Wikileaks recently "shared" many of CIAs and NSAs cyberweapons. It is time to close them down and classify this as a terrorist organization.
23
False Flag attack designed to begin the censoring of the world wide web for security purposes. Brilliant move Satan.
5
Your headline says "leaked," but I believe this is incorrect. "Stolen" is what is in the story.
11
"Security experts described the attacks as the digital equivalent of a perfect storm. They began with a simple phishing email, similar to the one Russian hackers used in the attacks on the Democratic National Committee and other targets last year."-- The "Russian hackers" were tied to the Russian government and Putin on the basis of the assumption that the over all hacking was so sophisticated that only a government could have had the resources to carry it off. Although "alleged " has been dropped by the press when Putin's government is still accused of hacking the DNC and our election, this new story shows the assumption that only a government could have been behind such sophisticated hacking is false. Let us hope that at least "alleged" will again be deployed in all reports the alleged attempts by Putin, in collusion with WikiLeaks) tried to sabotage HRC's campaign (as her campaign tried to sabotage Sanders'.)
4
Or, if nothing forces you to remain tied to MS Windows (or Office) and you're not already in the Apple camp, you could just run some flavor of Linux (and LibreOffice). Mint is a good option for "regular humans." No, it's (they're) not impenetrable, but Linux is generally immune to malware that targets Windoze - like the current mess that you just read about. Added bonus: the OS (and office suite) are free.
Seriously, if you don't want to mess with the current computer you're using (though re-partitioning and dual-booting is not impossible to set up if you're the least bit of a nerd), grab that not-too-old machine you have sitting around gathering dust (Linux is far less resource hungry than Windoze), download a copy, install, enjoy, feel safe, smug and superior.
Seriously, if you don't want to mess with the current computer you're using (though re-partitioning and dual-booting is not impossible to set up if you're the least bit of a nerd), grab that not-too-old machine you have sitting around gathering dust (Linux is far less resource hungry than Windoze), download a copy, install, enjoy, feel safe, smug and superior.
9
this is the apple spreading the seed, no system can be made that can not be broken, thus question is to choose less universal methods- paper, that will be loci centered. true less data will be available, but less harm on large scale.
a hammer can build a house or be a weapon.
a hammer can build a house or be a weapon.
5
Maybe, just maybe they are telling us that we shouldn't be so dependent on the digital world. Maybe have some analog mixed in to protect us from things like this.
7
All the while, Apple and Microsoft keep rolling in money. When will anyone recognize that the architecture of current computing hardware and software is the problem. If technology is so wonderful and necessary to current life personal, commercial and national defense, why is it so open to things like this? Today's support of technology is inadequate and until a new Steve Jobs steps forward to offer a computing environment that will be totally immune to what we are facing on a day to day basis, our societies will likely to be held up for ransom only mediated by the greed of the hackers. I guess people only care about the flashiness of the latest technology but not its threat to their lives. So sad!
6
The comments fall into two groups:
1) Problem-solving analytical ones (backups mitigate this issue) and
2) Emotional ones (kill the perpetrators).
Sadly, many if not most of the responses seem to fall in the second category.
This seems to me to reflect an underlying failure of many people to use their analytic reasoning powers when confronted with problems.
Such habits lead to thoughtless, irresponsible voting such as seen seen in the U.S. with poor governance as an outcome.
In the case of ransom ware, the tools are readily available and (I am told) relatively easy to use, and the potential monetary returns large. So, killing a few "crackers" will not solve anything. They will just be replaced by others seeking income.
Reducing the vulnerability to ransonware - notably by using adequate backups for material you care about - is an effective response.
If we (re)learn to use data/facts, reflection and logic in dealing with issues in general, we would do far better individually and collectively than we currently are.
1) Problem-solving analytical ones (backups mitigate this issue) and
2) Emotional ones (kill the perpetrators).
Sadly, many if not most of the responses seem to fall in the second category.
This seems to me to reflect an underlying failure of many people to use their analytic reasoning powers when confronted with problems.
Such habits lead to thoughtless, irresponsible voting such as seen seen in the U.S. with poor governance as an outcome.
In the case of ransom ware, the tools are readily available and (I am told) relatively easy to use, and the potential monetary returns large. So, killing a few "crackers" will not solve anything. They will just be replaced by others seeking income.
Reducing the vulnerability to ransonware - notably by using adequate backups for material you care about - is an effective response.
If we (re)learn to use data/facts, reflection and logic in dealing with issues in general, we would do far better individually and collectively than we currently are.
6
This is the logical consequence of Modern Education, and then in consequence adults handing over the world to the young. Now the world is built on children’s tools. No way out but stepping back on all these absurdities.
1
MICROSOFT's operating system has always been inherently unstable and insecure - it was invented that way and must remain so in order to remain backwards compatible with itself. The rest of the world has moved on to use UNIX based systems, but Microsoft remains the proprietary dinosaur. If you run Microsoft products, you are asking for trouble.
8
Not that I am aware of, but the irony is that one never knows.
Just outlaw bitcoin. Anonymous, transnational currency? it should be illegal. You can't even withdraw or deposit 10,000 dollars without the bank notifying the government.
1
There should be an investigation into Mark Zuckerberg's association with the Russian government, which may be behind this cyberattack.
1
is there some reason why this article is so opaque about the specific details of the e-mail? For example: what was the text? Did you need to open an attachment or just open the e-mail itself to be vulnerable? How was the sender identified? Hundreds of millions of us aren't geeks; such info would maybe be useful information to us, even if this particular horse is out of the barn. very very frustrating read.
9
Call me a dinosaur, but I sometimes long for the days when systems were operated manually as opposed to computer dependent software systems. Any glitches were the result of human error, and could easily be fixed using the hands-on approach. We may be forced to rely on those old systems at some point, otherwise, the world could come to a standstill. Backup in those days (before computers and cyber-space) consisted of hard-copies of operating manuals, and other systems data files, maintained and updated regularly by office personnel, a practice non-existent today. If people can't push the power button on computers and get instant gratification, they wouldn't want or even know how to deal with it.
7
NYT - Still sticking with the Russian hacking meme... even when the hack was designed by NSA.
8
Thanks NSA!
3
And just yesterday our White House announced its plans to put all government systems on the cloud. For safety... (translation being big $$ contract award to some cronie)
Enjoy it taxpayers, you paid for it!
3
Stock up your larders.
4
"Stolen" from the NSA?
5
Why hasn't the Times blamed Russia yet? hip hip hooray another reason to go to war with that country!
1
Difference between REASON and TREASON
Add a T for TRUMP
Add a T for TRUMP
1
Russian hackers attacked DNC. Russian involvement in the theft of the N.S.A. tools.
Russia! Russia!
Russia! Russia!
Sadly a rather poorly written article in terms of helping people with their security:
1. "They began with a simple phishing email" – tell your readers how this works so they can protect themselves, i.e. You are asked to click on a link or download a document which takes you to a login screen where they ask you to enter your details.
2. "Security experts advised companies to immediately update their systems with the Microsoft patch." – what version of software is affected? Windows XP, Windows 7, Windows 8, Windows 10? What is the patch? How do your readers get it? How do they check if they have it already?
Sad that such basic information was missing from otherwise good reporting.
1. "They began with a simple phishing email" – tell your readers how this works so they can protect themselves, i.e. You are asked to click on a link or download a document which takes you to a login screen where they ask you to enter your details.
2. "Security experts advised companies to immediately update their systems with the Microsoft patch." – what version of software is affected? Windows XP, Windows 7, Windows 8, Windows 10? What is the patch? How do your readers get it? How do they check if they have it already?
Sad that such basic information was missing from otherwise good reporting.
19
Snowed this came from Snowdens laptops.
2
timing and pattern seems that it aimed to divert media attentions away from Russia investigation and stunned firing of J. Comey.
4
Not so long since the UK government begged Microsoft to keep on updating XP!!!
Bring back the IBM 610!
3
What does this say about the National "Security" Agency?
5
Follow the money.
2
hmm.... It really wouldn't surprise me anymore if there is no real systems administrator anywhere at NHS -- because "they cost too much" -- and the so-called person responsible for managing the systems is some troglodyte who barely knows how to point and click, and whose level of programming skills amounts to using an excel spread sheet.
3
This attack has successfully diverted the media away from the Trump-Russia investigation.
7
Behold the new face of international terrorism.
5
First rule of all IT: do not put all your chickens into one basket. Backup, backup, backup and have a local standalone redundancy.
Second rule of IT: do not ever trust any critical system to a Microsoft Windows operating system. There are far more secure, stable and reliable systems. Secure and Windows should never be in the same sentence except when showing how not to be secure.
Third: the great push to the cloud and thin clients as opposed to local storage exposes users to greater threats and loss of service.
I work in Medical Imaging (Radiology) and have for over 30 years. All of our work is all digital and we have been securely transmitting sensitive patient data to remote sites since before the public internet. Some of us have been using computers big and small since before GUI - graphical user interfaces- were common and well before IT was an established field.
There are hardened UNIX systems that are far less vulnerable to this kind of thing and anybody who cannot handle UNIX should not be credentialed in IT or taken seriously. Anyone using Windows for critical systems is living in a fool's paradise.
Second rule of IT: do not ever trust any critical system to a Microsoft Windows operating system. There are far more secure, stable and reliable systems. Secure and Windows should never be in the same sentence except when showing how not to be secure.
Third: the great push to the cloud and thin clients as opposed to local storage exposes users to greater threats and loss of service.
I work in Medical Imaging (Radiology) and have for over 30 years. All of our work is all digital and we have been securely transmitting sensitive patient data to remote sites since before the public internet. Some of us have been using computers big and small since before GUI - graphical user interfaces- were common and well before IT was an established field.
There are hardened UNIX systems that are far less vulnerable to this kind of thing and anybody who cannot handle UNIX should not be credentialed in IT or taken seriously. Anyone using Windows for critical systems is living in a fool's paradise.
17
A big source of the problem is that folks continue to rely on Microsoft operating systems rather than turn to open source such as Linux, which is more reliable, less bloated, far less vulnerable to attack and much cheaper.
When Microsoft ruled the world, people bought expensive software solutions that supported such services such as medical records and testing. Having made that investment they became wedded to the Microsoft operating system despite all its liabilities. One reason people don't update their Windows software is the cost of doing so. Some governments have turned to Linux as an alternative to Microsoft because of its greater security.
The last I checked, U.S. submarines use an open source server (I suppose BSD or Linux), but Windows for use by the crew. I wonder if the computer systems that actually run the subs are Linux or Microsoft. If the latter, I think that should be of real concern. Imagine if the computer system of a missile sub were hacked.
When Microsoft ruled the world, people bought expensive software solutions that supported such services such as medical records and testing. Having made that investment they became wedded to the Microsoft operating system despite all its liabilities. One reason people don't update their Windows software is the cost of doing so. Some governments have turned to Linux as an alternative to Microsoft because of its greater security.
The last I checked, U.S. submarines use an open source server (I suppose BSD or Linux), but Windows for use by the crew. I wonder if the computer systems that actually run the subs are Linux or Microsoft. If the latter, I think that should be of real concern. Imagine if the computer system of a missile sub were hacked.
4
Britain was running Windows XP. That's outrageous that they were running something so out of date. They're computer systems are as important as their life support machines as they found out today. Maybe in future they will spend a little more effort it maintaining the computers as they do the medical equipment.
4
By now, if warnings to businesses occurred and the business did not protect themselves, shame on then. We are all aware, or should be if we use them, that a device connected to the Internet is like having a big party at the Met with no guards at the doors. These costs will be paid by the consumers, not the shareholders. Laws should be put in place to treat the open net like a dangerous weapon because it is.
3
President Trump is said to propose a trillion dollar plan to repair infrastructure. Very old-fashioned if he does not include the digital highway and make roads friendly to driver-less cars.
In Ecuador, the database was not available for clients to pay monthly premiums for healthcare, which is then cancelled if the premium is not paid.
Essentially, it seems taxpayers are funding research into cyber-weapons which can be turned on itself, or corporations or civil society. Who should they thank for this?
3
doesn't it occur to anyone that this event supports the view that Russia had nothing to do with hacking the DNC? After all, the two attacks used similar methods and the latter was carried out with a virus developed by the NSA.
Coming after the revelation that the NSA had developed a program that allowed it to attribute its hacking to other nations. This is from the Intercept, one of the most reliable sources of information on world affairs
Coming after the revelation that the NSA had developed a program that allowed it to attribute its hacking to other nations. This is from the Intercept, one of the most reliable sources of information on world affairs
".. forcing Britain’s public health system to send patients away"
Those patients and those "dozens of countries worldwide"need to sue the NSA for triple damage caused by criminal negligence the International Court of Justice in not safe guarding weapons of mass disruption.
Unless they do, the NSA will continue to be unaccountable .
Those patients and those "dozens of countries worldwide"need to sue the NSA for triple damage caused by criminal negligence the International Court of Justice in not safe guarding weapons of mass disruption.
Unless they do, the NSA will continue to be unaccountable .
1
I am astonished and appalled that the NSA, our most secret intelligence agency, appears to be as leaky as a sieve. It is reasonable to expect that the NSA undertook a major internal security overhaul after Snowden, but obviously not.
4
What is confusing about this is that the most basic facts concerning this ransomware are being reported differently by different news organizations. On NPR, yesterday, it was reported that one did not even need to open an email in order for the virus to infiltrate one's system. It was specifically stated that one didn't even need to be at one's computer. The computer merely had to be on and that was a sufficient opening for this malware. If that is the case, it is very difficult to understand what steps anyone could possible take to protect one's system.
6
This a wake up call to have a paper trail backup of all the records that are online and on computer desk tops in addition to cyber security to avoid a global catastrophy. On BBC news, I heard that a man who had to get an elective open heart surgery in Britain had to be sent away because his medical records were missing and his blood group information was unavailable which made it difficult to arrange for donor blood to be available in case the man bleeds excessively during his surgery. This is just a single example of the catastrophic consequences of the brutal hacking. Hacker are now as bad as terrorists. It is comforting to know that Trump has signed an executive order to strengthen cyber security. It could be too little too late but a much needed beginning of an effort to end hacking and bring hackers to justice. Just like after 911, extreme paranoia set in and a whole new way of travel regulations and constraints evolved, one can expect similar situation but directed at hackers. The latest move to ban laptops on airplanes is going to cause a colossal damage to air travelers. Sometimes the solutions are as bad as the problem itself.
5
Companies are too cheap to upgrade software and those who are willing take too much time in doing so. But then again, they believe they canuse "free-ware" to save money.
The bigger problem is with the NSA itself. I doubt these tools were stolen. We have seen this before where NSA hacks an entity and the "tools" get borrowed, copied, or otherwise released into "the wild" for others to use. NSA will then cry that it is not their fault when "innocent" people get hacked. Of course allowing contractors to work at NSA is also very problematic because the information they have leaves with them.
If we shut down NSA as well as the Depth. of Homeland Security the world will be a much safer place.
The bigger problem is with the NSA itself. I doubt these tools were stolen. We have seen this before where NSA hacks an entity and the "tools" get borrowed, copied, or otherwise released into "the wild" for others to use. NSA will then cry that it is not their fault when "innocent" people get hacked. Of course allowing contractors to work at NSA is also very problematic because the information they have leaves with them.
If we shut down NSA as well as the Depth. of Homeland Security the world will be a much safer place.
1
LINUX requires more skills than MS products, and MS Office may have to be played with to run with LINUX. But LINUX is BETTER!
4
Well, it comes to this. Human ingenuity and genius has created the greatest communications tool we have ever seen; the 'Net. A veritable resurrection of the Library of Alexandria in its power, scope and influence. Human proclivity to greed, avarice and the concomitant mischief and mayhem is now going about destroying it. We always, always, always take a good thing and turn it bad. Same as it ever is in the world of human affairs.
John~
American Net'Zen
John~
American Net'Zen
3
Even cars are often online and can be hacked. Even thermostats. Microwave ovens, maybe not.
1
Irony of ironies. It is the American NSA that developed this stuff. And now it comes back to haunt them and all of us. God help us.
1
The governments keeping hacking tools is similar to storing stockpiles of the small pox virus. It will come back to destroy you along with everybody else.
3
Well l will look forward to the book/documentary when it finally appears.
How about taking the billions that Trump is talking about spending on a wall and applying it to something truly useful?
4
An the world and the stomach turns. NSA is hoisted on its own petard via the tools that it has used to capture important surveillance of your enemies, but more important our innocent citizens and businesses. This is without court warrant, under secrecy, and God only knows what they do with such data.
1
go tell trump & his crowd to fight the REAL TERRORISM !
its like fixing health care - not so easy... but doable. we just need to be open to learning how other countries do both. and well too.
its like fixing health care - not so easy... but doable. we just need to be open to learning how other countries do both. and well too.
So, our military has global reach. Why can't we get these guys?
I wonder how the media would be if that malware were "stolen" to Russia, it would be the first time they blame them with real evidence, (because it is very obvious US government created that tool to attack countries like Iran in the past), what I have learned is not to trust what officials or media says without solid evidence (which have lead to wars), and I doubt it was "stolen" when one of the main targets was Russia. This double standards of "I can hack you and spy you, but you can't do it" will only fuel hatred and more wars, remember that CIA was spying Europeans, and we don't know if US already lost trust of high officials internally.
1
Interesting how the story has developed a barely explored line about the "tools" used by the hackers belonging to the N.S.A. (and actually having been STOLEN from them, the US's main communications security agency!). This is really cause for worry, if you ask me.
But with all the hubbub and indignation concerning Russian(?), government sponsored(?) or directed(???) hackers "meddling" in the elections and this being an outrage, it is revealing to learn that the US Government has a [badly secured] toolbox that allows it to pry into other people's digital activities and, if yesterday's events are anything to go by, to interfere with them.
Also, as an aside, it leads one to wonder just how reliably all those very fancy and punishingly expensive weapon systems will work, if (when?) push comes to shove, relying on secure digital communications as they do ...
But with all the hubbub and indignation concerning Russian(?), government sponsored(?) or directed(???) hackers "meddling" in the elections and this being an outrage, it is revealing to learn that the US Government has a [badly secured] toolbox that allows it to pry into other people's digital activities and, if yesterday's events are anything to go by, to interfere with them.
Also, as an aside, it leads one to wonder just how reliably all those very fancy and punishingly expensive weapon systems will work, if (when?) push comes to shove, relying on secure digital communications as they do ...
1
This is what happens when you replace good IT workers with cheaper overseas labor. Just a matter of time before you are in front of senior management explaining why you messes up.
2
I know this is terrible but a small part of me was happy that Russia was hit. Sadly, not hard enough. And, if they were going to hit them, why couldn't they free some of Vlad's emails?
1
Proving that the first and weakest link is human error and that all systems contain the seeds of their own destruction.
2
It was under Obama that all the NSA and CIA leaks happened. Was he not the captain of the ship? Shouldn't we attribute some of this (most of it) to Obama?
3
I wouldn't be surprised if Russia is behind it, just to remind the world of it's vulnerability. The biggest blackmail is: lift sanctions or....
2
Maybe the NSA should stop developing such "tools" so that the rest of the world can't get a hold of them.
3
Looks like it created jobs and revenue. The hacking industry.
Simple solution: keep up to date on your updates. Good grief, the industry responds with great alacrity to these threats, why doesn't the public?
4
With your updates? This is NSA software. It will not be stopped by McAfee. That's like thinking you can defeat the US army with three guns you bought at Dicks.
2
According to the article, the ransomware was targeting systems using versions of windows no longer supported by Microsoft -- ie Windows XP.
Basically Microsoft's decision to stop supporting XP was a way to force everyone to shell out $$$ to buy windows 7/8/10. If you don't, you will be open to attacks like this.
Unfortunately, many public institutions just dont have the hundreds of thousands of dollars needed to buy new versions of Windows for all of their machines (which often will also require hardware upgrades as newer versions of Windows have higher speed requirements).
So clearly Microsoft shares part of the blame here too. It is simply unconscionable that they would sell an operating system that runs healthcare suystems and public utilities and be able to then turn around and say: nope too bad, pay us more or we will let you be hacked.
Ransom, indeed!
Basically Microsoft's decision to stop supporting XP was a way to force everyone to shell out $$$ to buy windows 7/8/10. If you don't, you will be open to attacks like this.
Unfortunately, many public institutions just dont have the hundreds of thousands of dollars needed to buy new versions of Windows for all of their machines (which often will also require hardware upgrades as newer versions of Windows have higher speed requirements).
So clearly Microsoft shares part of the blame here too. It is simply unconscionable that they would sell an operating system that runs healthcare suystems and public utilities and be able to then turn around and say: nope too bad, pay us more or we will let you be hacked.
Ransom, indeed!
The takeaway should be back up your data, frequently.
11
Chickens coming home to roost.
5
So who leaked these hacks that is the key question?
6
Is it too late to outlaw the use of crypto-currencies? Is bitcoin now an active enabler of criminal and anti-social activity?
Seems that anti money laundering laws can be too easily circumvented by unregulated currencies.
Seems that anti money laundering laws can be too easily circumvented by unregulated currencies.
9
Erie County Medical Center in Buffalo NY was turned into a developing world hospital by this last month. Our hospital prevents any kind of email access in response. No email at work. Period.
8
This is another form of terrorism by any description. The perps may have committed murder. This requires serious punishment in kind.
8
Trump complains that the State Department and USAID don't deliver value for money and wants to reduce their paltry budgets and put that cash into national security.
Because what the NSA really needs more of is money. 70 billion a year on cyber defense and the result is hundreds of billions of dollars in damage to our own systems.
Now that's what I call value for money.
Because what the NSA really needs more of is money. 70 billion a year on cyber defense and the result is hundreds of billions of dollars in damage to our own systems.
Now that's what I call value for money.
9
Weren't at least some of the affected systems protected by antimalware software? How did it let this through?
Given that, even the most expensive, commercial/domestic Malware software is so weak as to be virtually useless (a deliberate ploy one suspects), it is hardly surprising that it got through.
1
The US Government - in the name of saving money - has created serious security issues and made the USA less safe by using "outside contractors" instead of permanent federal workers, and consequently passing out top-security clearance to contractors like Snowden, and the fatal shooter at the NY Naval Yard etc. The creation of Homeland Security and the need for the single largest agency in Washington that hired thousands of very low-paid TSA workers to rummage through passenger baggage also created a backlog and a need to process a lot of top-clearance people .... like the ones 60 minutes tracked down and caught with stolen items from baggage. I certainly don't bother to buy or travel with gold or diamonds any more. These contractors that do all of this NSA work had set up a dark-web "sharing" site to help each other by sharing "tools" of their trade.... that got shared with outsiders. The fault lies with the US Government trying to save a buck by letting outside companies rake in a bunch of money for doing what should be done by REAL government workers.
13
Mary: Alger Hiss and Julius Rosenberg were government employees who were happy to give our secrets to the Soviets. The notion that using federal employees instead of contractors would somehow immunize us from this is rather naive.
1
We don't educate enough software engineers to fill the necessary jobs. We need to start there and quickly. That's why we have many green card visa holders. The holders of these visas may even have went to school here. Both are good things. But what does that tell us about our own interest in getting schools up to speed to create them homemade? Maybe that should become a security issue.
Mr Snowden had served in the US Army and had been an NSA employee before he was employed by contractors. While I agree that we should keep Government IT in house, we have to keep facts straight.
There is no scenario I can see in the current political environment where those functions will be returned to career Civil Service positions. The contractors have hard wired connections to Congressmen and Senators and grease palms with contributions and other considerations. Yes, your government is for sale and has been for some time- especially on contracting.
There is no scenario I can see in the current political environment where those functions will be returned to career Civil Service positions. The contractors have hard wired connections to Congressmen and Senators and grease palms with contributions and other considerations. Yes, your government is for sale and has been for some time- especially on contracting.
3
Isn't it absurd that we can put a man on the moon but we can't figure out who sent these emails or received the money?
10
Sure it can be done, with enough international cooperation (trail will go through many countries). But the infrastructure/capability/agreements to do this will also allow to trace any single individual money flow, by any government.
So the question is, do we want to live in this type of a world. Not clear yet if we want.
So the question is, do we want to live in this type of a world. Not clear yet if we want.
3
Get Comey back!!!
What I see everyday is a Presidency that's like an endless wild Los Angeles car chase on TV, with the erratic "driver" on the phone and messaging family and cohorts on the route. The press is in the chase role that the LAPD and CHIPS following and tracking the insanity by car and helicopter. Every day is an unbelievable unending chase of contradictions, falsehoods and unethical actions. We the people are the victims. The misinformation, the broken press secretary, the attorney general.
Those car chases always end when they either run out of gas, give up, crash or crash and burn! It's headed that way.
No knowledge of cyber problems!
What I see everyday is a Presidency that's like an endless wild Los Angeles car chase on TV, with the erratic "driver" on the phone and messaging family and cohorts on the route. The press is in the chase role that the LAPD and CHIPS following and tracking the insanity by car and helicopter. Every day is an unbelievable unending chase of contradictions, falsehoods and unethical actions. We the people are the victims. The misinformation, the broken press secretary, the attorney general.
