Someone correct me if I'm wrong, but I understand that Microsoft offered a corrective patch long before this incident, but the NHS didn't bother to use it. If so, they got what they deserved.
Wouldn't simply having a routine back-up schedule solve the problem of ransomware attacks?
I worked for a clinical lab, circa 1987, which used a large mini-computer system and we did three full backups daily then (30 years ago!) which meant that any data loss (for whatever reason) would be measured in just a few hours of entries that could be rather easily reentered.
It's even simpler to back-up modern computers so that data can be restored if needed, and this should be assumed to be a necessity. Even I do routine back-ups to two cheap hard drives for my rather trivial home laptop and smartphone--with the added bonus that I still have everything even if my computer dies or is stolen.
Yes, there are other kinds of hacking dangers, but it seems to me that being held hostage to ransomware is merely an indication of very irresponsible IT practices, that would be both cheap and simple to permanently solve. Get with it, medical and business and university IT people!
I worked for a clinical lab, circa 1987, which used a large mini-computer system and we did three full backups daily then (30 years ago!) which meant that any data loss (for whatever reason) would be measured in just a few hours of entries that could be rather easily reentered.
It's even simpler to back-up modern computers so that data can be restored if needed, and this should be assumed to be a necessity. Even I do routine back-ups to two cheap hard drives for my rather trivial home laptop and smartphone--with the added bonus that I still have everything even if my computer dies or is stolen.
Yes, there are other kinds of hacking dangers, but it seems to me that being held hostage to ransomware is merely an indication of very irresponsible IT practices, that would be both cheap and simple to permanently solve. Get with it, medical and business and university IT people!
Don't blame the IT folks! Companies/hospitals/universities are not budgeting the proper amount of funds to support their IT infrastructure.
3
This ransomware attack did not affect computers running the current version of Windows (Windows 10) or computers running prior versions of Windows that had installed a security patch issued by Microsoft two months ago for older, but still supported, versions of Windows (e.g., Windows 7). Those running older, unsupported versions of Windows (e.g., Windows XP, which appears to be in use at the U.K.'s National Health Service), were not offered a patch in March, but had made a conscious decision to continue to run software that would no longer receive the benefit of security upgrades.
IT departments around the world should have been using the last 48 hours to push the patch (including the patch that Microsoft just released for older, unsupported versions of Windows) out to computers on their networks that didn't previously receive it. They also need to reexamine their procedures for installing security patches promptly and to consider the risks of continuing to run older, unsupported software.
There is no complete defense against hackers, but we should be using the tools that are available.
IT departments around the world should have been using the last 48 hours to push the patch (including the patch that Microsoft just released for older, unsupported versions of Windows) out to computers on their networks that didn't previously receive it. They also need to reexamine their procedures for installing security patches promptly and to consider the risks of continuing to run older, unsupported software.
There is no complete defense against hackers, but we should be using the tools that are available.
2
I read an article in the NZ Herald newspaper, this morning, and the writer seems to be blaming the NSA and the USA, saying the tactics it uses are now being used against the USA and the rest of the world.
I'm not too worried as I have ESET Security and I have the upmost trust in their security system because if the intruders ever try and hack into my notebook, ESET will put them into a stranglehold and they'll be gone burgers.
I'm not too worried as I have ESET Security and I have the upmost trust in their security system because if the intruders ever try and hack into my notebook, ESET will put them into a stranglehold and they'll be gone burgers.
I receive d a patent two years ago for a computer architecture that can block hackers.
I'm having trouble finding anyone who is interested in it.
I'm having trouble finding anyone who is interested in it.
1
soon we will hear that russians are holding our computers hostage until we agree to vote for their candidate.
1
Bitcoin clearly profits from crime. They should be forced to stop supporting criminals that are stealing money and causing suffering. How does this business--Bitcoin continue to operate? This is why all business needs to be regulated with laws and agencies. This is how government regulation of business should protect us. But this protection does not come free. That is why we all must pay our fair share of taxes to support our government. That includes our elected representatives.
2
Bitcoin is not a business it's a method.
1
I assume virtually all of the people targeted don't have a Bitcoin account.
The government can insist ICANN block all access to Bitcoin providers.
No ability to pay means no money to crooks.
In fact since the main use of Bitcoin is facilitating crime; close the websites down permanently.
The government can insist ICANN block all access to Bitcoin providers.
No ability to pay means no money to crooks.
In fact since the main use of Bitcoin is facilitating crime; close the websites down permanently.
2
According to reports published elsewhere, the specific vulnerability was a buffer overflow caused by an incorrect arithmetic operation. This is an error of a rather common type, likely to be found by methods in fairly common use for the last several years. The NSA might have discovered it earlier, and used it, but they did not use it in the way we saw beginning May 12.
Much of the vulnerable software is out of support (Windows XP and Server 2003). Microsoft issued patches for still-supported products on March 14, possibly after NSA notified them of it following Shadow Brokers' offer for sale of materials taken from them.
Lacking a buyer, Shadow Brokers published them on April 14. The technical press reported active exploitation of the vulnerability by April 21, contrary to most reports that last weekend was the first use. Users of currently supported Microsoft products had 8 weeks from patch issue, 4 weeks from vulnerability and related sample code publication, and three weeks from public knowledge of active exploitation. This should not have been a surprise.
Those still using unsupported vulnerable products, like the UK NHS, limited their options by skimping on upgrades and possibly by having inadequate technical and human information security programs. That is unfortunate, and they will need to reassess and correct their practices. That, and the need to apply software security changes promptly and regularly, should be the primary lesson here.
Much of the vulnerable software is out of support (Windows XP and Server 2003). Microsoft issued patches for still-supported products on March 14, possibly after NSA notified them of it following Shadow Brokers' offer for sale of materials taken from them.
Lacking a buyer, Shadow Brokers published them on April 14. The technical press reported active exploitation of the vulnerability by April 21, contrary to most reports that last weekend was the first use. Users of currently supported Microsoft products had 8 weeks from patch issue, 4 weeks from vulnerability and related sample code publication, and three weeks from public knowledge of active exploitation. This should not have been a surprise.
Those still using unsupported vulnerable products, like the UK NHS, limited their options by skimping on upgrades and possibly by having inadequate technical and human information security programs. That is unfortunate, and they will need to reassess and correct their practices. That, and the need to apply software security changes promptly and regularly, should be the primary lesson here.
1
The malicious software was STOLEN from NSA.
If they can't protect their servers what chance does an ordinary person have?
If they can't protect their servers what chance does an ordinary person have?
2
Where's the NYT guide for how to approach using our computers when the work week starts tomorrow? Both on Macs and PCs, some kind of guide would be great!
If you use Windows, install the security patches available from Microsoft.
1
Appguard by Blue Ridge systems locked my system down using FIM technology. No worries here!
Just a fantasy: let's just turn these hideous machines off and save jobs, the art of the spoken word and most of all, our sanity :(/(:
3
The hackers here will turn out to be Russians and it's a helping hand to their friend, Donald Trump, to get the focus of his firing of James Comey of the front page of the Times.
And it's WORKING.
And it's WORKING.
4
Besides keeping software up-to-date, regular backups are critical. Nobody could hold you to ransom if your data were backed up. More importantly, will somebody please explain to me why there can't be an "infrastructure fund" to help large, mission-critical institutions like health systems install adequate rolling backup systems? We certainly need this more than one more aircraft carrier...and probably the costs wouldn't exceed that of the carrier.
1
Theresa May claimed that the attack was not specifically targeting NHS, as it is spread allover the world. But there is a technical trick against. The hackers claim that after paying the ransom they will free the compromised PC, a process that is evidently specific, which entails specific intent. I can't give technical explanation.
Terrorists when they target a massive killing, they don't actually target all the mass, but few or one person, covered by the rest. No body knows the specific, at least in the public knowledge. The cover up always comes after math, the announcement of responsibility for some reason. That reason, for sure, doesn't disclose any real specifics.
The second point is that considering the cyber attack as a terrorist attack, more accurately a terrorist funding attack, the attacker must target deaths.
The third point is that most terrorist actions covers more than one purpose, like in this case collecting money and killing, in addition to political gain.
So, I guess British NHS was a main target. Was Populist May covering up?
Terrorists when they target a massive killing, they don't actually target all the mass, but few or one person, covered by the rest. No body knows the specific, at least in the public knowledge. The cover up always comes after math, the announcement of responsibility for some reason. That reason, for sure, doesn't disclose any real specifics.
The second point is that considering the cyber attack as a terrorist attack, more accurately a terrorist funding attack, the attacker must target deaths.
The third point is that most terrorist actions covers more than one purpose, like in this case collecting money and killing, in addition to political gain.
So, I guess British NHS was a main target. Was Populist May covering up?
1
This was a lucky escape. The next one will either demand 10x the amount of money... Or worse, not even offer to unlock the computers. Then what?
This is the face of future warfare. Crashing the infrastructure, the hospitals, vehicle and air traffic, news and media leaves the basic structure intact, but wreaks havoc on people's everyday lives.
It's interesting to note that our great leader, Donald Trump, who claimed to have "learned the Internet" in a matter of days, is surprisingly silent through this whole catastrophe. Once again, the emperor has no clothes.
It's interesting to note that our great leader, Donald Trump, who claimed to have "learned the Internet" in a matter of days, is surprisingly silent through this whole catastrophe. Once again, the emperor has no clothes.
5
The main issue here is that hackers somehow are able to collect money from their victims while remaining anonymous. These transaction should be covered by terrorist financing laws and financial companies facilitating these types of transactions should face serious consequences. No one will be doing it if you take away ability to earn money. The recent increase in cyber attack is mostly because of ability of attackers to collect money (i.e. bitcoin), rather than vulnerability of the IT systems.
2
My advice is to buy an Apple computer the next time. The company is known for security... and they make both the hardware and the operating system, so they work well out of the gate. This ransomware problem was a Windows exclusive.
Gamers and 'vertical software' users, like medical software, may need Windows for the present, but if possible bring Apple into your technology future for safety and quality.
Gamers and 'vertical software' users, like medical software, may need Windows for the present, but if possible bring Apple into your technology future for safety and quality.
This is why it's so important to spend money on IT. As we progress even further into the future it's critical that these companies take their digital security seriously. It is terrible what these bandits did, and it's horrible that these corporations are too stingy to upgrade their software.
2
Any computer system that is not in a Faraday cage with absolute physical isolation can be hacked. So that is why even the government security systems are vulnerable. However, it is an arms race and governments need to disseminate vaccines on a consistent basis to avoid pandemics. There is a reason these malware are called viruses.
2
Microsoft disseminated the "vaccine" for this virus two months ago. Those infected either didn't bother to install it or are using a much older system known to be unsupported.
"What we have here, is "abject" and "deliberate" failure to communicate", by our NSA, and it's partners in the Five Eyes Alliance, England, Canada, New Zealand, and Australia, failure to make the computer and software development people aware of the vulnerabilities in their products, because they fear loss of these doorways into the privacy of governments, corporations, and people, worldwide.
This is the way it is, and how it will continue to be, with some small concessions by this Alliance, so people are led to believe in the value of wholesale unfettered spying.
Personally, I do several things, including the following, strong rigorously selected passwords, use of a select non tracking site, such as Tor, and DuckDuckGo on occasion, no WiFi ever, no screen camera, a machine built by me, with power disconnected and modem disconnected after each use, and other things.
People need to be aware of the array of systems, government and privately owned, which follow their every on and off-line activity, in this no privacy at all new world, so some small measure of solace may be obtained.
Look up the following, Stingray, and names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus.
See following Intercept report -
https://theintercept.com/2015/12/17/a-secret-catalogue-of-government-gea...
This is the way it is, and how it will continue to be, with some small concessions by this Alliance, so people are led to believe in the value of wholesale unfettered spying.
Personally, I do several things, including the following, strong rigorously selected passwords, use of a select non tracking site, such as Tor, and DuckDuckGo on occasion, no WiFi ever, no screen camera, a machine built by me, with power disconnected and modem disconnected after each use, and other things.
People need to be aware of the array of systems, government and privately owned, which follow their every on and off-line activity, in this no privacy at all new world, so some small measure of solace may be obtained.
Look up the following, Stingray, and names like Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus.
See following Intercept report -
https://theintercept.com/2015/12/17/a-secret-catalogue-of-government-gea...
1
I hear Ted Kaczynski's shack is up for sale.
Upgrade to Windows 10 or use another operating system like Apple's or Linux.
Just don't use ancient Windows systems. Also, send all damage estimates to the National Security Agency.
Just don't use ancient Windows systems. Also, send all damage estimates to the National Security Agency.
2
Microsoft needs to be held financially liable for allowing it's defective products to go to market. You can be sure that these sort of events will happen less often when juries start awarding six, seven and eight figure awards to victims of an organized international crime network.
Microsoft's decision to stop supporting it's XP platform is itself criminal and probably caused this problem in the first place.
Microsoft's decision to stop supporting it's XP platform is itself criminal and probably caused this problem in the first place.
1
If we followed through with your suggestion, no software would ever be published, good or bad.
I feel that the fact that this hack originated due to NSA is a distraction from the more pertinent issue here, which is poor safety and security practices from tech users.
The fact that the hack came from NSA does not matter as this is, as far as I can tell, a run-of-the-mill kind of attack. It involved a malware and it involved insecure, poorly maintained computers, and some careless users who did not use any internet best practices and therefore fell for a phishing attack. These sort of attacks happen all the time, whether NSA created the malware or not. If they did not, someone else would have come up with something else for their latest attack.
