03.1.002.001 002 cyber attacks

The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016.[1][2] They published several leaks containing hacking tools from the National Security Agency (NSA)[3],
Wikipedia

NSA once more loses control over cyber weapons and disregards reporting Windows exploits
May 2019
Baltimore ransomware attack: NSA faces questions
BBC

Chinese spies acquired NSA tools, used them to attack US allies: report
Researchers with Symantec believe the Chinese government captured the code from an NSA attack on their own systems rather than stealing it,
The Hill
How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks
NYT
This article is a decoy. It is published exactly when the Baltimore cyber attack starts but only writes in general about cyber attacks.
Mar 2017
Assange: CIA had lost control of its cyberweapon documents
PCWorld

May 2017
Wannacry ransomware attack
Massiv hackerattack i Europa. Storbritannien stänger sjukhus. Flashback
wwr

May 2016
Shadowbrokers sell NSA tools

List of cyber attacks: Wikipedia

US cities are being held hostage with stolen NSA tools
NSA’s EternalBlue exploit is being used for extortion
techspot.com


NSA tappar bort cybervapnen igen, Baltimore city gov’t lamslagen

NSA:s cybervapen har åter använts mot civila mål.

Thousands of Baltimore’s city government computers were frozen on 7 May after their files became digitally scrambled.

Baltimore ransomware attack: NSA faces questions
BBC
NYT

En tidigare tråd handlade om när europeiska sjukhus 2017 lamslogs med NSA:s borttappade cybervapen. Wannacry hette koden då.
Flashback

The Shadow Brokers
The Shadow Brokers

How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks
New York Times
Kineserna misstänks ha erhållit koden under en amerikansk attack och sedan gjort om koden till ett eget vapen.

the Chinese simply seem to have spotted an American cyberintrusion and snatched the code, often developed at huge expense to American taxpayers.


Det är tydligen besvärligare är man tidigare medgivit. Betydligt fler platser än Baltimore är drabbade.

May 25, 2019
For nearly three weeks, Baltimore has struggled with a cyberattack …
Today, Baltimore remains handicapped as city officials refuse to pay, though workarounds have restored some services

The tools stolen by Shadow Brokers have already been used to attack millions of computers with ransomware demanding payments in digital currency in order to have access restored. The attacks have targeted FedEx, Mondelez International, and hospitals in Pennsylvania, Britain and Indonesia, among other thousands of other targets

The assault cost FedEx more than $400 million and Merck, the pharmaceutical giant, $670 million.

cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.

have used EternalBlue to spread malware that has paralyzed hospitals, airports, rail and shipping operators, A.T.M.s and factories that produce critical vaccines.

Microsoft, which tracks the use of EternalBlue, would not name the cities and towns affected, citing customer privacy. But other experts briefed on the attacks in Baltimore, Allentown and San Antonio confirmed the hackers used EternalBlue. Security responders said they were seeing EternalBlue pop up in attacks almost every day.

Det är ungefär som när “ryssarna gasade” Skripals som nästan bodde granne med UK kemvapencentrat Porton Down: NSA HQ ligger ett par mil från Baltimore. Frågan är om koden verkligen har varit i Kina och vänt tillbaka till nästan samma plats 😀 Det är samma exploit som användes 2017, EternalBlue. Den kommer tydligen från Shadow Brokers som man inte säger sig ha kunnat identifiera ännu! Jag håller med om denna möjlighet:

Oh-be-wan|67701396:
Kanske ett test för att se om det verkligen fungerar. Experiment så att säga. Så skyller man på kineser och kriminella.

Koden tar sig in via port 445 som används för “Server Message Block” (CIFS ingår i SMB) som Microsoft Windows använder för att dela filer och skrivare. Det finns en patch som säkrar datorn men många har inte använt den.

EternalBlue was so valuable, former N.S.A. employees said, that the agency never seriously considered alerting Microsoft about the vulnerabilities, and held on to it for more than five years before the breach forced its hand.

NYT
welivesecurity.com
jpost.com


City hall i Baltimore är fortfarande svårt drabbat tre veckor efter det att attacken startade. Man vägrar betala lösensumman i bitcoin, motsvarande $100.000. Man kallar in experter från olika håll. – Man kan ju börja med att fråga de som konstruerade “viruset” på NSA HQ som ligger någon mil nedför vägen till Washington 😀

Tusentals datorer på olika orter anges drabbade. Av storstäder nämns även Atlanta och San Antonio.

