As A New Wave Of Cyberattacks Rolls Out, Rep. Ted Lieu Asks What The NSA's Going To Do About It

from the ETERNALPWNAGE dept

Fri, Jun 30th 2017 11:59am — Tim Cushing

Leaked NSA exploits have now been the basis for two massive cyberattacks. The first -- Wannacry -- caught hospitals and other critical infrastructure across several nations in the crossfire, using a tool built on the NSA's ETERNALBLUE exploit backbone. The second seems to be targeting Ukraine, causing the same sort of havoc but with a couple of particularly nasty twists.

This one, called Petya, demanded ransom from victims. Things went from bad to worse when email provider Posteo shut down the attacker's account. Doing so prevented affected users from receiving decryption keys, even if they paid the ransom.

It soon became apparent it didn't matter what Posteo did, no matter how clueless or ill-advised. There was no retrieving files even if ransoms were paid. Two separate sets of security researchers examined the so-called ransomware and discovered Petya is actually a wiper. Once infected, victims' files are as good as gone. No amount of bitcoin is going to reverse the inevitable. The ransomware notices were only there to draw attention to the infection and away from the malware's true purpose.

Both cases are considered to be attacks by nation states. Inconsistently-applied patches -- most of them released with zero information by Microsoft -- have led to an insane amount of damage.

Through it all, the NSA -- whose tools were leaked -- has remained consistently silent. There's been no indication if the agency is working to mitigate the ongoing threat or whether it's far more concerned with discovering who left behind the malware toolkit first exposed by the ShadowBrokers.

It's unlikely we'll hear much being said publicly by the agency, but Rep. Ted Lieu has sent a letter to NSA chief Mike Rogers demanding answers. The letter [PDF] points out both attacks have been based on NSA exploits (ETERNALBLUE and ETERNALROMANCE). Lieu also states he fears the attacks seen in the past few weeks are only the "tip of the iceberg." The agency's refusal to discuss the attacks apparently isn't going to fly anymore.

Lieu makes two requests: the first is for the agency to see if it has some sort of magic "OFF" switch just laying around.

My first and urgent request is that if the NSA knows how to stop this global malware attack, or has information that can help step the attack, NSA should immediately disclose it. If the NSA has a kill switch for this new malware attack, the NSA should deploy it now.

It's far more likely the NSA has information it would rather not share than it is the agency has a way to shut down this attack, much less prevent future variations on its ETERNAL theme. But that's directly related to the second part of Lieu's request: work with companies whose software is being exploited to prevent further attacks. If the NSA still has security holes it's hoping won't be patched anytime soon, the current situation would seem to call for a rethink of its exploit-hoarding M.O.

What may be in order is the NSA stepping up and playing defense. It has stated a desire to be a larger cog in the US cyberwar machinery, but often seems more interested in playing offense than pitching in to help on the defensive end. That may need to change quickly if the NSA isn't going to be seen as more of a problem than a solution.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: attacks, cyberattacks, exploits, leaks, nsa, ransomware, russia, ted lieu, ukraine, vulnerabilities, warfare

33 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

TechDescartes (profile), 30 Jun 2017 @ 11:41am

Lieu to NSA...
"Nerd harder."
[ link to this | view in thread ]
Anonymous Coward, 30 Jun 2017 @ 12:03pm

Actually, they did find a vaccine.
[ link to this | view in thread ]
Anonymous Coward, 30 Jun 2017 @ 12:05pm

Re:
It's the same AC again - well, the NSA didn't. Security researchers did. Or is that Not Petya I'm thinking of.
[ link to this | view in thread ]
Anonymous Coward, 30 Jun 2017 @ 12:11pm

So long as governments work on the principle that need to spy on and coerce each other, these problems will continue.
[ link to this | view in thread ]
CHRoNo§§, 30 Jun 2017 @ 12:16pm

I KNOW
they are gonna make mroe exploits to attack them YA YA YA

what can they do
[ link to this | view in thread ]
Machin Shin, 30 Jun 2017 @ 12:26pm

Yep, we should totally give these guys back doors into everything we do. Nothing bad will ever come from that right?
[ link to this | view in thread ]
Anonymous Coward, 30 Jun 2017 @ 12:38pm

Yes, if the NSA only had backdoors into everything, then they could keep those backdoors secret, and only share them with Trusted People(TM). That way, Bad People couldn't use them.

Unless the Bad People discovered the backdoor on their own. Which they wouldn't try to do. Because, for one thing, it would be so much easier to pay a Trusted Person to reveal the backdoor. As everyone knows, Bad People cannot do Arithmetic or Logic, and so anything concealed by Arithmetic or Logic is forever safe from them.

