Blame the NSA for Ransom-ware Attacks

Last week, a ransom-ware attack, reminiscent of the infamous “WannaCry” or “WannaCrypt” malware, ravaged Europe and even effected localized areas in the US. The new virus, named “Petya” or cleverly “NotPetya,” for it’s similarity but distinguishability from a known virus by the name, has essentially shut down the strained Ukrainian government.

Amid claims and actual cases of hacking, it can be hard to differentiate these, very real, threats from the hearsay that has been bogging down Washington and crippling broadcast media. To be very blatant, ransom-ware attacks, which simply encrypt a machine’s data and offer a key in exchange for bitcoin, represent a very real threat to national security and their current manifestation is only a fraction of their power. The way that the media is distracted by instances of possible phishing but not by the risk of self-targeted malware is nothing short of deceptive.

Blame the home team, again, for this one. Our allies in Europe are, yet again, with this attack victims of a derivation of weaponized US government malware, turned against them and their citizens, in the form of a self-spreading and self-encrypted virus. The virus demands payment of 300 USD to be cured. EternalBlue is the backdoor developed by the NSA to access and infect Windows machines that both WannaCry and NotPetya use as a basis to access unupdated Windows 8 machines. At this point, many thousands of systems have been effected, and the email address receiving payment has been shut down.

The EternalBlue hole was patched in an update of Windows that went out only days before the initial WannaCry attacks. Unpatched machines, however, are still at serious risk. Hospitals and businesses are being effectively shut down.

 

Large scale, professional hacks are akin to real world bio-weapons, they have intended targets and, absolutely massive, but unpredictable, after-effects, that have the power to destroy economies infrastructure and even kill. In Ukraine, the obvious initial target of many recent physical and cyber-attacks, government computers, hospital servers, and even the Chernobyl radiation monitoring station, were left completely disabled.

Even as the Ukrainian government recoiled, the damage done last week by NotPetya was frankly undeniable. Considering the current geopolitical silence around their nation’s besieged state, Ukraine’s coy attitude is not surprising.

Given the rate at which the situation there has continued to deteriorate over the last half-decade, Ukraine is being remarkably resilient.

What lesson is there to learn? Although you may be able to catch and save your machine in time, or even vaccinate it by renaming certain files, these holes still exist to be exploited.

 

Are frantic updates and fear of data encryption merely an inconvenient truth of the new millennium? Keeping your operating systems updated is typically a no-brainer but where are the vulnerabilities coming from? Why do hackers seem to be getting the upper hand over software megaliths?

Your friendly executive agencies are at fault. Not just for the EternalBlue backdoor these viruses co-opt, but for almost every infectious and dangerous aspect of the worms. Because of the lax protocols at the CIA and NSA, cyber-weapons and exploits are being leaked. These leaks are not your typical, run-of-the-mill WikiLeaks drops. Full, usable, versions of top secret code are being released like clockwork and it isn’t WikiLeaks.

WikiLeaks has been instrumental in building the public’s understanding of the capabilities of our security agencies but they do not release the code necessary to install malicious tools. What WikiLeaks has done is provide the information necessary to deduce that the U.S. government has been exploiting, rather than helping to patch, insecurities. The holes hostile actors use to infect machines are basically government sponsored.

WikiLeaks released that they have proof the NSA exploited the EternalBlue loophole and kept it open for years in order to exploit it, rather than advising Microsoft of the possible hack.

 

Though WikiLeaks has been more than upfront about the dangers caused by American agencies hording cyber-weapons, it seems the recompense is only just upon us. WikiLeaks aren’t the only leakers on the internet. Even as WikiLeaks is vilified they remain on the right side of internet privacy and security. Others, however… not so much.

EternalBlue was released to the internet, in full, code and all, by a group(?) called, “theshadowbrokers,” earlier this year. These Kekistani styled hacktivists are not white-hat hackers, their only aim seems to be profit. These cyber-extortionists hold the world for ransom by offering to sell malicious code to anyone who has the crypto-currency for it. They are the suppliers and, probably, some of the most effective operators of the world’s most cancerous code, but, they didn’t create it. This month‘s dump of cyber-weapons has a price tag of roughly 60,000 USD. The group is proud to brag about its connections and capabilities, threatening those who speak against them, and now even offering a defensive consulting service for companies who pay roughly 120,000 USD. Frankly, these are the type of people that should be reported on. These people are behind more millions of dollars worth of damage this month than can be readily calculated. They are a serious risk to the stability of the entire world. The code weapons they sell are broad enough to do far more than steal your data.

It’s interesting how easily accessible information on theshadowbrokers is and how little attention they have so far been paid. How on earth can a googleable gateway to the world of the Dark Net’s most prolific and intrusive hackers remain active after admittedly being behind the release of dangerous code? Or rather, how does this gateway remain essentially undocumented by media outlets that purport to be concerned about the threats to privacy WikiLeaks releases can pose?

Most Americans could tell you the Russians are doing a lot of hacking these days and anyone who frequents WikiLeaks could tell you the infectious capabilities of WannaCry and NotPetya mirror many of the tools invented and maintained by the CIA. The #Vault7 leaks have, at this point, essentially out the CIA as the source of code that can cause an infected device to bore into any machine connected to it wirelessly, autonomously. CIA projects, exposed by WikiLeaks, that bare resemblance to NotPetya’s abilities include Pandemic, Athena, and Brutal Kangaroo. It is absolutely no surprise, even according to WikiLeaks, that these tools are now publicly available. The very fact that the CIA exploited these codes instead of working to help patch them makes everyone less safe, and the day of reckoning has come, outrage is no longer worriedly preventative but rational and reactionary.

Due to government incompetence, real Russian hackers are causing substantial damage to the West. Had the U.S. Government been committed to civilian cyber-security instead of weapons proliferation, these tools might not exist. These are American companies being exploited and people all over the world are being adversely effected. This is the waking nightmare of anyone who crusaded against federal meta-spying, a fever dream for anyone enraged by Edward Snowden’s 2013 revelations about government overreach.

Big up’s, Ed.

Hacking is now a buzzword. Welcome to *current year* where cyber-warfare is simultaneously the largest unchecked threat to personal and national security while it is also trivialized, constantly, through vague terminology and rampant accusation. As I have previously discussed, one of the issue’s roots is that the accepted terminology surrounding this incredibly broad topic is inexcusably limited. The typical phishing schemes and identity theft of yesteryear are toothless compared to the actual capabilities of well established hackers. No hacker worth his salt needs to send you an email to know everything about you. The way that serious news outlets have been reporting instances and accusations of hacking or cyber-warfare can only be described as intentionally deceptive and uninformative.

For our own government to proliferate, instead of protect, us from cyber-weapons is akin to weaponizing smallpox while eliminating the vaccine and storing it insecurely, all at once.

Real hacking exists and the Reality Winner leaks were not the extent of it. It’s time for news organizations to cover dangers, not invent them. The threat posed by the CIA and NSA’s creation of cyber-weaponry is greater than any in recent memory and it’s time to get real about it. There is no longer any room to defend our clandestine agencies in these cases.

 

Looking at you, CNN.

Gavin Hanson

Gavin Hanson

Editor at Liberty Viral
Gavin edits and writes here at Liberty Viral and also writes at The Libertarian Republic. He attends school at the University of Iowa, majoring in History and Communication Studies.
Gavin Hanson