Those car chases always end when they either run out of gas, give up, crash or crash and burn! It's headed that way.
No knowledge of cyber problems!
2
Relax! King Donald will FIX this. He knows more than the generals. He knows more than Amazon and Google. He's the virus the American peeps wished upon themselves. Homer is in the WH folks! People are saying...very, very...
Where is the UK military in all this? Was this gross criminal negligence or an intentional targeting of the NHS? Either way people in the UK will die as a result of these actions. Isn't that their remit?
Doctors of all people should be aware of the risks of monoclonal strains. Requiring multivendor IT systems (MS/Mac/Android/Linux), or requiring state inspected open source operating systems would help to defend against these attacks. Putting the immediate perpetrators' heads on spikes by the Thames would also help.
Doctors of all people should be aware of the risks of monoclonal strains. Requiring multivendor IT systems (MS/Mac/Android/Linux), or requiring state inspected open source operating systems would help to defend against these attacks. Putting the immediate perpetrators' heads on spikes by the Thames would also help.
5
This was bound to happen. Anyone who remembers the days before the internet when the ARPAnet and DARPAnet were the only way to go online,(outside France) other then a phone, might recall "The Cuckoo's Egg" by Clifford Stoll. It is the true story of the "first" hacking of US computers by our frenemy's, the East Europeans and Russians.
There were no viruses, no protection software and anyone with a computer and a phone line, anywhere in the world could get into the network with basic knowledge of programing languages.
In Stoll's book, the obvious lesson for the computerizing West was to keep all your "valuables" off of phone lines which were open to anyone speaking the right language.
This was in the late 80's or early 90's and since then, we have allowed every business and industry to go online, often undefended, even as we have ignored the obvious danger. We are now being burned for our arrogant stupidity. It is well past time to return to less computerized businesses and industries and do most routine work off line. Healthcare is one of the obvious traps where loss of control can kill people. We may have to return to using paper and pens,(horrors!) .
The solution for ever escalating computer crimes is to keep important business off the "net"-we did it for thousands of years-we can do it again and probably be healthier and happier out from in front of computer screens, as a side benefit.
There were no viruses, no protection software and anyone with a computer and a phone line, anywhere in the world could get into the network with basic knowledge of programing languages.
In Stoll's book, the obvious lesson for the computerizing West was to keep all your "valuables" off of phone lines which were open to anyone speaking the right language.
This was in the late 80's or early 90's and since then, we have allowed every business and industry to go online, often undefended, even as we have ignored the obvious danger. We are now being burned for our arrogant stupidity. It is well past time to return to less computerized businesses and industries and do most routine work off line. Healthcare is one of the obvious traps where loss of control can kill people. We may have to return to using paper and pens,(horrors!) .
The solution for ever escalating computer crimes is to keep important business off the "net"-we did it for thousands of years-we can do it again and probably be healthier and happier out from in front of computer screens, as a side benefit.
6
This is the equivalent of reports in the year 2000 of a scion of the powerful Bin Laden family hanging around in the mountains of Afghanistan planning nasty things with hijacked airplanes. When that big attack finally came, we gradually realized that we had a president more eager to settle his father's grudge than protect America's citizens. When this next attack happens, we'll look at the television at our raging King Lear screaming at phantoms and shadows, in the throes of yet another tantrum and we'll realize that this time, America's goose is really cooked.
10
Computers. I lived most of my life without them and got along very well. They haven't increased the "happiness quotient" people have and I can't see many instances of having lives improved. That said, I have several computers and use them to buy, upgrade, and sell apartment buildings. I did this before computers in the early 1980s and can still do without them. I can put a contract together in five minutes rather than half a day for my secretary to type it, but I'm no happier and I don't make more money. I back up everything on four separate hard drives. I don't do clouds. I switched to Macs after dealing with viruses every day and my problems have disappeared. If someone tries to lock this computer up, I have four backups separated by three days each. If one goes down, last nights is ready to go. If that one goes down, I've only lost three days of data when the next backup kicks in. If the whole damn thing crashes, I'll go back to a typewriter and calculator and won't miss a beat.
13
I hate to take my comment out of reality, but we need a draft to train every young mind to possible future evils. Military or non military, national or international, 1-A or 4-A, something more needs to done. Hacking seems to be a winning venture. Punishment may encourage hacking as a challenge.
A life time of restitution would be more dissuading.
A life time of restitution would be more dissuading.
1
How did the NSA tool get in the hands of criminals? Who or what is behind this? That is why "leaks" are not a good thing in any case scenario. Privacy is important even in the digital social media global age. Security is of the utmost importance. The media should not have access to everything said and done. YES it would be better if we turned back to the way things were before. NO in internet, online banking, online commerce, social media are not the great big leap forward in progress for manking that they were made out to be. They seem to be the makings of the worst global disaster so far of the 21st century. And this is not a theory like the causes of global warming but all the facts are already there.
3
Isn't there a difference between a leak, and the theft of information?
I'm not sure, but there must be one.
I'm not sure, but there must be one.
The US espionage and sabotage legacy apart, now is the time to evolve and adhere to the international agreement on the cybersecurity protocol so that the world community could derive full benefits of the Internet era.
6
Transparency isn't always the best policy. I doubt the world would be a better place if everyone had their secrets exposed- how they felt about their kids and parents, employers and spouses.
Wikileaks has gone too far promoting its' own agenda. Like Trump, Julian seems rather spiteful. Democracy, free enterprise, and privacy are all fair targets.
Are directions and codes to launch nukes from Iran or North Korea next?
Wikileaks has gone too far promoting its' own agenda. Like Trump, Julian seems rather spiteful. Democracy, free enterprise, and privacy are all fair targets.
Are directions and codes to launch nukes from Iran or North Korea next?
11
You do realize that Assange and his organization had little/nothing to do with the release of these N.S.A. tools, right? They are the ones advocating /against/ governments having these tools, precisely because they will misuse and mishandle them. Insofar as this story is related to Wikileaks at all, I think it vindicates their message.
4
STOP using Microsoft!!! Linux is FAR better and safer, in all respects.
20
Sadly, Linux has far fewer apps and is still missing some critical apps. Last I looked Adobe and ESRI are not available. Is MS Office available on Linux?
2
Linux, and FreeBSD and MacOS, are fine operating systems, but like nearly all large software systems they will have vulnerabilities. The attack described here does not affect properly patched current versions of Microsoft Windows. The victims are users of old unsupported versions, mostly or entirely Windows XP, and those who did not apply the patches to prevent it that were issued in the middle of March.
2
No, Linux is not safer nor better. UNIX flavored viruses and security holes have been around since modems were added to servers. Many companies do not customize Linux security and even if they do, it will not be impenetrable. Open source software is very easy to hack by its very nature.
The common thread in most attacks is email. Gmail was hit a few weeks ago and might have been leveraged by the hackers behind this attack. The reality is there is no such thing as an impenetrable computer system as long as there is a LAN cable and a power cord attached.
The common thread in most attacks is email. Gmail was hit a few weeks ago and might have been leveraged by the hackers behind this attack. The reality is there is no such thing as an impenetrable computer system as long as there is a LAN cable and a power cord attached.
3
when it comes to software that affects nearly every man, woman and child in the developed world, there aren't many applications more important than ms-windows server. what was the nsa thinking when it decided to keep microsoft in the dark? we already have plenty of apocalyptic scenarios to ruin our sleep, but we'd be wise to queue a new one: what other bombs is the nsa sitting on?
18
Michael saint grey - Micro$oft released a patch more than a month ago... NOT in the dark
3
Arg! MS fixed this in March. Why don't institutions run the patches? That is not NSA's fault.
2
Microsoft released patches on March 14 for the vulnerability being exploited in this episode. That is nearly two months ago, and was a month before the exploit became public. Furthermore, while this is much more impactive, the vulnerability was being exploited as early as April 21.
1
The ACA required the transfer of patient data to computerized systems. Patient privacy was also made a high priority, with any dereliction by the physician HIPAA carrying serous prison time for the the physician who allows information to go the the wrong person, such as their spouse. In the olden days of course the Doc knew his patient, but no more.
Of course the turnover among desk employees is high, so passwords are not protected. We now have software that simulates the voice of a trusted friend who may have "misplaced" his password. As we get more efficient, inherently we have more of a probability of disasters such as this.
It was great when science fiction disasters were all in the distant future.
Of course the turnover among desk employees is high, so passwords are not protected. We now have software that simulates the voice of a trusted friend who may have "misplaced" his password. As we get more efficient, inherently we have more of a probability of disasters such as this.
It was great when science fiction disasters were all in the distant future.
13
You got it, spot on. I dont think air pollution or water pollution is the worst enemy of mankind. I think information pollution is.
1
The organizations that were attacked should consider Chrome OS computers. No computer is perfectly secure, but Chrome OS is low cost and easy to maintain.
10
I read once there's a tribe in Papua New Guinea that made the conscious decision to revert back to a Stone Age lifestyle even though they had been exposed to the modern world and are aware of all our gizmos and so on. Wonder if they'll end up getting the last laugh.
21
If you've lived in the stone age, as I lived in the stone ages before computers, it would be simple to go back to those days - and probably preferable. I don't see any increase in happiness or release of stress because of computers. I don't make more money because of them. Things took a little longer in those days, but everybody accommodated the technology that existed and got things done. If the purpose of existence is to be happy and productive, computers haven't added much.
8
We are NOT going back to typewriters. Get over it. Computers allowed me to make more money in my working life and retire early. There were bank robbers before computers. My wife is handicapped and we were able to entertain ourselves, at home, with shows from Amazon Prime(computers) last night. The shows we watched were better than anything in the theaters and much cheaper. Don't generalize about "happiness" which is very personal and local. I like paying my bills online and banking there too. We don't revert to horse and buggy because thousands die in traffic every year.
2
Or dying from say the flu...
These systems operated before computers. Drag some folks out of retirement if you have to but shut down? That seems absurd to me.
And fire your IT guy since this exploit is well known. And definitely delete all Kapersky Anti-virus (which should its name in opposite world) from your systems.
And fire your IT guy since this exploit is well known. And definitely delete all Kapersky Anti-virus (which should its name in opposite world) from your systems.
5
Interesting how the progressive commentista is so quick/pre-emptive to label this as terrorism...
Don't you all want to know if this is a hate crime or not...
Doesn't it matter what was in the hearts - and what was the gender or ethnic identity - of the perps...
Or has the realization dawned finally dawned on you...
When a burning airplane is sticking out of the side of your building - none of your peacetime niceties and natterings matter worth a snot...
For clarity...Like broken clocks, you are all right, this time of the evening...
Don't you all want to know if this is a hate crime or not...
Doesn't it matter what was in the hearts - and what was the gender or ethnic identity - of the perps...
Or has the realization dawned finally dawned on you...
When a burning airplane is sticking out of the side of your building - none of your peacetime niceties and natterings matter worth a snot...
For clarity...Like broken clocks, you are all right, this time of the evening...
8
Yes, and conservatives always want to know if it was terrorism.
Pointless obsession with labeling is common on the left and the right.
So what's your point?
Pointless obsession with labeling is common on the left and the right.
So what's your point?
5
This is a common pattern. The government finds a vulnerability. Instead of doing what any decent technical person or organization would do, namely notifying Microsoft so that they can patch the hole, the government keeps it secret.
But then the government isn't very good at keeping secrets and hackers steal and then exploit the attack, puttling lives at risk across the world.
Why aren't people outraged? The government is supposed to work for us, not against us.
But then the government isn't very good at keeping secrets and hackers steal and then exploit the attack, puttling lives at risk across the world.
Why aren't people outraged? The government is supposed to work for us, not against us.
8
What would the proposed outrage look like?
2
I wonder how the people who lost loved ones in the UK today feel about the United States government's determination that developing these sorts of cyberweapons is a higher priority than turning over the exploits they take advantage of to the relevant software developers and security firms to be fixed or safeguarded against.
11
And politicians want companies like Apple to build back-doors into their software for law-enforcement use? The government can't even protect the vulnerabilities they already have, except from the people who could fix them.
The public clearly needs more education in identifying phishing risk emails. I've heard of IT departments who send out false phishing emails from time to time, and anyone who clicks the link is required to attend 'refresher' courses.
The public clearly needs more education in identifying phishing risk emails. I've heard of IT departments who send out false phishing emails from time to time, and anyone who clicks the link is required to attend 'refresher' courses.
11
This story is a huge gift to Trump. Watch for a Tweet storm about how we should be focused on truly important matters.
4
I'm going to assume you are not being sarcastic.
The patch for the security flaw has been out for over 2 months ... but it only works if Twits in your IT Department don't block Windows Update & allow executable email attachments
12
When I read about this hacking/ransomware, I just think thank goodness we have Trump as president now, because he is so good with the digital.
11
You think because he tweets he's good with the digital?
No point in paying the ransom! The hospitals cannot confirm the data were tampered with, and chain-of-custody is lost. So they would get nothing they could trust. Result is destruction of patient records, but shouldn't generate a penny for the hackers - except for anyone lame enough to pay the Stupid Tax.
6
Hospitals have a lot of information besides just patient records, and I'm sure that they would recover a lot of data, such as spreadsheets, correspondence, e-mail archives, etc. I don't know what Britain's version of HIPAA is, but I'm not sure that anything would necessarily need to be destroyed.
1
So -- arethe GRU, the FSB, Julian Assange and Wikileaks the ones who hacked these programs out of the NSA and spread them to hackers around the world? Was it North Korea, trying to pull off another cyber bank heist? Or was this done by a non-state group of private extortionists?
6
Computer hacking, any computer hacking should be a capital offense.
7
Language of the ransom text message is Middle Eastern. I have had a personal practice with such language in a fraud.
May be it is the Brotherhood Electronic Army based in Egypt under loyalty of Sisi, the top terrorist. May be he obtained the ransomware when visiting Trump.
The ransomware is a terrorist funding attack. Every terrorist group has its own professional hackers, and for sure, thieves as well.
May be it is the Brotherhood Electronic Army based in Egypt under loyalty of Sisi, the top terrorist. May be he obtained the ransomware when visiting Trump.
The ransomware is a terrorist funding attack. Every terrorist group has its own professional hackers, and for sure, thieves as well.
11
Anyone dumb enough today not to have their data backed up off site deserves what they get.
5
Hospital patients?
2
Correction, data backed up offline like in the old days.
1
It should be noted that up to 90% of the computers hacked at NHS were WINDOWS XP. Are you serious? That is like parking your car in a bad neighborhood and leaving the keys on the hood while you enter a liquor store. I travel all over the place and I am stunned by the number of computers in cybercafes all still using XP. Many countries in Europe, everywhere in South America, Mexico, the Caribbean. This was a disaster just waiting to happen and it did.
27
I have seen ATMs in Asia using XP.
And I thought I was the last living XP user - that PC had its final meltdown years back
Anyone who has the slightest idea about what the TCP/IP stack is will know that the only way to secure the Internet is to start over from scratch.
It will not happen. Users are to dumb to adapt and governments are too happy about the status quo.
There's a cyber-warfare arms race that no one will win.
Mad Magazine's Spy vs Spy.
Get used to it.
It will not happen. Users are to dumb to adapt and governments are too happy about the status quo.
There's a cyber-warfare arms race that no one will win.
Mad Magazine's Spy vs Spy.
Get used to it.
13
The vulnerability has nothing to do with TCP/IP except that it is used as a transport. The initial entry of the worm appears to have been an email phish, and the ultimate target is Windows based file services. Any different or reengineered transport almost certainly would have done quite as well.
WHile all you id-jits are running on about Trump or whatever, Have you opened your minds enough to ask a simple question, How did the NSA get hacked and have these tools stolen in the first place?! Did you think about the FACT they also have all of our personal emails, texts, phone calls, gps locations ect ect stored away on their servers too? Not just these hacking tools? If they got the tools stolen, that means the very most intimate and personal information on each and every one of us vulnerable too. But hey, Trump Derangement Syndrome needs to reign supreme!
5
one big thing needed ... governments and sizable institutions must pay their creative IT people much more money, with special benefits and bonuses to both lure and keep them, so that the best prevention and hack fixers are hired and retained. This way, perhaps would-be hackers may use their powers for good. And, perhaps, ipon identifying hackers or their locations, send something back to them that will be troublesome, seriously unpleasant, and, if possible, both internationally and locally public. Yes, make sure their grandmothers know what their beloved young boys have been up to.
7
Why does the NSA have burglars' tools?
I thought only the EVIL Russians hacked.
https://emcphd.wordpress.com
I thought only the EVIL Russians hacked.
https://emcphd.wordpress.com
9
These terrorists need to be hunted down and killed.
6
Does that include the terrorists the created the tools and kept the vulnerability secret?
2
How ironic that the master-hacker (NSA) gets hacked and the hacked tool is then used to bring down the NHS in Britain and other operations to their knees the world over!
9
Sadly all these comments, including my own, do nothing to rectify a situation, a global problem, that cannot be rectified. Moving on. C'est la vie!
Hacking has only just begun and, already, nothing is safe and almost no data is secure. If governments can do it, criminals and anarchists can, or will soon thereafter, be doing it. The solution is obvious: disconnect. Shop at physical stores, bank at small credit unions, write letters and begin to accept that smart phones might actually be stupid.
Another Putin power play??
3
Here is a question: if the NSA knew this tool was stolen, then why not warn everyone about the exploit?
As this article makes clear, the NSA might have done exactly that, if it was the one who tipped off Microsoft in March about the security flaw.
3
Remind me why Bitcoin is a good thing. Seriously.
10
Death penalty for hackers.
I originally thought of drawing and quartering them but that seemed overly harsh.
I originally thought of drawing and quartering them but that seemed overly harsh.
6
This is exactly why the next big war will be fought with software. Why try to bomb your enemy when you can just shut down his infrastructure by infecting his systems?... and you can't retaliate militarily because you can't prove where the attack originated.
scary stuff.
scary stuff.
9
So a bunch of people might have died outside the USA, .. Stop blaming the NSA just because it was their fault.
3
methinks billy gates needs to spend more time thinking about security rather than charity. He will do more for the world by stopping these attacks than he will through fatuous and fruitless charitable endeavors.
5
Again, Migration is Beautiful, Global Warming is Real, Information is a Human Right... blah, blah blah.
1
Did you read your email today? Could be from the great leader Kim Jun or a 400# geek living in his mums basement. Can someone please hack the cons taxes?
2
And I wouldn't expect much help in this area from Trump, as he seems pretty baffled by computers and anything "digital".
10
Hey, c'mon...he does believe TiVo is "the greatest invention!"
1
The US and Israel have never admitted to doing anything to Iranian systems. The story of Stuxnet is well-told in 'Zero Day'. What the makers of that documentary indicated are happening to-day.
2
Am I the only one wondering why the NSA, whose stated purposes is the gathering of intelligence, has this kind of 'tool' in its possession?
3
To gather intelligence.
1
No! You are not.
And everyone wonders why Hillary Clinton chose to use a private server? A better question would be why is everyone not doing that. After all she was never hacked.....
32
A private server wouldn't protect against this. This is a hack that is transmitted via email and is activated when a person click on any of the links or attachments to it.
7
And meanwhile what is America and our government these days wholly absorbed in? Trying to manage and deal and reckon with the so-easily-bruised child's ego of our horribly ill-elected current president.
History is ticking. Every day we spend allowing this farce to remain in office is a day history is moving without us.
Unlike in his fantasies, reality is not titled "The Donald Trump Show." We need to end it, asap. Until then it will be hard to react to crises and hacks elsewhere, since Trump is nothing more than a hack and crisis within our own society.
Get. Him. Out.
History is ticking. Every day we spend allowing this farce to remain in office is a day history is moving without us.
Unlike in his fantasies, reality is not titled "The Donald Trump Show." We need to end it, asap. Until then it will be hard to react to crises and hacks elsewhere, since Trump is nothing more than a hack and crisis within our own society.
Get. Him. Out.
17
Whoa... a hack on all these countries to provide a cover for when the Russian evidence for collusion with the Trump team goes missing? That's low.
5
This is precisely why the Comey affair is a total distraction. The cyber-attack is a world wide threat. When is our government going to be held accountable for acting like juveniles. When are Americans going to ask real questions about how our Nation is defending it's self against this stuff. Cyber penetration and the hacking of computer networks isn't going away. It's only going to get more sophisticated and dangerous.
15
WE can walk, chew gum and deal with a series of issues at the same time. No cause for hysteria; a calm, sharp mind is called for.
This event is actually the kiss of the death to these criminals as detecting their whereabouts explodes by orders of magnitude if they collect the ransoms in the short time frame required for payment. Large numbers is not their friend.
The CIA "could" have seeded this whole thing from start to kill many birds with one stone by (a) flushing out the perpetrators and state actors (b) performing a worldwide real time risk analysis of impact to domestic systems (c) forcing millions of systems to rethink their internet exposure entirely (d) seeding the idea of a completely new hardwired domestic only incompatible net for mission critical infrastructure and businesses.
The CIA "could" have seeded this whole thing from start to kill many birds with one stone by (a) flushing out the perpetrators and state actors (b) performing a worldwide real time risk analysis of impact to domestic systems (c) forcing millions of systems to rethink their internet exposure entirely (d) seeding the idea of a completely new hardwired domestic only incompatible net for mission critical infrastructure and businesses.
4
Hope so.
1
Why couldn't they have hacked Trump's Twitter server?
9
The urge to do harm to perfect strangers seems to have become insatiable.
3
The urge to do harm? This is about power, control and plain greed.
2
To borrow from Shakespeare it is indeed a "brave new world". Clearly, there is no foolproof system anywhere and at any time. Whoever organized this attack will strike again and again. We have become dependent on our computers and we really risk becoming over dependent to the benefit of these criminals wherever they are based.
2
Decades ago, when Science Fiction writers predicted a computerized society and then warned of precisely this kind of attack, they were scorned or ignored as if they were buggy-makes railing against the horseless carriage.
We need to pay attention to our canaries in the coal mine.
https://emcphd.wordpress.com
We need to pay attention to our canaries in the coal mine.
https://emcphd.wordpress.com
I want precious information to be protected in walled off computers with Faraday cages to protect against hacking and EMP Attacks. Perhaps hospitals should use a computer code that would not be readable by a laptop, to keep people from sharing data. They could be designed to allow specific interactions without letting the central core be vulnerable.
2
Hospitals operate on a budget like anyone else.
Weapons left unsecured will eventually be appropriated and used. This is as true for malware code as it is for handguns. Security for nuclear weapons is generally pretty good -- as far as I know, nobody has even stolen a nuke, and no significant amounts of fissionable material are available on the black market.
It is evident that security for cyber weapons is just as important as security for nuclear weapons. If someone stole a nuke, and used it to hold a city for ransom, there would be a major impact for implementation of nuclear security. Now that something similar has happened with cyber weapons, the practices of the NSA and other cyber-warfare organizations need to be examined and revised to reduce the chances it will happen again.
It is evident that security for cyber weapons is just as important as security for nuclear weapons. If someone stole a nuke, and used it to hold a city for ransom, there would be a major impact for implementation of nuclear security. Now that something similar has happened with cyber weapons, the practices of the NSA and other cyber-warfare organizations need to be examined and revised to reduce the chances it will happen again.
The worldwide hacking story is an enormous gift to Trump--a story changer.
2
On-line voting, anyone?
Our tax dollars at work.
1
Nowhere is any discussion of how to possibly track down and identify the culprits, or why that is not possible at this time.
3
We have met the enemy and it is us, turns out the little supposed Russian hacking of the DNC revealed by Obama after election day was nothing compared to this disaster and what will happen when a number of other very powerful cyber weapons created by the Obama NSA and lost to hackers as was reported several weeks ago are loosed upon the world. One of these programs allows for the complete masking of an emails origins.
NSA has been playing their games since long before Obama. I'm not sure you lot could fake up even a tenuous connection between Obama and the coders in the basement.
3
Any emergency service which requires access to records to operate should have a backed up system, securely walled OFF from the internet , and not directly connected to likely targets. Sort of a digital bunker.
I really am perplexed about why NOTHING can be done at an ER or hospital absent the computer system, though.
It's also clear that this is the most serious terrorism we are facing, as the more sophisticated these interlopers become, the more likely they are to be able to shut down absolutely vital systems: electric grids, military operations, modern water supplies, all of the interlocking bank payment systems.
As consumers, we have been forced to provide too much information to too many companies for whom security is secondary to profit. We are all vulnerable. Although somehow I wonder if the Russian claim that they were hacked as well isn't a ruse?
I really am perplexed about why NOTHING can be done at an ER or hospital absent the computer system, though.
It's also clear that this is the most serious terrorism we are facing, as the more sophisticated these interlopers become, the more likely they are to be able to shut down absolutely vital systems: electric grids, military operations, modern water supplies, all of the interlocking bank payment systems.
As consumers, we have been forced to provide too much information to too many companies for whom security is secondary to profit. We are all vulnerable. Although somehow I wonder if the Russian claim that they were hacked as well isn't a ruse?
