As A New Wave Of Cyberattacks Rolls Out, Rep. Ted Lieu Asks What The NSA's Going To Do About It
from the ETERNALPWNAGE dept
Leaked NSA exploits have now been the basis for two massive cyberattacks. The first -- Wannacry -- caught hospitals and other critical infrastructure across several nations in the crossfire, using a tool built on the NSA's ETERNALBLUE exploit backbone. The second seems to be targeting Ukraine, causing the same sort of havoc but with a couple of particularly nasty twists.
This one, called Petya, demanded ransom from victims. Things went from bad to worse when email provider Posteo shut down the attacker's account. Doing so prevented affected users from receiving decryption keys, even if they paid the ransom.
It soon became apparent it didn't matter what Posteo did, no matter how clueless or ill-advised. There was no retrieving files even if ransoms were paid. Two separate sets of security researchers examined the so-called ransomware and discovered Petya is actually a wiper. Once infected, victims' files are as good as gone. No amount of bitcoin is going to reverse the inevitable. The ransomware notices were only there to draw attention to the infection and away from the malware's true purpose.
Both cases are considered to be attacks by nation states. Inconsistently-applied patches -- most of them released with zero information by Microsoft -- have led to an insane amount of damage.
Through it all, the NSA -- whose tools were leaked -- has remained consistently silent. There's been no indication if the agency is working to mitigate the ongoing threat or whether it's far more concerned with discovering who left behind the malware toolkit first exposed by the ShadowBrokers.
It's unlikely we'll hear much being said publicly by the agency, but Rep. Ted Lieu has sent a letter to NSA chief Mike Rogers demanding answers. The letter [PDF] points out both attacks have been based on NSA exploits (ETERNALBLUE and ETERNALROMANCE). Lieu also states he fears the attacks seen in the past few weeks are only the "tip of the iceberg." The agency's refusal to discuss the attacks apparently isn't going to fly anymore.
Lieu makes two requests: the first is for the agency to see if it has some sort of magic "OFF" switch just laying around.
My first and urgent request is that if the NSA knows how to stop this global malware attack, or has information that can help step the attack, NSA should immediately disclose it. If the NSA has a kill switch for this new malware attack, the NSA should deploy it now.
It's far more likely the NSA has information it would rather not share than it is the agency has a way to shut down this attack, much less prevent future variations on its ETERNAL theme. But that's directly related to the second part of Lieu's request: work with companies whose software is being exploited to prevent further attacks. If the NSA still has security holes it's hoping won't be patched anytime soon, the current situation would seem to call for a rethink of its exploit-hoarding M.O.
What may be in order is the NSA stepping up and playing defense. It has stated a desire to be a larger cog in the US cyberwar machinery, but often seems more interested in playing offense than pitching in to help on the defensive end. That may need to change quickly if the NSA isn't going to be seen as more of a problem than a solution.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: attacks, cyberattacks, exploits, leaks, nsa, ransomware, russia, ted lieu, ukraine, vulnerabilities, warfare
Reader Comments
Subscribe: RSS
View by: Time | Thread
Lieu to NSA...
[ link to this | view in chronology ]
Actually, they did find a vaccine.
[ link to this | view in chronology ]
Re:
It's the same AC again - well, the NSA didn't. Security researchers did. Or is that Not Petya I'm thinking of.
[ link to this | view in chronology ]
%WINDIR%\perfc.dat
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
I KNOW
what can they do
[ link to this | view in chronology ]
Re: I KNOW
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Unless the Bad People discovered the backdoor on their own. Which they wouldn't try to do. Because, for one thing, it would be so much easier to pay a Trusted Person to reveal the backdoor. As everyone knows, Bad People cannot do Arithmetic or Logic, and so anything concealed by Arithmetic or Logic is forever safe from them.
I heard, one time, about a math professor who had a falling-out with his neighbors and joined the Nazi Party out of spite. He immediately forgot his multiplication tables. That's always the way it works.
[ link to this | view in chronology ]
Temporary Pain
There's no such thing as an "off" switch for an exploit, and even if there was, anyone with the source code can find it and remove it. That's trivial compared to finding the vulnerability in the first place.
