03.1.002.001 002 cyber attacks

TRANSLATE THIS PAGE:

The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016.[1][2] They published several leaks containing hacking tools from the National Security Agency (NSA)[3],
Wikipedia

NSA once more loses control over cyber weapons and disregards reporting Windows exploits
May 2019
Baltimore ransomware attack: NSA faces questions
BBC

Chinese spies acquired NSA tools, used them to attack US allies: report
Researchers with Symantec believe the Chinese government captured the code from an NSA attack on their own systems rather than stealing it,
The Hill
How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks
NYT
This article is a decoy. It is published exactly when the Baltimore cyber attack starts but only writes in general about cyber attacks.
Mar 2017
Assange: CIA had lost control of its cyberweapon documents
PCWorld

May 2017
Wannacry ransomware attack
Massiv hackerattack i Europa. Storbritannien stänger sjukhus. Flashback
wwr

May 2016
Shadowbrokers sell NSA tools

List of cyber attacks: Wikipedia

US cities are being held hostage with stolen NSA tools
NSA’s EternalBlue exploit is being used for extortion
techspot.com


NSA tappar bort cybervapnen igen, Baltimore city gov’t lamslagen

NSA:s cybervapen har åter använts mot civila mål.

Thousands of Baltimore’s city government computers were frozen on 7 May after their files became digitally scrambled.

Baltimore ransomware attack: NSA faces questions
BBC
NYT

En tidigare tråd handlade om när europeiska sjukhus 2017 lamslogs med NSA:s borttappade cybervapen. Wannacry hette koden då.
Flashback

The Shadow Brokers
The Shadow Brokers

How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks
New York Times
Kineserna misstänks ha erhållit koden under en amerikansk attack och sedan gjort om koden till ett eget vapen.

the Chinese simply seem to have spotted an American cyberintrusion and snatched the code, often developed at huge expense to American taxpayers.


Det är tydligen besvärligare är man tidigare medgivit. Betydligt fler platser än Baltimore är drabbade.

May 25, 2019
For nearly three weeks, Baltimore has struggled with a cyberattack …
Today, Baltimore remains handicapped as city officials refuse to pay, though workarounds have restored some services

The tools stolen by Shadow Brokers have already been used to attack millions of computers with ransomware demanding payments in digital currency in order to have access restored. The attacks have targeted FedEx, Mondelez International, and hospitals in Pennsylvania, Britain and Indonesia, among other thousands of other targets

The assault cost FedEx more than $400 million and Merck, the pharmaceutical giant, $670 million.

cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.

have used EternalBlue to spread malware that has paralyzed hospitals, airports, rail and shipping operators, A.T.M.s and factories that produce critical vaccines.

Microsoft, which tracks the use of EternalBlue, would not name the cities and towns affected, citing customer privacy. But other experts briefed on the attacks in Baltimore, Allentown and San Antonio confirmed the hackers used EternalBlue. Security responders said they were seeing EternalBlue pop up in attacks almost every day.

Det är ungefär som när “ryssarna gasade” Skripals som nästan bodde granne med UK kemvapencentrat Porton Down: NSA HQ ligger ett par mil från Baltimore. Frågan är om koden verkligen har varit i Kina och vänt tillbaka till nästan samma plats 😀 Det är samma exploit som användes 2017, EternalBlue. Den kommer tydligen från Shadow Brokers som man inte säger sig ha kunnat identifiera ännu! Jag håller med om denna möjlighet:

Oh-be-wan|67701396:
Kanske ett test för att se om det verkligen fungerar. Experiment så att säga. Så skyller man på kineser och kriminella.

Koden tar sig in via port 445 som används för “Server Message Block” (CIFS ingår i SMB) som Microsoft Windows använder för att dela filer och skrivare. Det finns en patch som säkrar datorn men många har inte använt den.

EternalBlue was so valuable, former N.S.A. employees said, that the agency never seriously considered alerting Microsoft about the vulnerabilities, and held on to it for more than five years before the breach forced its hand.

NYT
welivesecurity.com
jpost.com


City hall i Baltimore är fortfarande svårt drabbat tre veckor efter det att attacken startade. Man vägrar betala lösensumman i bitcoin, motsvarande $100.000. Man kallar in experter från olika håll. – Man kan ju börja med att fråga de som konstruerade “viruset” på NSA HQ som ligger någon mil nedför vägen till Washington 😀

Tusentals datorer på olika orter anges drabbade. Av storstäder nämns även Atlanta och San Antonio.

Flera tror att koden fått fäste i systemet genom att någon aktiverat phishing email.
Förutom Eternal Blue (screen) nämns en annan kod som kallas Robin Hood som dock inte verkar ha egenskapen att själv kunna spridas inom nätverket.

Om deras diskar blivit krypterade och deras säkerhetskopior ligger i samma nätverk då kan det kanske vara kört? Då får man ev betala lösensumman. “Den som gräver en grop åt andra …”

Vem som är ansvarig diskuteras. NSA hemlighöll ju “exploiten” under 5 år, men det har funnits en patch (MS17-010) tillgänglig i två år.
phys.org

baltimoresun.com
[ Greenville N.C. Robin Hood Robbin Hood ]
The information that Eternal Blue needs unfettered access for spread is maybe false?

Ingen lösning ännu, efter en månad. Varje gång man läser dyker nya drabbade städer upp.