30
You don't get it, do you? A Ransomware attack prevents you from using your computer system until you pay up. It is not about back up of data.
1
Agree to all of that. But, try getting funding from the government or allocate a bigger share of the hospital's budget for I.T. and see what happens to you.
2
"Nothing can be done"........ but of course... they cannot bill for services without their computers
Ain't it fun to be number one N.S.A.
Well, there is at least one professional American group left.
When countries and individuals go after your mathematical computer equations.
Your pretty good.
Well, there is at least one professional American group left.
When countries and individuals go after your mathematical computer equations.
Your pretty good.
Computer programmers are experts at deconstructing each other's work.
So now after months of blaming the Russians for supposedly hacking the DNC computer server, an NSA program created under Obama has gotten loose and is threatening Computer systems around the world, how ironic.
11
I may be wrong, but I didn't see President Obama's name in the article so there's that. And it's fairly common knowledge that the Russians were involved in the DNC hacking. Ironic?
5
I hate to cut to the chase, but the human brain is the ultimate hack.
The solution is simple: stop opening random attachments in your e-mail.
While the nefarious computer code is constantly evolving, the delivery methods remain relatively unchanged. When will we learn?
While the nefarious computer code is constantly evolving, the delivery methods remain relatively unchanged. When will we learn?
25
Nobody is giving anything away over the internet.
But what of the activities of Snowden, Manning and Assange, which so many seem to think are heroic? Perhaps this notion is worth revisiting.
23
False equivalence. The problem is not that Snowden provided evidence that the government wasn't doing what it said it was doing (or people reasonably understood it to be doing), the problem is that this technology existed and it got leaked. And since the intelligence community wasn't always doing what it said it would (inform companies of technological vulnerabilities), vulnerabilities have gone un-patched (I'm talking about other ones, I realize Microsoft sent out a patch for THIS vulnerability, but how many are still out there?).
1
All this stuff is difficult to digest, philosophically.
Yeah, considering a few people villains is going to fix computer security.
If it is possible to hack the United States NSA, why don't people understand how easy it is to hack and manipulate the counting of votes in November 2016?
Really? Go back to manual methods. No more computer voting
Really? Go back to manual methods. No more computer voting
33
Most voting in the US is not web based.
2
The voting process itself is a very tricky balance between validating the ballot and preserving the privacy of the individual's vote.
Do we know the NSA was hacked? Could it shave been an inside job?
This shows how very far behind the electronic data systems are in the US as well yet we have overdependence on them. Most people do not realize that hospitals are still not connected electronically here in the US. In CT none of the hospitals is connected to the other data wise. If a physician needs info from a different hospital it is still FAXED. It takes so much time to obtain many times it isn't requested, and often there us no one in the medical records office to fax it after "regular " hours even if it is requested.
7
This still happens in the UK as well. The hospitals are not well connected either. They were hacked individually. This could happen just as easily in the U.S.
9
The vulnerability (MS17-010) was patched by Microsoft 2 months ago. It baffles me that these critical computers don't get updated in a timely fashion. Is it the IT people, or is it that management still gives short shrift to robust security?
A friend in the IT world told me, years ago, that such "attacks" have been occuring for some time. As more and more companies became "paperless", hackers found ways to block access to their data. Companies even build monies into their budgets to pay off data blockers. They list it as part of the price they pay to operate. The biggest difference is that now the public is finding out about it.
8
And this is the world that persecuted Hillary Clinton for setting up a private work-around that was reliably available and apparently never got hacked.
3
That's absurd, real time backup with version history is all that is required. If Dropbox can do it, so can anyone.
So much for Bitcoin leading us into the future.
11
The ransoms are usually paid in bitcoin.
2
Thanks, NSA. Really. What would we do without you.
6
What would we do without the NSA? Maybe we'd be unaware of hacking, spying, and potential attacks by Russia, Ukraine, China, Iran, North Korea, Al Qaeda, and ISIS.
4
It's hard not to suspect the KGB/FSB in this giant sabotage--after watching Lavlov's smug smile as he blew off Andrea Mitchell and sashayed into the Oval office.
Their version of guerilla warfare against US military & economic dominance is cyber-poison.
Cheap yet effective.
If you mess with our Donald....we'll unleash ransom malware !
Their version of guerilla warfare against US military & economic dominance is cyber-poison.
Cheap yet effective.
If you mess with our Donald....we'll unleash ransom malware !
8
@Sara,
Yes! Yes! Yes! Russians! Evil Lavrov mocking our dear patriot Andrea Mitchell. And he thought we won't see the connection to today's hacking. What a fool!
Yes! Yes! Yes! Russians! Evil Lavrov mocking our dear patriot Andrea Mitchell. And he thought we won't see the connection to today's hacking. What a fool!
NASA, IBM, Google, New York Stock Exchange, London Stock Exchange, the Pentagon, most Air and Road Traffic controlling systems, 70% of internet hosting and service providers, Amazon, Twitter, Facebook, the fastest supercomputer of the world Tianhe-2, even McDonalds use linux. No operating system is bulletproof. But that is not an excuse to use a notoriously unsafe operating system like Windows for serious work.
17
Agreed. There is nothing that is foolproof, but that is not an invitation to be a fool.
You omitted the federal entity responsible for maintaining employee and other personal records. How many files were compromised at the Office of Personnel Management. But, not to worry. OPM has promised to aid the compromised up to a limit if harm comes as a result of the massive breach that would make identity fraud a walk in the park. I think the damage limit was somewhere between fifty and one hundred thousand dollars. This should comfort those who fear their life's accumulation of assets might disappear overnight. Anyone could live on such a sum for life.
You omitted the federal entity responsible for maintaining employee and other personal records. How many files were compromised at the Office of Personnel Management. But, not to worry. OPM has promised to aid the compromised up to a limit if harm comes as a result of the massive breach that would make identity fraud a walk in the park. I think the damage limit was somewhere between fifty and one hundred thousand dollars. This should comfort those who fear their life's accumulation of assets might disappear overnight. Anyone could live on such a sum for life.
2
I use Linux for almost everything. although. I did believe open source is inherently more secure, I doubt Windows is so very bad. Windows is a much larger and more interesting target. Whatever you think, the question you ask should be - Did the NSA report the exploit to Microsoft? If reported, Microsoft not swiftly patch the exploit once reported. If not, you know who to blame.
2
"The malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows."
There is the problem. How many times have we heard this? Windows is junk, I don't understand why anyone runs Windows.
There is the problem. How many times have we heard this? Windows is junk, I don't understand why anyone runs Windows.
3
Good example why we should maintain a decentralized voting system & should adopt a national standard that makes voting easy by mail with a paper trail - as we have here in Oregon!
15
The hackers are hacking the hackers who hacked the hackers who.....
This is a revelation?
Now if anyone, anywhere, any how, believes that they are immune, please return to the real world.
This is a revelation?
Now if anyone, anywhere, any how, believes that they are immune, please return to the real world.
7
There's no small irony in the fact that every weapon we choose to develop can eventually be used against us or our allies. What happened because of Stuxnet is only one example. It'll be interesting to measure our level of outrage when drone attacks start taking the lives of innocent civilians in this hemisphere.
17
This kind of wisdom the world could use more of.
1
I've been waiting patiently for the drone attacks on American cities. On a recent walk in my 'hood I thought the angry buzzing sound I heard was from a swarm of hornets loosed from a nest I might have kicked. I even jumped out of the way at one point. Seconds later I looked up to locate the source of the sound. Of course, a drone. It will be awful.
1
Thank you mr. snowden...maybe a seriously conscious human should think about the future before destroying what one immediately dislikes...or whether saving the world is REALLY possible without the inevitable curse of the cure.
10
How do you know he leaked.it?
6
How about we use our computer prowess to destroy bitcoins.
9
Too obvious of a solution.
1
Funny thing, after every great trump crisis in his mandate comes a big new news , korea , world hacking, what next?
11
So this is what World War II looks like? The Hackers who were able to break into NSA computers and steal exploits that were designed to fight Terrorism and then release then through a 'shadow broker' proxy were almost certainly working for the Russian Government. The attacks on targets like UK Hospitals seems designed to 'throw shade' on the American Intelligence agencies who developed these tools - 'coincidentally' just at the time when they are closing in on the Trump/Russia treason
6
Nobody hacked the NSA computers. An IT contractor who was employed there (Snowden) downloaded lots of information (including information about this Microsoft vulnerability) and took it with him as he fled to Russia. Hacking implies and outsider breaking in.
2
It's the Russians. There will never be any proof, but it is the Russians all the same.
9
It was the NSA who wrote this exploit.
Says who? The NSA? Were you on that team? The people given all the credit, or blame, could not and/or would not make it look like whom so ever they decided it to be?
I am surely not going to look straight at the camera looking at me and smile if I rob a bank.
Not suggesting they didn't, but it is quite a convenient time to use the "Red Scare" scenario. For everything.
I am surely not going to look straight at the camera looking at me and smile if I rob a bank.
Not suggesting they didn't, but it is quite a convenient time to use the "Red Scare" scenario. For everything.
Writing insecure code should be a crime.
If you build a bridge that falls down, you can go to jail.
If you build an airplane that falls out of the sky, you can go to jail.
If you build a program that falls down, you need to go to jail.
We must be able to trust the digital infrastructure as much as we do the physical infrastructure.
Lock up a few of those snot-nosed billionaires, and we'll get us some secure code.
If you build a bridge that falls down, you can go to jail.
If you build an airplane that falls out of the sky, you can go to jail.
If you build a program that falls down, you need to go to jail.
We must be able to trust the digital infrastructure as much as we do the physical infrastructure.
Lock up a few of those snot-nosed billionaires, and we'll get us some secure code.
10
No government action unless the 1% are hacked for billions ransom. Then you'll see action.
7
Why stop there surely there must be more jail worthy offenses! Glad to know you're so perfect and can't make a mistake thus sparing yourself from prison.
4
So this is more important than the ongoing constitutional crisis in D.C.?
7
There is no Constitutional crisis. A political crisis? Could be.
Is this story more important. No, not until you can't withdraw money from your local bank. And then? We haven't seen a crisis like that let's hope we never do...
Is this story more important. No, not until you can't withdraw money from your local bank. And then? We haven't seen a crisis like that let's hope we never do...
Um, maybe this was to divert from the Constitutional crisis!
1
Constitutional crisis....yawn. Turn off CNN.
No, it didn´t affect. I was not waiting for a medical treatment. And the local TVs didn´t talk about any problems caused by those attacks.
3
Don't buy into the military's push for "cyberdefense" -- it's a scam to create a new arms race. They claim they're inventing new tools for "defense", but as this shows, inevitably, those tools will get stolen or imitated, and then be used as weapons against us, requiring more defense, etc. in a never-ending spiral. Nobody wins. Don't fall for it.
Henry Lieberman
Research Scientist
MIT Computer Science and Artificial Intelligence Lab
Henry Lieberman
Research Scientist
MIT Computer Science and Artificial Intelligence Lab
27
They sell guns to the enemy, why not hacks? It's all the same money.
2
Reading these explanations re "entropy" doesn't seem to really capture the phenomenon of the internet's seeming "self-destruction" or whatever we're witnessing by way of the too effective/skillful hacking.
https://www.vocabulary.com/dictionary/entropy
I'd luv to know of an appropriate principle, word and/or phrase that "captures" the d mess we're witnessing/experiencing.
It strikes me that our internet seems to be in part "technologically obsolete."
It seems inherently so, and I bet there's a "Graham Law" if not "Murphy Law."
Sort of akin to we humans enjoying/thriving but then also fouling our environment.
https://www.vocabulary.com/dictionary/entropy
I'd luv to know of an appropriate principle, word and/or phrase that "captures" the d mess we're witnessing/experiencing.
It strikes me that our internet seems to be in part "technologically obsolete."
It seems inherently so, and I bet there's a "Graham Law" if not "Murphy Law."
Sort of akin to we humans enjoying/thriving but then also fouling our environment.
Who knows what secrets were handed over to the Russians while Gen. Flynn was Director of the Defense Intelligence Agency and while he was Trump's National Security Advisor? The whole United States government has been compromised.
10
What a perfect way for ISIS to fund itself--far more lucrative than either the narcotics trade (which requires an agricultural product and its distribution) or human trafficking (think of all the women and girls kidnaped and whored out or unwillingly married out). Follow the money and you'll find the hacker.
By the way, this idea is nothing new. I remember a 40+ year old James Bond film where S.M.E.R.S.H. electronically robbed others' bank accounts--back when computers took up warehouse-sized rooms!
By the way, this idea is nothing new. I remember a 40+ year old James Bond film where S.M.E.R.S.H. electronically robbed others' bank accounts--back when computers took up warehouse-sized rooms!
7
Actually the word 'stolen' or 'stole' could be wrong. Speaking from the South Asian Subcontinent, I have had the very curious experience of hearing high security details being discussed by local households, who had their children working in GB and US IT firms.
As of now, both US and GB have no more security in anything. From my casual understanding, even the US military hardware can be quite easily made to stall by persons sitting in Asian nations.
As of now, both US and GB have no more security in anything. From my casual understanding, even the US military hardware can be quite easily made to stall by persons sitting in Asian nations.
3
People who don't update their systems can expect to be hacked. As I understand this is was mostly XP users. I long with most reasonable people updated to Windows 10 when they offered it free. I guess Windows 10 folks can get hacked too, but it appears that all these were in XP.
4
It's the Russians. They want to divert attention from Trump's actions and whatever else they are doing (for example, no coverage of what is happening in eastern Ukraine for a long time, NYTimes)
Putin is a mastermind: using NSA technology will make the media discuss NSA. Of course there will not be a serious discussion of privacy, the role of contractors in the intelligence community or many other important questions. But the media coverage will be superficial.
Trump will ask for an FBI investigation. It might be the first in a series of attacks which should let him control the narrative and the FBI (if he can control himself and utilize this opportunity).
And of course, Putin insured that Russian computers (including governments' computers) are also attacked.
(And yes - in Russia like in China, the government is working with "contractors" who are "independent" for deniability. They did learn something from the US ...)
Putin is a mastermind: using NSA technology will make the media discuss NSA. Of course there will not be a serious discussion of privacy, the role of contractors in the intelligence community or many other important questions. But the media coverage will be superficial.
Trump will ask for an FBI investigation. It might be the first in a series of attacks which should let him control the narrative and the FBI (if he can control himself and utilize this opportunity).
And of course, Putin insured that Russian computers (including governments' computers) are also attacked.
(And yes - in Russia like in China, the government is working with "contractors" who are "independent" for deniability. They did learn something from the US ...)
4
More work for the already overloaded, overtaxed FBI. Anything to slow them down is beneficial to a certain party (parties).
2
I'm starting to think paper and pencil, human couriers, and landline telephones are where we need to return. Plus, we may not want our military to depend so heavily on GPS and computerized targeting.
12
Also, I've heard that faxes can't be hacked. True?
1
I love my landline telephone, paper maps and I still write letters too.
1
Microsoft supplied a patch for the exploit prior to the exploit being leaked, integral governmental services above all should be attending to and implementing security patches as they're released, it is unacceptable for IT specialists to be inattentive to crucial updates and patches such as these; a working environment and a secure environment are two different things in a settings so reliant on technology and can mean life or death for the innocent, becoming victim of an inexperienced IT specialist failing to protect the infrastructure from hackers.
21
Got to be some Trump angle here, right? It is comments from NYT readers, after all.
9
Or we could read your new sources and the comments will say its Obama related.
3
Obama heard about it at the same time you did...from the media. Dont you know???
Man, that "400 pound hacker's" been busy this year.
13
Hey, all, according to NPR, this particular attack doesn't rely on a user doing a stupid thing like opening an attachment.
Any technology developed always has been and always will be used for both good and bad purposes, whether for war, blackmail, or other. However, such can only succeed to the extent there are available targets for that particular technology. As became clear from guerrilla wars, bombing will not subdue a dispersed enemy: good strategy "defeats" technology. 9/11 again demonstrated the effectiveness of a "creative" strategy in an asymmetric "conflict."
To prevent effects even more catastrophic than the current, life-threatening ransomware attacks, it is necessary to disconnect infrastructure and security functions from the internet. One does not even have to imagine an attack on our air control network, our electric grid, or military communications. Just imagine attacks at the consumer level: self-driving cars become common and are suddenly disabled; drones are hacked to crash into targets; you can't access any of your "money" that is not physical.
When an F-35 is remotely commandeered, how will it be stopped, if the enemy is not a nation?
There really is no security or privacy on the internet. It is as simple as that. There is no "alternative fact." I understand why most people refuse to accept that the bad guys are as smart as and, arguably, more motivated than the good guys. What I don't understand is why our intelligence agencies and military don't get it, why they aren't working to disentangle American dependence on the internet. Bureaucratic inertia? Incompetence? What?
To prevent effects even more catastrophic than the current, life-threatening ransomware attacks, it is necessary to disconnect infrastructure and security functions from the internet. One does not even have to imagine an attack on our air control network, our electric grid, or military communications. Just imagine attacks at the consumer level: self-driving cars become common and are suddenly disabled; drones are hacked to crash into targets; you can't access any of your "money" that is not physical.
When an F-35 is remotely commandeered, how will it be stopped, if the enemy is not a nation?
There really is no security or privacy on the internet. It is as simple as that. There is no "alternative fact." I understand why most people refuse to accept that the bad guys are as smart as and, arguably, more motivated than the good guys. What I don't understand is why our intelligence agencies and military don't get it, why they aren't working to disentangle American dependence on the internet. Bureaucratic inertia? Incompetence? What?
7
The simplest answer to your question is MONEY. It is cheaper to pay off sporadic data blockers than to upgrade computer systems. The cost to upgrade an entire computer system for a large organization can run into the millions. And, it may have to be done several times, as each new weakness is exposed and exploited.
As a my friend in the IT world said, it has become the cost of doing business in the electronic age.
As a my friend in the IT world said, it has become the cost of doing business in the electronic age.
From what’s posted online, the malware attacks most versions of Microsoft Windows; only the most recent versions, Windows 10 and Windows Server 16 are not affected. A software patch has been available since March, but many companies have not applied it.
The article suggests that the victims are in part at fault, for not running the most recent operating systems, and for not installing the 2-month-old patches. But it’s not that simple. Installing patches presents its own problems; a patch is sometimes incompatible with mission-critical applications; it must be thoroughly tested before it can be rolled out, which takes time. Upgrading an operating system throughout an enterprise is a very major and expensive undertaking.
There are guilty parties here. Microsoft needs to do a better job of keeping its software secure; even today, the company often values fancy features that few actually use over reliable, usable products.
Companies may wish to consider operating systems other than MS; this is usually not possible, but in some cases Linux, Unix, or MacOS can be employed, these are generally more secure than Windows.
But the real villain here appears to be the NSA. They have been hacked multiple times. There is absolutely no excuse for the agency’s failure to secure potent malware of their own creation stored in house. Did they not learn from Edward Snowden? The agency and its senior management need to be held accountable.
The article suggests that the victims are in part at fault, for not running the most recent operating systems, and for not installing the 2-month-old patches. But it’s not that simple. Installing patches presents its own problems; a patch is sometimes incompatible with mission-critical applications; it must be thoroughly tested before it can be rolled out, which takes time. Upgrading an operating system throughout an enterprise is a very major and expensive undertaking.
There are guilty parties here. Microsoft needs to do a better job of keeping its software secure; even today, the company often values fancy features that few actually use over reliable, usable products.
Companies may wish to consider operating systems other than MS; this is usually not possible, but in some cases Linux, Unix, or MacOS can be employed, these are generally more secure than Windows.
But the real villain here appears to be the NSA. They have been hacked multiple times. There is absolutely no excuse for the agency’s failure to secure potent malware of their own creation stored in house. Did they not learn from Edward Snowden? The agency and its senior management need to be held accountable.
13
It seems evident that the world has become too dependent on technology and, most specifically, computers and the systems that govern them. While I am not anti-technology, I am in favor of putting measures in place that would allow society to function with and without the systems upon which they currently rely. When hospitals can be shut down, traffic manipulated, money stolen and, worst case scenario, weapons systems hacked into, it is time to consider teaching people how things worked before the world was controlled by machines. Not as the go-to, but certainly as a backup.
105
Life really takes a turn downward if one rolls back to a time when electricity was not available.
1
Yes we should have measures in place to deal with hacking, when possible, but humans have been dependent on technology since before the first stone arrowhead. We have our brains to push tech forward because it's our only option compared to the rest of the animal kingdom, who push forward with their tusks or jaws for survival.
It seems like you are under the assumption that technology is purely digital. Technology is simply the manipulation of material to create a useful tool. Yes, computers are technology but so all other human made objects e.g. clothes & furniture. The reason I am bringing this up is to highlight that we cannot revert back to a time without technology bc it is technology that makes us human. We can only create more advanced versions.
Our medical systems have become so dependent on computers that we can no longer treat patients in need of urgent care? Are ER doctors no longer able to practice medicine without them? That, my friends, is far more frightening to me than that they got hacked (which is a serious problem, I know.) I know computers are good for keeping track of medical records, making test results available more quickly, and things like rapid sharing of pertinent information. Technology, which was meant to assist mankind, becomes a liability of sorts. I'm hoping that this will be the subject of discussion in every hospital, in efforts to learn from this situation.
8
It likely has also to do with liability. If the MD did or did not do something care-wise because of lack of prior info then watch the patient sue, as long as there was an unhacked hospital still available.But what is ironic is how hospitals and medical offices still do not share info.
That's why I recommend everyone carry an up to date written list of their medications and important medical issues in their wallet and have it with their next of kin as well. Even without hacking, hospitals do not have easy access to each other's information yet, at least in most of the US. The systems are not integrated yet. This needs to be reported on better by the MSM.
That's why I recommend everyone carry an up to date written list of their medications and important medical issues in their wallet and have it with their next of kin as well. Even without hacking, hospitals do not have easy access to each other's information yet, at least in most of the US. The systems are not integrated yet. This needs to be reported on better by the MSM.
1
Of course doctors could still treat patients in need of urgent care. The issue was that the patients' computerized records couldn't be accessed. So the doctor couldn't see the results of recent lab tests and procedures, medications the patient was on including dosages, etc. It's possible the patient will remember all of that info and be able to tell the doctor, but it's not really prudent to rely solely on the patient's memory. And most patients won't be holding all that info in their head.
3
What is enabling this sort of ransomware is the ability to profit from it. Cryptocurrenies such as Bitcoin are allowing people to anonymously profit from others misfortune. It is time for governments around the world to shut down or heavily regulate the interfaces between cryptocurrencies and fiat currencies such as the US dollars. Bitcoin allows criminals, fraudsters, money launderers, human traffics, arms dealers and more to avoid legal controls on financial markets. The way cryptocurrencies are currently structure is designed for primarily illegitimate purposes. Attacks like this are the result. If blockchain driven cryptocurrencies are to exist, they need to be regulated.
5
The benefit/cost ratio of the Internet went negative in my mind with the shenanigans of the last election. If an enemy nation that breeds hackers like rabbits can affect the outcome of a free election then the world is in serious trouble. This hack drives the ratio farther into negative territory.
1
The NSA needs to leave the spying to the CIA. The NSA needs to become the National Security Agency, i.e., an agency that keeps the nation secure. Go ahead, and find those vulnerabilities. And then work with system owners, whether they are government agencies, private citizens, or corporations, and help them protect their systems from attacks.
3
I am struck by two facts mentioned in the article:
1) Microsoft released a patch for the flaw back in March. Presumably the IT people in the organizations subject to this failed to install the patch.
2) The malware required someone in the attacked organization to click on an attachment in an email -- something computer experts have been warning about for years.
It seems that the attacked organizations need to pay much more attention to basic computer security.
1) Microsoft released a patch for the flaw back in March. Presumably the IT people in the organizations subject to this failed to install the patch.
2) The malware required someone in the attacked organization to click on an attachment in an email -- something computer experts have been warning about for years.
It seems that the attacked organizations need to pay much more attention to basic computer security.
4
Apparently you haven't worked in IT before. At home all you have is your email and a browser to surf for porn, maybe a word processor and a spreadsheet. Corporations have large complex mission critical pieces of software. Updating to a new version or Windows or even putting on a patch ofter causes your software to stop working. Most large corporations have an extensive and time consuming test program to determine whether all of their software will continue to work before installing even a patch on the company's computers.
3
I hope Julian Assange is proud of himself.
I just saw a so-called expert, on the staff of a U.S. security firm giving his own agency as a company that had not had a good security policy because they had only recently migrated from an old cobol based mainframe system. That is a bizarre. None of these viruses attack IBM mainframes. These systems have had security built in for years. Most of them aren't even on the internet, or if they are, they are running very specialized software that is virtually impenetrable. The desktop machines that are vulnerable to this attack are running an operating system that is extremely unsafe. I won't even mention the name. But in my organization, we have had many ransomware breeches that have taken hours to recover from, and they have all been infections attacking this particular operating system. No Apple or Linux workstations have been attacked. The security people who are letting their MS users mount disks that contain critical data, are the culprits here. MS is a disease.