If people keep their systems up-to-date and exercise caution on the internet, rather than downloading attachments from emails willy-nilly or clicking suspicious links, many of these attacks would never happen. But when big companies like FedEx or major government agencies like Britain's NHS don't keep their systems secure then these attacks are purely a matter of time.
Just like how you are more likely to get robbed if you never use a lock and secure your door.
The fact that the hack came from NSA does not matter as this is, as far as I can tell, a run-of-the-mill kind of attack. It involved a malware and it involved insecure, poorly maintained computers, and some careless users who did not use any internet best practices and therefore fell for a phishing attack. These sort of attacks happen all the time, whether NSA created the malware or not. If they did not, someone else would have come up with something else for their latest attack.
If people keep their systems up-to-date and exercise caution on the internet, rather than downloading attachments from emails willy-nilly or clicking suspicious links, many of these attacks would never happen. But when big companies like FedEx or major government agencies like Britain's NHS don't keep their systems secure then these attacks are purely a matter of time.
Just like how you are more likely to get robbed if you never use a lock and secure your door.
Any consumer using Microsoft should be alarmed ... A move to Apple makes much more sense ...
Companies have long put off the proper investment in web security. They get what they deserve. For them IBM and Oracle should be considered versus Microsoft.
Companies have long put off the proper investment in web security. They get what they deserve. For them IBM and Oracle should be considered versus Microsoft.
Wow. If bitcoin is the conduit for crime - you'd think they could involve themselves in the solution -
The internet services i.e. GOOGLE have a lot to answer for - film piracy, music piracy - now just plain bribe-acy.
Of course, they're not making any money in all this.
Oh - I guess they are. Congress? Mr. President? Time to clamp them DOWN.
The internet services i.e. GOOGLE have a lot to answer for - film piracy, music piracy - now just plain bribe-acy.
Of course, they're not making any money in all this.
Oh - I guess they are. Congress? Mr. President? Time to clamp them DOWN.
1
Any organization that relies close to 100% on computing for its business systems is walking a tight-rope to disaster. Whatever the organization, prudence dictates there should ultimately be good old fashioned manual systems available to kick-in under circumstances of disaster.
Sadly, too few organizations heed this pragmatic advice, and too many are susceptible. The advice is not new, and neither are the threats.
Technology infrastructure is an issue national defense, and hacking techniques are a tool of War. If you haven't noticed, a long overdue initial-first-step action has been taken by our government in this direction, see https://www.whitehouse.gov/the-press-office/2017/05/11/presidential-exec...
Individual users can help themselves to a limited degree- insist on using computers, devices, and providers that include free security updates as part of their service, learn how to protect yourself from phishing schemes and other common risks, maintain backups of your OS, apps and data. Educate yourself!
The key to watch for in the instance of this specific attack is what happens when the clock counts out. Does the lock simply remain in place? Does everything return to 'normal'? Are your files deleted? This will indicate seriousness of intent.
This is only the beginning, so take appropriate measures. It's going to cost you money one way or the other. This type of ransom attack actually suits some manufacturers. Blame Micro$oft.
Sadly, too few organizations heed this pragmatic advice, and too many are susceptible. The advice is not new, and neither are the threats.
Technology infrastructure is an issue national defense, and hacking techniques are a tool of War. If you haven't noticed, a long overdue initial-first-step action has been taken by our government in this direction, see https://www.whitehouse.gov/the-press-office/2017/05/11/presidential-exec...
Individual users can help themselves to a limited degree- insist on using computers, devices, and providers that include free security updates as part of their service, learn how to protect yourself from phishing schemes and other common risks, maintain backups of your OS, apps and data. Educate yourself!
The key to watch for in the instance of this specific attack is what happens when the clock counts out. Does the lock simply remain in place? Does everything return to 'normal'? Are your files deleted? This will indicate seriousness of intent.
This is only the beginning, so take appropriate measures. It's going to cost you money one way or the other. This type of ransom attack actually suits some manufacturers. Blame Micro$oft.
Hmm... How do we perform a CAT scan of this child's brain without technology? Hang on, I'm thinking.
This is the new face of warfare, yet there's one person missing in this story: Donald Trump.
How could this be? The man who claims to be such a great commander in chief is completely silent on the biggest story of the week. The poseur who has second-guessed Obama on every aspect of his presidency suddenly has nothing to say?
Is it because it doesn't involve him, or is it a subject about which the Donald is utterly ignorant? Is that even possible?
How could this be? The man who claims to be such a great commander in chief is completely silent on the biggest story of the week. The poseur who has second-guessed Obama on every aspect of his presidency suddenly has nothing to say?
Is it because it doesn't involve him, or is it a subject about which the Donald is utterly ignorant? Is that even possible?
NSA and DARPA already have the software technology to "hack-proof" IT systems. Our taxpayer dollars paid for this R&D- so we [U.S. citizens] should be allowed the same protections. Ultimately, they will license to private companies for next to nothing- who will then charge us an arm and a leg to purchase something we've already paid for..
12
And the company will be owned by some politician's daughter.
There needs to be an International Counter-Cyber Task Force--similar to Interpol--to identify, counter, and jail these criminals. As we are snow being, wirth the Digital Age: the Bad comes with the Good.
https://thetruthoncommonsense.com
https://thetruthoncommonsense.com
2
I can't believe that with the scope of this crime, which requires payment, even of bitcoins, can't be traced. It is one thing for small scammers like the fake IRS or fake microsoft support to exist, but here the software generates a payment method and gets back a decryption key. I'd think tracing this would be not only possible but trivial, and someone needs to be arrested and prosecuted, no matter where they are. Follow the money.
6
The main criminal element in all this is the incompetence of Microsoft engineers.
4
This is the biggest argument against nationalized medicine that I have heard in a while. Hospital need to run like businesses and business knew they had to invest is security.
4
America's large private health systems are far larger than the entire British system, for example. A single hack here would affect far more patients. This does not bode well for our private system of healthcare either.
Single payer!
Wake up America!
Wake up America!
Ummm... businesses like FedEx and Microsoft itself???
As near as I can tell, the problem here is people and institutions not doing security software updates to their computers and computer systems. If Microsoft tells you, "You need to do this," you need to do it. If Microsoft tells you, "You're OS is out of date, we're not going to protect it and you must upgrade in order to be safe," then you do it. I have very little sympathy for people who leave their doors unlocked and then are burglarized.
8
Well put JimBob. I can say that for some systems, like the one behind the hacked German train schedule, you may not want to enable automatic updates, as that may "break" the sign at some point.
"Funds totaling the equivalent of about $33,000 were deposited into several Bitcoin accounts associated with the ransomware, according to Elliptic, a company that tracks online financial transactions involving virtual currencies."
If the money received by the hackers can be tracked, why can't law enforcement find the hackers?
If the money received by the hackers can be tracked, why can't law enforcement find the hackers?
8
Maybe it's the WH or the K....
The most important reason for the pattern of spread of this malware is that those who have been affected were using outdated, and unprotected computers and systems. Windows XP, the system used by the UK hospitals was deployed more than 15 years old, and went out of support many years back. Entities that still wanted to run it despite the availability of more modern systems could work it out with the provider so that they would receive "patches" but the UK hospitals did not do even this minimal effort. It's the equivalent of riding around at 130 mph on a motorcycle, dismiss any maintenance requirements on the vehicle, and wear no helmet.
7
Maybe it's MS though...
How many billions or hundreds of billions of dollars are we spending every year on our security agencies? What will it take for taxpayers to see that our money is misdirected?
3
While it may be draconian, the simple way to stop this is to make incredibly strong penalties for cybercrimes due to how hard it is to catch the perpetrators. Cybercrime is attractive because the risk of being caught is so low. Therefore, if they are caught, life sentences should be in order. It's the only way to deincentvize cybercrime.
4
A big part of the problem is that too many software companies see security fixes as a profit center -- a way to force people to buy upgrades they don't need. Windows XP still meets the needs of millions of people.
If software companies were legally obligated to free upgrades -- with new funcionality disabled unless the customer pays for it -- then we'd all be much better off, including the software vendors.
If software companies were legally obligated to free upgrades -- with new funcionality disabled unless the customer pays for it -- then we'd all be much better off, including the software vendors.
9
The NSA did it.
3
Julian assange?
How does one go about paying a ransom via bitcoin? Is that not in and of itself trackable? What does the "unknown" creator(s) of bitcoin have to say?
5
I've heard you can go on the "dark net" and buy anything with bitcoin.That includes all the illegal drugs, guns, ammunition, you name it. So it can be regarded as a crime currency.
My wife is into coupons. It takes all kinds.
My wife is into coupons. It takes all kinds.
7
Google is your friend. There's a wealth if information that answers all of of your questions.
1
This only effects Windows. If you have Mac it does not ( yet) effect you.
Also, if you use paper or a non-internet connected computer, as we do in our office, you are pretty safe. We also use only Mac.
Also, if you use paper or a non-internet connected computer, as we do in our office, you are pretty safe. We also use only Mac.
4
Why am I not reading anything about the authorities tracking down and arresting these criminals?
I want to see the perp walks.
I want to see the perp walks.
1
There is actually little in the reporting, in newspapers, on TV, on the 'net, about this attack, that makes sense. For one, it seems a lot of the "reporters" doing these stories have no clue about cyber attacks and malware, for another, I think the security services involved aren't talking. The whole story about the kill switch and the unregistered domain name is completely nonsensical. But not publicizing, for now, what and how, is probably a good thing, the explanations can come later. In my experience, most ransomware is fakeware, and can be defeated by simply immediately powering down the system, without doing or touching anything except the on/off button, then resetting all network devices.
I know a woman with no computer,cell phone,or cable tv. I used to think what a fool, boy was I wrong.
13
I'm pretty sure having cable TV doesn't leave a person particularly vulnerable to ransomware, but otherwise, good point. But, hey, what do I know?
1
I have been working on computers and with software for about 40 years.
The average "computer" (this includes smartphones, tablets, etc) user has no idea how to keep all their data and devices secure.
As this current episode once again illustrates, even many organizations either don't have the expertise or the will to keep their devices and data secure,
It's nuts.
The average "computer" (this includes smartphones, tablets, etc) user has no idea how to keep all their data and devices secure.
As this current episode once again illustrates, even many organizations either don't have the expertise or the will to keep their devices and data secure,
It's nuts.
10
The involvement of the young British tech in stopping the whole attack is buried deep in this article.
15
Under Trumpkin's watch.
I would not be one bit surprised if "he and his" orchestrated this.
He must be held accountable.
I would not be one bit surprised if "he and his" orchestrated this.
He must be held accountable.
1
Well, since the malware was leaked during Obama's regime, I d say it's more on him.
4
Run your Windows PC as a 'limited' account instead of an administrator. Simple.
1
An apple a day keeps the hacker away.
7
Villon would like this one very much!
Cyberattacks are the real threat (not some future scenario) that endangers our economy, civic and individual safety. But instead of leaders who ready to deal with the real problems we face now, we have two old men born almost a century go: Trump and Sessions--I hate to break it to them but neither wall the whole length of the country or Muslim ban is going to keep out cybercriminals.
12
Putting this to this administration makes no sense, when are the consumers going to say enough is enough? When are companies going to suffer the consequences of providing shoddy systems to consumers, that only a dedicated expert hardening them and keeping them up to date constantly?
1
good thing for the nsa: the costs for disasters like this don't even have to be included in the risk-benefit analyses they perform before deciding wether to keep vulnerabilities to themselves.
2
Maybe it's time for a cabinet-level post to deal with all issues of cyber security.
6
I am not sure if this is sarcasm, but there was a cyber expert advisor during the Obama years when all of this cyber warfare got off to a flashy start. (Google opm database hack)
3
trump appointed rudy giuliani to deal with this
4
This is a stark reminder that any weapon that is invented can be turned against you because the opposition will either find ways to get hold of it, or reinvent it. Whether it's the nuclear bomb, the computer virus which disabled Iranian reactors (stuxnet), or now NSA infiltrating tools. No one should imagine themselves to be sole possessors of anything, esp powerful weapons.
9
After months of us America accused Russia of some minor hack of the DNC computer system and John Podesta's email account, now this major global cyber attack happens going right back home to America to the Obama NSA to a group called the Shadow Brokers who stole this material back in 2013 and soon all the world will be pointing at us at America at the NSA and Microsoft for the cause of this disaster. I'd nominate Edward Snowden to run the NSA.
6
For homeowners: never have anything on your PC worth $300, and never do on-line banking. Probably just give the whole thing up. I know its tough, I just quit coffee and wine.
14
No, backup, backup, backup and backup off line.
1
Well I suppose since we rolled back the clocks with Trump elected, guess that would mean no longer online banking too.
Didn't NSA fave Snowdon say this would happen/was happening? Hey, Nostradamus...
4
Trump Inc. is a "ransomware" attack on the GOP. Say it isn't so, Joe. Say it isn't so...
According to readily available reports a group called the Shadow Brokers published a broad list of the (NSA) tools in their possession in January, hoping to auction them off, the NSA moved quickly. These NSA Tools malware, Spyware, origin masking programs were in fact created and lost under Obama.
"These NSA Tools malware, Spyware, origin masking programs were in fact created and lost under Obama."-B Da Truth
So, that makes it..the NSA's fault, right? This isn't all that hard, once you stop push-guilting everything that happens under someone's watch. Hey, my windshield caught a rock! Trump is in office. Typical!
So, that makes it..the NSA's fault, right? This isn't all that hard, once you stop push-guilting everything that happens under someone's watch. Hey, my windshield caught a rock! Trump is in office. Typical!
