NSA Exploit Now Powering Cryptocurrency Mining Malware
from the ETERNALDAMAGE dept
You may have been asked if you'd like to try your hand at mining cryptocurrency. You may have demurred, citing the shortage in graphics cards or perhaps wary you were being coaxed into an elaborate Ponzi scheme. So much for opting out. Thanks to the NSA, you may be involved in mining cryptocurrency, but you're likely not seeing any of the benefits.
A computer security exploit developed by the US National Security Agency and leaked by hackers last year is now being used to mine cryptocurrency, and according to cybersecurity experts the number of infections is rising.
The good news is you won't have to cough up ransom to retake control of your computer. The bad news is this doesn't guarantee you'll have a functioning computer.
This new attack—called WannaMine—may seem like less of a threat than WannaCry because it doesn’t lock users out of their computer. But CrowdStrike noted in a blog post laying out its findings on WannaMine that the company has observed the malware “rendering some companies unable to operate for days and weeks at a time.” WannaMine infections are also hard to detect because it doesn’t download any applications to an infected device.
This is the path the NSA's malware has taken: from worldwide ransomware to drive-by installations of mining software. The route to infection is still the normal route: malicious links. Once inside, the malware co-opts your processor for cryptocurrency mining. If your computer happens to be part of a network, the infection will spread to connected computers, turning entire businesses into someone else's side hustle.
The "fun" part is even patched systems can be infected. The NSA's EternalBlue exploit may no longer work, but an attached tool called Mimikatz can still root around for login passwords to continue spreading the malware. The damage isn't theoretical.
For companies hit by WannaMine at scale though, the cumulative effects can be disastrous, [Bryan] York [director of CrowdStrike] told me. He cited a client that recently came to CrowdStrike for help after their network was infected by WannaMine, which York said was using so much CPU power that it totally shut down their service.
“The implications of cryptocurrency mining aren't just, ‘Oh darn, I lost some of my CPU,’” York said. “It's actually getting in the way of how businesses conduct their operations and causing down time.”
While this isn't the first cryptominer based on NSA exploits to hijack users' computers, it's the hardest to track down and kill. It contains no application files, relying on Windows tools to perform the dirty work. No files written to disk make it all but invisible. And, unlike ransomware, there's no way to pay someone to stop using your CPU to mine Monero. You can't even buy your way out of the problem.
This won't be the last we'll see of malicious software built on NSA hacking tools. It will serve as a continual reminder of the government's untrustworthiness when it comes to secure computing, mass harvesting of data, and security tradeoffs performed without input of the majority of stakeholders.
(Counterpoint via @dril: maybe NSA-enabled cryptomining hijacking is the most patriotic thing there is.)
io love helping the economy by fucking up while doing downloads and getting 100 coin miners installed on my pc
— wint (@dril) February 4, 2018
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cryptocurrency, exploits, leaks, malware, miners, nsa, weapons
Reader Comments
Subscribe: RSS
View by: Time | Thread
Also, even if it is an NSA exploit I will note that even if the NSA had disclosed it properly the thing is still exploitable even in patched systems so I would point my accusing finger at the NSA in the few months after the exploit went into the wild after they sat on it for who knows how long instead of working with devs to patch it. This time they aren't as guilty ;)
[ link to this | view in thread ]
conscious drilling
Please fuck off forever.
signed the next gun attack vector for you government cunts
[ link to this | view in thread ]
[ link to this | view in thread ]
A close analogy
[ link to this | view in thread ]
Re:
The initial breach of a network has to logicly come from either a already infected computer joining the network, or through an unpatched computer already on the network.
In the very early existence of the malware, there wasn't as many already infected networks, meaning less infected computers to spread it across networks.
This means the very first breaches had to be done via the exploit.
Given this, the NSA is responsible for (excuse my likely poor metaphor here) the technological equivalent of attempting a controlled demolition of a couple building and leveling most of the town as collateral damage.
[ link to this | view in thread ]
Re: A close analogy
[ link to this | view in thread ]
Actually!
[ link to this | view in thread ]
Its bad enough when windows telemetry goes apeshit & steals all my cycles, now I gotta avoid working in a cryptocoin mine made possible by the people who are supposed to protect us...
Hummm...
FBI invents terrorism plots...
TSA abuses us, robs us, runs drugs, but its only 'isolated' incidents...
NSA can't pick up their own fsking toys...
Its like the government is trying very hard to harm us to keep us scared & needing their protection.... but who is protecting us from them?
[ link to this | view in thread ]
The only thing with that is that you don't know what the value is going to be 5 years down the line, when the statute of limitations expires for any CFAA prosecutions.
It is just wit insider trading the the statute of limitations. You don't know what the stock value is going to be 6 years down the road. Sure, someone could buy the stock, wait 6 years, and then cash in, but you don't know what the stock value will be in six years.
[ link to this | view in thread ]
Re: A close analogy
"Did it hit anybody else that way?"
EXACTLY!!! Couldn't have said it better myself.
[ link to this | view in thread ]
Re: conscious drilling
Yet people still call to ask it to take on ever more responsibilities.
[ link to this | view in thread ]
Phew!
Man, am I glad the NSA consists mostly of skiddies who couldn't even install something as simple as Ubuntu if their lives depended on it.
America is so fucking behind the rest of the world. Just fall already.
[ link to this | view in thread ]
Re: Re: conscious drilling
To misquote Shakespeare, "All the world's a rhetorical weapon".
[ link to this | view in thread ]
Re: Re: A close analogy
[ link to this | view in thread ]
Re: Re: conscious drilling
People commit murder, using said construct as cover.
And you want want others to blame the construct not the person. This is similar to the bullshit used to protect bad LEOs.
[ link to this | view in thread ]
Re: Phew!
[ link to this | view in thread ]
Re: Phew!
So it doesn't really matter if most of them are script kiddies; there are more than enough Ubuntu-targeted scripts out there to do damage, should people move from the NT kernel to the Linux kernel.
[ link to this | view in thread ]
Re: Re: Re: conscious drilling
[ link to this | view in thread ]
Re: Re: Phew!
[ link to this | view in thread ]
Re: Phew!
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re: conscious drilling
A specific government is a construct.
One should not "blame the <type of> construct not the person". As we all know, a construct can be systemically corrupt.
Clear(er)?
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
Maybe this is the work of the police and it will slowly replace civil forfeiture as a means of supplementing their budget?
[/s]
[ link to this | view in thread ]
Re: Re: Re: Phew!
[ link to this | view in thread ]
Re: Re: Phew!
That's what BSD is for.
[ link to this | view in thread ]