shortens the recovery process) and generally using the option “compression:recovery” (same as ESD) saves space its generally an overnight affair. I have yet to see the malware that corrupts .wim or .esd files but i just know some ones going to prove me wrong lol 😉

Reply | Quote

AV software from several vendors was able to prevent infections. For example, Symantec reports that their products were blocking on average roughly 200000 infections per hour over the three day period. I haven’t checked to see what other AV vendors have reported.

Reply | Quote

Anyone serious about security needs to ask:

Why did 200,000 people per hour do something that led to their last line of defense having to block an infection?

Did they open an eMail attachment? Did they allow Windows Networking to reach the wild Internet? Did they download and indiscriminately run an executable? Did they click through a UAC prompt?

Can we presume they were doofus-level employees of a megalithic company with lousy IT practices and out-of-date systems? Home users who think they know better but really don’t? Kids? Someone tired and not thinking as clearly as they can being duped by an almost legitimate-looking eMail?

The first thing that comes to my mind as a root cause is a general lack of education / awareness about good computing practices, coupled with a false sense of security. But that’s just a guess.

What we REALLY need to know in order to learn from this experience are real answers to my bolded question above.

-Noel

Reply | Quote

Several analysts have come to the conclusion that this worm might have actually spread without any user-interaction at all, other than a lack of being current on security patches for Windows.

I am leaning that way myself – we picked up four two new clients this week that got infected and we cannot find any trace of an email attachment in any of their inboxes that can be blamed. Nor can we find any trace of a particular web address that someone visited during the initial infection time.

What we DID find in both cases?  RDP port 3389 was left open on their firewall – intentionally.  We have no proof that this port was somehow used to get to SMB but I am beginning to suspect something in this direction.  And this would not be the first time that this particular port has caused problems.  It should never – ever – be open on a firewall to the Internet.

Edit:  Make that four new clients – I just checked my voice mail.  Geesh.  I hate virus outbreaks, but dang – they can be good for business.  Talk about a mixed up world.

~ Group "Weekend" ~

1 user thanked author for this post.

grayslady

Reply | Quote

It really seems to be the ‘perfect storm’ for MS…lots of anger and frustration over forced 10 upgrades, sabotaged updates for 7/8.1, concern over updates going forward, and now this. Somewhere Linus Torvalds and Tim Cook are probably having tea, both of them smiling ear to ear at the implosion of the once mighty MS, and also at the ego, knowing that nothing will be done to Satnad & Co. as long as the profits are high because “who cares”.

Reply | Quote

It depends on whether the ‘perfect storm’ continues for awhile whether any major shifts will occur. One-and-done will not do much but several weeks of a continuous siege on Windows might make many reconsider their options. Right now, a few will ditch Windows, mostly those who probably considering it anyway. But if this last a few weeks or months then all bets are off.

Reply | Quote

I wonder how many of us whether in our corporate or personal lives will truly learn the only really critical lesson to come from all this? Namely, that we all need to become a whole let less dependent on computers in our everyday lives.

3 users thanked author for this post.

lizzytish, BobbyB, Bill C.

Reply | Quote

Exactly what I said. There is little realization how technology dependence dumbs us down  — in their wildest dreams didn’t they think that technology will make it so easy to manipulate, exploit and control the masses.

And check this statement by MS guy responsible for 10 S:

“In today’s world, Win32 has a lot of problems in terms of user confidence, privacy, battery life, etc. We don’t want to bring those problems into UWP but want to provide the functionality that the user wants – and make sure the user is in control at the same  time.”

Remember the corruption of language in 1984?

Edit – please confine political comments to the Rants Forum

 

Reply | Quote

Impossible. Mainly because we, y’know, live in the 21st century. It’d be like pre-enlightenment civilisation saying the gutenberg press experiment has had it’s run but it’s giving the masses access to unprecedented knowledge so let’s go back to scribes. You can’t put the genie back in the bottle and nor do i want to really, that’d be burying your head in the sand. This might be the internet’s rubicon moment and we’ll either strengthen our security and privacy or government’s will double down on surveillance. Relying less on computers? That’s up to you but it’s not the answer and nor will it happen in my opinion.