1
The NSA warrantless surveillance controversy ("warrantless wiretapping") concerns surveillance of persons within the United States during the collection of allegedly foreign intelligence by the U.S. National Security Agency (NSA) as part of the touted war on terror. Under this program, referred to by the Bush administration as the terrorist surveillance program,[1] part of the broader President's Surveillance Program, the NSA was authorized by executive order to monitor, without search warrants, the phone calls, Internet activity (Web, e-mail, etc.), text messaging, and other communication involving any party believed by the NSA to be outside the U.S., even if the other end of the communication lies within the U.S. However, it has been discovered that all U.S. communications have been digitally cloned by government agencies, in apparent violation of unreasonable search and seizure.[citatio
These Bots are mostly about making money not getting someone elected to office. Bots don't vote. Ignorant people do.
4
The Obama NSA created this malware monster and then lost it to hackers along with several other equally dangerous programs including one that allows for the complete hiding of an email's origin, as was reported several weeks ago. I guess they were too busy unmasking Trump associates and blaming Russia for an insignificant hack of the DNC server and John Podesta's email account.
1
You know, the word you keep using "insignificant" is just insulting to Americans' intelligence.
4
Even taking your computer to Geek Squad is helpful. Sometimes a minor tweak is what it needs. Reboots and using the computer restore function are always recommended.
I guess the president has been too busy bashing his critics to weigh in on this momentous occurrence. This is probably the most ominous scramble since the important election in France.
After having an enormous sycamore tree taken out of my back yard, I have a new perspective. Do what your can. Keep up. Stay alert. Trust expertise.
It does appear America itself is wakening up to a new reality. The guy they picked over Hillary is not so great. He had these older voters who supported him. No new coal mines opened, no new factories opened, trade deals remain, man environmentally active fishermen/hunters unhappy to see Trump allowing pollution, fracking, or other destruction.
Add on firing a 30 year experienced FBI employee out of the blue by letting him see his dismissal on television--- not cool ---whether you liked or disliked Comey.
As outspoken and very cool journalist Matt Taibbi said---the presidential election campaign was really just a badly acted, billion-dollar TV show – and Donald Trump was making a mockery of it.
Same with his presidency, I think we would all agree President Obama would have had not only a comment on this massive hack, but would have taken the time to reassure us as to our own cyber-security.
Last I heard Trump put the chaotic Rudy Giuliani in charge of it??
I guess the president has been too busy bashing his critics to weigh in on this momentous occurrence. This is probably the most ominous scramble since the important election in France.
After having an enormous sycamore tree taken out of my back yard, I have a new perspective. Do what your can. Keep up. Stay alert. Trust expertise.
It does appear America itself is wakening up to a new reality. The guy they picked over Hillary is not so great. He had these older voters who supported him. No new coal mines opened, no new factories opened, trade deals remain, man environmentally active fishermen/hunters unhappy to see Trump allowing pollution, fracking, or other destruction.
Add on firing a 30 year experienced FBI employee out of the blue by letting him see his dismissal on television--- not cool ---whether you liked or disliked Comey.
As outspoken and very cool journalist Matt Taibbi said---the presidential election campaign was really just a badly acted, billion-dollar TV show – and Donald Trump was making a mockery of it.
Same with his presidency, I think we would all agree President Obama would have had not only a comment on this massive hack, but would have taken the time to reassure us as to our own cyber-security.
Last I heard Trump put the chaotic Rudy Giuliani in charge of it??
11
Why is Microsoft not responsible for identifying Windows vulnerabilities? Why are they not responsible for providing updates for their products indefinitely?
9
Microsoft stopped providing updates to XP because the vulnerabilities are not securely patchable(old code). Old code in firmware and software will remain the go to for hackers. Anybody still using XP chose profit over security. Upgrading XP to meet current security standards is like making a Model T meet current crash standards.
6
Susu, every purchase is a vote. #POTUS45. How's it going?
This should be a clear message to anyone in the USA That wants a government run health care system. Patient data accessed with Windows XP, you have to be kidding me. This is what happens when the government runs things.
3
"This is what happens when the government runs things."-Fred burns
This is what happens when taxpayers whine about what good [stuff] costs.
This is what happens when taxpayers whine about what good [stuff] costs.
2
FedEx and Renault are government agencies?
4
Medicare and social security are government run and perform admirably. Admittedly the armed forces are an unmitigated disaster. Agree not all government programs are successful . We lose all wars. War on poverty, war on drugs... But to entrust public services to big business whose culture is that of rapacious greed is not what I would favor.
11
Perhaps one reason upgrades get delayed is that automatic updates can't be used in some environment, because they usually require a reboot. I can't have the 2.1m telescope control system on Mt. Locke stop at 3am or 3pm, no matter what the OS - Linux, OSX, or Windows - while an upgrade forces a reboot. There never seems to be a good time, and some upgrades take an hour with multiple reboots and firmware updates. Presumably, those with the financial and computing resources - like the NHS - can use virtualization and failover products to seamlessly switch services so that updates aren't disruptive.
4
Yeah, well, upgrade your OS, install security updates, and back up your data.
I don't for a moment justify the criminals who did this, but organizations that don't take precautions every granny knows about have only themselves to blame for being so vulnerable.
I don't for a moment justify the criminals who did this, but organizations that don't take precautions every granny knows about have only themselves to blame for being so vulnerable.
10
Grandma here. I could unstick my typewriter keys, but this stuff is above my paygrade.
11
"... but organizations that don't take precautions every granny knows about have only themselves to blame for being so vulnerable."-Josh Hill
EVERYTHING is YOUR fault! I think that's in The Bible/Qu'ran...whatever fatuous handbook for Humanity. Maybe we should update them, instead?
EVERYTHING is YOUR fault! I think that's in The Bible/Qu'ran...whatever fatuous handbook for Humanity. Maybe we should update them, instead?
1
They can be tracked down in time. The FSB, since Russia suffered the most, should be allowed a free hand in handling these terrorists and their protectors, did I mention their friends? I should. When there is a price to be paid only a few will be willing to pay it. And If it's not the FSB, then whichever country wants to should feel free. Far too much time, money and trouble disrupting peoples lives has been spent on this.
4
Who needs Season 3 of Mr. Robot when all the world's a cyber-thriller?
At some point even one of those vulnerability fixes from MS will be a trojan, if the ultimate backdoor isn't already built in to Windows somewhere.
It's rather genius when you think about it, ransoming the entire world at once with a single spam under threat of encrypting everything irretrievably.
That “400-pound guy” who hacked the DNC certainly outdid himself this time.
At some point even one of those vulnerability fixes from MS will be a trojan, if the ultimate backdoor isn't already built in to Windows somewhere.
It's rather genius when you think about it, ransoming the entire world at once with a single spam under threat of encrypting everything irretrievably.
That “400-pound guy” who hacked the DNC certainly outdid himself this time.
7
Reason #4332 not to use Windows. Wouldn't it just be easier to use Mac OS? It's not perfect, but fastly more secure than Windows. I work in the enterprise, and there are constant problems with Windows-based PCs. Constant. I have used Macs in my personal/small business life for years and I have never had issues in any capacity beyond hardware failure. When will business realize that the constant security threat isn't worth it and just use Macs?
6
If my understanding is correct, Mac OS is only more secure because it's a smaller target. Windows computers are used by the vast majority of world enterprises, thus the prize for a hacker is much larger than just targeting those using Mac OS. Which would you choose?
2
I agree, but watch what you wish for (or advocate)- if Macs were more popular, they would become the new adware targets.
1
When there are more Macs, the hackers may get interested in hacking them. They are NOT unhackable, just small potatoes.
7
Unlike Lawyers, Doctors, Accountants, Actuaries, and Podiatrists, no professional accreditation is required for the people who maintain our computer systems.
As a result, employers exploit ill trained individuals, who are worked to the bone, and never have a chance to maintain proper security on the systems they are "responsible" for.
And, of course, Microsoft's expensive software is actually very defective, requiring a great deal of attention.
The result is a "Perfect Storm" scenario - which is why the world just got hit hard.
As a result, employers exploit ill trained individuals, who are worked to the bone, and never have a chance to maintain proper security on the systems they are "responsible" for.
And, of course, Microsoft's expensive software is actually very defective, requiring a great deal of attention.
The result is a "Perfect Storm" scenario - which is why the world just got hit hard.
13
CISA, CISSP, ITIL, CRISC, the list goes on and on. The problem is not with accreditation, but rather with management's risk appetite.
2
the BBC is reporting a sole individual hacked the hack and found the "kill switch", on his day off! Knighthood awaits you young man.
13
Thank god we have President Trump at the helm - he'll know how to handle this.
All kidding aside, this obviously is what happens when the NSA and the military create bad stuff- malware, drones, robot soldiers and all the rest of the evilness from our worst nightmares: it all escapes into "the wild" and then comes back to haunt us.
Instead of developing these terrible weapons to begin with, why not just develop defenses against them? Everybody still keeps their jobs, but at least we're not the ones stabbing ourselves in the back.
All kidding aside, this obviously is what happens when the NSA and the military create bad stuff- malware, drones, robot soldiers and all the rest of the evilness from our worst nightmares: it all escapes into "the wild" and then comes back to haunt us.
Instead of developing these terrible weapons to begin with, why not just develop defenses against them? Everybody still keeps their jobs, but at least we're not the ones stabbing ourselves in the back.
5
In all of my years of computing - that's since 1978 - I was hit by malware only once. For about five minutes. It was long before on-access scanners were available. My computer had slowed down playing "Civilization II" (remember?). I immediately noticed the slowdown, ended the game, rebooted the computer from a floppy (google it...) and found the virus.
I later determined that it had come from the boot-sector of another floppy a colleague gave me that contained his studies on - will you believe it? - computer viruses. That was my first - but not last - encounter of malware from people who should've known better.
These days things are a lot, lot more complicated. But the basic sentiment hasn't really changed: "What, ME worry?" (Alfred E. Newman). I hate that way of thinking. I have to correct it on the job a lot, which means I'm out of a job a lot of time :-)
Look, it's very easy:
1) Get a good OS like Linux
2) If you really need Windows at least keep it up-to-date
3) Get (and update!) a good virus-scanner
4) Get (and update!) a good firewall (hard- or software, hard=better)
5) Don't be an idiot by clicking on everything you see, like, want...
6) Get a good browser (Firefox), don't use the "main target"
7) Use the addons NoScript, CookieMonster and Flashblock in FF
8) Get a good mailer (Thunderbird), don't use the "main target"
9) THINK! (an old IBM slogan, still relevant today...)
You don't need to be a "victim of technology". Just do what's right.
I later determined that it had come from the boot-sector of another floppy a colleague gave me that contained his studies on - will you believe it? - computer viruses. That was my first - but not last - encounter of malware from people who should've known better.
These days things are a lot, lot more complicated. But the basic sentiment hasn't really changed: "What, ME worry?" (Alfred E. Newman). I hate that way of thinking. I have to correct it on the job a lot, which means I'm out of a job a lot of time :-)
Look, it's very easy:
1) Get a good OS like Linux
2) If you really need Windows at least keep it up-to-date
3) Get (and update!) a good virus-scanner
4) Get (and update!) a good firewall (hard- or software, hard=better)
5) Don't be an idiot by clicking on everything you see, like, want...
6) Get a good browser (Firefox), don't use the "main target"
7) Use the addons NoScript, CookieMonster and Flashblock in FF
8) Get a good mailer (Thunderbird), don't use the "main target"
9) THINK! (an old IBM slogan, still relevant today...)
You don't need to be a "victim of technology". Just do what's right.
10
Too bad the hackers didn't delete all the records and amounts due on student loans.
11
It is now supposed by the researcher you reference that the IP address was not a kill switch but a tool to avoid examination in an analysis environment.
The hackers are obviously intelligent, too bad they don't put their skills to good use making an honest living in IT.
2
And, get laid off because of budget cuts?
2
Perhaps if we started hanging anyone engaged in such activity there would be less attacks. Time we started treating this sort of activity more seriously.
2
Thanks for daring to be the first one to express this emotion. As for me, my outlet is hoping someone out there is writing a juicy crime novel about a good serial killer who only targets hackers.
1
Why not put those kinds of unaccountable people in charge? Oh, wait a minute...
Hire a thief to catch a thief. Uh, hello, is Anonymous there?
3
I gave up. I've been drummed out of the network and security expert corps for being too honest. I was getting dinged on annual reviews for being too gung-ho and always willing to educate the clients and management on the many ways that what they want and are asking me to do, and what is best for the security of the data, are not in alignment. Up to and including offshoring the technical support and giving the keys to everything to contracted strangers who barely speak english and who have no vested interest in protecting the data. Our bottom lines and acquiescence to the need for higher dividends have brought this on. I've chucked smartphones--using the most obsolete but usable phones I can find. I don't even want to go back to that line of work. I pay cash for nearly everything. Eventually I will cut the internet cord in the same way that I have cut the cable cord because television had become an obnoxious intrusion. In the case of the internet, what is not already compromised, will be compromised eventually.
11
If computer users could be a little less stupid, maybe much of this spreading of ransomware would cease. Stop opening attachments to e-mails when you don't know the sender. The trouble is there are still too many people out there who think they are going to receive a cut of that $20 million from the barrister in Nigeria.
And put an end to this BitCoin garbage. You have to be an idiot to pay or receive payment by this so-called currency.
And put an end to this BitCoin garbage. You have to be an idiot to pay or receive payment by this so-called currency.
7
money transfer that don't feed the banksters, garbage!
which bank are you working for?
which bank are you working for?
Seems to me that internet service providers could stop a lot of these viruses before they reach us. One thing for sure, anti-virus companies like Norton must be laughing to the bank.
3
Why bother "sharing your thoughts"? By the time they get around to moderating them, they will release so many at one time your thoughts will be buried and nobody will see them.