14
Why are you reluctant to reveal reality, if you are not speculating.
1
As a retired programmer from IBM, I can validate that the above comment is a good assessment of the old main frame security. IBM used to work hand in hand with the federal government of the USA to provide the federal government and US military with extremely secure computer hardware and operating systems and specialized applications. Although I never worked in the IBM division whose sole customer was the federal government, I knew and had worked with several employees who had worked in that division. They were some of the most competent and careful co-workers I worked with during my carreer at IBM. They were outstanding programmers and darn nice people with the highest integrity.
Nowadays, we all use operating systems on our personal digital equipment that are vastly different from the old main frame o.s. . We all know how vulnerable these devices using these mobile o.s. are to security issues. Cell phones, tablets, laptops, small tower home systems, and the ubiquitous small servers used by businesses--all are vulnerable to security attacks. I pay for security software on all my personal devices but I know they only make my devices slightly securer, not impregnable.
The growth in hackers is based on the prevalent usage today of hackable digital systems and hardware.
Nowadays, we all use operating systems on our personal digital equipment that are vastly different from the old main frame o.s. . We all know how vulnerable these devices using these mobile o.s. are to security issues. Cell phones, tablets, laptops, small tower home systems, and the ubiquitous small servers used by businesses--all are vulnerable to security attacks. I pay for security software on all my personal devices but I know they only make my devices slightly securer, not impregnable.
The growth in hackers is based on the prevalent usage today of hackable digital systems and hardware.
7
If you think mainframe operating systems are even a smidgen more secure than Windows, you are nuts. The only difference is scale. Attackers are going to go after what 95+% of accessible computers are running. If any of those mainframe platforms became main stream you would see just how vulnerable they are. You can't even measure security without exposure. The idea that somehow the developers of those operating systems somehow magically created less holes than the whole rest of the software developing world is insane.
Spookily, just this morning I saw an unfamiliar sender in my gmail inbox telling me that I might find the attached link "interesting." Deleted it without a second thought. Even if I do recognize the name, if the message is something that doesn't sound like the person's usual style or subject matter, I'll delete it automatically. People's address books can be hacked. Everyone should get into the habit of being reflexively suspicious of emais.
18
Every day, trillions of dollars travel between and among banks over the internet. End-to-end encryption makes to those transactions secure: the only way, so far, to break 256 key encryption is to compromise the human on either end of it--get him/her to click on the wrong e-mail.
So when we want things to be secure, they are. These hospitals probably just assumed that no one (or at least no one with sufficient capabilities) wanted to break into their systems. Live and learn.
So when we want things to be secure, they are. These hospitals probably just assumed that no one (or at least no one with sufficient capabilities) wanted to break into their systems. Live and learn.
3
The security encryption keys keep getting longer and longer because eventually a way around them is found by determined hackers. I am willing to bet that the current encryption key length will be hacked if it has not been already.
1
The world thanks the NSA for bringing on this disaster.
8
They did no such thing...they may have identified some weaknesses in Window, which Microsoft addressed, but the NSA didn't create or use this ransom ware.
5
We should ferret out the idiots that sold us on electronic medical records and hang them. We may need lots of rope. This system has cost us in efficiency and privacy and has compromised outcomes. It has only helped hospital billing departments and bean counting bureaucrats while enabling cyber attacks such as this. Paper and pen anyone?
11
Electronic Medical Records were part of the American Recovery and Reinvestment Act fostered by Barack Obama. The idea was and is still good. However, the abrupt need to shift to electronic records did cause a wave of retirements of Doctors and Dentists.
The meltdown in England was entirely predictable and predicted. Years before the deadline to sunset Windows XP, the NHS was not migrating to the then available Windows 7. Many of their applications were built on Internet Explorer 6 meaning they could not upgrade until the applications were. I watched for years as warning after warning was issued and how "at risk" the NHS was. I'm actually surprised it took this long for them to be hit.
The solution, nothing easy, just good old solid IT work. Our campus has a massive infrastructure to analyze incoming e-mails sift out spam, malicious code and malicious urls. The largest e-mail providers do similarly, to protect users and because spam costs them money.
IT is almost never the "core" of a business and almost always loses out when funding becomes tight. Continued changes (pads, smartphones, wireless) mean new capabilities, but also new routes for compromises. Issues will continue until computing settles down (driver-less cars anyone).
The meltdown in England was entirely predictable and predicted. Years before the deadline to sunset Windows XP, the NHS was not migrating to the then available Windows 7. Many of their applications were built on Internet Explorer 6 meaning they could not upgrade until the applications were. I watched for years as warning after warning was issued and how "at risk" the NHS was. I'm actually surprised it took this long for them to be hit.
The solution, nothing easy, just good old solid IT work. Our campus has a massive infrastructure to analyze incoming e-mails sift out spam, malicious code and malicious urls. The largest e-mail providers do similarly, to protect users and because spam costs them money.
IT is almost never the "core" of a business and almost always loses out when funding becomes tight. Continued changes (pads, smartphones, wireless) mean new capabilities, but also new routes for compromises. Issues will continue until computing settles down (driver-less cars anyone).
1
And these amateurs are asking for back doors in OSes. Thank you Apple for standing your - aeh, my ground.
7
last time Trump was in serious trouble - the groping tape - Podesta's emails were released. events are once again spinning out of control for him and this happens. is there any way to verify the Russian computers were really targeted? that seems like a potential cover story if this is another attempt by Russia to distract people from Trump's problems.
7
There are plenty of Putin's enemies inside Russia, so that is not a clue.
I get over 200 emails a day from people I don't know which my AVG picks up and isolates. On top of that I automatically erase all emails which ask me to click on a link.
I also erase all emails from those who want to sell me something.
It is just common sense when you see the same badly spelt emails coming in on five different email accounts from ten or so different spam names. If I accidentally erase a good email I figure the sender will phone me if it is important.
Even this does not seem to kill off all the trojans and I had to shut down my elearning site before I had even set up the content because a hacker got into the domain and used it for phishing.
What sad and lonely lies these people must lead if all they have is a life of destroying thevhard work of others.
I also erase all emails from those who want to sell me something.
It is just common sense when you see the same badly spelt emails coming in on five different email accounts from ten or so different spam names. If I accidentally erase a good email I figure the sender will phone me if it is important.
Even this does not seem to kill off all the trojans and I had to shut down my elearning site before I had even set up the content because a hacker got into the domain and used it for phishing.
What sad and lonely lies these people must lead if all they have is a life of destroying thevhard work of others.
19
These latest cyber attacks underscore four important points:
1. Any weapon that you develop or procure *will* eventually be turned against you. The "ultimate" weapon will lead to our ultimate demise.
2. Technological advances are outpacing ethical advances. Technology will continue to advance, so we'd better spend serious time understanding the ethics and responsibilities around the amazing stuff we are creating. It's about far more than money.
3. US legislators and much of the electorate are mostly illiterate in terms of technology. This is not the time to disparage "science" in favor of religion, nor to short-change public education in either humanities or science.
4. The Internet must be developed, regulated, and protected as critical infrastructure. It must not be up for private grab by the highest bidder.
1. Any weapon that you develop or procure *will* eventually be turned against you. The "ultimate" weapon will lead to our ultimate demise.
2. Technological advances are outpacing ethical advances. Technology will continue to advance, so we'd better spend serious time understanding the ethics and responsibilities around the amazing stuff we are creating. It's about far more than money.
3. US legislators and much of the electorate are mostly illiterate in terms of technology. This is not the time to disparage "science" in favor of religion, nor to short-change public education in either humanities or science.
4. The Internet must be developed, regulated, and protected as critical infrastructure. It must not be up for private grab by the highest bidder.
22
Scott, you make excellent points, especially as to #1. As societies, it is not in our broad interest to weaponize to the nth degree. Yet because it usually IS in the narrow interest of a politician, or group of politicians, or military contractor, to develop and procure ever-advancing weaponry, this is exactly what happens. Such "logic" may yet lead to the erasure of human life.
Oh sure, more government is the solution...hehehe, you couldn't make this stuff up.
1
Considering the damage done and the foreseeable cost in lives this is truly and act of evil by evil people. What is worse a whole nation can be made to live with the product of this evil for 4 long years even after the hackers are unmasked as they have so obviously been in the case of our government being held for ransom which it clearly is.
1
OK, so, when do you want to have your own personal, non-internet doctor's records in your own possession?
If you don't have a copy of all your own medical records, then you be a bit foolish.
Better to have your own hard copy in your home safe and sound, than rely on anyone to keep your vital data safe or simply on hand.
There are a LOT of very silly people who say "but that's the doctor's information, not mine." Nope. It's yours. About you. Get your copies today.
If you don't have a copy of all your own medical records, then you be a bit foolish.
Better to have your own hard copy in your home safe and sound, than rely on anyone to keep your vital data safe or simply on hand.
There are a LOT of very silly people who say "but that's the doctor's information, not mine." Nope. It's yours. About you. Get your copies today.
8
The medical record is the Doctor's intellectual creation and his property, not yours.
Yes,you are entitled to a copy .
If its handwritten ( and thus secure), that's what you get
Yes,you are entitled to a copy .
If its handwritten ( and thus secure), that's what you get
2
wilfred
What you say is true in fewer than 19 states, and even there the majority of records belong to a medical center or the hospital in which they are produced.
Normally you'd think that was a bad thing, but these big guys are sensitive to bad PR and lawsuits, so any patient anywhere should exert maximum pressure to get complete, timely, legible records.
The real problem is that they shouldn't have to exert any pressure at all. Sadly, only New Hampshire agrees.
What you say is true in fewer than 19 states, and even there the majority of records belong to a medical center or the hospital in which they are produced.
Normally you'd think that was a bad thing, but these big guys are sensitive to bad PR and lawsuits, so any patient anywhere should exert maximum pressure to get complete, timely, legible records.
The real problem is that they shouldn't have to exert any pressure at all. Sadly, only New Hampshire agrees.
The Internet is a privilege.
Meanwhile, Attorney General Sessions is more concerned about illegal drug use and going after addicts and small time dealers. Fill up the federal prison system with more users who tend to be poor and people of color. I don't think the AG has given cyber security a thought because he seems to be living in a time before the internet and personal computers.
And our Dear Leader, President Trump, probably won't take the threat seriously until his personal phone is hacked. The political problem of massive computer hacks is that our own political hacks have no interest in addressing the risk in a serious way. It's easier and way more thrilling to rile up the masses at campaign rallies to the tune of "lock her up."
And our Dear Leader, President Trump, probably won't take the threat seriously until his personal phone is hacked. The political problem of massive computer hacks is that our own political hacks have no interest in addressing the risk in a serious way. It's easier and way more thrilling to rile up the masses at campaign rallies to the tune of "lock her up."
4
So...AG Sessions is the only employee at the DOJ? He cannot possibly have people working for him who specialize in cyber crime, and God forbid he pick a particular type of crime he wants to fight? Personally, I disagree with AG Sessions on the issue of pot and jailing people because of it, but I don't think that automatically means that he's not going to take cyber crime seriously. The problems with cyber crime have been going on since the beginning (after all, it was a government agency that developed the web--DARPA) long before Trump came on the scene.
1
Wasn't there an WH announcement about better handling of federal level IT just yesterday? This can't be blamed on Trump.
1
The NSA knew there was a vulnerability. Instead of reporting that to Microsoft they preferred to leave it open so they (and everyone else) could exploit it. I'm not american but I wonder if the american people is well served but such a "Security" agency.
9
Maddening. Too many connected dots? Trump goes bonkers over FBI Director Comey Monday. Comey gets fired Tuesday. Trump meets Russian diplomats and the Soviet press alone in the Oval Office Wednesday. The acting FBI Director meets with the Senate about the Russians the FBI Thursday. And today, Friday: the NSA's networks are breached, and dozens of countries are under an Internet attack.
Is this just a baaaaaaaaad week?
Is this just a baaaaaaaaad week?
The world chose this unsecured technology(TCP/IP & x86) in mid 90's over mainframe's and token ring. Get what you paid for.
6
The operating system was exploited, which has no relation to neither the protocol nor the instruction set you've mentioned, I fail to see the correlation you're attempting to make.
4
I don't know enough to agree or not with your central point, but it's incredibly simplistic to conflate the people who may have made these bad decisions, and the people who are now suffering, into simply 'the world'. It's also very easy to say people made the wrong decision in hindsight.
I would say there are plenty of people who could be blamed that are much more directly responsible for this series of attacks, not least the hackers, those who stole the NSA tools, and the NSA even. If you want to make a wider critique about the computer industry, fine, but don't imply what is happening to innocent victims is in some way deserved.
I would say there are plenty of people who could be blamed that are much more directly responsible for this series of attacks, not least the hackers, those who stole the NSA tools, and the NSA even. If you want to make a wider critique about the computer industry, fine, but don't imply what is happening to innocent victims is in some way deserved.
2
Ransomware attacked my personal computer a few weeks ago. I thought I was safe because I regularly used my two backup systems: (1) an external hard drive and (2) a USB flash drive. Only problem was that since they were both plugged into my computer, they too were infected by the ransomware. These systems were vulnerable because they were as "visible" to my attackers as my C drive. Now I only plug them in when I am actually doing a back-up. A lesson I learned the hard way.
26
Protecting the info isn't being done because these organizations don't want to spend the money. Also, how about using mainframes? Oh yes, don't want to spend the money. If you get hacked you are responsible.
6
The NSA should be legally responsible for the damages done by failing to safeguard their dangerous tool, failing to put in checks to guarantee it wouldn't be misused and failing to inform the potential targets of exploitable weakness in their systems. This is a natural outgrowth of the incompetence and secrecy of the NSA.
5
No. It's not. It's the result of nefarious individuals and organizations that would steal data from the US government and use it to harm others and sow discord.
1
The headline is misleading.
What was used was information from the NSA that indicated that a specific vulnerability existed in Windows. Microsoft issued a patch to fix that vulnerability.
Those computer users who obtained the patch and installed it should be fine. Those who did not, which can include corporate systems of many (hundreds or thousands) of computers that are not updated regularly could be vulnerable.
NSA did not write the malware that is being used.
What was used was information from the NSA that indicated that a specific vulnerability existed in Windows. Microsoft issued a patch to fix that vulnerability.
Those computer users who obtained the patch and installed it should be fine. Those who did not, which can include corporate systems of many (hundreds or thousands) of computers that are not updated regularly could be vulnerable.
NSA did not write the malware that is being used.
26
No, they didn't write the malware, but the vulnerability was publicly revealed because of the NSA's poor security. Countless secrets have been revealed because this unwieldy agency can't seem to get much right. How many times has the TSA been found wanting, for instance.
8
Microsoft Windows and email are 2 technologies that need to be retired from use anywhere security is important. Sounds like a big ask, but completely doable today if the motivation were there.
Over 30 mentions of the word "attack". Sensationalize much? It was spam mail with dodgy attachments, a daily occurrence across the world in the millions, most of which never gets through but some occasionally does, especially with willfully clueless people working on government time and nothing to lose.
As long as cyber reporters crave at least as much attention as "hackers", we'll continue to get these mostly non-reports, stretched to the maximum with scary-sounding mumbo-jumbo and generous corporate name/buzzword-dropping.
Sorry, but there's very little to this story. Next time, try harder.
As long as cyber reporters crave at least as much attention as "hackers", we'll continue to get these mostly non-reports, stretched to the maximum with scary-sounding mumbo-jumbo and generous corporate name/buzzword-dropping.
Sorry, but there's very little to this story. Next time, try harder.
9
Nice try, but this was a coordinated effort that hit multiple locations at the same time with the same malware, not the ongoing struggle around the world with a wide variety of malware, hacking, viruses and the like. It is by definition an attack when something of this magnitude hits this widely at once, or maybe you merely skimmed the story, looking for ammunition rather than content. Next time, try harder.
5
Sorry, but this is far from a non-event if hospitals and other institutions are affected.
4
Microsoft issues updates for a reason. Some may be critical. System need to be kept updated.
10
The internet is the absolute worst plague ever visited upon the planet and certainly upon humankind.
Yet we continue to worship at the alter of Silicon Valley and all this nonsense they create. They are certainly in a self-perpetuating industry -- creating chaos on a scale never before seen and then claiming they will fix it for a fee. Every government around the globe, every industry around the globe and every individual around the globe is caught in the strangle-hold of Silicon Valley.
And yet these creators of a world without time and space are universally bowed down to as gods and this hideous technology continues to be promoted as some sort of saving grace for mankind and the planet. Without space and time there is nothing but imminent catastrophic danger and chaos.
Yet we continue to worship at the alter of Silicon Valley and all this nonsense they create. They are certainly in a self-perpetuating industry -- creating chaos on a scale never before seen and then claiming they will fix it for a fee. Every government around the globe, every industry around the globe and every individual around the globe is caught in the strangle-hold of Silicon Valley.
And yet these creators of a world without time and space are universally bowed down to as gods and this hideous technology continues to be promoted as some sort of saving grace for mankind and the planet. Without space and time there is nothing but imminent catastrophic danger and chaos.
4
No one in Silicon Valley is demanding a ransom. More likely than not, these hackers are operating from Russia or a third-world country.
If you want to blame Silicon Valley, blame them for creating systems that can't be easily protected.
If you want to blame Silicon Valley, blame them for creating systems that can't be easily protected.
Without Silicon Valley you would not be reading about it online. And you would not even know about it until the paper hits the front porch.
For sure, you would not be broadcasting your gripe for the world to see.
For sure, you would not be broadcasting your gripe for the world to see.
1
Couldn't you apply this tirade to just about everything that rolls off the hands of man?
1
The NSA may be doing more harm than good. The agency is too large and cumbersome to have tight security, in my opinion. The more people involved, the harder it is to keep secrets. The agency employees number somewhere north of 30,000.
6
But wait, all bureaucrats and bureaucracies, especially federal ones, are good, wise, always essential and never wasteful or overstaffed. We learn this any time the slightest hint of any reduction or staffing is put forth.
2
Hunt down the hackers and force them to watch hours and hours of Internet cat videos for the rest of their lives (the hackers, not the cats.)
5
My parents got attacked by one of these ransom malwares and called not only the police but the computer science teacher at the local high school, who unlocked their computer and saved them from having to pay a few hundred dollars (they paid him fifty bucks and gave him a bottle of wine). Just a little advice for anyone who gets struck. Don't despair -- and better to pay an IT teacher than a hacker.
8
So the NSA found 0-day vulnerabilities and chose to exploit them instead of patching the holes, leaving netizens worldwide open to attack. All in the name of surveillance and keeping us "safe" from threats. What did the NSA expect would happen when these exploits get leaked? We can only hope that they help clean up the mess they made without adding more backdoors to an already disastrous problem.
2
I couldn't possibly care less about this story right when our country is deep in the throes of a constitutional crisis caused by a president flagrantly mocking the rule of law, the separation of powers, and so many other foundations of our democracy. Our house is burning down to the ground, and you guys are worried about little Johnny's car crash after he stole the car keys from dad!
4
There really is no security or privacy on the internet. It is as simple as that. There is no "alternative fact."
I understand why most people refuse to accept that the bad guys are as smart as and, arguably, more motivated than the good guys. What I don't understand is why our intelligence agencies and military don't get it, why they aren't working to disentangle American dependence on the internet. Bureaucratic inertia? Incompetence? What?
Any technology developed always has been and always will be used for nefarious purposes whether war, blackmail, or other. However, such can only succeed to the extent there are available targets for the particular technology. As has become clear from guerrilla wars, bombing will not subdue a dispersed enemy: good strategy "defeats" technology. 9/11 again demonstrated the effectiveness of a "creative" strategy in an asymmetric "conflict."
To prevent even more catastrophic effects than the current, life-threatening ransomware attacks, it is necessary to disconnect infrastructure and security functions from the internet. One does not even have to imagine an attack on our air control network, our electric grid, or military communications. Just imagine attacks at the consumer level: self-driving cars become common and they are all suddenly disabled, or drones are hacked to crash into targets, or you can't access your "money" that is not physical.
When an F-35 is remotely commandeered, how will it be stopped, if the enemy is not a nation?
I understand why most people refuse to accept that the bad guys are as smart as and, arguably, more motivated than the good guys. What I don't understand is why our intelligence agencies and military don't get it, why they aren't working to disentangle American dependence on the internet. Bureaucratic inertia? Incompetence? What?
Any technology developed always has been and always will be used for nefarious purposes whether war, blackmail, or other. However, such can only succeed to the extent there are available targets for the particular technology. As has become clear from guerrilla wars, bombing will not subdue a dispersed enemy: good strategy "defeats" technology. 9/11 again demonstrated the effectiveness of a "creative" strategy in an asymmetric "conflict."
To prevent even more catastrophic effects than the current, life-threatening ransomware attacks, it is necessary to disconnect infrastructure and security functions from the internet. One does not even have to imagine an attack on our air control network, our electric grid, or military communications. Just imagine attacks at the consumer level: self-driving cars become common and they are all suddenly disabled, or drones are hacked to crash into targets, or you can't access your "money" that is not physical.
When an F-35 is remotely commandeered, how will it be stopped, if the enemy is not a nation?
4
The hack is an attempt by the Russians to interrupt the news cycle and put brakes on the Trump Russian story. The NSA angle is key. The Russians probably have Trump on tape asking for "help with the Press" during their closed meeting this week. A Russian fighter jet also buzzed a Navy plane over the Black Sea today, but the story died after trending briefly on Fox News.
7
What is bitcoins responsibility. In all this?
1
Bitcoin is a unique digital blockchain currency authenticated by mutually distrusted parties. It is like blaming gold for a cowboy western bank heist. To further clarify, Bitcoin is not a company like PayPal where some CEO founder lunatic makes billions skimming off of transactions - it's just a currency (actually a commodity used as currency). The question you want to ask is what digital exchanges / gateways are the criminals using to receive Bitcoin from their victims.
1
I also wanted to ask, can't bitcoin or digital exchanges/gateways who profit off illegal acts be held accountable.
If I sabotaged the electrical power to a hospital and people died as a result, my reckless indifference to human life would make me guilty of murder. What's the difference between turning off the power or rendering the hospital's computer systems unusable if death is the same foreseeable outcome?
If there is any loss of life anywhere as a direct consequence from this computer attack, then the perpetrators, should they be apprehended, deserve to be indicted on charges of murder.
If there is any loss of life anywhere as a direct consequence from this computer attack, then the perpetrators, should they be apprehended, deserve to be indicted on charges of murder.
6
Agreed, but finding the perpetrators is not going to be easy.
2
"the perpetrators, should they be apprehended, deserve to be indicted on charges of murder."
And when convicted they should be executed in the cruelest manner possible. Burned at the stake and thrown to a pack of hungry wolves comes to mind.
And when convicted they should be executed in the cruelest manner possible. Burned at the stake and thrown to a pack of hungry wolves comes to mind.
1
This is what happens when the NSA keeps quiet about a vulnerability in Microsoft's software instead of telling them about it. They use it to spy on people and now we are reaping what they sowed.
The Internet could be made virtually hackproof if it weren't for the objections of the various national spy agencies that want to break into people's data.
The Internet could be made virtually hackproof if it weren't for the objections of the various national spy agencies that want to break into people's data.
3
That doesn't appear to be what happened because Microsoft has patched this. But I.T. departments didn't force their users to update. My computers at work consistently tell me there's a Windows update. I'm not forced to run it, but my computer becomes very slow until I do. People don't want to run it because large updates can take several hours. But almost all the updates are purely security updates so people are foolish when they don't. I usually run then when I'm ready to leave for the day.
If I'm correct, then IMO, every I.T. administrator who ignored the update should be fired. It's like a police officer ignoring a crime.
If I'm correct, then IMO, every I.T. administrator who ignored the update should be fired. It's like a police officer ignoring a crime.
you can bet a lot of time elapsed between NSA discovering the exploit and Microsoft deciding to create a patch.
This type of attack relies on the vulnerability of people in order to succeed.
As such it is an expression of survival of the fittest. For DECADES people have been told not to open suspicious emails or attachments. And yet, thousands upon thousands did exactly that, and helped take down a multitude of businesses and medical facilities, among others.
For DECADES consumers, businesses, and governments have been warned about the threats, and many of them have suffered multiple attacks because they refuse to do what is necessary to protect themselves and their customers or partners.
I know, because I am a victim, through no fault of my own, of a successful attack on the Office of Personnel Management, which resulted in the theft of millions of civilian employees' personal information, and that of their friends, loved ones, and associates. I am still waiting to see how I and others who know me will be impacted. Someone out there has our information.
The complete incompetence of organizations and their employees to fend off an attack that relies on that very incompetence for its success is beyond belief. They are the reason we're all in these situations.
Life is tough, and it's tougher when you're stupid. We are at the mercy of the stupid.
As such it is an expression of survival of the fittest. For DECADES people have been told not to open suspicious emails or attachments. And yet, thousands upon thousands did exactly that, and helped take down a multitude of businesses and medical facilities, among others.