I heard, one time, about a math professor who had a falling-out with his neighbors and joined the Nazi Party out of spite. He immediately forgot his multiplication tables. That's always the way it works.
[ link to this | view in thread ]
Hugh Jasohl (profile), 30 Jun 2017 @ 12:39pm

Re:
Well they don't know it yet, but that attitude will only last another 13 years before it no longer is applicable.
[ link to this | view in thread ]
Christenson, 30 Jun 2017 @ 12:47pm

Temporary Pain
Dear Rep Lieu:

There's no such thing as an "off" switch for an exploit, and even if there was, anyone with the source code can find it and remove it. That's trivial compared to finding the vulnerability in the first place.

The only thing that can stop the pain in the short term is getting all the holes being exploited by these tools patched, and even that will take awhile, since patching my system also represents a risk and takes effort.

In the long term, we need more basic research into how error prone computer hardware and software exposed to malicious inputs from everywhere can be better secured and controlled.

To give you an idea of the problem, everyone has computers and phones that are so complicated and fast there's no way to be even reasonably sure they are only doing what they are supposed to be doing and haven't been taken over by someone and doing their bidding 10% of the time.
[ link to this | view in thread ]
Vidiot (profile), 30 Jun 2017 @ 12:50pm

"[BADNESS] is threatening our nation! Must stop!"

Congressperson sends a letter...

(Yawn) What's that overused "definition of insanity" trope... "repeating the same behavior but expecting different results". The write-a-letter thing is only one step removed from calling a Congressional hearing, the pure embodiment of doing nothing at all.

Real action would come from mobilizing a ruthless, cutthroat squad to neutralize the threat. Maybe teaching young Mafiosa to code... or an afterschool MS13 Hacker Club.
[ link to this | view in thread ]
Anonymous Coward, 30 Jun 2017 @ 1:20pm

NSA's mindset
"The best defense is a good offense" - Mel Sharples, Mel's Diner

The NSA must have grown up watching Alice.
[ link to this | view in thread ]
jokoomo, 30 Jun 2017 @ 1:59pm

Microsoft still have their part of the blame
When the leak was official, Microsoft were pretty silent. They should have pushed media a lot harder to warn companies about the big threat. I highly doubt NSA was holding Microsoft back after the leak was out in the wild.
[ link to this | view in thread ]
streetlight (profile), 30 Jun 2017 @ 2:12pm

Why would there be an off switch?
The NSA probably didn't create an off switch for this software. The purpose of the software could be to disable specific target systems and if the IT folks were able to examine the code they might find the off switch. That doesn't mean one couldn't be developed but that would take time for both the NSA and particularly the folks managing the targeted systems. The intention may also be to shut down targeted systems for a fairly short time so some activity can't take place until the systems are replaced with redundant hardware. This could include shutting down defensive hardware during a military attack, or some such thing.
[ link to this | view in thread ]
SpaceLifeForm, 30 Jun 2017 @ 2:58pm

Microsoft not that silent anymore
https://blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis/
[ link to this | view in thread ]
Thad, 30 Jun 2017 @ 3:36pm

Re: Temporary Pain

There's no such thing as an "off" switch for an exploit

There was on WannaCry, but that had nothing to do with the NSA zero-day that it implemented.
[ link to this | view in thread ]
Thad, 30 Jun 2017 @ 3:38pm

Re: Microsoft not that silent anymore
Jesus, are they all named after Sega Genesis games?
[ link to this | view in thread ]
Anonymous Coward, 30 Jun 2017 @ 4:47pm

r/stallmanwasright

That's all.
[ link to this | view in thread ]
Madd the Sane (profile), 30 Jun 2017 @ 9:41pm

Dissolve NSA
Can we dissolve the NSA already?
[ link to this | view in thread ]
Anonymous Coward, 30 Jun 2017 @ 10:02pm

If the NSA hadnt and wouldnt produce the malware that allows these cyber attacks in the first place and would stop insisting that back doors into every bit of software that everyone is using (that then puts us all at risk and actually is nothing to do with anything sinister thats going on, just a means of watching everyone, of enslaving everyone!)are needed, we wouldnt have a problem
[ link to this | view in thread ]
Anonymous Coward, 1 Jul 2017 @ 4:54am

There will be more of these
And many of them, perhaps all of them, will target Microsoft products because they're all horribly vulnerable. So it really doesn't matter what the NSA does this time or the next time or the time after that: the parade will continue.