7
I am waiting for the Trumpian tweet that that this NSA malware was hacked during the Obama administration.
2
It was created and hacked under Obama.
1
The NSA warrantless surveillance controversy ("warrantless wiretapping") concerns surveillance of persons within the United States during the collection of allegedly foreign intelligence by the U.S. National Security Agency (NSA) as part of the touted war on terror. Under this program, referred to by the Bush administration as the terrorist surveillance program,[1] part of the broader President's Surveillance Program, the NSA was authorized by executive order to monitor, without search warrants, the phone calls, Internet activity (Web, e-mail, etc.), text messaging, and other communication involving any party believed by the NSA to be outside the U.S., even if the other end of the communication lies within the U.S. However, it has been discovered that all U.S. communications have been digitally cloned by government agencies, in apparent violation of unreasonable search and seizure.[citatio
This was only one of several very powerful NSA cyber weapons created under the Obama administration and lost to hackers as was reported just several weeks ago, more of them are out there as well, including one that allows the complete masking of an email’s origin, they all have cute little names.
Thanks Obama , Thanks NSA you weren’t able to destroy Trump, but you’ve now destroyed computer systems around the world, and I’m supposed to hate the Russians.
Thanks Obama , Thanks NSA you weren’t able to destroy Trump, but you’ve now destroyed computer systems around the world, and I’m supposed to hate the Russians.
2
First: The point is not to hate all Russians. The point is to recognize that one Russian named Vladimir Putin holds a massive festering grudge against Western democracy and takes pleasure in doing things that destabilize and polarize free Western countries.
Second: Trump, on the other hand, wants us to fear Muslims in general.
There is no Muslim or any other kind of travel ban that can protect us from a cyberattack.
Second: Trump, on the other hand, wants us to fear Muslims in general.
There is no Muslim or any other kind of travel ban that can protect us from a cyberattack.
3
Hackers do something worthwhile like shutting down Trump's twitter feed.
8
Whats-a-face Huckabee said she was getting all kinds of responses from FBI employees that morale was a disaster due to Comey. Could it be that she was bombarded by fake emails?
2
We need international kill squads for hackers like these. Once identified, the UN meets, votes on countermeasures and kill squads are activated, seek them out and put a bullet into their brain stem.
Do that a couple of times, publish the images of the bullet holes and their proprietors online and these attacks will stop.
Guaranteed!
Nothing else will work. Put 007 to good use.
Do that a couple of times, publish the images of the bullet holes and their proprietors online and these attacks will stop.
Guaranteed!
Nothing else will work. Put 007 to good use.
6
Guaranteed!, just like the death penalty stopped murder!
2
Well, this kind of stuff may already have amounted to mass murder. Almost certainly, patients will have died as a result in England or somewhere else. This is not murder, this is terrorism and mass murder. Finger wagging won't work, this requires more drastic measures.
2
How did an NSA-built cyber weapon get in the hands of anyone outside the NSA? This is mystifying and certainly scary.
I hope they catch those responsible because in the case of hospitals, this is life-or-death stuff. It was clearly an intentional attack, so there is a lot of thought that goes into launching an attack.
It seems to me that if, by crippling a hospital's records, someone loses their life, then this would represent first-degree murder.
I'm just at a loss at how our cyber-security experts at the NSA can let this code get out. It's like losing control over a nuclear weapon.
I hope they catch those responsible because in the case of hospitals, this is life-or-death stuff. It was clearly an intentional attack, so there is a lot of thought that goes into launching an attack.
It seems to me that if, by crippling a hospital's records, someone loses their life, then this would represent first-degree murder.
I'm just at a loss at how our cyber-security experts at the NSA can let this code get out. It's like losing control over a nuclear weapon.
7
Does this mean that nuclear weapon systems around the globe are vulnerable to theft and ransom by cybercriminals?
Hopefully, the answer is no, but I know to never say never.
Hopefully, the answer is no, but I know to never say never.
3
The reason they cannot infiltrate the nuclear arsenal is that it runs on 1960's systems; i.e. tape drives and fortran. However, I assume Trump will soon fix that.
Unfortunately, it's a bit closer to home. Do you like electricity, or natural gas for the conveniences of modern life? It seems remote when hospitals are brought to a standstill, heck it's happened in the USA and is never reported on and there is little outrage to follow what little reporting on it there is. Just think about the vulnerable electrical grid, and all of the companies that you depend on for technology who have bulged up their bottom lines and dividends to shareholders, and have little interest in the cost and strategies for selling secure systems that are not prone to automated attacks. In short, we all trust the wrong companies for all of the wrongs reasons, and we are not outraged and are not voting these companies out of business with our dollars, when they are being hacked and owned by hacks all of the time. Who remembers that in 2015 we learned that all of the security clearances for the past 35 years fell into the hands, ostensibly, of the Chinese? No one cared then, why all this outrage now? Why not punish the companies who get it wrong every time by their corporate culture and cost savings? Instead, they are continually propped up by good press, so that the shareholder is not left holding the bags of pennies on the dollars.
2
Sent by email in the first instance? From what email address(es)?
William Binney, ex NSA exec created the agency’s mass surveillance program for digital information, served as the senior technical director within the agency, managed six thousand NSA employees, wrote for Zerohedge.com:
" intelligence services intentionally create digital vulnerabilities, then intentionally leave them open … leaving us exposed and insecure."
He correctly calls it a swindle of the taxpayer: "First, they find or create weaknesses then they don’t fix these weaknesses so we are all vulnerable to attack. Then, when attacks occur, they say they need more money for cyber security."
The agencies say: "we need to collect everything to stop terror and because to collect everything takes lots and lots of money. So when the terror attack occurs, they say they need more money, people and data to stop terror."
It's a con-job, a swindle of the public. The latest swindle? “The Russians did it. This is an effort to start a new cold war which means more money for defense spending, a bigger military - yet another swindle of US tax payers."
The meme being pushed for months now is the phony Russian's story - collusion, hacking, joint ops with Trumps folks…all because the Hillary Brand® lost what was supposed to be a slam dunk victory. When Wikileaks revealed the corruption within the DNC, it's been an attack dog war to blame Trumps victory on the Russkies. It's another con job, a swindle of the gullible, and I don't even like Trump, nor voted for him. But the money will flow.
" intelligence services intentionally create digital vulnerabilities, then intentionally leave them open … leaving us exposed and insecure."
He correctly calls it a swindle of the taxpayer: "First, they find or create weaknesses then they don’t fix these weaknesses so we are all vulnerable to attack. Then, when attacks occur, they say they need more money for cyber security."
The agencies say: "we need to collect everything to stop terror and because to collect everything takes lots and lots of money. So when the terror attack occurs, they say they need more money, people and data to stop terror."
It's a con-job, a swindle of the public. The latest swindle? “The Russians did it. This is an effort to start a new cold war which means more money for defense spending, a bigger military - yet another swindle of US tax payers."
The meme being pushed for months now is the phony Russian's story - collusion, hacking, joint ops with Trumps folks…all because the Hillary Brand® lost what was supposed to be a slam dunk victory. When Wikileaks revealed the corruption within the DNC, it's been an attack dog war to blame Trumps victory on the Russkies. It's another con job, a swindle of the gullible, and I don't even like Trump, nor voted for him. But the money will flow.
2
penny wise but pound foolish.
The NSA, which created this malware, can't keep its dangerous cyberweapons from thieves, and everyone is blaming Microsoft instead?
1
Next headline: "US military's nuclear launch codes hacked." Duck and cover.
2
The NSA lost control of one of its WMDs and it has now been unleashed upon the world. Isn't that the real story here?
3
The article mentions "several Bitcoin accounts associated with the ransomware." If enough is known about those accounts to inform us that $33,000 has been deposited into them, why can they not be found and seized and the money returned to the victims? If there are technical impediments, what are they? If the impediments are legal, let's take prompt action to change them. At the moment what we're mainly seeing is hand-wringing.
1
These are all good questions. However, the entire point of Bitcoin is that the things you mention are impossible. The only way to get control of the wallet is to have the wallet's password, which is known only to the owner. Conversely, anyone who has the password controls the bitcoins and can spend them. The wallet does not exist as a physical entity, so it cannot be seized.
1
Since I am not a tech wiz I don't understand how the money can be collected without their being any trace. Old fashion ransom usually didn't work because the logistics of the money transfers were difficult to make work. If anyone has a simple answer hit reply and tell me....I'll check later...Thanks
2
After many years of neglect of national cyber security and lax security at the nation's security services, restoring security will be a very hard task, made even more difficult by the lack of consequences for irresponsibility.
There was an interesting American Experience documentary recently on about Bonnie and Clyde. It attributed much of their success at eluding capture to Clyde's driving skills and the development of Ford's powerful V8 engines in the cars Clyde always stole to getaway faster than the police in. Times haven't changed much.
1
The exercise of Second Amendment rights is of no value against cyber terrorism.
1
How are payments for ransom made? It would seem there would be a way to trace where the funds go and shut things down at that end. Can't the N.S.A. or another agency place code in a payment or set up a dummy account whose payments could be traced?
I realize that the big banks are essentially vast criminal cartels whose execs pay no penalty for criminal activities (e.g. Wells Fargo's several million dummy accounts in real Americans' names), but isn't there some point at which our government will take them on, will force cooperation to prevent ransomware laundering, illegal arms sales payments, and the like?
Or is our government too busy protecting us by sending out tweets about Rosie O'Donnell?
I realize that the big banks are essentially vast criminal cartels whose execs pay no penalty for criminal activities (e.g. Wells Fargo's several million dummy accounts in real Americans' names), but isn't there some point at which our government will take them on, will force cooperation to prevent ransomware laundering, illegal arms sales payments, and the like?
Or is our government too busy protecting us by sending out tweets about Rosie O'Donnell?
3
I eagerly await the day when my robot car refuses to unlock the doors until I pay a hacker $300 in Bitcoin.
2
"Open the pod bay doors, HAL." Was Bitcoin all he ever wanted?
3
Why is there any discussion going beyond why the NSA was so vulnerable to invasion?
3
Sure seems like a timely hack for getting Trump out of the headlines a bit. Anyone check the Russians' activity?
2
Is there any reason that the world should continue to allow anaonymous money like BitCoin to continue to exist? It just enables criminals like these.
Why exactly did WikiLeaks post this hacked NSA/CIA information? Was it to help the world or hurt the world? I think every cybersecurity force in the world should hack down WikiLeaks and anything like it.
A free internet certainly has a downside.....
Why exactly did WikiLeaks post this hacked NSA/CIA information? Was it to help the world or hurt the world? I think every cybersecurity force in the world should hack down WikiLeaks and anything like it.
A free internet certainly has a downside.....
5
I use bitcoin and Im no criminal. In fact, I believe bitcoin can be used to unite the world under a single currency.
Besides, before bitcoin there was still wire transfers, western union, and of course dropping bags of money off of helicopters and onto hijacked ships.
Also, many ransomware people dont even use bitcoin to get their money. They use iTunes cards and those kinds if things.
Besides, before bitcoin there was still wire transfers, western union, and of course dropping bags of money off of helicopters and onto hijacked ships.
Also, many ransomware people dont even use bitcoin to get their money. They use iTunes cards and those kinds if things.
It would even be better to eliminate all currency. Just think how difficult it would be for the hackers to hide if they were paid in heads of cattle.
2
Hard to believe there are no comments on this article! Given the vastness of computer usage by hundreds of millions of people worldwide!!! That being the case, at this time of course, I'll give some advice, on keeping your electronic data safe! First of all print out everything you want to keep, hackers can't get to your paper files!!!!! Next, put electronic data you want to keep in that format on a thumbdrive, or flashdrive as some call the technology. I have a dozen thumbdrives and I also make an index and print it out. You can file your data on various thumbdrives just as you would file the data in file cabinets. Other than that don't keep anything on your computer you care about: photos, letters from important people, family, friends, other associates, music, financial data, i.e, your will of what you want done with your effects, taxes, medical information, insurance, etc., essays, research, whatever, but copy it all to the small not very costly thumbdrives. Don't forget to do that every time you use your comptuer. And don't leave your significant data on your computer! It is too easy to make folders and file stuff in them. Then, usually, you completely forget about them unless you need to hunt for something! But if your computer becomes compromised and you have to erase the hard drive, well.... Good luck!
6
The coverage of this attack, globally, not just in the New York Times, is breathtaking in its kool-aid drunken acquiescence to internet speak corporatism.
Timeline of events:
1) Shadowbrokers steal and release NSA software, the blogo/journosphere is divided on whether or not they are the good guys fighting the evil "Security State".
2) Microsoft moves to patch software, and announces that it is ransom attacking systems still using Windows XP. This is applauded by the geekosphere which hates people who don't get with the program, totally unaware that they are talking about those who bought enterprise software from Microsoft on shoestring budgets -- NHS in Britain, the NPO/NGO humanitarian crowd, etc.
3) The exploit gets used because after all, there's been a very public announcement by Microsoft and the geekosphere that it will gain traction. No one sees that a big software company telling people upgrade or get attacked is also a form of ransomware.
4) The blogo/journosphere launches a blame attack on government spy organizations for having weapons that might be dangerous -- totally neglecting that those organizations are fighting a "cyberwar" against cyber attacks and other things.
Liberal western democracy cannot coexist with an internet that confuses liberty with libertarianism, theft and anti-government vigilantism with whistleblowing, and most of all, cannot coexist with a totally innumerate and usually anti-intellectual press as an information source.
Timeline of events:
1) Shadowbrokers steal and release NSA software, the blogo/journosphere is divided on whether or not they are the good guys fighting the evil "Security State".