For DECADES consumers, businesses, and governments have been warned about the threats, and many of them have suffered multiple attacks because they refuse to do what is necessary to protect themselves and their customers or partners.
I know, because I am a victim, through no fault of my own, of a successful attack on the Office of Personnel Management, which resulted in the theft of millions of civilian employees' personal information, and that of their friends, loved ones, and associates. I am still waiting to see how I and others who know me will be impacted. Someone out there has our information.
The complete incompetence of organizations and their employees to fend off an attack that relies on that very incompetence for its success is beyond belief. They are the reason we're all in these situations.
Life is tough, and it's tougher when you're stupid. We are at the mercy of the stupid.
2
This wouldn't be a crisis or interrupt the delivery of care if patients had control of their medical records as they do with MedKaz®. (see medkaz.com)
They'd simply give their MedKaz to their doctors and their doctors could treat them as usual without missing a beat. In fact, it would even be better than with the NHS record system because MedKaz contains all their records from all their providers in any format. So with MedKaz their doctors could coordinate their care and avoid costly medical errors, unnecessary visits, tests, procedures and hospital admissions. Everyone would benefit!
They'd simply give their MedKaz to their doctors and their doctors could treat them as usual without missing a beat. In fact, it would even be better than with the NHS record system because MedKaz contains all their records from all their providers in any format. So with MedKaz their doctors could coordinate their care and avoid costly medical errors, unnecessary visits, tests, procedures and hospital admissions. Everyone would benefit!
4
As if we need it, but perhaps this will serve as yet another warning to people to stop buying and using ever more internet connected systems. Do you really, really need to control your thermostat or lights from your smart phone, or have your refrigerator reach out to the supermarket or have an Alexa-like device in your home listening to your life and being connected to the web? I don't mean to sound like a Luddite but some of these are just solutions in search of problems which only make us more vulnerable.
9
It seems reasonable to assume that the NSA has the most secure computer system in the world, at least in the US, yet it got hacked and software got stolen. Howcome no Trump-hater hasn't stolen his tax returns from the IRS and distributed them? It doesn't make sense. Surely the IRS system is not more secure than the NSA. Does the IRS use only paper files? It can't be.
2
The NSA has nowhere near the most secure system in the world. Their infrastructure was built by contractors with the lowest bid
2
I don't think it was that the NSA was hacked. It was a contracted worker who physically stole files from the NSA. The federal government seems to have a problem with contracted workers who are allowed access to sensitive information. Happened with TSA also.
4
The timing of this folks, the timing, the timing! Every time Trump is about to get overwhelmed by a scandal, a countermeasure occurs. Think about it.
What happened to North Korea?
What happened to Syria?
What happened to Obama wiretap?
They were distractions, just like this.
What happened to North Korea?
What happened to Syria?
What happened to Obama wiretap?
They were distractions, just like this.
10
Agree - the timing is very suspicious.
Have to have something to distract from the implications of Comey's firing - and the healthcare debacle.
Have to have something to distract from the implications of Comey's firing - and the healthcare debacle.
2
I guess conspiracy theory and tinfoil hats are the new hotness of the Left. What's next? Chemtrails?
9
Pot, meet kettle. Tell your therapist you need to talk about projection. Can you even distinguish reality from Alex Jones, Rush Limbaugh, Roger Stone, Steve Bannon anymore?
1
If, as commenter Langelotti writes here, this attack was enabled by the "treasure trove of data everyone's hero, Ed Snowden, took from the NSA and gave to his Chinese and Russian buddies" - which seems likely - then Snowden is an accomplice to acts of terrorism, war, and attempted or actual murder.
4
The US needs to create a new branch of the military called Cyber Warfare with the mission of protecting the information technology infrastructure of this country and to go after hackers that try to harm us in this regard. We can't have and sustain different areas of government each with their own Cyber Warfare groups. This needs to be a single department that coordinates, advises, and executes defensive and offensive cyber warfare operations.
94
Couldn't agree more. At least the CIA did create The Directorate of Digital Innovation (DDI) to focus more on these types of issues.
2
What you propose would not be a DoD mission; homeland IT infrastructure security is the responsibility of DHS.
2
Actually, we already have one, the United States Cyber Command. You can read more about that here: https://goo.gl/xQznsb There is also the Arizona Cyber Warfare Range. http://azcwr.org/
That said, I believe there is a fundamental problem that stems from generational differences. As long as old, white men who grew up seeing gunboat diplomacy resolve geopolitical issues are in decision-making positions, the upgrades and improvements to our cyber security will remain chronically underserved.
As a product of my generation, I would much rather spend money on installing private inter/intranet systems for public utilities and other measures than an F35 or another tank. In an era when war is waged by making American citizens self-radicalize and carry out attacks on domestic soil the traditional tools of warfare (and even drones) will become increasingly futile.
That said, I believe there is a fundamental problem that stems from generational differences. As long as old, white men who grew up seeing gunboat diplomacy resolve geopolitical issues are in decision-making positions, the upgrades and improvements to our cyber security will remain chronically underserved.
As a product of my generation, I would much rather spend money on installing private inter/intranet systems for public utilities and other measures than an F35 or another tank. In an era when war is waged by making American citizens self-radicalize and carry out attacks on domestic soil the traditional tools of warfare (and even drones) will become increasingly futile.
3
All doctors' offices are not mandated to go electronically. Only those accepting Medicare and other government plans.
Our office is all paper and invulnerable to any such attacks. We have no plans to change over.
The others who go electronic are vulnerable.
Our office is all paper and invulnerable to any such attacks. We have no plans to change over.
The others who go electronic are vulnerable.
7
You do realise the vast majority of health care in the U.K. is provided by the government
1
Yours is vulnerable to old fashioned fire, flood and other old time disasters.
2
Here's hoping the 'ShadowBrokers' target a certain someones Twitter account & the ransom request's resignation as restitution.
14
Hope the hackers read this!!!!
2
When are businesses going to take long known defenses against internet attacks. Backup all business files daily and store backups offline daily. Isolate employee business and control systems from internet facing systems. Segregate email systems from all other business systems and files. Make sure critical business systems are not shared across all employee PCs and are separate and segregated. Sure it makes things less convenient, but since when is employee convenience the most important thing.
9
What Tom K says: "back up all business files and store backups offline... isolate business and control systems from internet-facing systems". There are basic policies and processes that protect folks. This is my business, how I earn my living. If people followed standard, common-sense processes, I would have to find something else to do....
5
It should be noted that the NSA has known about this vulnerability for at least five years. Most likely the British GCHQ knew as well. They chose to use it offensively, rather than alert Microsoft to get the issue fixed.
NSA leads the world in development and use of cyberweapons. They have been shown to be incapable of securing those weapons. This is the result.
NSA leads the world in development and use of cyberweapons. They have been shown to be incapable of securing those weapons. This is the result.
5
Malware attacks via e-mail are nothing new. But they are increasing and becoming more visious, and they're not going away anytime soon. Organizations need to invest top dollar in education and client security, no matter how trivial or consuming it may seem to them.
41
There is an alternative technology available that can avoid a lot of these issues. Basically, with this alternative technology, information is encoded with ink onto a thin pressure sensitive substrate created by pressing together moist fibres of cellulose pulp. It's cheap, easily produced,—and when stored properly—can last hundreds of years.
True, it is not as easily transportable as digital communication, but as the internet evolves into a hopeless den of iniquity and thievery we might find ourselves reverting back to ye olde harde copy for our most precious information.
Plus, they're great for crumpling into balls and throwing into wastebaskets behind your back. Can't do that with with zeros and ones.
True, it is not as easily transportable as digital communication, but as the internet evolves into a hopeless den of iniquity and thievery we might find ourselves reverting back to ye olde harde copy for our most precious information.
Plus, they're great for crumpling into balls and throwing into wastebaskets behind your back. Can't do that with with zeros and ones.
7
I've always said, if paper were invented after the personal computer, the inventor would be richer than Bill Gates.
1
You also cannot search it digitally.
3
How much paper did you want to keep around? soggy when wet, fuel for the fire. There's no going back, Mr. Luddite. Forward to the future.
To the hackers. The movie 'V' has its place. Not disagreeing but after blowing up Parliament buildings potable water is not going to be any cleaner with you in charge.
You just know how to break structures down.
You just know how to break structures down.
4
the malware that has crippled the healthcare and hospitals has finally been identified -
It's known as Obamaware...
It's known as Obamaware...
10
"When employees at victim organizations clicked on the attachments, they inadvertently downloaded the ransomware onto their systems" - well, maybe some common sense and some basic training like do not open e-mail you did not expect and especially attachments from unknown sources would help?
I am an IT guy with 30 years of experience and unfortunately nothing has changed. Only the payload distribution is easier - instead of floppies attacker uses e-mail - and damage is higher, plus now you can collect a ransom. A ransom is now a price to pay for being careless and be practically computer illiterate.
I am an IT guy with 30 years of experience and unfortunately nothing has changed. Only the payload distribution is easier - instead of floppies attacker uses e-mail - and damage is higher, plus now you can collect a ransom. A ransom is now a price to pay for being careless and be practically computer illiterate.
122
30 years of experience but you didn't come up with a front-end solution that makes it easy for the lay user to avoid these kinds of attacks. Don't be so quick to blame others.
6
Actually I did (and many others found mechanisms to avoid such attacks), but it does not matter. There are safety belts in the car and airbags. People kill themselves still driving drunk for example. I wonder how many ransomware attacks happened via GMail and how many via internal mail servers managed by inexperienced administrators. Gmail has na excellent antispam and virus protection. Still nothing is 100% bulletproof.
Sometimes just a little training helps. In IT jargon it's called RTFM :D
I blame IT guys as much as end users. But not every end-user who got such e-mail got infected, do you agree? ;)
Sometimes just a little training helps. In IT jargon it's called RTFM :D
I blame IT guys as much as end users. But not every end-user who got such e-mail got infected, do you agree? ;)
2
I've had almost 50 years in the business, but sadly there's not much of a front-end solution for the lay user--unless maybe it comes from their email provider (i.e., gmail, yahoo, comcast...) who can and do! do alot to keep trash out of your inbox.
Unfortunately, the best protection is to be suspicious--which is a very sad statement to make--but it IS today's reality. A few tips, tho: always note the sender's address--is it familiar or is it wierd or very long? NEVER open an attachment until you are comfortable that you know why you received it. Always be suspicious of something offered for free.
As a matter of fact, I have received suspicious emails from friends; my response was to email or call them to verify that they sent the email. EVERY TIME I WAS SUSPICIOUS, IT TURNED OUT I WAS RIGHT TO BE!
It never hurts to verify. Sadly, today's world requires us to be wary and suspicious.
Unfortunately, the best protection is to be suspicious--which is a very sad statement to make--but it IS today's reality. A few tips, tho: always note the sender's address--is it familiar or is it wierd or very long? NEVER open an attachment until you are comfortable that you know why you received it. Always be suspicious of something offered for free.
As a matter of fact, I have received suspicious emails from friends; my response was to email or call them to verify that they sent the email. EVERY TIME I WAS SUSPICIOUS, IT TURNED OUT I WAS RIGHT TO BE!
It never hurts to verify. Sadly, today's world requires us to be wary and suspicious.
6
The NSA needs to start focusing more on making our software LESS vulnerable to attacks than trying to exploit it to attack. If they spent half as much money on helping Microsoft and others CLOSE security holes as they do on exploiting and hiding ones that exist, this sort of stuff would happen with a lot less frequency.
4
helping Microsoft? They need help why? They probably are more tech knowledgeable than NSA and most certainly have more cash.
4
The national security agency does not exist for the security of the people, but rather for the security of the government and the status quo. They do not want to close the security holes they find, but rather open them and see what's inside.
3
The NSA was not created to help wealthy private corporations fix their products...as their name implies they have other issues to address.
1
Many have said that these attacks are similar to warfare. Given that is true, the answer follows that attackers must be treated as enemy combatants - they should be tracked down and killed. Raise the price of malevolence and it will subside.
3
By the way, Portugal´s telecommunications company known as PT, was also affected. Not only Spain´s Telefonica!!
Mario Abreu, Lisbon, Portugal
Mario Abreu, Lisbon, Portugal
3
Interestingly, you had to click to open an email attachment for the ransonware to download. What prompted personnel at hospitals to open the attachment? What did the email look like? That is the kind of information that should be reported so other businesses do not repeat the mistakes.
21
People do stupid things all the time, like making "password" their password. Incredible.
7
Better than stolen nuclear secrets. Is that next?
4
And the big scandal of the 2016 Presidential campaign was Hillary Clinton's use of a Private e-mail server???!!!. As far as we know Hillary's email server was never hacked. Maybe the NSA would have been safer if it too used a private server.
14
@RLW,
The honest Comey himself said that there's a high probability that server was hacked.
And as Yates said - "susceptible to blackmail"
The honest Comey himself said that there's a high probability that server was hacked.
And as Yates said - "susceptible to blackmail"
5
I've been thinking along these lines for a while now. Maybe she was onto something with the private server.
Question: Americans don't hack?
4
Sounds like NSA security protocols are inadequate
6
Give Trump some credit. Maybe this is why he distrusts "digital stuff" and prefers steam.
More seriously, just because Russian sites were targeted doesn't mean the attacks themselves didn't originate inside Mother Russia. It just means Russian hackers and their Kremlin overseers are getting better at covering their tracks.
More seriously, just because Russian sites were targeted doesn't mean the attacks themselves didn't originate inside Mother Russia. It just means Russian hackers and their Kremlin overseers are getting better at covering their tracks.
6
History will probably teach us that this event was another Trump distraction foisted upon the world to help us disregard his true identity as a corrupt dictator.
12
I think that we have to consider that we have no effective international governing organization which can make everyone behave well and not to do harm to others. Thus we need to make our local computer systems extremely hard to access by those who have no legitimate access, which means both software and hardware encryption systems that makes access by anyone discouragingly difficult. The demands by counterintelligence agencies to provide easy access to all machines has to be considered in the context in which it allows hackers who are not controlled by these agencies to also have easy access. There is no super security institution which can control access via the internet, and there likely won't be one in the foreseeable future, so individual entities, public and private must secure their own systems as best as they can.
4
Has technology made any of our systems better? Have healthcare costs gone down? Do we have more control over our own medical data? How about our finances---are we now supremely competent financial planners as we wade through the mine field of retirement planning? How about the electric grid----anybody think we pay less now that technology has made everything more efficient? Those of us who remember how to make change for a customer or balance our checkbook or speak to people may not be as freaked out by the possibility that it all comes crashing down one day. I'm actually far more concerned about the reactions of an incompetent general populace in such a case.
8
- Has technology made any of our systems better?: Yes
- Have healthcare costs gone down?: No. You see, healthcare has gotten MUCH better since the pen and paper days. Unfortunately, it is rather impossible to improve the quality of healthcare while simultaneously making it cheaper.
- Do we have more control over our own medical data?: Yes, we do. Have you ever tracked your insulin? Or your steps? Or your sleep? Maybe your calories? Not only has technology made it easier to track our health, but it has made backing up the data we collect instant. Or do you just complain about the new technology that comes out without ever actually trying it?
- Are we now supremely competent financial planners as we wade through the mine field of retirement planning?: No. I don't understand how you think that the storage of information digitally will suddenly make everyone financially literate. The two are loosely related, at best.
- How about the electric grid----anybody think we pay less now that technology has made everything more efficient?: No. I do not believe you understand that the United States electric grid is controlled almost entirely by local governments, who are the sole holders of rate setting authority. So despite the fact that technology has made it cheaper and more efficient, prices will still go up if the government thinks they can charge more with impunity.
I don't understand how you equate technological literacy with general incompetence - they are opposites.
- Have healthcare costs gone down?: No. You see, healthcare has gotten MUCH better since the pen and paper days. Unfortunately, it is rather impossible to improve the quality of healthcare while simultaneously making it cheaper.
- Do we have more control over our own medical data?: Yes, we do. Have you ever tracked your insulin? Or your steps? Or your sleep? Maybe your calories? Not only has technology made it easier to track our health, but it has made backing up the data we collect instant. Or do you just complain about the new technology that comes out without ever actually trying it?
- Are we now supremely competent financial planners as we wade through the mine field of retirement planning?: No. I don't understand how you think that the storage of information digitally will suddenly make everyone financially literate. The two are loosely related, at best.
- How about the electric grid----anybody think we pay less now that technology has made everything more efficient?: No. I do not believe you understand that the United States electric grid is controlled almost entirely by local governments, who are the sole holders of rate setting authority. So despite the fact that technology has made it cheaper and more efficient, prices will still go up if the government thinks they can charge more with impunity.
I don't understand how you equate technological literacy with general incompetence - they are opposites.
2
From TechCrunch: "If everyone just kept their boxes up to date we wouldn't have the current viral conflagration, of course, but as usual that's too much to ask."
Exactly. This vulnerability was patched by Microsoft in March. The hackers disclosed it in April.
Exactly. This vulnerability was patched by Microsoft in March. The hackers disclosed it in April.
5
The first cyber attack against my systems was in 1985, long before Snowden or Assange. Shooting the messenger is a distraction from the fact that there are immense number of vulnerable machines accessible to hackers, and many more every day. Agencies that discover (or invent) vulnerabilities and refuse to notify the software's owners in a timely fashion in their self-centered short-sightedness are doing a disservice to those they should be serving. Any backdoors placed for expediency will eventually be exploited by bad actors; preventing hospitals from treating patients is only the tip of the iceberg.
2
Perhaps this will help wake the Republicans up to what is at stake when they disregard cyber warfare when it benefits their candidate.
5
Why has not the entire world financial system fallen into disarray?
If I may to the people at NASA.gov.
You call that the 200th walk?
I call it holding on for dear life.
To the people at NASA.gov congratulations.
To the people who want to mess up computer aligorythms have an ends to a means please.
If I may to the people at NASA.gov.
You call that the 200th walk?
I call it holding on for dear life.
To the people at NASA.gov congratulations.
To the people who want to mess up computer aligorythms have an ends to a means please.
Please, please do not cite Kaspersky Labs -- they are a wholly owned subsidiary of Russian intelligence and share files with the KGB.
Remember, there are no "private" companies in Russia.
Remember, there are no "private" companies in Russia.
8
@Frank Haydn - You are correct in your comment about there being no "private" companies in Russia.
Facebook is partially owned by a Russian company, Digital Sky Technology. So all information posted by Facebook users is automatically sent to servers in Russia. Beware, Facebook users!
Facebook is partially owned by a Russian company, Digital Sky Technology. So all information posted by Facebook users is automatically sent to servers in Russia. Beware, Facebook users!
2
So we pay billions to the NSA to develop hacking tools but the NSA can't avoid being hacked itself. How silly and dangerous that is
7
I would start by not using Windows for critical systems like these.
5
They — whoever they are — have had a lot of practice with this kind of malware. I lost a laptop back in 2003. The entire system was encrypted behind a password composed by the hackers.
Sure, whoever is doing this may be using an NSA technique, but such a dump of 'secure' code is not requisite. It may give them a leg up, but they can also develop their own techniques. Just wait until they get into self-driving cars.
Sure, whoever is doing this may be using an NSA technique, but such a dump of 'secure' code is not requisite. It may give them a leg up, but they can also develop their own techniques. Just wait until they get into self-driving cars.
3
There are far worse implications. Defibrillator implants can be deactivated by cellphone ...
3
It should be a crime to uncover and use vulnerabilities but not report them for correction to the manufactures and antivirus makers. This should include national spy agencies as well as private companies who market products to police and governments for installation of surveillance products (proof of crime is implicit by sale of such a product using an exploit not reported.)
Readers who are pointing a finger at Wikileaks should be pointing to the NSA, CIA, GCHQ and private companies hawking surveillance software without reporting the fault to the parties who can fix or protect against such exploits.
Readers who are pointing a finger at Wikileaks should be pointing to the NSA, CIA, GCHQ and private companies hawking surveillance software without reporting the fault to the parties who can fix or protect against such exploits.
3
None of this would have happened if the target computers were running Linux. Linux, which is free and open source, is largely immune to this sort of thing.
Linux, which is based on UNIX, runs on everything from laptops to supercomputers. Virtually all desktop applications for it - such as Libre Office - are also free. There are free Linux versions of Firefox and Thunderbird for Internet and E-mail use respectively.
VLC enables one to watch DVD movies without the hassle of region code protection, and there are good programs for burning DVDs.
This message was written on a desktop machine using Linux Mint and Firefox.
Linux, which is based on UNIX, runs on everything from laptops to supercomputers. Virtually all desktop applications for it - such as Libre Office - are also free. There are free Linux versions of Firefox and Thunderbird for Internet and E-mail use respectively.
VLC enables one to watch DVD movies without the hassle of region code protection, and there are good programs for burning DVDs.
This message was written on a desktop machine using Linux Mint and Firefox.
5
Careful... Just because your device is running Linux does not make you immune to malware or cyber attack. Linux has two very nice security frameworks, SELinux (for enterprise applications) and SMACK (for Internet-connected applications), which should be implemented in the design phase of any device using the Linux OS platform.
2
As a fellow Linux user I would caution your statement. One of the main reasons Linux is not a target is because less than 1% of all computers are running it. It would just not be profitable to develop dedicated ransomware for such a minor OS.
9
Apple used to have that blessing....
As "P" mentions below.... $300 is about as cheap as you'll get for a ransom on your data. While recognizing that efforts like this are serious crimes with great risks, it is also worth noting that if a company uses this as impetus to pay for a quality cyber-security audit, and then implements recommended solutions to their greatest risks.... this will be the best $300 of IT fees they have ever paid.
4
Unfortunately we are unable to complete any account changes or release any account information via this unsecured e-mail. You will need to please contact our Member Service Contact Center or visit a local branch so we can verify your identity and get that unlocked for you. Pease let us know if you have any other questions or concerns. Thank you, we appreciate your membership. Have a great day.
Suzanne
E-Support Team
Member Service Contact Center
America First Credit Union
I'm still trying to get my own account information unlocked. It's ridiculous!
Suzanne
E-Support Team
Member Service Contact Center
America First Credit Union
I'm still trying to get my own account information unlocked. It's ridiculous!
2
Russian hackers, in league with Russian government officials and Putin. Nothing to see here, as far as Trump is likely concerned.
2
Such great timing! Wiped Trump's retributive firing of Comey right off the front page.
8
Of course, it is purely coincidental that (1) President Trump fires Comey; (2) President Trump meets with Russian officials the next day; and (3) President Trump signs an executive order on cyber-security and, the same day, cyber-attacks are launched on 12 of our allies, but not the U.S.
No wonder the Russians were grinning ear-to-ear as they left a smiling President Trump, acting in concert at obfuscation and misdirection for which they share similar motivations.
No wonder the Russians were grinning ear-to-ear as they left a smiling President Trump, acting in concert at obfuscation and misdirection for which they share similar motivations.
17
This incident will, no doubt, generate shrill calls from the law-and-order crowd to crack down on leaks.
Yet, the NSA must share the blame for developing this code in the first place; viruses, whether natural or computer-generated, don't care who they infect, and will ultimately escape their confines to wreak havoc.
Yet, the NSA must share the blame for developing this code in the first place; viruses, whether natural or computer-generated, don't care who they infect, and will ultimately escape their confines to wreak havoc.
2
If the NSA (of all organizations) can be hacked, some people aren't doing their jobs!
5
Hello out there (whomever y'all is):
Well, imho, the conventional, everyday, ordinary internet of on-line services, government, banking, and commercial stuff is seemingly technologically obsolete.
Something has to be devised that can't be subverted or shaken down.
Well, imho, the conventional, everyday, ordinary internet of on-line services, government, banking, and commercial stuff is seemingly technologically obsolete.
Something has to be devised that can't be subverted or shaken down.
1
I know what you mean.
This was the response I got to my account being locked and not allowing me to view my own bank account information.
Unfortunately we are unable to complete any account changes or release any account information via this unsecured e-mail. You will need to please contact our Member Service Contact Center direct or visit a local branch so we can verify your identity and get that unlocked for you. Pease let us know if you have any other questions or concerns. Thank you, we appreciate your membership. Have a great day.
Suzanne
E-Support Team
Member Service Contact Center
America First Credit Union
This was the response I got to my account being locked and not allowing me to view my own bank account information.
Unfortunately we are unable to complete any account changes or release any account information via this unsecured e-mail. You will need to please contact our Member Service Contact Center direct or visit a local branch so we can verify your identity and get that unlocked for you. Pease let us know if you have any other questions or concerns. Thank you, we appreciate your membership. Have a great day.
Suzanne
E-Support Team
Member Service Contact Center
America First Credit Union
1
Do you recall that J.P. Morgan (Chase Manhattan) was apparently
successfully hacked?
I've perceived
our world's internet is a
catch 22 (absurdity)
particularly
since then, because they are the biggest bank of banks (or close enough), and their cyber defenses apparently were flawed.
One presumes that
hacking happens much, much more than is publicized.
I've just recalled that belated chip in USA issued credit cards.
Billions have been lost as a result, and that was something that could have been rectified.