The only thing that can stop the pain in the short term is getting all the holes being exploited by these tools patched, and even that will take awhile, since patching my system also represents a risk and takes effort.
In the long term, we need more basic research into how error prone computer hardware and software exposed to malicious inputs from everywhere can be better secured and controlled.
To give you an idea of the problem, everyone has computers and phones that are so complicated and fast there's no way to be even reasonably sure they are only doing what they are supposed to be doing and haven't been taken over by someone and doing their bidding 10% of the time.
[ link to this | view in chronology ]
Re: Temporary Pain
There was on WannaCry, but that had nothing to do with the NSA zero-day that it implemented.
[ link to this | view in chronology ]
Re: Temporary Pain
I think thats a good approach, not surprising since ive had those similar thoughts as soon as snowden confirmed our suspicions......and i doubt that were alone on that
Say, talking about suspicions, is it not suspicious that this common sense approach is not being explained to us by our suposedly intelligent leaders in its planned implementation
Perish the thought that they dont care, or have a vested interest in keeping things less secure....perish the thought
At least our leaders might actually have intelligence, just no ethics or morality
Mmmmm......much better alternative
lose:lose
[ link to this | view in chronology ]
Re: Re: Temporary Pain
New models of cars are subject to such holistic testing, and still the odd design flaw gets through, and as flaws in software are harder to discover, more should be expected to pass any testing procedure than occur with hardware.
[ link to this | view in chronology ]
"[BADNESS] is threatening our nation! Must stop!"
Congressperson sends a letter...
(Yawn) What's that overused "definition of insanity" trope... "repeating the same behavior but expecting different results". The write-a-letter thing is only one step removed from calling a Congressional hearing, the pure embodiment of doing nothing at all.
Real action would come from mobilizing a ruthless, cutthroat squad to neutralize the threat. Maybe teaching young Mafiosa to code... or an afterschool MS13 Hacker Club.
[ link to this | view in chronology ]
NSA's mindset
The NSA must have grown up watching Alice.
[ link to this | view in chronology ]
Microsoft still have their part of the blame
[ link to this | view in chronology ]
Why would there be an off switch?
[ link to this | view in chronology ]
Microsoft not that silent anymore
[ link to this | view in chronology ]
Re: Microsoft not that silent anymore
Jesus, are they all named after Sega Genesis games?
[ link to this | view in chronology ]
That's all.
[ link to this | view in chronology ]
Dissolve NSA
[ link to this | view in chronology ]
Re: Dissolve NSA
However, all similar zero-day hoarding outfits like GCHQ, BND, Mossad, NBD would need to be dissolved as well. But you got to start somewhere.
[ link to this | view in chronology ]
Re: Dissolve NSA
World peace wont come around with secrecy, but truth and honesty
One planet, one unity
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
There will be more of these
The solution is obvious and of course will never be implemented: stop using Microsoft products. Of course those of us with a superior grasp of security don't need to do this, because we never started using them. But the inferior people who've built their entire IT operations around Microsoft now have a choice: either continue doing so and whine incessantly when it's their turn to be hacked, or listen to those of us with superior expertise and get out NOW.
My guess is that they'll almost exclusively do the former: they're not intelligent enough to do the latter, and their bloated egos will stop them anyway, since it would require admitting that they've been wrong the entire time.
I'm sure the attackers behind these know this just as well as I do. They can sleep well, knowing that their intended victims will do everything possible to remain victims. So whatever the next attack is, and whenever it happens, it will succeed in large measure due to complacency, stupidity, ignorance, and hubris.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
The 0th law of sys admin ...
With apply patches coming it at a close 1st.
/?
[ link to this | view in chronology ]
Never should of horded the exploits
Should have informed the relevant software creators
And......lifetime security updates/patches for life, by law, should have been implemented.......or open source everything os/hardware related......fk the monopoly/profit/greed/propriety road blocks.....
[ link to this | view in chronology ]
In Lieu of a back door,
The current score: 2^64-1 (offense) to 1 (defense).
There's no upside to defense; you do grunt work anonymously for years, and then you get fired.
It used to be that falling asleep during night watch duty was punishable by a firing squad. Perhaps it's time to utilize that punishment for allowing your command to get hacked -- starting with the CO himself/herself.
[ link to this | view in chronology ]