2) Microsoft moves to patch software, and announces that it is ransom attacking systems still using Windows XP. This is applauded by the geekosphere which hates people who don't get with the program, totally unaware that they are talking about those who bought enterprise software from Microsoft on shoestring budgets -- NHS in Britain, the NPO/NGO humanitarian crowd, etc.
3) The exploit gets used because after all, there's been a very public announcement by Microsoft and the geekosphere that it will gain traction. No one sees that a big software company telling people upgrade or get attacked is also a form of ransomware.
4) The blogo/journosphere launches a blame attack on government spy organizations for having weapons that might be dangerous -- totally neglecting that those organizations are fighting a "cyberwar" against cyber attacks and other things.
Liberal western democracy cannot coexist with an internet that confuses liberty with libertarianism, theft and anti-government vigilantism with whistleblowing, and most of all, cannot coexist with a totally innumerate and usually anti-intellectual press as an information source.
10
I read lots of problems, but no solutions.
1
Smartest thing I have ever seen on NYT. Higher order intellect in display in your comments. Bravo.
Criminal hacking is attractive because in most cases the perpetrators are outside of Western justice systems and get away with winks & nods from Chinese, Russian, Ukrainian authorities. The only way to deal with this is identification, Interpol and harsh retaliation if the Chinese refuse to extradite.
Could it be Wikileaks trying to change the subject?
3
Like any kind of ransom, if nobody pays ransom sooner or later they'll quit. Of course, that would mean everybody would have to back up their devices and be prepared to do their part in not giving in to cyberterrorists. Wait until they start invading the Cloud.
2
At the risk of sounding too Luddite, is all this instantaneous connectedness necessarily a desirable thing in all circumstances? Was it so terrible to have to look things up, request information, make a phone call, etc.?
I admit to coming of age BC (before computers). If you made a mistake typing something, it was a hassle making a correction. Often, you had to retype the document. On the other hand, if the mechanical keys on your typewriter got stuck because you typed too fast, you could stick your hand in there and unstick the keys. Problem solved. (Does anybody even know what I’m talking about?)
Guys (mostly guys, not sure why) would fix their own cars. Everything was mechanical. You could see and reach and replace parts. Everybody had an Uncle Jim who could nearly always be found lying on a creeper (look that up) under his car in the driveway fixing something. I knew guys that changed their own transmissions.
Didn’t anyone out there take a book from the encyclopedia set and read under the covers at night? You did this to satisfy your curiosity, for personal gain – nobody was trying to sell you anything. You weren’t competing, or networking, or lusting. Not that lusting didn’t exist, but you had to kind of invent it for yourself. Now the work is done for you and mostly in connection with a commodity.
We can’t go back, but is there no way to keep files in-house unless a bona fide request is obtained? Must everything be connected to Big Internet constantly?
I admit to coming of age BC (before computers). If you made a mistake typing something, it was a hassle making a correction. Often, you had to retype the document. On the other hand, if the mechanical keys on your typewriter got stuck because you typed too fast, you could stick your hand in there and unstick the keys. Problem solved. (Does anybody even know what I’m talking about?)
Guys (mostly guys, not sure why) would fix their own cars. Everything was mechanical. You could see and reach and replace parts. Everybody had an Uncle Jim who could nearly always be found lying on a creeper (look that up) under his car in the driveway fixing something. I knew guys that changed their own transmissions.
Didn’t anyone out there take a book from the encyclopedia set and read under the covers at night? You did this to satisfy your curiosity, for personal gain – nobody was trying to sell you anything. You weren’t competing, or networking, or lusting. Not that lusting didn’t exist, but you had to kind of invent it for yourself. Now the work is done for you and mostly in connection with a commodity.
We can’t go back, but is there no way to keep files in-house unless a bona fide request is obtained? Must everything be connected to Big Internet constantly?
Computer hacking should be a Felony Crime with serious jail time find out who in the NSA wrote this malicious code, which President was overseeing the operation, and which of that president's staff was using this NSA Intelligence to target their political opposition, serious crimes all around, and the world will be watching.
3
You have to catch them first, which means cooperation from people like Putin. Good luck with getting Czar Vladimir to be helpful in any way that won't line his personal pockets.
I kind of doubt that if this code came from the NSA it was meant to be used this way, right ? It was stolen software
Stolen back in 2013 by a group known as The Shadow Brokers.
Do I have this right? The NSA found a flaw in the Windows Operating System and make software to exploit that flaw? The cyber attackers then stole it from the NSA?
Wake up NSA! If you find flaws in widely used software, notify the software's owner so they can fix it. That would do a whole lot more for national (and international) security than for the NSA to use the flaw to hack something else!
Wake up NSA! If you find flaws in widely used software, notify the software's owner so they can fix it. That would do a whole lot more for national (and international) security than for the NSA to use the flaw to hack something else!
11
I do believe I've lost all feeling for "data". Perhaps it should be good-riddance. The day data can be used to keep starving kids alive, that will be that day I have any regard for it.
5
Wow! Microsoft's new anti-piracy software licensing scheme is fantastic!
3
In the end, it makes paper files look better and better.
6
The NSA (and the USA) have created this problem by exploring and hiding their "zero day" exploits.
Instead of helping important USA companies like Microsoft, the NSA continues to keep these dangerous tools for themselves.
The USA must decide who the real enemy is. We are looking at the mirror.
Instead of helping important USA companies like Microsoft, the NSA continues to keep these dangerous tools for themselves.
The USA must decide who the real enemy is. We are looking at the mirror.
Everyone with a computer and a online phone connection has been warned of these crimes, for decades now. When immense, multi billion dollar corporations find themselves caught flat footed, unable and ignorant of how to either deal with a hijacking or to prevent one in the first place; it says more about our faulty and unregulated systems-basically the "Wild West" in bits and bytes. And there's not a sheriff to be found or even imagined.
In the first such written account of hacking, Clifford Stoll's "The Cuckoo's Egg" the actual, failed attempts by an East European freelance spy to steal American nuclear weapon's designs,or other weapons system secrets for the Russians was thwarted simply because the spy-primarily a speaker of German. He had no understanding that the laboratories which did such research were "off-line" for security reasons,(American scientists in 1990 were far more willing to take cumbersome efforts to prevent theft or espionage), and the California universities that used similar names and sound alike addresses online confused the European spy.
Since then, the concept of "secure" technology has accelerated straight downward, like a BASE jumper having a nightmare of diving naked.
To be safe: Keep your important, irreplaceable data off line. Eventually these crooks would have to hang up their keyboards and join the legitimate world-just as Bensen/Hedges did after he got out of jail.
In the first such written account of hacking, Clifford Stoll's "The Cuckoo's Egg" the actual, failed attempts by an East European freelance spy to steal American nuclear weapon's designs,or other weapons system secrets for the Russians was thwarted simply because the spy-primarily a speaker of German. He had no understanding that the laboratories which did such research were "off-line" for security reasons,(American scientists in 1990 were far more willing to take cumbersome efforts to prevent theft or espionage), and the California universities that used similar names and sound alike addresses online confused the European spy.
Since then, the concept of "secure" technology has accelerated straight downward, like a BASE jumper having a nightmare of diving naked.
To be safe: Keep your important, irreplaceable data off line. Eventually these crooks would have to hang up their keyboards and join the legitimate world-just as Bensen/Hedges did after he got out of jail.
3
So, "cyber security" is now officially and oxymoron.
6
Hey, NYT, what about the money? Your article mentions nothing about how a victim is supposed to pay the ransom and how perhaps the best way to track down the perpetrators is to pay the ransom and then follow the money. I can't imagine you can collect a billion dollars in the matter of a week or two without going through the international banking system and leaving a trail right to your door. If it's possible, THAT would be an interesting story.
7
Bitcoin is the perpetrators preferred method of ransom being paid. This was from an earlier article I read (but I can't remember if it's the NYT or another news agency).
The ransom is for Bitcoin, which is by design, anonymous.
World War III has already begun.
It's just on an unexpected front...
It's just on an unexpected front...
1
Can you imagine if this kind of a virus allowed access to the stock market, or air traffic control, or University grading systems, or even rocket guiding systems. How about a virus that could shut down and lock all cell phones or cause all of them to dial a number on your contacts list at the same time. Yes, this is what WW3 will look like.
2
If we've reached the point where warfare involves attacking each other's machines instead of attacking each other I suppose it could be called progress.
3
Another question is what these criminals are planning to do with their billion plus ransom.
1
Ask ISIS or the Russians.
1
This is why all my computers at home run on Linux.
Common factor: Microsoft.
Just.Say.No.
Or don't, and get hacked.
Just.Say.No.
Or don't, and get hacked.
The attack appears to be the result of criminal negligence by NSA to safe keep the weapons of mass destruction of global data
Courts need to investigate if the victims are entitled to compensation.
Courts need to investigate if the victims are entitled to compensation.
1
This is why one should always run the latest version of Windows, or Android, or MacOS or whatever, you know...
An interesting tidbit to boot: the ransomware notices were written in, well, perfect Russian, and Ukrainian; German and English notices, however, didn't look like they were written by a native speaker. I mean, they looked exactly like they were written by an East Slavic speaker.
An interesting tidbit to boot: the ransomware notices were written in, well, perfect Russian, and Ukrainian; German and English notices, however, didn't look like they were written by a native speaker. I mean, they looked exactly like they were written by an East Slavic speaker.
7
How difficult would it be just to make it appear so?
1
Well, it would be difficult, but not impossible. But still, I'd be triple-dog-damned if this particular cyberattack didn't originate somewhere in Eastern Europe. I mean, it has "Eastern Europe" written all over it.
By the bye, Ransomware Attack equals "Eastern Europe" in my math book. And if I'm being perfectly honest the equation of Ransomware Attack equals not "Eastern Europe" just simply doesn't "add up".
By the bye, Ransomware Attack equals "Eastern Europe" in my math book. And if I'm being perfectly honest the equation of Ransomware Attack equals not "Eastern Europe" just simply doesn't "add up".
Now we all get to thank Apple for not providing the FBI the keys to the iOS kingdom when they tried to demand it to unlock the San Bernardino domestic terrorist's phones. "Tust us" they say, we will protect the back door!
6
A few things to remember in this digiage
Backup all your (important) data outside the scope of internet. NSA, DIA, Armed Forces all have private networks for decades for the same reasons that's why it took people like Snowden and Manning to copy and pass the information to the press to let us know how effectively our government is keeping the third eye on us.
We took care of Iranian Nuclear threat by controlling their centrifuges and they hacked our RQ 170 and landed it safely in Iran. We routinely disrupt North Korea's missile launches- I am hoping it doesn't fall on our 25,000 or so armed forces in South Korea.
My point is that the hackers are using what we and Israelis invented. If we keep inventing a weapon to damage/control others we are bound to face similar consequences. Surely once an invention is made it cannot be undone.
We are technologically way ahead of anyone else and we keep using our energies to design/develop weapons, I only wish we put our energies towards curing problems/diseases etc and make this world a better and safe place- we constantly make it more dangerous and unsafe as more deadly weapons do not make the world a safer place for humans. Killing humanity doesn't make it safer.
Backup all your (important) data outside the scope of internet. NSA, DIA, Armed Forces all have private networks for decades for the same reasons that's why it took people like Snowden and Manning to copy and pass the information to the press to let us know how effectively our government is keeping the third eye on us.
We took care of Iranian Nuclear threat by controlling their centrifuges and they hacked our RQ 170 and landed it safely in Iran. We routinely disrupt North Korea's missile launches- I am hoping it doesn't fall on our 25,000 or so armed forces in South Korea.
My point is that the hackers are using what we and Israelis invented. If we keep inventing a weapon to damage/control others we are bound to face similar consequences. Surely once an invention is made it cannot be undone.
We are technologically way ahead of anyone else and we keep using our energies to design/develop weapons, I only wish we put our energies towards curing problems/diseases etc and make this world a better and safe place- we constantly make it more dangerous and unsafe as more deadly weapons do not make the world a safer place for humans. Killing humanity doesn't make it safer.
6
In the digital realm, perhaps more than in the physical, most people seem to want a fantasy life. They want lots of happy, carefree things for little or no cost. They want unlimited access, immediate gratification, and do not want to have to work for it, at least in terms of acquiring expertise or putting forward some effort. And they certainly do not want to pay for it.
So go ahead and blame others, including the usual boogeymen: blame the evil giant corporation, Microsoft, for not providing the impossibly perfect operating system that would not only be hack-proof given the cyber tools existing today, but also predict the future (and of course, such a fantasy OS would also require only a tiny slice of memory leaving more space on your device for selfies). And blame the dark forces of government, here the NSA, for developing tools to deal with malevolent players, who seem to actually exist. Blame whoever you want for not providing an idiot-proof world.
So go ahead and blame others, including the usual boogeymen: blame the evil giant corporation, Microsoft, for not providing the impossibly perfect operating system that would not only be hack-proof given the cyber tools existing today, but also predict the future (and of course, such a fantasy OS would also require only a tiny slice of memory leaving more space on your device for selfies). And blame the dark forces of government, here the NSA, for developing tools to deal with malevolent players, who seem to actually exist. Blame whoever you want for not providing an idiot-proof world.
4
Since that harpy Margaret Thatcher, followed by Major, Blair and Cameron, the NHS has been starved of money and resources. Oh, you know the mantra - do more with less, work smarter. Betcha that the NHS couldn't get the staff or money to update their systems. But, if anybody gets the blame for this disaster it will be the powerless people who continue to work in the NHS. However, Mr. Blair will go on making the big bucks for pontificating and doing absolutely nothing useful.
Prevention for this sort of attack is fairly simple:
- Keep your computer's operating system updated!
- Learn to avoid to phishing schemes!