But now I think I've read somewhere those chip credit cards are also subject to forgery/
breach, so never mind, Chevy.
successfully hacked?
I've perceived
our world's internet is a
catch 22 (absurdity)
particularly
since then, because they are the biggest bank of banks (or close enough), and their cyber defenses apparently were flawed.
One presumes that
hacking happens much, much more than is publicized.
I've just recalled that belated chip in USA issued credit cards.
Billions have been lost as a result, and that was something that could have been rectified.
But now I think I've read somewhere those chip credit cards are also subject to forgery/
breach, so never mind, Chevy.
The only way to be completely safe obviously is to stay off the internet. So I do that and then die the next time I have basically any health problem worse than a pimple? Because the doctor or hospital won't pay to ransom or just can't access my medication allergies? Nice reading everyone's comments. You made me laugh, cry and think hard. It was great while it lasted.
3
Thanks NSA !
Instead of spying on everyone, how about spending some time and effort instead on safeguarding your own nefarious, often illegal activities and protect the country from cyber attacks ?
Pretty please.
And if you are not up to the job, maybe you can ask the almighty Russians that apparently can hack anybody and make them vote for Trumpelstiltskin to help you out.
Instead of spying on everyone, how about spending some time and effort instead on safeguarding your own nefarious, often illegal activities and protect the country from cyber attacks ?
Pretty please.
And if you are not up to the job, maybe you can ask the almighty Russians that apparently can hack anybody and make them vote for Trumpelstiltskin to help you out.
2
Put the CIA to use. These hacks will stop when organizations such as the Shadow Brokers realize that they will potentially pay with their lives for this sort of behavior. The NSA does not have the equivalent of a special activities division, it's up to the CIA to deal with these kinds of threats, and the should start considering dealing with them with extreme prejudice.
1
So was the Russian cell phone company attack misdirection? No mention of Wikileaks role in spreading the NSA tools around the web? Then there's the software companies complicity in building backdoors for NSA to begin with. Finally don't forget the institutional unwillingness to invest in keeping tech up to date. True for government as well as private businesses. Sad
2
It's only a matter of time before what's been predicted by some futurists will happen - nations will cauterize (i.e. physically separate) the internet within their own countries from the rest of the world.
2
Is it time for really tracking down these hackers (bounties, the works) and making the consequences extreme? I'm sure a consortium of companies and governments would fund such an endeavor.
1
I think the NSA bears some responsibility for not properly securing its weapons.
3
Security analysts like Bruce Schneier believe the Shadow Brokers files are post Snowden NSA 2013 theft. Why the NSA hasn't been able to secure their materials from being hacked yet once again is the real scandal here.
4
Comey would've known what to do.
This is very disturbing news to say the least. With the gov't stepping in mandating that all doctors offices, hospitals, clinics etc. be automated it leaves us the patients vulnerable and without recourse. The number of countries hit by this malware attack is growing since the article was written. I can't even imagine what the U.K. and other countries are going through and wonder if the U.S. will be hit too. Most unsettliing and a bit scary.
42
Your bank account also, in response to being locked out of my own account.
Unfortunately we are unable to complete any account changes or release any account information via this unsecured e-mail. You will need to please contact our Member Service Contact Center direct or visit a local branch so we can verify your identity and get that unlocked for you. Pease let us know if you have any other questions or concerns. Thank you, we appreciate your membership. Have a great day.
Suzanne
E-Support Team
Member Service Contact Center
America First Credit Union
Unfortunately we are unable to complete any account changes or release any account information via this unsecured e-mail. You will need to please contact our Member Service Contact Center direct or visit a local branch so we can verify your identity and get that unlocked for you. Pease let us know if you have any other questions or concerns. Thank you, we appreciate your membership. Have a great day.
Suzanne
E-Support Team
Member Service Contact Center
America First Credit Union
3
Wow, Shelley, how awful for you. I hope everything turned out ok. This is really scary and leaves me feeling vulnerable.
1
Perhaps as patients we need to demand paper copies of our medical records. And a paper copy of our computer voting records?
At this rate we will all become Ludites.
At this rate we will all become Ludites.
A number of commenters have put blame on the NHS for not installing the Microsoft security patch that guards against this particular ransomware.
Based on an early comment from the UK saying that NHS still uses computers running Windows 95 and Windows XT operating systems, the sentence in the article reporting on the Microsoft patch is misleading at best. Microsoft has long since stopped supporting those operating systems, so there was no such patch available for them. I assume the article will be updated, and when it is there should be follow up on that issue. Microsoft's abdicating responsibility for its operating systems as they age is another big threat to our cybersecurity.
Based on an early comment from the UK saying that NHS still uses computers running Windows 95 and Windows XT operating systems, the sentence in the article reporting on the Microsoft patch is misleading at best. Microsoft has long since stopped supporting those operating systems, so there was no such patch available for them. I assume the article will be updated, and when it is there should be follow up on that issue. Microsoft's abdicating responsibility for its operating systems as they age is another big threat to our cybersecurity.
The twitter screenshot shows a windows 7 desktop.
2
OK- wasn't it reported that the thieves hadn't released the actual code - but had released information on it's existence?
That is what they did initially. They eventually released the code (technically they mostly released binaries, but that is enough).
Seems the NSA has a moral obligation to help. How about inventing an app that pays ransom in counterfeit bitcons?
2
Don't blame NSA. Blame Putin's hackers as Russia launches an attack.
Isn't it odd none of Russia's allies are not being attacked as the noose closes in on Moscow?
Isn't it odd none of Russia's allies are not being attacked as the noose closes in on Moscow?
1
Very simple and easy solution. Separate the email systems from the network systems.
Never the two shall meet.
Never the two shall meet.
2
We have been left out of this hit for a reason. No doubt our response is being closely analyzed. This would be a very bad time to open any files outlining our response to such a scenario. Hope whoever is left in charge of our national security assumes our systems are already hacked. Paper and pencil, please!
2
Already attacked yes, I've been locked out of my own bank account on- line.
1
Just another day in paradise. By the way, would this in any way knock out Twitter? Just hoping.
5
It is written almost as if the NSA developed ransomware. While the NSA may be nefarious that doesn't seem to be the point of their hacking software, right. It was the hackers who used the NSA software to better enable their ransomware to do its job, yes?
This is why the demands of some in Congress for device and software manufacturers to create "backdoors" to their products should be dismissed. If the NSA can't keep its hacking tools secure, why should it be trusted to keep those backdoors secure?
4
Extraordinary that the NHS can be attacked in this way. So much for the security of patient files in the UK!
I hope Snowden/Assange and all of their melodramatic, naive, masochistic supporters are now very happy.
32
I'm not sure what you mean. Neither Snowden nor Assange had anything to do with any of this. The NSA tools were released by ShadowBrokers. It's true that Wikileaks wrote about it, but so did every major news service (such as this article!).
1
Nice job, NSA. In your incessant quest to butt into our private lives in the name of security, you have done more to jeopardize our security than the terrorists have ever done.
Hubris.
Hubris.
18
The United States has innocent citizens being stalked using RFID microchips illegally and getting away with putting people unaware of all that is going on onto their websites. It's very illegal. Nothing new in the United States. We are already cyberattacked but what can you do? Just ignore it I guess.
2
Meanwhile, back at the White House, the "leader" of the free world is trolling Rosie O'Donnell and blackmailing his former FBI Director.
Help.
Help.
390
Note the reference in the article to "stolen N.S.A. hacking tools" being made available to the public by these Shadow Brokers. In other words the hacking, which constitutes an extremely serious threat to be sure, utilizes US Government developed or sponsored software, designed to gain surreptitious and unlawful access to others' computers, infrastructure, etc. I cannot imagine that the N.S.A. created this to leave it lying on a shelf. In other words, the US routinely engages in precisely those things that everyone left of center has been getting so riled up about. 'The Russians hacked the DNC's mail server!!!' 'They denied HRC her destiny!!!'
Grow up! The digital world is just another front in the simmering war. It'll get much worse before we're back to living off the land and making our own clothes (because that's where we're headed if the adults don't get their act together).
Grow up! The digital world is just another front in the simmering war. It'll get much worse before we're back to living off the land and making our own clothes (because that's where we're headed if the adults don't get their act together).
8
You first have to find the adults so they can get their act together. They're a dying breed.
It's great being a Luddite. Just saying.
1
Dear Luddite. In something like this that only works if someone else doesn't have information about you on their computers. Otherwise being a Luddite at home won't matter one iota if you need have medical records, insurance, get electricity from the grid, have a bank account, social security, medicare, and on and on and on....
2
Information about you is on computers everywhere whether you believe yourself to be a Luddite or not.
1
I feel like I'm living in a spy novel these days. Between the crazy US government and the onslaught of other crazies in the cyber sphere, it's rather chaotic.
6
I'm gonna stock up on library books...
6
Andy: "I'm gonna stock up on library books..."
If your library uses *computers*, it could be similarly attacked.
If your library uses *computers*, it could be similarly attacked.
1
And those lined tablet papers that the kids use at school to write on.
1
But their "card catalogues" are now electronic!!!
1
Why is there no discussion of how these tools left the domain of the NSA and came to "shadow brokers"?
Could it be part of the treasure trove of data everyone's hero, Ed Snowden, took from the NSA and gave to his Chinese and Russian buddies?
Could it be part of the treasure trove of data everyone's hero, Ed Snowden, took from the NSA and gave to his Chinese and Russian buddies?
14
Google it. That information was reported months ago when the payload was released.
We have only Snowden, the hero of the left's desire for privacy, to thank for this. Thank you, Snowden, for exposing the NSA's secrets.
8
What are you talking about? It was the Republicans who filibustered the Cybersecurity bill in 2012. And Snowden was praised by Republicans for exposing the information, then took refuge in Russia, which our current president seems to love more than the US.
3
Brought to you by Julian Assange - that bastion of integrity. It was Wikileaks that published the NSA files, right?
12
Yet such malicious attacks on hospital and health care computer systems pale when compared to careless mistakes by health care personnel—a major cause of patient morbidity.
[And failure to understand that a computer is merely a tool and not a living breathing reality—that's the patient!—makes matters worse.]
A physician MD
[And failure to understand that a computer is merely a tool and not a living breathing reality—that's the patient!—makes matters worse.]
A physician MD
7
How bad does this kind of thing have to get before the US government makes serious security on the internet a REAL priority for business and government?
When something really bad happens, like a massive, long US electric grid shutdown in Winter, all we'll hear from government is the usual "It wasn't our fault". We couldn't have known". etc.
As a taxpayer, I'd be happy to pay higher utility bills within reason, or example, to have critical system taken off the internet, to have plenty of critical spare parts in secure, protected, diverse locations (like big transformers that would take a lot of time to make), etc.
But as usual, NOTHING meaningful will be done, and it will all be somebody, anybody else's fault when disaster strikes -- but at least in the mean time the powers that be will be re-elected, so all must be well with the world.
When something really bad happens, like a massive, long US electric grid shutdown in Winter, all we'll hear from government is the usual "It wasn't our fault". We couldn't have known". etc.
As a taxpayer, I'd be happy to pay higher utility bills within reason, or example, to have critical system taken off the internet, to have plenty of critical spare parts in secure, protected, diverse locations (like big transformers that would take a lot of time to make), etc.
But as usual, NOTHING meaningful will be done, and it will all be somebody, anybody else's fault when disaster strikes -- but at least in the mean time the powers that be will be re-elected, so all must be well with the world.
4
Stop giving away my money to take care of a problem that we have already paid for & little has been done. The left always wants to spend more money; did you ever think that it is not a money problem, but a common sense problem.
There's a reason you don't hear any mention of US companies or entities in the story. Or did you miss that part and just decide to rant about the US?
Computers are the devil that so-called advanced societies have made a bargain with, and these various cyber ploys are the demons who remind us that we have already lost our souls to the abyss of data...
6
"the devil that so-called advanced societies have made a bargain with ..."
What a lot of nonsense. The victims didn't keep their software updated. Do you rave about the "devil" that requires you to change the oil in your car?
What a lot of nonsense. The victims didn't keep their software updated. Do you rave about the "devil" that requires you to change the oil in your car?
By now it should be obvious that the imminent threat to the United States and Western Europe is not random acts of violence committed by ISIS sympathizers with guns, knives and trucks... it is far more pervasive and insidious manipulation of the sea of digital of data and social media in which we all swim.
Rather than waste tens of billions on more military hardware that will likely become obsolete scrap metal, never having been used other than as a show of force, we had better devote our resources to fighting the digital threat. Cyberwarfare has already saddled us with an incompetent, evidently mad President and his lunatic fringe entourage. It's time to staunch the flow of blood.
Rather than waste tens of billions on more military hardware that will likely become obsolete scrap metal, never having been used other than as a show of force, we had better devote our resources to fighting the digital threat. Cyberwarfare has already saddled us with an incompetent, evidently mad President and his lunatic fringe entourage. It's time to staunch the flow of blood.
20
This is precisely why we need to stop sexing up everything with technology.
What happens when voter machines are the next target?
What's the plan for that certain eventuality?
What happens when voter machines are the next target?
What's the plan for that certain eventuality?
5
Interestingly enough, Blue Cross/Blue Shield of Florida insureds who pay their premiums automatically have had multiples of their premiums charged to their bank accounts. Some of these accounts have been drained. Blue Cross/Blue Shield of Florida has pledged to make their customers whole.
Perhaps this "software glitch" was the work of hackers who have stolen the money. Perhaps this is how ISIS raises its money.
Remember, if it can be thought of, it can be done. This sort of thing happened in a James Bond movie back when computers were huge things requiring warehouse-sized rooms and vacuum tubes, when the "bad guys" stole bank accounts electronically.
Perhaps this "software glitch" was the work of hackers who have stolen the money. Perhaps this is how ISIS raises its money.
Remember, if it can be thought of, it can be done. This sort of thing happened in a James Bond movie back when computers were huge things requiring warehouse-sized rooms and vacuum tubes, when the "bad guys" stole bank accounts electronically.
3
With this attack, Julian Assange (who, I believe, leaked this programming in the first place) goes from being a mere cyber criminal to being complicit in murder (or at least attempted murder).
Those who criticize the hospitals for not applying the MS patch should remember that hospitals and other large institutions have complex data processing systems often with a lot of specialized programming. Applying a patch without sufficient testing might create more problems than it solves. Two months would be pretty quick, in most instances, to get that done.
Those who criticize the hospitals for not applying the MS patch should remember that hospitals and other large institutions have complex data processing systems often with a lot of specialized programming. Applying a patch without sufficient testing might create more problems than it solves. Two months would be pretty quick, in most instances, to get that done.
1
Lest you forget, our Republican friends filibustered and won against a cybersecurity bill in 2012.
"[John McCain] steadfastly opposed the legislation, arguing that it would be too burdensome for corporations.
The bill would have established optional standards for the computer systems that oversee the country’s critical infrastructure, like power grids, dams and transportation.
In the hopes of winning over Mr. McCain and the other Republicans, the bill had been significantly watered down in recent weeks by its sponsors, led by Senator Joseph I. Lieberman, who made the standards optional."
See,
"[John McCain] steadfastly opposed the legislation, arguing that it would be too burdensome for corporations.
The bill would have established optional standards for the computer systems that oversee the country’s critical infrastructure, like power grids, dams and transportation.
In the hopes of winning over Mr. McCain and the other Republicans, the bill had been significantly watered down in recent weeks by its sponsors, led by Senator Joseph I. Lieberman, who made the standards optional."
See,
3
I'll wager that the best programmers in China and Russia work for their governments while the best in the USA work for Facebook, Google, Twitter, etc. trying to push more adverts in your face. Time for the NSA to go beyond the usual federal pay scales? Just wondering.
19
Contractors do much of the engineering work and are on a pay scale much beyond the govt customer's.
Principal SWEs making more than the DIRNSA...
Principal SWEs making more than the DIRNSA...
1
Guess what? That is what they use contractors for. If we would incentivize hiring of civil servants, we might get people with skills for which the pay is much higher in the private sector. Contracting out when examined has been shown to be more expensive than hiring civil servants. Civil service jobs have been attractive up to this point because of good benefits and some defined benefit pensions. Guess what? The Republicans want to take away the last vestiges of the defined benefit aspect of federal civilian pensions (which are now blended pensions (Social Security, small defined benefit pension, federal version of a 401K--not the older more generous Civil Service Retirement System) and go exclusively to defined contribution. I recognize that is the way the private sector has evolved but, for skills such as Fred mentions, the private sector can pay larger salaries. Without the carrot of a half way decent pension system, working for the government will become even less attractive for people with some of the skills the government sorely needs.
PS, if you really want to see disparity in salary levels, look at state salaries--even in traditionally blue states like Maryland. They are eye-poppingly low.
PS, if you really want to see disparity in salary levels, look at state salaries--even in traditionally blue states like Maryland. They are eye-poppingly low.
73
Guess what, these are civil servants. Great Britain, where these attacks occurred, has a government run health care system. The civil servants failed to update the hospital IT systems because they have no incentive to. They caused a catastrophic problem across England yet they won't lose their jobs. There is little incentive for civil servants to do excellent work.
1
At the heart of this is a serious conflict with the fundamental structure of the NSA. On one side, the NSA is supposed to protect critical infrastructure. On the other, it hordes software exploits to be used as weapons. The NSA wants to have its cake and eat it to, that is how problems like this one happen.
Maybe if the NSA didn't horde exploits, and instead worked with software makers (such as Microsoft) to quickly fix vulnerabilities there would be less of this. Unfortunately, the NSA bureaucrats care more about being able to hack targets then protect critical infrastructure.
Maybe if the NSA didn't horde exploits, and instead worked with software makers (such as Microsoft) to quickly fix vulnerabilities there would be less of this. Unfortunately, the NSA bureaucrats care more about being able to hack targets then protect critical infrastructure.
5
"NSA bureaucrats care more about being able to hack targets then protect critical infrastructure."
All of the useless, parasitic, self serving government bureaucrats only care about doing "something" that will increase their pay, power and prestige.
All of the useless, parasitic, self serving government bureaucrats only care about doing "something" that will increase their pay, power and prestige.
1
This is the kind of threat we face and it could be devastating.
Meanwhile, President Trump is engaging in a Twitter battle with Rosie O'Donnell.
Meanwhile, President Trump is engaging in a Twitter battle with Rosie O'Donnell.
10
It is the responsibilities of companies, not Trump. Trump will not hurt, nor help; nor would obama or hillary or any of your heroes. Sloppy & dumb companies will make mistakes whatever legislation is out there.
Ah, but he is using technology to do it.
There are comments regarding this being an issue with the NHS IT systems and that it could not happen in the U.S. That is not true at all. The NHS in England is not one monolithic health systems with a shared IT infrastructure or record system. Each trust, even different hospitals within the same trust, has their own IT systems and their record systems. Some are using advanced EMR's designed in the US, some are using homegrown British EMR's, some are doing a mixture of things. The point is this was 16 something different hacks. This could easily happen in the U.S. And we are at double risk because we also have insurance companies that hold a lot of medical information. Anthem Blue Cross experienced a massive data breach in 2016, and they weren't the first.
3
Don't take it too personally, the initial description seems to be email phish type attack, just a way to make money broadcasting the ransomware far and wide. The physical harm possibilities at NHS are just collateral damage.
Major fintech harpoon attacks are still a short distance in the future-- the kind of attack netting liquid nine or ten zeroes.
Major fintech harpoon attacks are still a short distance in the future-- the kind of attack netting liquid nine or ten zeroes.
"Microsoft rolled out a patch for the vulnerability last March, but hackers took advantage of the fact that vulnerable targets — particularly hospitals — had yet to update their systems."
The fact that Briton's National Health System and the other hacked institutions did not immediately update their systems with Microsoft's patch is as horrific as the criminal hack. How could these organizations be that stupid and incompetent? How could they be that inept?
The fact that Briton's National Health System and the other hacked institutions did not immediately update their systems with Microsoft's patch is as horrific as the criminal hack. How could these organizations be that stupid and incompetent? How could they be that inept?
2
Older Windows operating systems are not provided patches. That appears to be the problem here. The reporters were apparently either in a hurry or not tech savvy or both.
1
...because it is not their money, so they really do not care. Is anyone going to get fired & banned from a job in this field in the future? (crickets)
Austerity budgets are all the rage.
1
Maybe the NSA should do better things with our hard earned tax money and actually help humanity rather than hurt it. If they hadn't invented Creepville it could never be used against us or anyone else.
2
There is no security or privacy on the internet. It really is as simple as that. There is no "alternative fact."
I understand why most people just refuse to understand that the bad guys are as smart as and, arguably, more motivated than the good guys. What I don't understand is why our intelligence agencies and military don't get it, why they aren't working to disentangle their activities from the internet. Perhaps it is simply inertia and turf battles.
Any technology developed always has been and always will be used for nefarious purposes, whether war, blackmail, or other. However, such can only succeed to the extent there are available targets for the particular technology. As has become clear from many guerrilla wars, bombing will not subdue a dispersed enemy: strategy used to "defeat" technology. 9/11 again demonstrated the effect of an appropriate strategy in an asymmetric "conflict."
To prevent even more catastrophic effects than the current, life-threatening ransomware attacks, it is necessary to disconnect infrastructure and security functions from the internet. One does not even have to imagine an attack on our air control network, our electric grid, or military communications. Just imagine attacks at the consumer level: self-driving cars become common and they are all suddenly disabled, or drones are hacked to crash into targets, or..........
When a new F-35 is remotely commandeered, just how will it be stopped?
Keep in mind Mad's "Spy vs. Spy."
I understand why most people just refuse to understand that the bad guys are as smart as and, arguably, more motivated than the good guys. What I don't understand is why our intelligence agencies and military don't get it, why they aren't working to disentangle their activities from the internet. Perhaps it is simply inertia and turf battles.
Any technology developed always has been and always will be used for nefarious purposes, whether war, blackmail, or other. However, such can only succeed to the extent there are available targets for the particular technology. As has become clear from many guerrilla wars, bombing will not subdue a dispersed enemy: strategy used to "defeat" technology. 9/11 again demonstrated the effect of an appropriate strategy in an asymmetric "conflict."
To prevent even more catastrophic effects than the current, life-threatening ransomware attacks, it is necessary to disconnect infrastructure and security functions from the internet. One does not even have to imagine an attack on our air control network, our electric grid, or military communications. Just imagine attacks at the consumer level: self-driving cars become common and they are all suddenly disabled, or drones are hacked to crash into targets, or..........
When a new F-35 is remotely commandeered, just how will it be stopped?
Keep in mind Mad's "Spy vs. Spy."
5
Based on Trump's recent rant about "the digital" catapults on aircraft carriers, he doesn't have a clue about anything cyber. So we go on building aircraft carriers and huge bombs and stealth jets and we are going to "modernize" our nukes, and Trump & Co demagogue a terrorism threat coming across the Rio Grande in the dark of night and so we must build a big, beautiful wall--but some kids in Romania egged on by state actors can bring us to a halt?
Yes, Donald. We have "the digital." Sadly, we also have The Donald, who knows zip about anything cyber-related and who has been tweeting about Rosie O'Donnell while someone nefarious is holding vital institutions across the world hostage.
Yes, Donald. We have "the digital." Sadly, we also have The Donald, who knows zip about anything cyber-related and who has been tweeting about Rosie O'Donnell while someone nefarious is holding vital institutions across the world hostage.
2
Ah, for the care-free days of paper records.
3
Until they got wet or misfiled.
To understand why high-tech, bureaucracy-infested Western medicine itself is in worldwide crisis, you need read no further than this: "Microsoft rolled out a patch for the vulnerability last March, but hackers took advantage of the fact that vulnerable targets — particularly hospitals — had yet to update their systems."
Hospitals didn't install a simple software patch? Sounds like negligence rising to malpractice. We practice medicine the same way we do everything else, jumping from crisis to crisis rather than devoting money, time and resources to preventing problems before they become critical. I spent a lot of time in hospitals over the last year and, again and again, I heard the frustrations of the doctors and staff who were fully aware of gaps and defects in the care they were providing, but couldn't get budget authorization for the necessary staff, equipment or facilities.
Hospitals didn't install a simple software patch? Sounds like negligence rising to malpractice. We practice medicine the same way we do everything else, jumping from crisis to crisis rather than devoting money, time and resources to preventing problems before they become critical. I spent a lot of time in hospitals over the last year and, again and again, I heard the frustrations of the doctors and staff who were fully aware of gaps and defects in the care they were providing, but couldn't get budget authorization for the necessary staff, equipment or facilities.
182
I see you are from Seattle, Jim. Ever occurred to you that the problem is in the first word of the quote you use from the article?
It doesn't help that many facilities are reluctant or slow to upgrade their software systems. A report in December found that 90% of NHS hospital trusts are still using Windows XP on at least some systems, a 16 year old OS which Microsoft cut off support for 3 years ago. The Metro Police? 27,000 systems with XP.