– T

Reply | Quote

It’s only impossible because it requires  collective action. But the reality is that there is practically no defense against these types of attack and technologism is just like all other isms — it self destructs.  They all peak and collapse.

1 user thanked author for this post.

John in Mtl

Reply | Quote

Think we need to be a bit more discerning about what we do with our computers and not be so gullible as some appear to be and accept every choice/option offered us without thinking it through. Actually that is the same in real life too. Just thinking! LT

The day has eyes; the night has ears. — Scottish

2 users thanked author for this post.

HiFlyer, Noel Carboni

Reply | Quote

You ain’t seen nothing yet are the exact words I used in an earlier thread.

1 user thanked author for this post.

woody

Reply | Quote

https://www.youtube.com/watch?v=7miRCLeFSJo

 

Reply | Quote

“That was a cyberattack? I thought it was the latest Windows update.”

http://www.newyorker.com/cartoons/daily-cartoon/tuesday-may-16th-windows-cyberattack-update?intcid=mod-latest

8 users thanked author for this post.

HiFlyer, SueW, David F, Alice, lizzytish, BobbyB, thymej, woody

Reply | Quote

Could it be both ????? LT

I hate those earnest TV documentaries that are the world according to
people with glasses who know better than you! Billy Connolly

Reply | Quote

Apple was probably right when they resisted developing a proprietary tool to hack iPhones for the FBI because they felt the tool would eventually get into the wild. Tim Cook was probably correct in his concern, especially since so many obvious warning signs were ignored in the case of the San Bernadino attack. I do not have a lot of confidence in the US governments ability to protect digital data, especially after they lost all the federal personnel files in the hack of OPM.

2 users thanked author for this post.

John in Mtl, Bill C.

Reply | Quote

Is it me or do those small manifestos read like Jar-Jar Binks is at a keyboard?

Reply | Quote

With all the survailliance, snooping and what not by the world’s intelligence services I simply do not understand, why they haven’t tracked down that group a.o. criminals?

An article on this, Woody?

Or any links, that can enlighten me?

See, if I type the word “bomb”…

Oops, gotta go. Someone is knocking on my door…

Reply | Quote

Thanks for the joke Anonymous! Tickled my sense of humour.

Just a thought – Could “The Shadow Brokers” be Microsoft programmers trying to force all remaining Windows XP And Windows 7 users to upgrade?

After all Microsoft “knew” about the flaw, which is why they released the patch!

RobB

Reply | Quote

There has been much speculation, including on your theory. Only time will tell, and if anyone does know, they aren’t saying so now…

Reply | Quote

radosuaf wrote:

Linux year coming finally? ?

I don’t think so. If NSA doesn’t stop pilling up vulnerabilities, Linux may have it the worst, since they can patch their systems (the compiler for Linux is publically available, right?) and stay silent until a vulnerability is exploited (assuming that nobody notices them). I have already concerns with Linux and the recent kerfuffle is the icing on a really bad cake.

Reply | Quote

I agree that GNU/Linux, FOSS by nature, is accessible to change by any entity, no matter what color hat they wear. The fact is, unless you have manufactured, literally by hand, your own machine, and never let it touch an exposed network, then there is *no* protected shelter anywhere. All of the learned opinions I read here discuss managing risk in the manner appropriate to their point of view.

To my mind, under MSRedmond, a corporate entity of proven questionable character is my only hope to fix what has gone wrong in their proprietary world. But they host some of the software I *must* use. Hoops must be jumped through in just the right way, and the AskWoody team has the map.

Alternatively, in the FOSS universe there is an ever growing contingent of coders, some of them very good, whose only goal is pride in a system that maintains operability no matter what. And hopefully earn enough to eat. Like the fantasy of utopia, it will never actually happen. But I like the mission statement better. If I did not require Win7 software to earn a living, my machines would not know Redmond existed.

tl;dr\ Microsoft can be trusted to fix their stuff, their way. GNU/Linux can be repaired by anybody with the chops. Publicly available works for both sides.

Hope this is allowed,
Paul

Reply | Quote