Baltimore this month joined Atlanta, San Diego and Newark ... Los Angeles
We won’t talk more, all we know is MONEY! Hurry up

Baltimore leaders have estimated that the attack could cost at least $18.2m


Lokala valen i november kan vara hotade.
theguardian

I Colorado slogs 2000 datorer ut i fjol. Även viruset Samsam använder Eternal Blue.

declare a statewide emergency on March 1, ten days after the initial infection was detected, allowed officials to bring in resources from the National Guard and other states,
...
brought in more support from the National Guard, FBI and Department of Homeland Security

Den tidigare katastrofplanen sade att vid katastrofer skall man ta ned sig sin dator och koppla upp via annan myndighet…
statescoop.com

Symantec beskriver det tekniska.
symantec.com

De flesta funktioner verkar fortfarande ligga nere efter mer än en månad. Kostnader förmodligen mer än de $18 m som anges i artikeln
gizmodo

NSA måste vara rejält pressade och försöker nog aktivera sina psy-ops. Ett Twitterkonto tog på sig skulden för attackerna men sade att de inte använt Eternal Blue utan istället Robbin’ Hood.

Skillnaden är att med RH så skulle cyberterroristerna vara tvungna att logga in på varje dator för att sprida koden. Men det låter mindre troligt med tanke på mängden drabbade datorer. EB sprider sig däremot själv i nätverket.

Jag tippar NSA psy-ops på detta sätt försöker lägga skuld på lokala nätverksansvariga. Kongressledamoten för området där NSA ligger ger NSA stöd. Men själva håller NSA tyst.

Självaste Pravda skriver att alla fyra konsultföretag som anlitats hittat Eternal Blue.
NYT

N.S.A. Denies Its Cyberweapon Was Used in Baltimore Attack, Congressman Says
The [New York] Times was told by people directly involved in the investigation in Baltimore that the N.S.A. tool, EternalBlue, was found in the city’s network by all four contractors hired to study the attack and restore computer services.

Fast de lär sig på NSA. Nu går de ut och tipsar om uppdateringar 😀
Jun 7, 2019,5:19 am
NSA Warns Microsoft Windows Users: Update Now Or Face 'Devastating Damage'

forbes
timeinc

New worm, NSA warns: Blue Keep

After 30-40 posts in a forum the trolls make the discussion completely lose focus. They conclude that NSA is a valuable organization since it “does more good than bad”. This naturally does not redeem the situation where a major intelligence service has lost its maybe most powerful cyber weapon so it fell into the hands of cyber terrorists.

Infecting w crypto miners
crypto currency mining

 

TRANSLATE THIS PAGE:

A few earlier posts:    (scroll down list)

2017 12 09 Earlier: Trump om Jerusalem – den verkliga orsaken till Trumps uttalande funnen

2017 12 12 Earlier: IOK saknar bevis – Internationella Olympiska Kommittén stänger av Ryssland utan bevis

2017 12 15 Earlier: Destabilisering genom invandring

2017 12 18 Earlier: Destabilisering genom feminism och HBTQ

2017 12 25 Earlier: Geopolitisk krigföring – Media/USA attackerar Europa med flyktingar. The enemy within. Weapons of Mass Migration

2018 03 01 Earlier: Tesla, Ubuntu/Linux – self destructive moles & Google, Facebook – political control mechanisms

2018 03 10 Earlier: The terrorists’ objectives

2018 04 02 Earlier: UN obstructs murder investigation – UN supports an illegal regime. The true reason why Catalán and Sharp were killed.

2018 04 22 Earlier: The Iraq war 2003 was built on fake evidence. / So far, no accusations of chemical warfare have been proven true. / Also the war on IS was built on fake evidence.

2018 04 25 Earlier: Why only few air crash investigations are accurate. – Passengers lives are at an unnecessary risk.

2018 04 27 Earlier: The Cold War and other anti-Russian activities. The image of conflict; The useful enemy

2018 05 01 Earlier: Journalist wounded by IS ?

2018 05 10 Earlier: Who owns the news media

2018 05 22 Earlier: False flag awards

2018 05 30 Earlier: Fake news

2018 08 30 Earlier: Soros’ funds used to influence Swedish politics

2018 09 05 Earlier: Control of the Internet, Google, troll farms

2018 09 06 Earlier: Quotes

2018 09 07 Earlier: Feeding frenzy, the media monopoly disposes of politicians that do not follow the agenda

2018 09 08 Earlier: The media monopoly sells outdated technology to the Swedish gov’t @ SEK 10 bn.

2018 09 09 Earlier: All parties unite to refuse party SD posts as chairman according to election results.

2018 09 10 Earlier: News media gives birth to a political party – Ny Demokrati

2019 02 01 Earlier: Bilderberg calling the shots: Center party is hi-jacked and Liberal party is ordered to self-exterminate.

2019 02 01 Earlier: Elections 2018: Globalist parties pretended to have different opinions. Collaborate to favor large corporations at the expense of workers.

2019 04 14 Earlier: Wikileaks, Julian Assange and Ola Bini are likely American agents.

2019 08 09 Earlier: Greta Thunberg -The Green Mini Dictator


Table of Contents (in English)

Summary

[keywords:
Massmedia och demokratin
News media and the democracy]

Nästa:

03.1.002.002 (01) Militarisering: NATO, svenskt medlemskap i organisationen

20.04 Innehållsförteckning


 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.