ETERNALBLUE-Based Ransomware - Thanks NSA!

Zenman · May 12, 2017, 09:04:52 PM

The latest massive ransomware attack is apparently based on some leaked malware developed by the NSA, code-named Eternalblue. So I guess this can be a discussion about whether the NSA does more to reduce our security than it does to increase it.

https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/

You might want to first, tho, back up your porn and all the other important stuff on your computer before you get cyberextorted (if you haven't already). That's what I'm doing. BTW, thumb drives are the best thing since pepperoni pizza with mushrooms, onions and bell pepper. Not too heavy on the onions tho.

(Sandman) Logan-5 · May 12, 2017, 10:55:11 PM

Quote from: Zenman on May 12, 2017, 09:04:52 PM
The latest massive ransomware attack is apparently based on some leaked malware developed by the NSA, code-named Eternalblue. So I guess this can be a discussion about whether the NSA does more to reduce our security than it does to increase it.

https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/

You might want to first, tho, back up your porn and all the other important stuff on your computer before you get cyberextorted (if you haven't already). That's what I'm doing. BTW, thumb drives are the best thing since pepperoni pizza with mushrooms, onions and bell pepper. Not too heavy on the onions tho.

I could never understand why people don't back-up in the first place. For windows, 'Drive image XML' and Re-Do are excellent freeware programs and simple to use.
MajorGeeks backup software page: http://www.majorgeeks.com/mg/sortname/back_up.html

GravitySucks · May 12, 2017, 10:57:29 PM

Quote from: (Sandman) Logan-5 on May 12, 2017, 10:55:11 PM
I could never understand why people don't back-up in the first place. For windows, 'Drive image XML' and Re-Do are excellent freeware programs and simple to use.
MajorGeeks backup software page: http://www.majorgeeks.com/mg/sortname/back_up.html

From the Book of Hesitations...

"Blessed be the pessimists, for they hath made backups. "

(Sandman) Logan-5 · May 12, 2017, 10:58:50 PM

What's really scary about that NSA toolkit, is there was BIOS malware in there too. So even if you reinstall everything, the malware remains.

(Sandman) Logan-5 · May 12, 2017, 11:00:43 PM

Quote from: GravitySucks on May 12, 2017, 10:57:29 PM
From the Book of Hesitations...

"Blessed be the pessimists, for they hath made backups. "

LOL - where have I seen that before.

If you are on Linux or BSD, just run a cron job once a week. Set it and forget it.

GravitySucks · May 12, 2017, 11:05:44 PM

Stupid local news announcer just blamed the hack on "spinal stimulation tools stolen from NASA. "

Have no frikking clue what she was reading.

(Sandman) Logan-5 · May 12, 2017, 11:15:29 PM

Quote from: GravitySucks on May 12, 2017, 11:05:44 PM
Stupid local news announcer just blamed the hack on "spinal stimulation tools stolen from NASA. "

Have no frikking clue what she was reading.

OMG - Bwaaa ha ha ha ha

Zenman · May 12, 2017, 11:43:05 PM

Quote from: (Sandman) Logan-5 on May 12, 2017, 10:58:50 PM
What's really scary about that NSA toolkit, is there was BIOS malware in there too. So even if you reinstall everything, the malware remains.

Oh man, would that be messed up or what to do a complete reinstall just to have the malware hiding in the BIOS waiting for you to get done? From what I understand tho, installation of that type of malware requires physical access to the computer, or at least someone executing a file from a USB drive or something along those lines. I sure hope that's the case anyway.

GravitySucks · May 12, 2017, 11:49:53 PM

Quote from: Zenman on May 12, 2017, 11:43:05 PM
Oh man, would that be messed up or what to do a complete reinstall just to have the malware hiding in the BIOS waiting for you to get done? From what I understand tho, installation of that type of malware requires physical access to the computer, or at least someone executing a file from a USB drive or something along those lines. I sure hope that's true anyway.

Not true. BIOS can be hacked.

I tried to fix a friend's laptop whose bios was hacked over the internet. A fresh install won't work because the OS doesn't rewrite the BIOS. You generally have to disconnect the clock battery and reflash the BIOS.

I gave up after watching youtube videos on how to disassemble that particular laptop and taking it all apart, only to find out that the battery on that machine was soldered to the motherboard.

Zenman · May 13, 2017, 12:06:17 AM

Quote from: GravitySucks on May 12, 2017, 11:49:53 PM
Not true. BIOS can be hacked.