Flera tror att koden fått fäste i systemet genom att någon aktiverat phishing email.
Förutom Eternal Blue (screen) nämns en annan kod som kallas Robin Hood som dock inte verkar ha egenskapen att själv kunna spridas inom nätverket.

Om deras diskar blivit krypterade och deras säkerhetskopior ligger i samma nätverk då kan det kanske vara kört? Då får man ev betala lösensumman. “Den som gräver en grop åt andra …”

Vem som är ansvarig diskuteras. NSA hemlighöll ju “exploiten” under 5 år, men det har funnits en patch (MS17-010) tillgänglig i två år.
phys.org

baltimoresun.com
[ Greenville N.C. Robin Hood Robbin Hood ]
The information that Eternal Blue needs unfettered access for spread is maybe false?

Ingen lösning ännu, efter en månad. Varje gång man läser dyker nya drabbade städer upp.

Baltimore this month joined Atlanta, San Diego and Newark ... Los Angeles
We won’t talk more, all we know is MONEY! Hurry up

Baltimore leaders have estimated that the attack could cost at least $18.2m


Lokala valen i november kan vara hotade.
theguardian

I Colorado slogs 2000 datorer ut i fjol. Även viruset Samsam använder Eternal Blue.

declare a statewide emergency on March 1, ten days after the initial infection was detected, allowed officials to bring in resources from the National Guard and other states,
...
brought in more support from the National Guard, FBI and Department of Homeland Security

Den tidigare katastrofplanen sade att vid katastrofer skall man ta ned sig sin dator och koppla upp via annan myndighet…
statescoop.com

Symantec beskriver det tekniska.
symantec.com

De flesta funktioner verkar fortfarande ligga nere efter mer än en månad. Kostnader förmodligen mer än de $18 m som anges i artikeln
gizmodo

NSA måste vara rejält pressade och försöker nog aktivera sina psy-ops. Ett Twitterkonto tog på sig skulden för attackerna men sade att de inte använt Eternal Blue utan istället Robbin’ Hood.

Skillnaden är att med RH så skulle cyberterroristerna vara tvungna att logga in på varje dator för att sprida koden. Men det låter mindre troligt med tanke på mängden drabbade datorer. EB sprider sig däremot själv i nätverket.

Jag tippar NSA psy-ops på detta sätt försöker lägga skuld på lokala nätverksansvariga. Kongressledamoten för området där NSA ligger ger NSA stöd. Men själva håller NSA tyst.

Självaste Pravda skriver att alla fyra konsultföretag som anlitats hittat Eternal Blue.
NYT

N.S.A. Denies Its Cyberweapon Was Used in Baltimore Attack, Congressman Says
The [New York] Times was told by people directly involved in the investigation in Baltimore that the N.S.A. tool, EternalBlue, was found in the city’s network by all four contractors hired to study the attack and restore computer services.

Fast de lär sig på NSA. Nu går de ut och tipsar om uppdateringar 😀
Jun 7, 2019,5:19 am
NSA Warns Microsoft Windows Users: Update Now Or Face 'Devastating Damage'

forbes
timeinc

New worm, NSA warns: Blue Keep

After 30-40 posts in a forum the trolls make the discussion completely lose focus. They conclude that NSA is a valuable organization since it “does more good than bad”. This naturally does not redeem the situation where a major intelligence service has lost its maybe most powerful cyber weapon so it fell into the hands of cyber terrorists.

Infecting w crypto miners
crypto currency mining

Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found
wp

 

TRANSLATE THIS PAGE:

A few earlier posts:    (scroll down list)

2017 12 09 Earlier: Trump om Jerusalem – den verkliga orsaken till Trumps uttalande funnen

2017 12 12 Earlier: IOK saknar bevis – Internationella Olympiska Kommittén stänger av Ryssland utan bevis

2017 12 15 Earlier: Destabilisering genom invandring

2017 12 18 Earlier: Destabilisering genom feminism och HBTQ

2017 12 25 Earlier: Geopolitisk krigföring – Media/USA attackerar Europa med flyktingar. The enemy within. Weapons of Mass Migration

2018 03 01 Earlier: Tesla, Ubuntu/Linux – self destructive moles & Google, Facebook – political control mechanisms

2018 03 10 Earlier: The terrorists’ objectives

2018 04 02 Earlier: UN obstructs murder investigation – UN supports an illegal regime. The true reason why Catalán and Sharp were killed.