Microsoft carries much of the blame for stuff like this. Their OSes tend to be user-hostile, making the prospect of retraining not-so-tech-literate employees a daunting one. Then there's the legacy software which isn't compatible, or old hardware which struggles with a newer OS. Microsoft doesn't care. Then they release systems like Windows 10, which creates potential privacy issues and can FORCE your machine to shut down or restart, without user permission -- not an attractive "feature" for hospitals which are open 24/7.
Microsoft carries much of the blame for stuff like this. Their OSes tend to be user-hostile, making the prospect of retraining not-so-tech-literate employees a daunting one. Then there's the legacy software which isn't compatible, or old hardware which struggles with a newer OS. Microsoft doesn't care. Then they release systems like Windows 10, which creates potential privacy issues and can FORCE your machine to shut down or restart, without user permission -- not an attractive "feature" for hospitals which are open 24/7.
1
It may sound surprising but this happens at many large companies where entire systems and software unfortunately run on the lowest common denominator infrastructure - ie. the least powerful networked computers. This is one reason why there are still many people (and companies) running Windows XP
Russia no doubt. Notice all the Countries affected are US allies, except Russia. Soooo they either infected one or two Russian companies systems to make it look good or they are just lying about Russian companies being affected.
1
There is no going back. But digital technological advances, with all their wonder, have made the world a more, not less, dangerous place.
2
These tools will be used for years until we change our Entire Platform away from Microsoft windows and DOS Operating systems and configure Quantum Computers to large scale nano-theatre using optical fibre.
1
The internet is an open system into which efforts to restrict access requires software that allows some digital data to pass and other to not. If an intruder can appear to be a legitimate user, no security system is going to prevent access. The use of a really good security breaching system from the N.S.A. is a big concern because it had to obtained by somebody committing treason or someone accessing a highly protected system though lacking legitimate authority to do so. However, realistically it was always a possibility -- we have seen the systems under top secret agencies breached many times in the past.
1
wow, the cyber attackers should leave hospitals out of their scheme. Surely, they are murderers. It would score them points to release the hospitals from their blackmail/ransomware.
1
It seems inevitable our country will be hit with a major cyber attack, so we better be prepared as best as possible.
1
We need an international cybersecurity treaty that protects the public and sanctions those countries that allow illegal transnational activity originating within their borders, or countries that refuse to extradite suspects charged with those crimes. Such sanctions could involve progressive throttling of cross border internet access among other measures.
49
In the hands of Trump's admin with him continuing to do business with Russian and other criminal? I hope not. I had rather not. I don't even want to consider the possibilities, thanks. For it won't be just James Comey being told to behave ...
That would be just as ineffective as gun control laws. It is not the lawful that commit crime in cyberspace or crimes with guns.
It's not like this is a zero day attack - why were these providers so vulnerable?
1
Perhaps some victims are using very old vesions of Windows that are not being actively maintained by Microsoft? Perhaps some victims are using unregistered/illegal copies of Windows that are not being maintained? Perhaps there is some "this will never happen to us, so why bother with updating software?" Perhaps--likely--the cost of sufficient security was deemed too high by some victims (before they became victims)? Perhaps there are yet more Snowdens & Mannings out there?
This is why we need encryption, and need to prevent the government from having back door access to software and computers, there will always be leaks.
1
People in the security biz know that a lot of this software was in the wild and the NSA took it and modified it for their purposes. Also malware can be easily modified to use an different attack vector, in essence changing it into different malware.
Some of the blame should go out to Microsoft for not baking security into their products for years. To be fair these days Microsoft does much better job vis-a-vis computer security but many of the attacks are aimed at older versions of Microsoft products that still run because Microsoft prides itself on backward compatibility.
Some of the blame should also go to organizations either too cheap or too short-handed to keep their computers updated. These tend to be the same organizations that have lax network security standards and no tested backup procedures.
Finally some of the blame needs to be put on users, too lazy to learn the basics of computer security and far too willing to click on shady links that can steal their data or infect their computers.
Where is the power of the vaunted free market in all this? On both sides of the line as people are going to make money either way, by attacking targets or by defending against attacks against their systems.
Which side you are on depends on your morals and ethics. So in the end, if you really think about it, it ultimately comes down to people, not computers.
Some of the blame should go out to Microsoft for not baking security into their products for years. To be fair these days Microsoft does much better job vis-a-vis computer security but many of the attacks are aimed at older versions of Microsoft products that still run because Microsoft prides itself on backward compatibility.
Some of the blame should also go to organizations either too cheap or too short-handed to keep their computers updated. These tend to be the same organizations that have lax network security standards and no tested backup procedures.
Finally some of the blame needs to be put on users, too lazy to learn the basics of computer security and far too willing to click on shady links that can steal their data or infect their computers.
Where is the power of the vaunted free market in all this? On both sides of the line as people are going to make money either way, by attacking targets or by defending against attacks against their systems.
Which side you are on depends on your morals and ethics. So in the end, if you really think about it, it ultimately comes down to people, not computers.
Seriously, is anyone getting sick of being hijacked via software.
Facebook, smartphone, email, wifi hotspots, tax system, banking systems, school records, now, awful, hospital records.
Soon the Internet of Things will hold our fridges hostage (including cold medication, baby formula etc)
Really, let's take a pause and reconsider how much we are offloading digitally.
Facebook, smartphone, email, wifi hotspots, tax system, banking systems, school records, now, awful, hospital records.
Soon the Internet of Things will hold our fridges hostage (including cold medication, baby formula etc)
Really, let's take a pause and reconsider how much we are offloading digitally.
1
It make a person nostalgic for those Nigerian princes looking to offload their money over here.
Some responsibility for this falls on the NSA, which figured out ways to exploit these vulnerabilities for its own purposes and, one must assume, did not bother to let computer users in on the fact that their systems were vulnerable to these kinds of attacks since that would have compromised NSA's ability to exploit the vulnerabilities.
This is another example of amoral intelligence cowboys thoughtlessly creating unintended blowback. Unfortunately, I'm sure some will try to use these attacks to justify further crackdowns on the internet and even less transparency in how the NSA operates.
This is another example of amoral intelligence cowboys thoughtlessly creating unintended blowback. Unfortunately, I'm sure some will try to use these attacks to justify further crackdowns on the internet and even less transparency in how the NSA operates.
5
@Guy: Great, let every country openly publish up-to-date lists of its spies and all known software vulnerabilities, so that no one would reveal any secret in the presence of a spy or via using insecure software. I don't think that is workable. Every country has the right to attempt to defend itself. Throughout history spying and looking for an enemy's weaknesses have been commonly used.
Nation states must strike back at hackers. Whether the goal is simply to cause mischief or to extort funds, there need to be serious consequences. These attacks should be regarded as acts of war against the West's economies.
2
Thanks to computers humans ourselves have become diseases with something now to infect. I'm impressed that we could reach such a level, even while feeling depressed about it for what it means.
It also seems that Bitcoin is a little too clever at protecting predators.
6
Hackers benefit from misdirection by trade. I feel like there's a heavy dose of misdirection going on here. We need to know the who and why. I'm still not buying the financial incentive as a singular motive. Ego is a possibility but still seems shaky for an attack of this scale. More information please, In the meantime, I'll start imagining my own conspiracy theories.
By the way, the world just received an apt lesson on why we need to update our computers regularly.
By the way, the world just received an apt lesson on why we need to update our computers regularly.
3
Right.. the word "Windows" is only mentioned once. These systems were 100% Windows by Microsoft... Hard to imagine why medical systems would uses these systems, internet connected, without keeping them fully patched and protected with something like Bit-9 (Antivirus black listing is dead on arrival)
How is it that so many computers running software that is critical to public infrastructure were not timely updated? That's criminal negligence in my mind.
3
Are the advantages of bitcoin enough to offset criminal use of them? I think the members of the United Nations should end their use, while reimbursing anyone who has the records to prove he has acquired them legitimately.
1
To Chris California
What have we wrought with everything that's important on networks that are so vulnerable?
Vulnerability scales with complexity. Known to every patent lawyer, the more complex a patent, the more easily it can be circumvented.
The internet is the most complex system ever built - and correspondingly vulnerable.
What have we wrought with everything that's important on networks that are so vulnerable?
Vulnerability scales with complexity. Known to every patent lawyer, the more complex a patent, the more easily it can be circumvented.
The internet is the most complex system ever built - and correspondingly vulnerable.
2
Over a year ago the GAO issued a report on the state of IT in the gov't. It found out of date hardware and software, vulnerabilities left and right. GOP had for Obama's entire term been reluctant to grant increased spending on this critical part of our infrastructure. 75% of funds, according to the report, were spent on repairing old systems. Floppy discs! Not new state of the art cyber ware. You can find the report on-line. Just sayin'.
3
Amazon knows exactly what I download and exactly when. Yet Manning can download unlimited mountains of data and nobody noticed. Snowden did the same thing a few years later and nobody noticed. Hackers invade the highest levels of the CIA and steal the tools that guard the most important secrets just last year. Over and over again. How is this possible? Can't someone think of a way to block access or take the stuff offline? We're losing the war! Hello? Anyone out there?
1
Something needs to be done about the absurdity that is Bitcoins, especially before it turns into the currency of choice for criminals and terrorists (assuming it hasn't already).
8
These ransomware hackers would not survive without Bitcoin. The day may come when Bitcoin is taken down by who knows who to put an end to this.
6
Ambulances queue outside of British hospitals every day of the year. It has nothing to do with ransomware and everything to do with government- imposed austerity.
4
There is no austerity or rationing of U.K. Healthcare...people like Paul Krugman have told us so.
2
"N.H.S. Digital added, 'At this stage we do not have any evidence that patient data has been accessed.'” As somebody who knows a thing or two about computer networks and programming I find this statement laughable. The only reason hackers wouldn't have all data existing on a network infected with ransomware is if they didn't want it.
3
Assuming that data refers to usable, readable data, stolen data might have been securely encrypted and therefore not very useful to a thief.
This is what happens with an anonymous internet and anonymous currencies (bitcoin). In the past, wasn't the mantra always "follow the money"? Bitcoin is an unregulated currency that seems designed for criminal activity.
3
This just goes to prove that giving our Government "backdoors" into our private systems will never be handled safely.
1
@D Naunton: While it may be true that private systems will never be handled safely, I fail to see how this attack relates to back doors in code. Just how easy was it to perform the latest hack of the NSA? Please describe that easy process that you know. What does being hacked have to do with the competence of "our cyber people"? When Snowden/Manning committed their thefts, how many cyber people should have been deemed incompetent? Surely some, but not many.
Mea Culpa! Everything following the phrase "back doors in code" was intended to reply to a different comment.
How ironic that a NSA security effort opened the door to mass insecurity. This may be the law of unintended consequences at work . Who said many years ago that "when we sacrifice liberty for security we end up with neither ".
2
Who on earth opens email attachments from random strangers?
5
Ahhh... they don't have to be "random strangers." It could be from your mom or brother (who have been hacked). I don't open anything I didn't expect or know about.
The messages may have been forged to look like they were coming from people the recipients knew. A glance at an organizational chart might be all it takes to determine who might be sending messages to whom and forge senders to their likely targets (probably subordinates).
I'm more curious about the failure of the anti-malware defenses that should have stopped these messages at the doorstep. Do these various organizations really accept mail with executable files attached? I and my clients certainly don't, nor do we permit messages with scripts. We also block all incoming MS Office documents with embedded macros, another common vector for infection. Maybe they used PDF files that exploited a vulnerability in Adobe Acrobat? Goodness knows it wouldn't be the first time.
I'm more curious about the failure of the anti-malware defenses that should have stopped these messages at the doorstep. Do these various organizations really accept mail with executable files attached? I and my clients certainly don't, nor do we permit messages with scripts. We also block all incoming MS Office documents with embedded macros, another common vector for infection. Maybe they used PDF files that exploited a vulnerability in Adobe Acrobat? Goodness knows it wouldn't be the first time.
1
If a hacker infiltrated the computer of your best friend and you received an email ostensibly from that friend, I believe that the probability is strong that you would open it.
Time to put Assange and Wikileaks collaborators in jail. Their irresponsible actions in the name of transparency are fake and must be treated as criminal acts.
5
@J Luis: While I certainly agree in principle, I wonder to what authority you would appeal to make this happen? If "we" could identify the hackers/collaborators, then we could perhaps take action. I wonder, would we take action if US hackers caused trouble for Russian security?
With all the money awash in health care these hospitals don't have a backup? Have a backup plan and a disaster recovery plan and update all devices. Move the data to a private network and users pull data off as needed.
1
@B Gallagher: And if a user of that private network happened to be a Snowden or Manning?
So funny how i was googling if something cyber related was happening in NYC, since NYSOH (New York State of Health) is down, and so is my hospital systems....nothing works!
These particular hackers are terrorists.
3
More support to the argument that the NSA should notify software and hardware vendors of these discovered vulnerabilities, rather than compiling and weaponizing 0-days bugs which can almost immediately be used by hackers to do major damage when they fall into the wrong hands through hacks, leaks or mistakes.
1
The idea that these attacks are strictly the work of state-sponsored groups, or mass intelligence cells is straight out of Hollywood. Many or most of these attacks originate from enthusiasts seeking the glory of making national headlines, and maybe a few dollars in the process. It's a game to them - a hobby.
That's what should worry you the most.
That's what should worry you the most.
3
I hope J. Assange is happy now.
2
All of these attacks can be traced to the Obama.
NEVER has the US government been more sloppy with it's secrets. The Chinese have full range to weapon systems we spent billions on. Snowden, Assage all these cyber terrorists originated under the lack policies of the Obama team.
John Podesta should have been a scream in the dark, the Dems wanted to blame everyone buit themselves for these breakdowns.
To have allowed this is criminal, will anyone be punished, doubt it.
2
Is he still president?
1
It's already hit the US in California, Washington, Texas, Minnesota and along the East Coast.
It's generally considered bad practice to try to attribute an attack without any evidence, but....my money's on North Korea.
Trump ordered a Giuliani cyber terror report due a couple of weeks ago. Where is it? Those billionaire businessmen, always one step ahead, I could only imagine the report has been finished, the findings reviewed in exquisite detail, and the security patch deployed. Kidding. Sad. It was ordered and forgotten about, when completed will go unread, if read will be disagreed on by our all knowing President who knows better - defeating ISIS, "priming the pump" etc.
1
It's the old be careful what you wish for axiom. Our technology always comes back to haunt us.
Four NSA/CIA-related parties have stolen sensitive data over many years by simply plugging a USB memory stick or CD into a highly classified computer and downloading to their heart's content. How incredibly stupid and reckless is that? Numerous fixes and alerting mechanisms are available to thwart these attacks and warn managers. How about FIRING and holding ACCOUNTABLE the NSA contractors and individuals who are too lazy, unconcerned, or dumb to rectify this problem.
False flag attacks to scrutinise whistleblowers and prosecute them and introduce more security at a cost of our freedom and privacy.
1
This is one of the reasons why Hilary Clinton's willful use of private servers while handling top secret classified information was so egregious.
3
As is the RNC, Bush Administration, and Trump campaign's willful use of their own, private servers while handling classified info.
1
Oh Lord.
Now someone will have to explain to 45 what it all means ...
Bless her/his heart.
Now someone will have to explain to 45 what it all means ...
Bless her/his heart.
I see a lot of culprits here.
The NSA discovered and developed the vulnerability; the Shadow Brokers who leaked it and the hospitals that knew about it but didn't upgrade their systems.
The NSA discovered and developed the vulnerability; the Shadow Brokers who leaked it and the hospitals that knew about it but didn't upgrade their systems.
1
Let's be clear what the lesson here is: the NSA found security vulnerabilities and, rather than share them with Microsoft so they could be fixed, hid them. The NSA should search for security vulnerabilities. It should also be their duty to report them.
1
This is why we need decentralized Internet.
1
Every life lost in this is blood on the hands of Wikileaks and Julian Assange. It is time to recognize that conspiracy for what it is: A terrorist organization. We should direct our efforts to dismantle it and prosecute the participants accordingly.
2
Some pertinent background that is not presently in the article:
In August, Edward Snowden wrote, "circumstantial evidence and conventional wisdom indicates Russian responsibility" for publication of the NSA data. Snowden and others believed it was a warning shot, should the Obama administration consider sanctions against Russia for the theft of the DNC documents. (It is likely that the theft and release of the DNC files influenced the American presidential election.) In August, WikiLeaks said it had the NSA files and would release them all.
In August, Edward Snowden wrote, "circumstantial evidence and conventional wisdom indicates Russian responsibility" for publication of the NSA data. Snowden and others believed it was a warning shot, should the Obama administration consider sanctions against Russia for the theft of the DNC documents. (It is likely that the theft and release of the DNC files influenced the American presidential election.) In August, WikiLeaks said it had the NSA files and would release them all.
1
Attacking hospitals is really the worst kind of act that an hacker can possibly do.
Really the worst.
Really the worst.
2
Remember this one?
Bin Laden Determined to Strike in US.
Only difference now is that we have an amazing, terrific national security apparatus second to none. Believe me.
Bin Laden Determined to Strike in US.
Only difference now is that we have an amazing, terrific national security apparatus second to none. Believe me.
2
This is either a serious attack or a warning shot across our bow. i wonder what the stock market is doing?
4
But Julian Assange is just a reporter reporting how can it possibly be that his irresponsible reckless encouragement of hacking and then posting hacked info without any sort of mature redaction or consideration for the consequences of doing so be bad for us?
Has the NSA discovered a new source of revenue - ransom?
And how long before someone writes in here and elsewhere praising the "heroic" Snowden and Assange for "telling truth to power"? Snowden can stay in Russia and Assange in hiding in various banana republic embassies and we'll all be better off
1
Hmm. Where do I start?
1
Nice new distraction from the Russian GOP 2016 presidential collusion investigation.
3
Good job NSA! We should have great confidence in Adml. Rogers' competence!
"The attack on the National Health Service seemed perhaps the most audacious of the attacks, because it had life-or-death implications for hospitals and ambulance services."
"Audacious" is not the word; I suggest "murderous."
"Audacious" is not the word; I suggest "murderous."
43
As a part time software developer, the most boring and uninspiring topic is database and application security. I simply don't want to deal with it. I'll bet this is a common phenomenon throughout the industry as you can see from this and other daily attacks. Luckily for me, I don't have sensitive data on a public facing server, but if they get into our intranet, oh dear.
7
"As a part-time carpenter, the most boring topic is building codes. Fortunately we don't have weather where I live, but if there's ever any wind, oh dear."
Seriously, as a full time application security engineer, I want to say "you're the problem", but that's not wholly fair. The businesses that accept that kind of sloppiness, the markets and laws that reward rather than punish it, and yes, even the security guys like me who failed to inspire your interest are to blame as well. But still, have a little pride in your work, man!
Seriously, as a full time application security engineer, I want to say "you're the problem", but that's not wholly fair. The businesses that accept that kind of sloppiness, the markets and laws that reward rather than punish it, and yes, even the security guys like me who failed to inspire your interest are to blame as well. But still, have a little pride in your work, man!
2
"strained the public health system in Britain, where doctors were blocked from patient files and emergency rooms were forced to divert patients" the mothers of these hackers must be so proud.
11
There was a patch released last March (2016?). If that's the case, not to blame the victim, but come on...update your computers!
24
Your comment seems reasonable, but I can tell you that -- after nearly 40 years in technology -- it is NOT an option in mission-critical environments to allow each and every update to be installed automatically. Microsoft does NOT do a good job (although it is getting better) of rolling out security-only updates. Many "security" updates, for example, have embedded sales-ware to promote upgrades from other operating systems to Windows 10, for example. Updates have to be rigorously regression-tested against the current environment, to make sure that a new patch does not disable critical software.
However ... that being said, it IS true that the days of allowing updates to lag a year or more seem to be over. IT departments have to be able to turn around those regression tests more quickly and deploy updates in a more timely fashion. But again, we're talking about hospitals here.
Would YOU want to be the sys admin that brought down an operating theatre because you allowed an update to go through that crashed essential software?
However ... that being said, it IS true that the days of allowing updates to lag a year or more seem to be over. IT departments have to be able to turn around those regression tests more quickly and deploy updates in a more timely fashion. But again, we're talking about hospitals here.
Would YOU want to be the sys admin that brought down an operating theatre because you allowed an update to go through that crashed essential software?
2017, unfortunately. That's not really enough time to deploy in an enterprise.
An earlier comment says that NHS still has computers running Windows 95 and Windows XT operating systems. Microsoft support for these operating systems ended some time ago, so the patch was not available for these machines.
On the one hand, prudence dictates not continuing to run unsupported operating systems. On the other hand, the way Microsoft adds new operating systems and stops supporting older ones is in itself a form of ransom.
On the one hand, prudence dictates not continuing to run unsupported operating systems. On the other hand, the way Microsoft adds new operating systems and stops supporting older ones is in itself a form of ransom.
1
Things are looking pretty bad when the NSA, one our top intelligence services, can be hacked that easily. Up until now I was under the deluded, and I guess naive impression, that our cyber people were top of the line. I guess not.
12
I'm surprised anyone's surprised.
This goes on quietly all the time with banks, stores, and other direct payment networks.
The businesses all pay, and months and years pass before the incidents are made public, if they ever are at all.
It's only when something directly and immediately affects people such as hospitals or power grids that publicity is inevitable.
Yes, to heck with the risk-management and budget people. Backup systems are as essential as emergency care itself.
This goes on quietly all the time with banks, stores, and other direct payment networks.
The businesses all pay, and months and years pass before the incidents are made public, if they ever are at all.
It's only when something directly and immediately affects people such as hospitals or power grids that publicity is inevitable.
Yes, to heck with the risk-management and budget people. Backup systems are as essential as emergency care itself.
12
As little as five years ago, organizations paralyzed by a cyber attack were considered "victims" from a reputation standpoint. Now -- because these breaches are virtually everyday events whether they know it yet or not -- these same organizations are "villains" for not having figured out business continuity workarounds ahead of time. Ongoing cyber attack preparation, effective incident response, and immediate honest and direct stakeholder communications are essential to maintaining an institution's customer' trust and loyalty when such an attack has taken place. It won't be long before liability claims from affected customers pile up when it is established the organization was slow or ill-prepared when responding. These are the times we live in.
2
Should we sue a business if we go there and get attacked by terrorists? Hackers do these things with no regard to the fact that it may kill people. They are the criminals, and murderous ones. There's no way that businesses can reasonably ensure that they will never be the victim of an attack...they can reduce the probability, but can make no guarantees.
... Electronic medical records ??
You were warned.
When the prior administration tried to foist this monster on small Doctor's practices , almost bankrupting them, this alarm was raised then.
Bureaucrats want control.
You control the population by knowing each individual's personal medical history- drugs, sex, rock & roll.
Let liberty prevail.
Make electronic records ONLY at the discretion of the Doctors.
You were warned.
When the prior administration tried to foist this monster on small Doctor's practices , almost bankrupting them, this alarm was raised then.
Bureaucrats want control.
You control the population by knowing each individual's personal medical history- drugs, sex, rock & roll.
Let liberty prevail.
Make electronic records ONLY at the discretion of the Doctors.
6
Not the doctors.
The patients!
The patients!
1
The medical record is the Doctor's creation.
Thus it is his intellectual property.
Yes, you are entitled to a copy.
If it is handwritten ( and thus secure) so be it.
Thus it is his intellectual property.
Yes, you are entitled to a copy.
If it is handwritten ( and thus secure) so be it.
1
About time our government spend the resources necessary to safeguard our country from this threat. Rather astonishing that our National Security Agency cannot protect its own system. Maybe we could hire the Russians or maybe North Korea to help us. They seem to have better capabilities than the USA.
Or we could spend the money and resources on investigating voter fraud.
Or we could spend the money and resources on investigating voter fraud.
16
If the NSA and CIA spent their time and money PROTECTING citizens from attack, rather than figuring out ways to spy on them, we wouldn't be in the mess. We're approaching the problem from exactly the wrong angle. No, you're not going to stop terrorism by spying on every single American, you're going to stop terrorism by securing all our systems and making them impossible to break in to.
28
Hacking (or as you say, spying) and security (or as you say, protecting)are linked at the hip. If you want to know how to protect a system you need to know how it can be broken into in the first place.
By the way, I hope you know that the country needs a spy program. Such blanket statements as yours illustrate a overly-simplistic view of a very complex world.
By the way, I hope you know that the country needs a spy program. Such blanket statements as yours illustrate a overly-simplistic view of a very complex world.
1
Coming soon to a hospital / bank / municipality near you.
1
but there's really no need to make sure our head of state is not colluding with the Russians, is there?
6
Figures. In the U.S., hospitals, health insurers and doctors seemed to be the LAST to switch to electronic databases and documentation; they have been far too complacent about patient data security. Even a few years ago, some medical establishments still insisted on using social security numbers to identify patients; many of them still rely on sending snail-mail bills rather than electronic billing. It was only a matter of time.
Time for Trump to change the subject to leaks! Follows the tweets earlier today. Did he have a hand in this or his Russian friends?
4
And the liberal anti-government element still praises the Wikileaks people who exposed this vulnerability to the world? Perhaps we should recognize the seriousness of cybercrime, and impose the death penalty for these people.