- Backup your data often!
If you are worried about data theft use encryption (wannacrypt doesn't seem to be stealing data).
- Keep your computer's operating system updated!
- Learn to avoid to phishing schemes!
- Backup your data often!
If you are worried about data theft use encryption (wannacrypt doesn't seem to be stealing data).
2
There are good suggestions on this forum, but if you want to just keep using your computer without worrying about losing your data, TimeMachine is a simple way to keep a copy of everything on your macOS computer on an external hard drive! Check it out at https://en.wikipedia.org/wiki/Time_Machine_(macOS) Not for WIndows though. Window users might check out the Genie Timeline technology.
1
can't disagree... but who knows when the perps stole the malware? it could have been 18 months ago, or more.
Why can't they aim those cyber attacks at Silicon Valley? They seem to know about that stuff there.
Once again, I think that bug-eyed guy on Mr. Robot and Christian Slater should be able to crush this cyber thing.
I'm "scrambling" to discover reason, democracy, justice and sanity right now, thus I just don't have time.
Once again, I think that bug-eyed guy on Mr. Robot and Christian Slater should be able to crush this cyber thing.
I'm "scrambling" to discover reason, democracy, justice and sanity right now, thus I just don't have time.
2
A US Government Agency manufactures, let’s call it, an ‘Ebola- like virus’. The virus is stolen and is running wild around the world, putting millions of lives at risk. Now let’s blame the victims for not having the right vaccine to deal with this.
But please don’t blame the people who manufactured this (the NSA).
But please don’t blame the people who manufactured this (the NSA).
I am wondering if the Russians are behind this one as well.
They launched cyberattacks against Ucranian electric power plants, train stations , government computers , just before they attacked the US Democratic Party in order to switch the results of American elections as we all well know .
Now these widespread cyberattacks are confirming that our lives are in danger wherever we are and something behind our wildest nightmare might happen .
We need more investigations and planning to avoid future disasters.
They launched cyberattacks against Ucranian electric power plants, train stations , government computers , just before they attacked the US Democratic Party in order to switch the results of American elections as we all well know .
Now these widespread cyberattacks are confirming that our lives are in danger wherever we are and something behind our wildest nightmare might happen .
We need more investigations and planning to avoid future disasters.
Hmmm, interesting. So a CIA developed hacking technique designed to exploit a poorly designed OS (Windows) was stolen and used for profit. Is Microsoft or the CIA liable? An open system like GNU/Unix might be better.
Some people say the NSA shouldn’t be in the ransom business. But everyone accepts that the CIA raises money in the illicit drug trade. Agencies need a pool of dark money for funding the sorts of projects that must remain below the public radar. As the public has become less trustworthy, this means an ever larger portion of the agencies’ activities must self funded. So the NSA is merely being prudent.
Hmmm. All of this came out during the Obama Regime with their perverse will to control everything and now you can’t control anything.
Hmmm. All of this came out during the Obama Regime with their perverse will to control everything and now you can’t control anything.
1
Why can't they just restore their computers from their backups?
Is there no way to freeze trump via Cyber Hacking? Or a code that's like a "kill switch" to halt the spread of trump malware, which seems to have taken over his brain and garbled his thinking and acting?
4
I would say a hungry earwig dropped in the ear would do the trick, but obviously Trump's already experienced an earwig attack, or more.
@Hey Joe:
The earwig may starve to death.
The earwig may starve to death.
1
Hillary's emails on he private server were safer than those on the government's. Maybe we should leave that issue alone now.
5
Yeah sure. That is why some were found on a sex perverts laptop.
true point - but there were there because of the stupidity of the sender, Hillary's aide. Anyone who has access to anyone's emails, whether private, public, whatever server, can send them to anyone, to to be fair, the fault isn't with the private server here, but the bad judgment of the aide. Right?
The NSA agenda should be to defend American computing infrastructure not to spy and manipulate countries around the world.
These things will repeat until there is strict oversight by Congress and public organizations over rogue organizations like NSA and CIA.
Also who knows what other powerful technology NSA has? What if hackers get hold of more advanced & devastating NSA technologies? Anarchy!
NSA and CIA etc should be controlled strictly.
These things will repeat until there is strict oversight by Congress and public organizations over rogue organizations like NSA and CIA.
Also who knows what other powerful technology NSA has? What if hackers get hold of more advanced & devastating NSA technologies? Anarchy!
NSA and CIA etc should be controlled strictly.
How, specifically, has this "Attack" physically harmed any humans?
How. specifically, has this "Attack" financially harmed any individual person?
How. specifically, has this "Attack" financially harmed any individual person?
Actual harm and potential harm are potentially the same when it comes to endangering life.
I'm gonna guess you wouldn't want to be in the middle of a life-saving medical procedure when the systems go dark. And you'd probably experience just a bit of doubt that something like this could occur during a future procedure.
You might even be upset if someone figures out a way to remove all financial assets from your accounts.
Think about that a little bit. If you had read the entire article, you'd see hospitals were affected.
As Trump might tweet, "Not Funny. Sad."
I'm gonna guess you wouldn't want to be in the middle of a life-saving medical procedure when the systems go dark. And you'd probably experience just a bit of doubt that something like this could occur during a future procedure.
You might even be upset if someone figures out a way to remove all financial assets from your accounts.
Think about that a little bit. If you had read the entire article, you'd see hospitals were affected.
As Trump might tweet, "Not Funny. Sad."
WikiLeaks must bear some responsibility for this since they released the malware so any hacker can access and profit from.
1
“'We are not able to tell you who is behind that attack,' Amber Rudd, Britain’s home secretary, told the BBC on Saturday," says the person in charge of the apparatus that has made Britain among the world's most surveilled, anti-privacy states.
2
Murky and imprecise. But if NSA tools are being remade and exploited, the NSA shoould be key to defence. When NSA cyberweapons develop, they need more than a kill switch. They need an antidote, something to pump into internet pipes that disables them. Certainly after a security breach like last fall's the NSA should have scrambled to find how they could be misused and prepare for it.
Step back, and the bigger problem is timing. The US administration is chaotic and dysfunctonal. A chain aof command is only as strong as its weakest link, and the executive is more important than any other link. Military, intelligence, and computer professionals can be very capable, but without a functional executive they lack direction, and become reactive, not proactive.
The dysfunction at the top of our government doesn't mean the international domain will give us a time-out to get our act together. They're goint to prod and poke and find vulnerablity. We're in a dangerous time.
Step back, and the bigger problem is timing. The US administration is chaotic and dysfunctonal. A chain aof command is only as strong as its weakest link, and the executive is more important than any other link. Military, intelligence, and computer professionals can be very capable, but without a functional executive they lack direction, and become reactive, not proactive.
The dysfunction at the top of our government doesn't mean the international domain will give us a time-out to get our act together. They're goint to prod and poke and find vulnerablity. We're in a dangerous time.
1
I do not understand I heard about ransom ware 3 years ago when my friend who is an administrator had his school hit with ransom ware but because he backed everything up on a separate DETACHED device every night he just cleared his operating system and reloaded from the storage device. After he talked to me i did the same thing with my real estate business. I also added a program last year called “Malware Bytes” which scans for malware/ransom ware and stops it before it becomes a problem. What i do not understand is ransom ware has been a problem for a while and there are security programs available to prevent this. There is more going on here than we are being told.
2
The article does not insist on the responsibility of the U.S. First, it was the Stuxnet virus and now this. This is the second time that viruses created by the U.S have infected computers and cause chaos worldwide.
If the NSA can't protect the highly dangerous cyber weapons it creates, maybe it should consider not creating them at all.
If the NSA can't protect the highly dangerous cyber weapons it creates, maybe it should consider not creating them at all.
3
Pretty good point. Imagine if the nuclear football and launch codes could be compromised so easily. Well, they're in the hands of Trump anyway, so this is probably already a clear and present danger.
"How Google Took Over the Classroom"
By NATASHA SINGER
Technological "visionaries" have no loyalty to anyone except their bank accounts. People criticize Donald Trump's lack of loyalty to anyone except himself. Why are the people who run Apple, Google, Microsoft, Amazon, etc. singled out? In spite of the superficial differences, these people are cut from exactly the same mold as Trump.
By NATASHA SINGER
Technological "visionaries" have no loyalty to anyone except their bank accounts. People criticize Donald Trump's lack of loyalty to anyone except himself. Why are the people who run Apple, Google, Microsoft, Amazon, etc. singled out? In spite of the superficial differences, these people are cut from exactly the same mold as Trump.
1
My cousin works at a small law firm in upstate New York that was hit by ransomware a couple years ago. They had to cough up thousands of dollars to unlock their computers.
This is blowback - NSA technology unleashed on the world.
This is blowback - NSA technology unleashed on the world.
2
So what happens in a few years when the majority of vehicles on the road are computerized? We may welcome the luxury of autonomous (self-driving) cars, but if/when a computer virus hits hundreds of thousands of these vehicles while they're barreling down the highway, things are gonna get messy fast.
8
As much as we may dislike government spying, it is necessary.
The New York times's Tom Friedman has repeatedly discussed the increasing "power of one", the increasing power of one or very few people to cause greater and greater harm to others. This cyber attack itself is an example of the increasing power of one. The damage done on 9/11 was another. With nuclear proliferation, DYI hacker groups designing new potentially deadly microbial life forms, a North Korea funding cyberwarefare to rob banks around the word, and the relative ease with which dirty bombs can be made, it is essential that the NSA and FBI have and use effective spying tools.
Unfortunately the creation and use of such tools decrease the safety of the internet and the computer controlled infrastructure which depends upon it, infrastructure upon which not only our economy, but also our lives depend. It also threatens our privacy. How to best balance these conflicting goals is one of the major challenges facing current democratic societies.
The New York times's Tom Friedman has repeatedly discussed the increasing "power of one", the increasing power of one or very few people to cause greater and greater harm to others. This cyber attack itself is an example of the increasing power of one. The damage done on 9/11 was another. With nuclear proliferation, DYI hacker groups designing new potentially deadly microbial life forms, a North Korea funding cyberwarefare to rob banks around the word, and the relative ease with which dirty bombs can be made, it is essential that the NSA and FBI have and use effective spying tools.
Unfortunately the creation and use of such tools decrease the safety of the internet and the computer controlled infrastructure which depends upon it, infrastructure upon which not only our economy, but also our lives depend. It also threatens our privacy. How to best balance these conflicting goals is one of the major challenges facing current democratic societies.
1
The article says "experts said the attackers might pocket more than $1 BILLION worldwide..." The article also says the hackers demanded payment of "$300 or more." 3.3 MILLION institutions would have to pay the $300 ransom in order for the attacker to "pocket more than $1 billion." How many institutions were attacked? I don' see anywhere in the article that says millions of institutions were attacked. And the animated map says "how TENS OF THOUSANDS of computers were infected." So can someone please explain where the fantastical sounding "$1 billion" number came from. As an aside, $300 is a pittance of a ransom to ask for. The numbers in this story do NOT add up and lead to more questions.
1
I believe that competent cybersecurity practice is to maintain digital and analogue backups of enterprise systems such as EMR vendors Epic, Cerner, and Meditech. These backups should be kept digitally isolated from the active system so that in a ransomware scenario, machines can be wiped, cleaned, and updated. The backup can then be re-installed and business resumed. I have not read anywhere about how many infected systems followed these practices. Is anyone aware?
1
Where does the $1 billion estimate come from? That would require over 3 million people to pay $300 each, with something like 100k computers affected so far. (side note—bitcoin market cap is only around 28b)
1
I often wonder whether the constant updates are for the benefit of the consumer or for those who really run the world. We occasionally hear that Windows, Adobe,and other updates are used to allow Microsoft and others to spy and harvest data they can then sell to marketeers. This makes consumers reluctant to blindly accept the “update now” messages as we are having to decide who do we want spying on us, Governments or giant Corporations.
The fact that pirates are using software to blackmail us is made worse when we learn that the software is actually developed by our own government before minor modifications can be used by criminals. Thanks a lot NSA< FBI for being so helpful to criminal hackers with the "security" you provide for the nation with tens of billions of dollars that are tools to steal by for their criminal co conspirators.
The fact that pirates are using software to blackmail us is made worse when we learn that the software is actually developed by our own government before minor modifications can be used by criminals. Thanks a lot NSA< FBI for being so helpful to criminal hackers with the "security" you provide for the nation with tens of billions of dollars that are tools to steal by for their criminal co conspirators.
2
There really is no security or privacy on the internet. It is as simple as that. There is no "alternative fact." Any technology developed always has been and always will be used for both good and bad purposes, whether for war, blackmail, or other.
To prevent effects even more catastrophic than the current, life-threatening ransomware attacks, it is necessary to disconnect infrastructure and security functions from the internet. One does not even have to imagine an attack on our air control network, our electric grid, or military communications. Just imagine attacks at the consumer level: self-driving cars become common and are suddenly disabled; drones are hacked to crash into targets; you can't access any of your "money" that is not physical.
Attacks can only succeed to the extent there are available targets for that particular technology. As became clear from guerrilla wars, bombing will not subdue a dispersed enemy: good strategy "defeats" technology. The technology hyped by corporations is, as with banks, weapons makers, and all other big outfits, merely an effort to make greater profit. Security on the internet has no more reality than the tooth fairy. As with Trump, lying is merely a part of doing business.
There is no free lunch. Whether you want to resist being hacked and sold by the Soothsayers of Silicon Valley and others or want to resist America being destroyed from the top down, you will have to give up something, make sacrifices, do more than complain online.