2018 04 10 Earlier: Bjärred-case. Politically correct psychiatry exterminates a whole family?

2018 04 22 Earlier: The Iraq war 2003 was built on fake evidence. / So far, no accusations of chemical warfare have been proven true. / Also the war on IS was built on fake evidence.

2018 04 25 Earlier: Why only few air crash investigations are accurate. – Passengers lives are at an unnecessary risk.

2018 04 27 Earlier: The Cold War and other anti-Russian activities. The image of conflict; The useful enemy

2018 05 01 Earlier: Journalist wounded by IS ?

2018 05 10 Earlier: Who owns the news media

2018 05 22 Earlier: False flag awards

2018 05 30 Earlier: Fake news

2018 08 30 Earlier: Soros’ funds used to influence Swedish politics

2018 09 05 Earlier: Control of the Internet, Google, troll farms

2018 09 06 Earlier: Quotes

2018 09 07 Earlier: Feeding frenzy, the media monopoly disposes of politicians that do not follow the agenda

2018 09 08 Earlier: The media monopoly sells outdated technology to the Swedish gov’t @ SEK 10 bn.

2018 09 09 Earlier: All parties unite to refuse party SD posts as chairman according to election results.

2018 09 10 Earlier: News media gives birth to a political party – Ny Demokrati

2019 02 01 Earlier: Bilderberg calling the shots: Center party is hi-jacked and Liberal party is ordered to self-exterminate.

2019 02 01 Earlier: Elections 2018: Globalist parties pretended to have different opinions. Collaborate to favor large corporations at the expense of workers.

2019 04 12 Earlier: Ola Bini, Arjen Kamphuis connection

2019 04 14 Earlier: Wikileaks, Julian Assange and Ola Bini are likely American agents.

2019 08 10 Earlier: Edward Snowden – US operative

2019 10 10 Earlier: Greta Thunberg‘s true, dark motives

2019 11 26 Earlier: Arjen Kamphuis‘ disappearance

2019 12 01 Earlier: Are the Iranian ayatollahs CIA-agents?

2019 12 08 Earlier: Obama tries to break US self confidence by cutting the space program.

2019 12 10 Earlier: Elon Musk, SpaceX Starlink network is fake. Starlink is mass surveillance.

2019 12 14 Earlier: Elon Musk is intentionally a poor role model, to destroy youth values.

2019 12 19 Earlier: Neil Farage: Parties like SverigeDemokraterna (SD) become corrupt in the European Union.

2020 01 20 Earlier: The European Union threatens w/ bank blockade to make United Kingdom to follow EU rules.

2020 01 22 Earlier: The scare factor

2020 01 25 Earlier: Climate gender conflicts

2020 01 26 Earlier: Are Starlink spy satellites?

2020 01 27 Earlier: Is Mars rover “Curiosity” fake??

2020 02 29 Earlier: Assange extradition trial

2020 03 08 Earlier: US liberal chaos is only for export.

2020 03 12 Earlier: US elections 2020 are rigged.

2020 03 25 Earlier: Corona & climate – full panic but no real action taken.

2020 04 06 Earlier: The government/press/elite are less likely to use espionage against other states, but would rather use it against their own people.

2020 04 12 Earlier: fake rebels

2020 04 30 Earlier: Brexit, current status

2020 05 02 Earlier: Elon Musk plays the fool

2020 05 06 Earlier: Fairy tales newspapers compose

2020 05 02 Earlier: Norwegian police never tries to find the missing person

2020 05 22 Earlier: Blackmail the European Union

2020 05 27 Earlier: Send Greta to the European Union to stop Corona recovery. We in Northern Europe are paying for it.

2020 06 10 Earlier: Why SpaceX recovers boosters.

2020 06 11 Earlier: Why the UK can not get a deal with the EU.

2020 06 12 Earlier: Why the media hate Latin America

2020 06 16 Earlier: The Brexit dilemma (1)

2020 06 18 Earlier: Black Lives Matter/All Lives Matter [BLM]

2020 06 20 Earlier: Swedish PM splits Nordic unity for no reason. – He must be under globalist control.

2020 07 05 Earlier: Cross-country skiing champion Marit Bjorgen – a product of the globalist agenda


Table of Contents (in English)

Summary

[keywords:
Massmedia och demokratin
News media and the democracy]

Nästa:

03.1.002.002 (01) Militarisering: NATO, svenskt medlemskap i organisationen

20.04 Innehållsförteckning, ToC


 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.