I tried to fix a friend's laptop whose bios was hacked over the internet. A fresh install won't work because the OS doesn't rewrite the BIOS. You generally have to disconnect the clock battery and reflash the BIOS.

I gave up after watching youtube videos on how to disassemble that particular laptop and taking it all apart, only to find out that the battery on that machine was soldered to the motherboard.

That sucks. Good to know there's a fix tho. Good to know about the stolen NASA spinal simulation tools too, lol.

GravitySucks · May 13, 2017, 12:12:21 AM

Quote from: Zenman on May 13, 2017, 12:06:17 AM
That sucks. Good to know there's a fix tho. Good to know about the stolen NASA spinal simulation tools too, lol.

Being in Houston I can understand her confusing NASA and NSA and maybe spinal stimulation was supposed to be cyber intrusion, but I really have no clue (as she didn't either). Allow I did find some research by NASA on muscle stimulators. Maybe one was infected and someone from the NHS stole it.

WOTR · May 13, 2017, 12:40:45 AM

In a "lawsuit happy" society, why has nobody sued the NSA yet? Certainly there would be a lawyer looking at a class action lawsuit for the damage that has been caused by not only developing the software, but allowing it to "escape" to hackers?

GravitySucks · May 13, 2017, 01:01:46 AM

Quote from: WOTR on May 13, 2017, 12:40:45 AM
In a "lawsuit happy" society, why has nobody sued the NSA yet? Certainly there would be a lawyer looking at a class action lawsuit for the damage that has been caused by not only developing the software, but allowing it to "escape" to hackers?

I was wondering the same. And M$ for creating the vulnerability and Wikileaks for distributing it.

The US government has long exploited vulnerabilities without disclosure to the vendors that they exist.

(Sandman) Logan-5 · May 13, 2017, 06:46:05 AM

There is a common misconception being spawned here that's not true. Wikileaks didn't disperse the toolkit. I'm pretty sure 'Shadow Brokers' (Based out of Russia - so the rumors say,) put it up for bid and then released it on the Deep-Net.

Found it... https://www.darknet.org.uk/2017/04/shadow-brokers-release-dangerous-nsa-hacking-tools/

This too: http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html#js-article-comments-box-pager

Now for the real eye opener to go with your morning coffee or tea...
(Oh yeah, pay attention to the dates of the following articles.

)

https://arstechnica.com/security/2014/06/what-the-nsa-or-anyone-can-learn-about-you-from-internet-traffic/ <-- This one's important.

https://arstechnica.com/information-technology/2013/12/inside-the-nsas-leaked-catalog-of-surveillance-magic/

Note IRONCHEF, DIETYBOUNCE, & SWAP. OpenBSD still looks to be un-breached though... maybe.

http://www.nsaplayset.org/openproblems
(Everything is compromised.)

" Intel remote management with support for using the wireless card is something that got me quite terrified when I first tried on my T420. Basically, no recent intel laptop can ever be secured, unless you physically remove the wireless and wired network card. "
https://news.ycombinator.com/item?id=11880935

Are you guys starting to get a picture about what you're up against here ?
We've been sold a bill of goods so every aspect of our lives can be pried into.

A good start at mitigation:
Open BIOS, Containerized Operating System, and lots of planning. Reflash your router too. ( https://en.wikipedia.org/wiki/List_of_router_firmware_projects ) A simple password reset just doesn't cut the mustard.

(Sandman) Logan-5 · May 13, 2017, 07:50:00 AM

We Now Return to Our Regularly Scheduled Programming - http://deeperthandrudge.com/

Zenman · May 13, 2017, 07:21:33 PM

Quote from: (Sandman) Logan-5 on May 13, 2017, 06:46:05 AM
There is a common misconception being spawned here that's not true. Wikileaks didn't disperse the toolkit. I'm pretty sure 'Shadow Brokers' (Based out of Russia - so the rumors say,) put it up for bid and then released it on the Deep-Net.

Karma maybe, since Russia seems to be the one that received the brunt of this most recent mass attack. Yeah, 1984 is here, only worse. Everyone is a person of interest, and even the appliances are watching. Some good links there, Sandman. I will be reading up and learning how to flash my bios and such.

Zenman · May 13, 2017, 07:24:53 PM

Quote from: (Sandman) Logan-5 on May 13, 2017, 07:50:00 AM
We Now Return to Our Regularly Scheduled Programming - http://deeperthandrudge.com/

They did warn us. Hope they're at least off a bit on the NKorean thing tho.