To prevent effects even more catastrophic than the current, life-threatening ransomware attacks, it is necessary to disconnect infrastructure and security functions from the internet. One does not even have to imagine an attack on our air control network, our electric grid, or military communications. Just imagine attacks at the consumer level: self-driving cars become common and are suddenly disabled; drones are hacked to crash into targets; you can't access any of your "money" that is not physical.
Attacks can only succeed to the extent there are available targets for that particular technology. As became clear from guerrilla wars, bombing will not subdue a dispersed enemy: good strategy "defeats" technology. The technology hyped by corporations is, as with banks, weapons makers, and all other big outfits, merely an effort to make greater profit. Security on the internet has no more reality than the tooth fairy. As with Trump, lying is merely a part of doing business.
There is no free lunch. Whether you want to resist being hacked and sold by the Soothsayers of Silicon Valley and others or want to resist America being destroyed from the top down, you will have to give up something, make sacrifices, do more than complain online.
8
"There really is no security or privacy on the internet. "
What an ignorant statement. You can have as much of each as you're willing to put out the effort and money for.
What an ignorant statement. You can have as much of each as you're willing to put out the effort and money for.
I'd really like to see a news story about why these institutions:
a) Didn't apply security updates, and
b) Didn't have backup/replication in place.
If banks were robbed because they left their doors and vaults open, wouldn't that be a story?
I don't say this to be mean. There are systemic issues here that need to be discussed so they're addressed.
a) Didn't apply security updates, and
b) Didn't have backup/replication in place.
If banks were robbed because they left their doors and vaults open, wouldn't that be a story?
I don't say this to be mean. There are systemic issues here that need to be discussed so they're addressed.
7
You are 100% correct.
Cost.
Its all about money, doing things on the cheap to meet a budget / lower the price vs competitors / lower taxes to win elections. Leaders plead ignorance or ignore the risk, and reap the short term profits.
Require bonds or insurance to cover data loss or privacy breaches for ALL businesses, and let the insurance companies take care of things.
IT is like nothing else, refresh and updates (read $) are required for stability, security or otherwise. Cut budgets? Risk increases, and here we are.
Still running Windows XP? You get what you deserve.
Unfortunately, it almost takes a truly mayor impact before the short term financials take a back seat. Meanwhile, Race to the bottom.
Require bonds or insurance to cover data loss or privacy breaches for ALL businesses, and let the insurance companies take care of things.
IT is like nothing else, refresh and updates (read $) are required for stability, security or otherwise. Cut budgets? Risk increases, and here we are.
Still running Windows XP? You get what you deserve.
Unfortunately, it almost takes a truly mayor impact before the short term financials take a back seat. Meanwhile, Race to the bottom.
1
Whenever something like this happens, there is a string of comments from computer nerds blaming the victim, saying one of Microsofts updates, patches, service packs, etc would have solved the problem. It seems Windows is like an old British sports car--great, if you don't mind constant tinkering. There has to be something safer, better and above all, less complex.
1
Sorry, but there is no way to make consumer products idiot-proof, as much as manufactures may try.
As for your analogy, Windows is actually more like a mass-market car sold in the past decade, to a buyer who "just puts gas in it and goes", but ignores the maintenance schedule and even the warning lights.
As for your analogy, Windows is actually more like a mass-market car sold in the past decade, to a buyer who "just puts gas in it and goes", but ignores the maintenance schedule and even the warning lights.
The only entity with the size and technology for this attack is China. Their motive?
China tries to dominate the world markets. (Westerners who believe we operate in a free market, or that the free market system won the Cold War, are delusional.)
China probably wanted to show that other areas of the world are unstable. By comparison, commerce with China may then seem like a more stable activity.
China invests heavily in and for its corporations and in the infrastructure and technology they use. China massively steals proprietary technology from industry in the other developed nations, especially the U.S. China massively contributed to the buildup of its industry and its transportation and shipping facilities, so as to displace production from around the world. China has majority ownership in many of its businesses. It has partial ownership in many. China’s industrial policy is one of deep partnership between government and industry. That deep commitment to 1, Partnership, and 2, Investment, is eating the lunch of the nations whose delusional leaders believe that laissez-faire is the dominant system.
I’m not advocating a policy position. I’m only looking at the facts. Your lunch is being eaten. The 2014 Nobel Prize in economics went to the study of “deaths of despair” in a vast segment of our population that sees lost opportunity.
The cost of the cyber attack is someone eating your lunch. If I’m wrong about the source this time, the rest of the story about China is true.
China tries to dominate the world markets. (Westerners who believe we operate in a free market, or that the free market system won the Cold War, are delusional.)
China probably wanted to show that other areas of the world are unstable. By comparison, commerce with China may then seem like a more stable activity.
China invests heavily in and for its corporations and in the infrastructure and technology they use. China massively steals proprietary technology from industry in the other developed nations, especially the U.S. China massively contributed to the buildup of its industry and its transportation and shipping facilities, so as to displace production from around the world. China has majority ownership in many of its businesses. It has partial ownership in many. China’s industrial policy is one of deep partnership between government and industry. That deep commitment to 1, Partnership, and 2, Investment, is eating the lunch of the nations whose delusional leaders believe that laissez-faire is the dominant system.
I’m not advocating a policy position. I’m only looking at the facts. Your lunch is being eaten. The 2014 Nobel Prize in economics went to the study of “deaths of despair” in a vast segment of our population that sees lost opportunity.
The cost of the cyber attack is someone eating your lunch. If I’m wrong about the source this time, the rest of the story about China is true.
2
You do know that Microsoft actually released the security update which addresses these vulnerabilities in March/2017? It says so right in the page which you linked to on microsoft's site.
10
I must confess that I enjoy that Russian has been particularly hard hit by this. I enjoy the irony of the hackers being the hacked.
10
It's NSA (good ole USofA) hacking code that was stolen and employed in the attack. But you're right, it's the hackers that are being hacked.
Don't forget those laughing Chinese generals.
The finger can be pointed directly at Mr. Gates. He is the conceptual architect of the Windows OS, and it has been flawed since the beginning. He is to be applauded for funding the battle to eradicate disease and viruses worldwide. But he should spend some of his billions on fixing the problem that he is singularly responsible for.
Mr. Gates: How about giving every hospital in the world free computers and a non-ransomware operating system? For you, this is pocket change.
If I were you, I would have already done it.
Mr. Gates: How about giving every hospital in the world free computers and a non-ransomware operating system? For you, this is pocket change.
If I were you, I would have already done it.
12
As much as I hate Windows, this is baloney. Windows has become so complex, not even Microsoft understands it anymore. There are always holes, no way to predict them, unless you use a quantum computer to scan the code. None exists as of yet, though.
And the more complex the system becomes, the more holes will open.
Laws of complexity.
And the more complex the system becomes, the more holes will open.
Laws of complexity.
Time to hire back the clerical staff and buy lots of file cabinets.
24
This is the perfect and ,(no pun intended), iron clad solution. No padlock or steel cabinet can be opened and rifled by any computer yet built. This would not only return us to a human based data economy but it would give work back to old fashioned 007 type spies, with little or no computer sills.
1
So the ransomware software used in the hacking is a derivative of a stolen NSA cyber weapon design by the Federal Government to "protect" the United States from foreign adversaries.
There's a phrase that comes to mind. "Unintended Consequences"
There's a phrase that comes to mind. "Unintended Consequences"
9
I have no personal experience with ransomware. Let me know if messages from these attacks are shown in English+local languages? In the article, it is mentioned that some Taiwanese spotted more fluent use of Chinese than English in attackers' messages. Is this significant? In Russia, how good the attackers' use of Russian? In Japan? In Arabic speaking countries?
2
In addition to patching, Is no one backing up their data? Back it up to a cloud service like OneDrive and if you get hacked, there is no consequence beyond the time to reinstall Windows.
If a company or hospital is still running Windows XP, which Microsoft announced in 2014 will no longer be getting security updates, you are just asking for big problems. It's being reported in Britain the vast majority of computers in the NHS were using Windows XP.
14
Hospitals are traditionally behind the curve on this kind of technology--they simply do not have the resources, i.e., money, to keep up with the pace of computer innovation. Unlike a private citizen, a hospital cannot simply change the OS on their computer and continue typing.
2
Auntie, but we praise the British health care system for spending less than the US.
Re: the working of the kill-switch which shut the software if "an online request to a website created by the attackers", the malware actually attempts a connect to a known non-website and shuts if it connects, assuming correctly, that it's being observed. And it must be said that the shutting of malware is not the same as stopping its spread, but rather suspending its execution on already-infected computers. This shutting happens prior to damaging files.
Kudos to Mr. Scott for the excellent reporting minus high-pitched scare-mongering. It is appreciated.
Kudos to Mr. Scott for the excellent reporting minus high-pitched scare-mongering. It is appreciated.
8
It doesn't seem to me, there are any "Cyber Security Experts" in America. They leave here, attack us , we scramble, they live on, to fight another day for someone else! Have we lost all of our covert killers? If so, Northern Canada is looking better, but colder, every minute. If we cannot control our War Machines, why spend money on upgrades?
1
FIrst, it shows that NSA spyware can be turned against all of us, including sacrosanct Corporate America. All it takes is one mole. These people need to be leashed.
Second, have the victims heard of backing up files? In hard drives sitting on shelves, unpowered? I clone my drives regularly.
The bad thing is not the bad guys encrypting our files, it's the fact they gotaccess to them in the first place.
Have we really dumbed-down to this extent?
Second, have the victims heard of backing up files? In hard drives sitting on shelves, unpowered? I clone my drives regularly.
The bad thing is not the bad guys encrypting our files, it's the fact they gotaccess to them in the first place.
Have we really dumbed-down to this extent?
3
My thoughts exactly!
Not only that, but didn't this attack use email attachments to propagate? I don't open any attachment or link, even from those I know, without sending them an email asking if they sent it! I've been like that for a couple of years now. It's a PITA, but worth the extra time!
Not only that, but didn't this attack use email attachments to propagate? I don't open any attachment or link, even from those I know, without sending them an email asking if they sent it! I've been like that for a couple of years now. It's a PITA, but worth the extra time!
The two most common ways to have critical information held for ransom by someone in a far-off land:
1) Open an attachment in an unexpected email, or
2) Use an easily-guessable password (hard: 7$hLx@brYn, easy: ju$tin144)
Never do either, and the chance you will have problems is exceedingly small.
1) Open an attachment in an unexpected email, or
2) Use an easily-guessable password (hard: 7$hLx@brYn, easy: ju$tin144)
Never do either, and the chance you will have problems is exceedingly small.
Storing all important info in Dropbox will automatically protect you. If your files are encrypted by ransomware, you can just revert to the previous version.
Second, use Linux instead of Microsoft Windows.
Second, use Linux instead of Microsoft Windows.
7
If the stories regarding collusion between Trump and the Russians are true, it would no doubt be in their mutual interest to remove those stories from the front pages of the New York Times and the Washington Post. These latest world-wide cyber attacks appear to have done exactly that. Is the timing coincidental? When you consider that the Russians are accused of aiding Trump by computer hacking, could it not be that these current attacks are their latest attempt to extend that aid?
2
Not that I condone this kind of activity, but did they happen to grab a certain someone's tax returns?
35
There are no honest and patriotic hackers left. If there were, they would long ago have delivered that deviant's tax returns.
Some people are proud to live in neighborhoods where "nobody has to lock their doors" and then get outraged when a burglar walks through an open door. I don't want to do a blame the victim game because the criminals are still the ones who are guilty of this, but the idea that you can't implement a simple patch on a computer when you know that you are operating Microsoft's operating system that is known to have vulnerabilities is like leaving your front door open in a bad neighborhood in Detroit with a visible basket of cash in the doorway. There are alternatives. If you have to live in that neighborhood, have secure doors and update your locks if they are pickable. If you don't have to live in the neighborhood live somewhere else. Here, if you don't HAVE to use Microsoft, use a variant of Linux or BSD - I'm not a fan of their products for other reasons - Apple.
But if you're using unpatched Windows 7 - or unsupported XP - the result is predictable.
But if you're using unpatched Windows 7 - or unsupported XP - the result is predictable.
12
The sole reason this those who were attacked were vulnerable is they did not have supported or patched systems. The operating system itself is irrelevant, except that Microsoft systems account for something north of 80% on desktop, and every criminal (and the NSA) follows the Willie Sutton rule. Why would they write malware for 5 computers running Linux when they could write for Windows and target 80?
But in computer networks popularity and value are highly correlated. There are many million Apps doing extremely useful things at UK hospitals, or FedEx warehouses running Windows that other systems simply can't do, because, again, the people who write Apps do it for a living, and they also follow Willie Sutton.
The straightforward and obvious solution is for users to keep their computers updated. Windows XP which was attacked is 15 years old, is out of support and the versions attacked were further, unpatched.
But in computer networks popularity and value are highly correlated. There are many million Apps doing extremely useful things at UK hospitals, or FedEx warehouses running Windows that other systems simply can't do, because, again, the people who write Apps do it for a living, and they also follow Willie Sutton.
The straightforward and obvious solution is for users to keep their computers updated. Windows XP which was attacked is 15 years old, is out of support and the versions attacked were further, unpatched.
Luddites of the word, unite! Get important societal functions, like the power grid, OFF the internet, before a catastrophe occurs. No downside, in fact, a net upside--more people will need to be hired and trained, creating more jobs. Maybe power will cost several percent more as a result.
When's the last time anyone heard of a hacker being prosecuted and sent to prison?
When's the last time anyone heard of a hacker being prosecuted and sent to prison?
9
They put them next to the guys from Goldman Sachs.
2
Except...be willing to pay more for inefficiencies of human-operated systems, along with more errors, including catastrophic ones. And even then, don't expect any great change in security, since people are the most common weak point in any system, including digital systems.