The solution is obvious and of course will never be implemented: stop using Microsoft products. Of course those of us with a superior grasp of security don't need to do this, because we never started using them. But the inferior people who've built their entire IT operations around Microsoft now have a choice: either continue doing so and whine incessantly when it's their turn to be hacked, or listen to those of us with superior expertise and get out NOW.

My guess is that they'll almost exclusively do the former: they're not intelligent enough to do the latter, and their bloated egos will stop them anyway, since it would require admitting that they've been wrong the entire time.

I'm sure the attackers behind these know this just as well as I do. They can sleep well, knowing that their intended victims will do everything possible to remain victims. So whatever the next attack is, and whenever it happens, it will succeed in large measure due to complacency, stupidity, ignorance, and hubris.
[ link to this | view in thread ]
Aaron Walkhouse (profile), 1 Jul 2017 @ 12:34pm

%WINDIR%\perfc.dat
It can be an empty file, as long as that filename exists.
[ link to this | view in thread ]
Anonymous Coward, 1 Jul 2017 @ 5:15pm

Wyden was too busy to grandstand on this one?
[ link to this | view in thread ]
Anonymous Coward, 2 Jul 2017 @ 4:23am

The 0th law of sys admin ...
is backup.

With apply patches coming it at a close 1st.

/?
[ link to this | view in thread ]
Anonymous Coward, 2 Jul 2017 @ 9:30pm

Re:
Log back in, My_Name_Here.
[ link to this | view in thread ]
Seegras (profile), 3 Jul 2017 @ 2:03am

Re: Dissolve NSA
That actually would be a great pre-emptive move to lower the likelyhood such attacks happening in the future.

However, all similar zero-day hoarding outfits like GCHQ, BND, Mossad, NBD would need to be dissolved as well. But you got to start somewhere.
[ link to this | view in thread ]
Seegras (profile), 3 Jul 2017 @ 8:37am

Re:
We still would have a problem. But by publishing each and every security hole it found or got hold of, the NSA would be part of the solution, not (a big) part of the problem.
[ link to this | view in thread ]
Anonymous Coward, 3 Jul 2017 @ 11:10am

Once again, playing offense, when defence leads to less destruction

Never should of horded the exploits
Should have informed the relevant software creators
And......lifetime security updates/patches for life, by law, should have been implemented.......or open source everything os/hardware related......fk the monopoly/profit/greed/propriety road blocks.....
[ link to this | view in thread ]
Anonymous Coward, 3 Jul 2017 @ 11:11am

Re:
Amen
[ link to this | view in thread ]
Anonymous Coward, 3 Jul 2017 @ 11:12am

Re: I KNOW
-selves
[ link to this | view in thread ]
Anonymous Coward, 3 Jul 2017 @ 11:32am

Re: Temporary Pain
'In the long term, we need more basic research into how error prone computer hardware and software exposed to malicious inputs from everywhere can be better secured and controlled.'

I think thats a good approach, not surprising since ive had those similar thoughts as soon as snowden confirmed our suspicions......and i doubt that were alone on that

Say, talking about suspicions, is it not suspicious that this common sense approach is not being explained to us by our suposedly intelligent leaders in its planned implementation

Perish the thought that they dont care, or have a vested interest in keeping things less secure....perish the thought
At least our leaders might actually have intelligence, just no ethics or morality

Mmmmm......much better alternative

lose:lose
[ link to this | view in thread ]
Anonymous Coward, 3 Jul 2017 @ 11:53am

Re: Dissolve NSA
I feel that any government agency that feels it can only operate with secrecy needs disbanding

World peace wont come around with secrecy, but truth and honesty

One planet, one unity
[ link to this | view in thread ]
Anonymous Coward, 4 Jul 2017 @ 1:25am

Re: Re: Temporary Pain
The problem with software is that it can only be analyzed or tested for problems that are thought of ahead of time. By comparison, hardware can, and often is, subject to bake and shake type testing, which will show up any weaknesses in the design, even if nobody thought of the weakness ahead of time.

New models of cars are subject to such holistic testing, and still the odd design flaw gets through, and as flaws in software are harder to discover, more should be expected to pass any testing procedure than occur with hardware.
[ link to this | view in thread ]
Anonymous Coward, 4 Jul 2017 @ 11:53am

In Lieu of a back door,
...

The current score: 2^64-1 (offense) to 1 (defense).

There's no upside to defense; you do grunt work anonymously for years, and then you get fired.

It used to be that falling asleep during night watch duty was punishable by a firing squad. Perhaps it's time to utilize that punishment for allowing your command to get hacked -- starting with the CO himself/herself.
[ link to this | view in thread ]