7
@Chris
The fault is not Wikileaks, but rather the US government agencies that did not follow through and alert the vulnerable software companies.
The fault is not Wikileaks, but rather the US government agencies that did not follow through and alert the vulnerable software companies.
@Ken Belcher: What? Not Wikileaks' fault? Right... deflecting responsibility yet again from Assange, I see. He isn't a modern-day Robin Hood.... just a hood in sheep's clothing, very likely with Putin's blessings.
2
Wait so, $300 to unlock the data? $300? That's more than a single patient will pay just to sit in the waiting room.
2
How long until we hear a tweet from Trump that the real issue is leaks?
2
Creating the United States Cyber Security Command was one of the many great accomplishments of the Obama presidency.
The ability to protect against, and respond to, emerging cyber threats is second in importance only to protecting the nation against Trump.
The ability to protect against, and respond to, emerging cyber threats is second in importance only to protecting the nation against Trump.
11
M! Just in time to divert attention from the FBI shake over. I will love to know the code name for this Putin-Trump operation.
7
where are the details about the NSA documents? in the headline it says that the vulnerability was disclosed by a leak of NSA docs.
3
Good.
They're finally going to be forced to upgrade their IT. This is entirely on inept management who has refused to invest into proper infrastructure for more than 10 years now despite repeated demands from their IT departments.
They're finally going to be forced to upgrade their IT. This is entirely on inept management who has refused to invest into proper infrastructure for more than 10 years now despite repeated demands from their IT departments.
18
Maybe the NSA and GCHQ (which Eric Snowden says is even worse than the NSA) should stop its illegal surveillance on their citizens and pressing corporations to provide encryption keys. Our police state's illegal activities are not safe.
11
What does a criminal hack for ransom of critical infrastructure have to do with allegations of illegal surveillance by intelligence agencies? Are these offsetting equal behaviors? Only a fool could believe that.
Spying on 320 million citizens with metadata from telecoms companies would be a task of great inefficiency for even the most sophisticated AI. To imply these agencies spy on their citizens and this creates a police state is juvenile and spreads fear and false information.
Edward Snowden has greatly damaged the security of this country, forever, and has given invaluable secrets to rival governments and menacing prey all over the globe. We're in a much worse position because of him.
Edward Snowden has greatly damaged the security of this country, forever, and has given invaluable secrets to rival governments and menacing prey all over the globe. We're in a much worse position because of him.
1
You seem to misunderstand what happened. The NSA was breached by some childish boor who stole a lot of secrets. This is made possible by the GOP privatizing our government.
That stolen materiel was given to Julian Assange who then without thought or consideration for the possible consequences simply published it openly on his criminal website Wikileaks.
These hackers used the info gained from Julain Assange to commit these crimes.
I'll give you that the NSA or GCHQ should have alerted the proper people about the found flaw, there is often a bounty paid for such things, otherwise they were doing their jobs properly.
That stolen materiel was given to Julian Assange who then without thought or consideration for the possible consequences simply published it openly on his criminal website Wikileaks.
These hackers used the info gained from Julain Assange to commit these crimes.
I'll give you that the NSA or GCHQ should have alerted the proper people about the found flaw, there is often a bounty paid for such things, otherwise they were doing their jobs properly.
We have met the enemy and it is us
Pogo
Pogo
17
Whoever who leaked Vault 7 spyware are now international criminal as well as traitor of their country
12
So, how will this potentially impact Trump's recent executive order moving our infrastructure info of our federal agencies to the cloud to mitigate hacking damage?
9
It will do nothing. Cloud assets are only as secure as you make them, they are not secure just by nature of being "in the cloud". If systems in the cloud are left unpatched, this can happen there.
This is one of the crises unfolding where having an incompetent White House and President confronts real and new dangerous events or attacks. Trump continues to shake this country's internal stability and now he has to defend us from the next major cyber attack as he cozies up to the Russians.
Red alert.
Red alert.
71
There was also an attack today on the Romanian Ministry of Foreign Affairs, targeting NATO documents. Apparently the damage was avoided, according to the intelligence services.
4
Am I getting something wrong, but shouldn't there be more to this story, like the bit about this being at its source "hacking tools" software developed by our own dear NSA? So, someone broke into the lab where the good guys were developing a bug that could wipe out humanity, and now the bad guys got a hold of it to wipe out humanity?
28
This attack literally has cost innocent people their lives. I believe that hacking and ransomeware should be addressed as an international terrorism issue, with roughly the same penalties as if someone had launched an attack with chemicals or explosives.
414
Spot on. These people present a clear present danger to the civilized world...
How about a low tech penalty, like the guillotine? Let the hackers try to unhack that.
What will it take for the government and private institutions to spend what is needed on cyber security measures? What are they waiting for?
105
Why couldn't the NSA have warned about this vulnerability so the companies could fix them? The government should be finding these vulnerabilities to protect their citizens, not so they can weaponize them
2
This stuff can be prevented only to a point. It's like an arms race where protecting from one hack encourages another and may even sow seeds.
The vulnerability was published and a patch was immediately developed. This will have only hit those computers that had not been updated.
The world's financial systems seem crafted to make it easy to hide the flow of money, so as to evade taxation by the obscenely wealthy. This enables other practitioners of financial fraud to use the systems already in place.
40
Forensic details of the most recent newsworthy cyberattacks often indicate that the vanguard relies heavily on 'phishing' exploits. Attackers send waves of emails to distribution lists of targets; recipients see email that purports to be from reputable sources. That email either requests personal information (like credit card numbers or passwords) or instructs users to click a hyperlink (which may, for instance, download mischevious programs). A modest amount of caution will stymie the success of this kind of exploit. Come on, people--think before you click.
48
We're next. We are not keeping up with cybersecurity of the world of the Internet as China, Russia, and even scammers are..............
57
Well, we (the US's NSA) developed the flaw that enabled the tool, no? (And maybe the tool too?)
2
These criminals are no different from kidnappers and they should be prosecuted for each of the records "kidnapped" for ransom. The result would be life sentences — in some countries and states, even death.
70
What about the people who maintain the IT systems? If leave your servers so vulnerable that a 14 year old can disable them remotely, don't you share part of the blame?
4
You will have to find them first.
So I guess if you park your car on the street you should expect it get stolen. Criminals are guilty, not victims!
1
There is a ready answer to ransom attacks (as well as to general glitches and malfunctions): backing up the data. And in areas such a health care, where these data are vital, backups should be carried out frequently, at least once a day. Then it is only new information collected since the last backup that can be lost. There is even equipment that can back up continuously. But I'll bet these organizations save a little money by not doing backups. Perhaps they don't have fire alarms either.
So, yes, the attackers are despicable but the organizations share some of the blame through their lack of awareness or their negligence.
So, yes, the attackers are despicable but the organizations share some of the blame through their lack of awareness or their negligence.
595
Unless the ransom software also reached the backup data and encrypted them as well. On my university the data is constantly backed-up. If I were was infected with ransomware, so would my backup. That's why there is also a weekly backup, which should remain unaffected (but it also means, depending on the time of the attack, that up to 7 days may be lost).
6
Let's not blame the victims. The sneaky creeps perpetrating these cyber attacks should hunted down and dealt with just any civilized nation-state deals with those who attack it...
4
It's an answer, but is it "ready?" It takes work and time to reformat a computer and load the backup. It could take days or even weeks for large organizations to complete.
2
The NHS' computer systems are in a truly pathetic state. Luvvie consulting firm after luvvie consulting firm have come in, wasted millions and delivered nothing. Whilst doing that waste-O'Pounds dance, users in the wards and A&E's are stuck with Windows 95/XP systems that cannot be patched, or are so poorly patched....
It all started with Tony Bliar's consult and consult approach and St. Theresa May has only inherited a seriously crumbling infrastructure, rotten at its IT core.
It all started with Tony Bliar's consult and consult approach and St. Theresa May has only inherited a seriously crumbling infrastructure, rotten at its IT core.
66
St Theresa? Oh good grief.
You missed some people. Theresa's Health Secretary, Hunt, is just as guilty at trying to "modernise" (read: waste money on, give up) and create a national health network while also stripping it of funding. IT is at the end of the NHS funding ladder in some CCG's, and of course being the public sector subjected to "austerity" wages, the money isn't there to attract tech experts.
Oh, and then let's not forget Cameron's first SoS, Lansley who pushed through the bill that allows the NHS and its ancillary services - including IT - to be hacked apart and embezzled by For-Profit companies that again filter the (tax-payers) money down through layers of well-paid managers until it reaches Hardware and expertise.
You missed some people. Theresa's Health Secretary, Hunt, is just as guilty at trying to "modernise" (read: waste money on, give up) and create a national health network while also stripping it of funding. IT is at the end of the NHS funding ladder in some CCG's, and of course being the public sector subjected to "austerity" wages, the money isn't there to attract tech experts.
Oh, and then let's not forget Cameron's first SoS, Lansley who pushed through the bill that allows the NHS and its ancillary services - including IT - to be hacked apart and embezzled by For-Profit companies that again filter the (tax-payers) money down through layers of well-paid managers until it reaches Hardware and expertise.
3
Exactly. Old computers on old networks with no security, with no one paid to upgrade or maintain it, all the while they thought to themselves: "Gosh we're immune. We're doctors. No one wants to hurt us."
Well.
They thought wrong.
They shoot doctors in war zones, you know.
Well.
They thought wrong.
They shoot doctors in war zones, you know.
2
Not just the UK. Reports of infestations throughout Europe, including Russia, the US and Canada.
Time to dump Microsoft, I think.
Time to dump Microsoft, I think.
29
No no no I own Msft stock
And what do you propose to replace Microsoft with?
1
The number one target of hacking these days is actually Android. The difference is that Android is not used for anything important.
Microsoft has had the fix in place for a long time now. You might as well say to dump IBM because their 1960's mainframes were not protected.
Microsoft has had the fix in place for a long time now. You might as well say to dump IBM because their 1960's mainframes were not protected.
2
Companies need to learn from the IRS how they do such a good job protecting tax return data from hackers. They must be under constant attack, but I have yet to see them report a breach.
61
You are on to something. Keep in mind however that it is hard to target IRS not because they know what they are there, but because they are using systems as old as when T-Rex ruled the earth. In other words, no hackers want to bother unless they really want something there.
4
LOL! That they don't report breaches doesn't mean they don't have them.
You actually think government would report such a thing, especially the IRS? What kind of wonderland do you live in?
You actually think government would report such a thing, especially the IRS? What kind of wonderland do you live in?
1
A friend of mine who once worked for the IRS told me that it used 9 different and incompatible computer systems.
1
One of the [many] perils of globalization in this world of technology being unmasked.
21
When you go to the hospital in the US, they most likely don't have your file, as competing health systems don't like to share. I don't know how dangerous this attack truly is.
6
I wish they shared info! I get sick and tired of filling out 15 pages every time I get a new physician.
2
It is the same in the UK. Hospitals don't share records easily, they are all using different EMR systems. This was 16 different hacks of 16 different NHS trusts or hospitals. This could happen in the US every bit as easily.
1
They do that even within a well integrated system. All of my doctors are in a system that allows the providers to access each others treatment files. I generally answer the 1st question with "See information on file" and ignore the rest, even when it nags me about why I left things blank.
I find it especially aggravating when they hand me paper forms at the clinic that I could more easily answered on my computer at home. One of my main symptoms is severe hand issues that make it truly painful to hold a pen, but I've become a pretty good 2 fingered typist.
I asked about this once and was told it was because not all patients have computers at home. They should be able to mark it as completed in my appointment information, and only give the paper forms out to those who haven't completed it on line.
I find it especially aggravating when they hand me paper forms at the clinic that I could more easily answered on my computer at home. One of my main symptoms is severe hand issues that make it truly painful to hold a pen, but I've become a pretty good 2 fingered typist.
I asked about this once and was told it was because not all patients have computers at home. They should be able to mark it as completed in my appointment information, and only give the paper forms out to those who haven't completed it on line.
What have we wrought with everything that's important on networks that are so vulnerable? This is the real downside of technology. We apparently don't even have paper backup files.
210
you don't need paper, just common sense data security both easy to implement and cheap to maintain. The disaster here is the failure of large public institutions to utilize well known readily available tools and data management processes.
We now collect way too much information to keep on paper.
1
I'm not big on conspiracy theories, or blaming everything on the Russians, but this article from earlier in 2017 (as well as other articles easily found on the web) points in the direction of the Kremlin attacking cyber infra systems such as hospitals.
http://fortune.com/2017/01/15/russian-hackers-2016-election-cyber-war/
http://fortune.com/2017/01/15/russian-hackers-2016-election-cyber-war/
20
Isn't it interesting that this happened just as things were really heating up for Trump.
3
Sounds like Russia was targeted as well.
I work at a local hospital in Rochester, NY. You should see the head scratchers running round with there arsses on fire..."what are these things called bitcoins and how many do we have?" Blahaha... HIPPA; we care so your medical history is safe with us.
30
I remember my student days at the U of R carting blue plastic crates of back up computer tapes - including from Strong Memorial Hospital - to off campus storage on a weekly storage routine. Even University wide payroll direct-deposit was on punch cards that I delivered to all the banks. As a Comp Sci student I pointed out the vulnerability of the crude system so they added an encrypted floppy to go along with the cards. Ironically that system was probably safer than what you guys have now! Oh, my supervisor got the credit for my suggestion - typical!
2
This is the future of warfare. Actually it is here now.
Imagine a cyber attack just upon all of the US's vehicle gas pumps alone?
The entire nation would shut down in a matter of days. It can easily happen.
As it could to our banking/credit card systems, energy grid, water supply, transportation, ISPs, 911/telecom, on and on. We are so technologically vulnerable at so many levels.
I hate having all of my medical records only on a computer, as if this were some sort of great advent here in MA. I keep a hard paper copy as well.
Imagine a cyber attack just upon all of the US's vehicle gas pumps alone?
The entire nation would shut down in a matter of days. It can easily happen.
As it could to our banking/credit card systems, energy grid, water supply, transportation, ISPs, 911/telecom, on and on. We are so technologically vulnerable at so many levels.
I hate having all of my medical records only on a computer, as if this were some sort of great advent here in MA. I keep a hard paper copy as well.
399
And it isn't warfare one can fight with walls and travel bans.
5
Yes--but your paper copy may not do you any good if it's not with you when you get hurt. And hospitals are no longer equipped to maintain paper copies themselves. Even if they were, finding and delivering paper copies of records would slow the whole process down dramatically--no doubt having a negative impact on medical outcomes.
2
yep, cyber much less expensive than using hardware that explodes
Hmmm... might be a case for each patient having their own chart/files on an independent USB drive. Kaiser health care makes them available. I'm sure other groups do too.
73
A USB drive is a Good idea!
2
This attack is approaching something like a cyber variation of 9/11. An individual or group of individuals is actively seeking to do physical harm to British citizens. Even if no one dies from hospital diversions, the loss of all medical history can do irreparable damage to a person's medical treatment going forward. I want to understand the motive fast.
My initial reaction suggests this is politically motivated. The ransomware is a useful tool and potentially an added bonus to the perpetrators but I feel like the ransom is ultimately a red herring. I seriously doubt any independent hacker would target a nation's essential services simply for financial reasons. The risk is too great. Anyone with any sense doesn't want British intelligence tracking them down for attempted manslaughter. There are much easier ways to make money on the internet.
No. I feel like something else is going on here. We'll have to wait and see the story develop.
My initial reaction suggests this is politically motivated. The ransomware is a useful tool and potentially an added bonus to the perpetrators but I feel like the ransom is ultimately a red herring. I seriously doubt any independent hacker would target a nation's essential services simply for financial reasons. The risk is too great. Anyone with any sense doesn't want British intelligence tracking them down for attempted manslaughter. There are much easier ways to make money on the internet.
No. I feel like something else is going on here. We'll have to wait and see the story develop.
79
Couldn't agree more. Notice that no one is talking about Trump anymore.
1
The fact that critical infrastructure remains connected to the public internet is beyond reason. It is, in fact, simply laziness. Using the public internet to interconnect facilities is simply easier than using a private wide area network. The network connecting the Pentagon to major defense contractors, and the major defense contractors to each other, is a private wide area network isolated from the public internet.
Critical infrastructure should be switched over to their own private "internets" which do not commune with the public internet. Those private networks should likewise not commune with each other unless there is a serious need.
This is not a 100% guaranteed solution, but it does eliminate all the "easy" attacks. It mostly leaves the "social engineering" attacks in which the hackers manage to convince the "non-technical" users to do something dumb in order to give the hackers a foothold inside the otherwise isolated network.
Critical infrastructure should be switched over to their own private "internets" which do not commune with the public internet. Those private networks should likewise not commune with each other unless there is a serious need.
This is not a 100% guaranteed solution, but it does eliminate all the "easy" attacks. It mostly leaves the "social engineering" attacks in which the hackers manage to convince the "non-technical" users to do something dumb in order to give the hackers a foothold inside the otherwise isolated network.
222
"The fact that critical infrastructure remains connected to the public internet is beyond reason." – I agree absolutely. Surely, there are ways to be protected against that kind of attack, especially hospitals! May this be a lesson for the gov. to act.
33
There is a difference between left and right. The fatal weakness of the left is usually incompetence, while on the right it is corruption. Not that they aren't usually combined.
1
I could not agree more. Why are critical systems connected to the I telnet. I work in the financial industry and I can tell you that NONE of our critical systems are connected to the Internet. It's just common sense.
2
The BBC is reporting that this is part of a much wider attack in such countries as the U.K., Spain, Italy, Portugal, Russia, Vietnam, Kazakhstan and Taiwan.
When they find the people who commit such crimes, they should just shoot them and save the trouble of trying then in a string of countries.
This is simply a frontal attack on society in general.
When they find the people who commit such crimes, they should just shoot them and save the trouble of trying then in a string of countries.
This is simply a frontal attack on society in general.
111
Since I am against the death penalty, may I suggest an alternative? Somewhere in the world's oceans, there has to be a small uninhabited island where we can dump those folks, along with picks, shovels and axes. And a few matches.
4
The island will not be big enough. Not nearly big enough...
1
I don't know what our country is doing about this general issue, but given the capabilities for data stealing and disruption of our political and business institutions that have been demonstrated to date and the much more serious potential attacks on critical systems that have not yet been launched, we better have a major strategy in place with active sustained support or there are bound to be very serious consequences down the road.
I suspect that there are only a few major state players doing these sorts of things. If it is shown that these attacks are the work of one or two countries, then I think it is time to elevate the seriousness of how we respond. This is starting to feel like a new type of real warfare, and if state-sponsored, then as much as I tend to resist most calls for war-like responses (not necessarily involving conventional weapons), that may be the only option to prevent these attacks from escalating into more dangerous breaches of critical systems.
I suspect that there are only a few major state players doing these sorts of things. If it is shown that these attacks are the work of one or two countries, then I think it is time to elevate the seriousness of how we respond. This is starting to feel like a new type of real warfare, and if state-sponsored, then as much as I tend to resist most calls for war-like responses (not necessarily involving conventional weapons), that may be the only option to prevent these attacks from escalating into more dangerous breaches of critical systems.
28
seem to recall that the IT was done by a US contractor. it failed first day at Addenbrooks. nothing new.
12
Addenbrook was installing Epic, an EMR company in the U.S., but the other NHS trusts are using different systems. There isn't one monolithic NHS IT system. This was 16 different hacks.
1
When are we going to quit being so squeamish? As in so many cases, this is not hacking, ,it is "assault with intent to do great bodily harm" or "capital murder during commission of a felony" (extortion and/or blackmail is a felony in every civilized country I know of and is a capital crime in those jurisdictions that still have the death penalty; generally a life sentence in the remainder). As long as these things are dismissed as some kind of hiinks, they will continue. When hospitals become targets, that should bring some clarity to any credible debate left on the subject.
135
In nearly all cases (not all), the attackers are outside the jurisdiction. Often in places very difficult to pursue them.
It is highly unlikely that an attack on NHS with ransomware would have been state sponsored. "Ransom" isn't something a large state would want to get involved in.
However Putin largely doesn't care if its happening from his empire. Putin has an interest in anything that disrupts the west, so if independent hackers are engaged in activities that disrupt the west from his empire then he'll largely view them as useful tools he doesn't have to pay.
China most likely will not view an attack on a health care system as acceptable. Offering to deal with other attacks are convenient cards China can use in international negotiations. However China will view an attack on a health care system as unacceptable. If they discover it was launched from China they'll deal with it in a quiet fashion.
It is highly unlikely that an attack on NHS with ransomware would have been state sponsored. "Ransom" isn't something a large state would want to get involved in.
However Putin largely doesn't care if its happening from his empire. Putin has an interest in anything that disrupts the west, so if independent hackers are engaged in activities that disrupt the west from his empire then he'll largely view them as useful tools he doesn't have to pay.
China most likely will not view an attack on a health care system as acceptable. Offering to deal with other attacks are convenient cards China can use in international negotiations. However China will view an attack on a health care system as unacceptable. If they discover it was launched from China they'll deal with it in a quiet fashion.
16
"China they'll deal with it in a quiet fashion."
Perhaps dealing with such things in "a quiet fashion" is part of the problem. Maybe the "dealing" should be "no holds barred" and quite public...
Perhaps dealing with such things in "a quiet fashion" is part of the problem. Maybe the "dealing" should be "no holds barred" and quite public...
1
Rather than trying to protect weak and crumbling IT systems with penalties, why not work towards good IT that is not as vulnerable?
This is what happens when non-tech people control I.T. Investment and maintenance. I feel for them.
144
As the former head of an IT department, let me say: Amen!
3
As an ex CIO, amen to that.
1
I agree wholeheartedly with your first sentence, but I do NOT "feel for them". It's willful ignorance. If you don't make the investment to maintain your car, it will eventually stop working, no?
I try to refrain from using the term "evil". However, these hackers have crossed into that territory. This truly is an act of evil people.
208
How appropriate it came straight from the US Govt then. Maybe someone should do something to stop our police state?
3
It's kind of a standard 1970's James Bond villain evil, though.
It's the hospital's fault for not knowing how to play on the internet, and to pretend that they don't have to upgrade or pay IT staff to help them with their online presence.
I'll bet a bottle of Glenfiddich 15 that some of the PC's of some doctors in some hospitals in NYC have external IP addresses and are directly on the net with no firewall.
I had one of those at a particular place in NYC, and I was in the IT department. I'll bet it hasn't changed.....
It's the hospital's fault for not knowing how to play on the internet, and to pretend that they don't have to upgrade or pay IT staff to help them with their online presence.
I'll bet a bottle of Glenfiddich 15 that some of the PC's of some doctors in some hospitals in NYC have external IP addresses and are directly on the net with no firewall.
I had one of those at a particular place in NYC, and I was in the IT department. I'll bet it hasn't changed.....
3
This is shameful. These psychopaths need to apprehended and sent to prison.
27
This is not mental illness. This is war.
3
The downside of technology dependence....
and of bitcoins. How long will it take for international banking to be brought to a halt...or national defense....or Federal or State or Local government or police?
Can't get rid of most, but we COULD get rid of bitcoins.
and of bitcoins. How long will it take for international banking to be brought to a halt...or national defense....or Federal or State or Local government or police?
Can't get rid of most, but we COULD get rid of bitcoins.
95
Charles, banning a new technology tool (Bitcoin) is certainly not the answer. I've spent a lot of time learning about Bitcoin and it's actually a great solution for the future. It needs a few years to get refined, but throwing that out because of hackers is missing the point. There will always be hackers and there will always be crypto currencies. The solution is better digital security, not banning payment methods that move away from central banker controlled fiat currencies.
2
Charles wants to ban it because one cannot tax it, such tolerance!
If you want to get rid of your bitcoins, send them to me.
As we continue to tell our employees, always 'think before you click'. Just takes one careless click to enable this type of attack.
55
Finding a weak link is SOOO easy.
7
"Think before you click" is inherently error-prone. Better to configure your computers to disable all links in email, and prevent access to u authorized websites.
19
Agreed, but so much of business mail involves links that implementing your idea would present impediments to communication. Similarly, my vote would be for a leader email to confirm the "sanctity" of any given message. I.e., "I am sending you separately, x, y and z." This would vouc for any accompanying message and relieve a little bit of worry.
But the crooks keep getting more adept. It takes time, but anything I receive from a "financial institution" gets checked out through the institution itself before opening. Tedious, but safe.
But the crooks keep getting more adept. It takes time, but anything I receive from a "financial institution" gets checked out through the institution itself before opening. Tedious, but safe.
2
This should be considered an act of war if it is state sponsored and terrorism if it is non-state actors.
361
Agreed. If it is state sponsored, then it is state sponsored terrorism as well.
14
War is not the answer.
Imprisonment and made to do public good is. Even if it's a President. Nobody should be above the law.
Imprisonment and made to do public good is. Even if it's a President. Nobody should be above the law.
5
That'd be all fine and good, but Tony Bliar and David Camoron have hobbled and dismantled a lot of our once great military forces here in the U.K.
6