If you leave your keys in the car, expect your car will be stolen.
How can people, let alone corporations and institutions, not have full offline backups?
You may as well put a sign on your back that says 'Kick Me'.
How can people, let alone corporations and institutions, not have full offline backups?
You may as well put a sign on your back that says 'Kick Me'.
3
Given the amount of carelessness and corner cutting we are lucky these things don't happen more often.
3
Make Bitcoin non-negotiable and these attacks will diminish.
2
Thank you @MalwareTechBlog. Well done.
Ransomware is a particularly nasty bit of code and a headache to anyone who encounters it. Any organized operation should have their critical updates handled though. If not, you should have your backups up to date. Realistically, you should have both. All the same, the breadth and scale of this attack is stunning.
On the one hand, there's a certain logic. Hit as many vulnerable systems as you can because the vulnerability is most effective the first time it's used. The United States was spared the full force of the attack but you can imagine every information security officer is on the phone with the NSA figuring out how to appropriately patch their system.
On the other hand, I still don't buy that the attack had a singular financial motivation. The perpetrators may be a rouge operation but money sounds more like an alibi than a motive. The global scale as well. By targeting every country, you establish plausible deniability for any major state agency. There's also the possibility that some targets were collateral too.
In any event, the modern world still hasn't come to terms with the illusion of digital security. The internet of things is a hilarious example. Smart TVs and smart thermostats for instance. How often does the manufacturer update the software? A hacker with a smart phone and a disposable sim card can crack your network with relative ease.
You can only hope that you're secure enough not to be worth the effort.
Ransomware is a particularly nasty bit of code and a headache to anyone who encounters it. Any organized operation should have their critical updates handled though. If not, you should have your backups up to date. Realistically, you should have both. All the same, the breadth and scale of this attack is stunning.
On the one hand, there's a certain logic. Hit as many vulnerable systems as you can because the vulnerability is most effective the first time it's used. The United States was spared the full force of the attack but you can imagine every information security officer is on the phone with the NSA figuring out how to appropriately patch their system.
On the other hand, I still don't buy that the attack had a singular financial motivation. The perpetrators may be a rouge operation but money sounds more like an alibi than a motive. The global scale as well. By targeting every country, you establish plausible deniability for any major state agency. There's also the possibility that some targets were collateral too.
In any event, the modern world still hasn't come to terms with the illusion of digital security. The internet of things is a hilarious example. Smart TVs and smart thermostats for instance. How often does the manufacturer update the software? A hacker with a smart phone and a disposable sim card can crack your network with relative ease.
You can only hope that you're secure enough not to be worth the effort.
1
For those of us who got snagged. Just think of it as an accident with a $600. deductible.
Pay the ransom and move on.
Pay the ransom and move on.
1
And just don't feed your kids that month? Not everyone can afford to fork over $600 and just move on. Maybe this is chump change for programmers with 100k salaries. But for many people this means not making their rent.
I read a report shortly after the first WikiDump that Putin was ordering electric typewriters from Germany for the Kremlin and all cellphones and other devices have been banned from the premises.
I have been in a Network Engineer in the IT industry for more than 20 years.
If all organizations - enterprise level, multi national firms, as well as small (less than 50 employees) - paid attention to the security of their network(s) the hackers would starve.
Frankly it has been my experience that little or zero attention has been paid to training employees on how to deal with these attacks. Makes no difference. If you are the guy on the loading dock, the receptionist, or the CEO, most people look at this as somebody else's problem. With out management buy in to PREPARE for a cyber-attack, the hacker will succeed.
Lastly. Most organizations are focused solely on profit. Or business practices that will increase profit. This attitude is a hold over from the 1950's. Without a sound plan and management support the protection of valuable hard-won data, proprietary business information, and financial information, a company, university, or any other organization will not survive an attack.
If you work as an employee, you need to speak up. Do you know how to recognize an attack? Do you know how to report an issue? Have you spoken to someone (Manager, IT Department, HR) about this issue?
If not, why not? It is YOUR job at stake.
If all organizations - enterprise level, multi national firms, as well as small (less than 50 employees) - paid attention to the security of their network(s) the hackers would starve.
Frankly it has been my experience that little or zero attention has been paid to training employees on how to deal with these attacks. Makes no difference. If you are the guy on the loading dock, the receptionist, or the CEO, most people look at this as somebody else's problem. With out management buy in to PREPARE for a cyber-attack, the hacker will succeed.
Lastly. Most organizations are focused solely on profit. Or business practices that will increase profit. This attitude is a hold over from the 1950's. Without a sound plan and management support the protection of valuable hard-won data, proprietary business information, and financial information, a company, university, or any other organization will not survive an attack.
If you work as an employee, you need to speak up. Do you know how to recognize an attack? Do you know how to report an issue? Have you spoken to someone (Manager, IT Department, HR) about this issue?
If not, why not? It is YOUR job at stake.
like anything else, most big organizations have parallel cadres of people: those who know what they're doing and those authorized to spend money. rarely is there an overlap. hilarity ensues.
1
The inventors of Bitcoin trumpeted that it would change the world. They were right. Now it's the favored currency of criminals.
1
If these hackers had no secure way of getting their money this would end.
Why can't the government get control of Bitcoin? It can if it wants to.
Why can't the government get control of Bitcoin? It can if it wants to.
Cutting the budget for science and for research and development by the current administration does not help cyber security issues. Quantum physics may seem like an obscure topic to the general public but it is one route to innovative computing. It also offers new ways to secure data.
26
I second, third, fourth and fifth that emotion. The GOO is driving this country over many cliffs at once in their quest to give the rich a bit more cash to spend on luxury.
Or to compromise it.
Here is Microsoft sitting on $billions in cash (as well as Apple) and they release software to the world that has these gaps. Even worse are the mom and pop outfits that are still using old versions of Microsoft systems that can't even get updates anymore.
How come Microsoft is not liable for damage? What next?
How come Microsoft is not liable for damage? What next?
Microsoft cannot be held liable when people insist on using old computers running unsupported operating systems.
1
The patch for these vulnerabilities was issued months ago for supported versions of Windows (7, 8.1, and 10).
If you are still running XP, Vista, or the original Windows 8, the what do you expect? XP is 15 year old technology. Vista and Windows 8 had almost no market share. Can you name a company that still supports 15 year old software? Yet patches for all of the affected versions of windows, though unsupported, are available now.
If you do not change the oil in your car, is it the manufacturer's problem when your engine seizes up?
Use common sense, and maintain your system and this does not happen.
What is truly appalling is the businesses and government agencies running these unsupported systems.
If you are still running XP, Vista, or the original Windows 8, the what do you expect? XP is 15 year old technology. Vista and Windows 8 had almost no market share. Can you name a company that still supports 15 year old software? Yet patches for all of the affected versions of windows, though unsupported, are available now.
If you do not change the oil in your car, is it the manufacturer's problem when your engine seizes up?
Use common sense, and maintain your system and this does not happen.
What is truly appalling is the businesses and government agencies running these unsupported systems.
1
This to me sounds like blaming the contractor if your house gets robbed because he put windows and doors in your house.
As someone who had almost their entire bank account cleaned out, (stolen) by cyber theft, I tell everyone-
If it hasn't already happened to you, worry, because it will.
The worst part is that you can't report this theft to the police, even though you've been blindly robbed. And nobody seems to care. Takes a lot of time energy to sort it all out with the bank. It's also very psychologically distressing.
If it hasn't already happened to you, worry, because it will.
The worst part is that you can't report this theft to the police, even though you've been blindly robbed. And nobody seems to care. Takes a lot of time energy to sort it all out with the bank. It's also very psychologically distressing.
2
Perhaps President Trump, whose primary responsibility is American security, would focus his energy on protecting our people from cyber threats, building a gated cyber wall to filter out genuine attacks instead of on building a physical wall to filter out imagined attacks.
Of course, I do recognize that tweetering away most of the day attacking Rosie O'Donnell and reassuring himself that he won the election does take precedence as ways to serve American interests and protect us.
Of course, I do recognize that tweetering away most of the day attacking Rosie O'Donnell and reassuring himself that he won the election does take precedence as ways to serve American interests and protect us.
12
The internet should be a regulated utility with strict protocols concerning, privacy, virus protection, data harvesting, pricing, anti-trust, data ownership, opt in rather than opt out, real choice if you do not agree to the terms of use. We have consented to vast new world of intrusion without insisting on any safeguards to our liberty. Each year we become more dependent upon the "technology god" by using more and applications in all aspects of life. Algorithms already are deciding life changing events such as college admissions, employment, credit, incarceration and a vast array of decisions undisclosed to the public. Now we faced with the natural consequence of our internet dependency. As in nature, viruses can be a response to an imbalance in and eco-system. Here, with human help, a virus has been created where we have no immunity and are naked due to our single minded internet dependency. Happy downloading!
3
You know, I've been thinking lately, the pre-web world wasn't so bad. Maybe we need to rethink this whole thing in a big way. The internet is here to stay, but we can change how and why we use it.
22
Been slowly removing myself from it with such nice results. It has its time and place but unplugging and digital detoxing (quit Facebook and I put my phone away for hours and hours every day now untouched) has brought a sense of peace and order to my head. I also have finished reading several books a week now with all the new time I have.
1
Have none of these organizations learned about secure offline backups? If your information is backed up daily to a server that then remains off line until the next incremental backup, you should never be more than 24 hours away from having all of your information safe from hackers.
Cyber Security may be the single most pressing problem facing countries and their citizens today. The many wonderful things made possible by a connected world can easily be turned dark and dangerous by individuals with the skill and evil intent to do harm for personal gain and simply disruption of ordinary people. A collective effort on the part of the world's governments (excluding Russia) is needed to identify, prevent and eliminate these threats. A good first step would be to vigorously prosecute the known organizations who trade in cyber crime. Wikileaks and Edward Snowden would be good targets to begin the clean-up. It is a bit ironic that Julian Assange is hiding in plain sight within the U.K. who has had it's NHS violated.
6
We need a law. The *main* reason computer software needed updated was hardware was following moore's law and doubling in speed every year. No longer the case. The OS is not a magnitude larger than the year before. Companies need to continue to provide patches to all OSes going back years as long as they can run efficiently. Would happen if it were Linux. Similarly, no reason for Apple not to give OS upgrades to 2008 iMacs(like this one I am typing on). Instead of sitting on a mountain of cash and returning it just to shareholders, mountain view could return it via software upgrades to its customers/real stakeholders.
Telecoms should have a active list of sites, monitor it, block king.com etc who are out there phishing. It is not just Banks etc that need protection. Telecoms need to be more involved in it that than expecting just the website do it.
Telecoms should have a active list of sites, monitor it, block king.com etc who are out there phishing. It is not just Banks etc that need protection. Telecoms need to be more involved in it that than expecting just the website do it.
Sorry, but businesses like Apple run their operations to make money--and to provide a return to investors. To do that, at the root level, they create innovations in hardware and software, and then sell these at a profit. Along the way, they "abandon" older systems.
Continuing to provide development and support for an old OS, for a diminishing user base, provides no return on the cost of paying Apple staff to update the OS, at least for free updates. And I presume Apple has considered the market potential for selling updates to older systems, and decided there was little potential.
You are free to use open source materials like linux, but probably have to know a bit more, and invest more effort, than the typical Apple buyer.
Continuing to provide development and support for an old OS, for a diminishing user base, provides no return on the cost of paying Apple staff to update the OS, at least for free updates. And I presume Apple has considered the market potential for selling updates to older systems, and decided there was little potential.
You are free to use open source materials like linux, but probably have to know a bit more, and invest more effort, than the typical Apple buyer.
The president and the heads of both political parties were born long before PCs were even a fantasy. These people cannot seem to understand Russian election interference and theft of an NSA malware tool are even worse than the theft of a 3-D, material missile.
We stand at the brink of a generational shift in leadership. Seventy and eighty-year-olds will soon be gone, and then perhaps we'll have an AG who understands the gravity of cyberattack instead of chasing teenagers smoking weed. And I speak as a 65-year-old.
We stand at the brink of a generational shift in leadership. Seventy and eighty-year-olds will soon be gone, and then perhaps we'll have an AG who understands the gravity of cyberattack instead of chasing teenagers smoking weed. And I speak as a 65-year-old.
8
One of the major problems causing this disaster is Microsoft's refusal to continue to support its products. As noted here, many of the affected users where still using Windows XP. Microsoft discontinued security updates for XP in 2015. Why? It seems that Microsoft's strategy is to make old systems obsolete in order to force purchases of new products. Microsoft and Bill Gates should bear the expenses incurred in this assault.
6
It's time for our "Make America Great Again" president to create a "Manhattan" bomb like infrastructure project of computer manufacturers, operating system vendors and stewarts to create systems to finally eradicate hacking. Right now most of these systems use simple password security layered within networks. The project's goal would be to elevate this to 21st century security protocols for all to implement and use. Fingerprint, iris scans, voice recognition, whatever it is, this problem is solvable if it's addressed in a disciplined manner.
IT Managers who are not vigilant in upgrading their systems, software, and security systems are lazy and place their employers in severe danger of this type of hacking. Worse, these same IT Managers attempt to hide being hacked to keep their jobs in the face of being fired for incompetence.
IT Managers who fail to maintain adequate firewalls between public access and secure corporate access to the internet are deaf, dumb, and blind when it comes to protecting their systems. Likely these incompetents have failed to continue their platform education and are caught flat footed when their IT Operating System leaves open doors for attacks.
I further question the need to have public access to critical utilities which could be protected with Middle Ages Defenses - raise the drawbridge to protect the castle = cut the link to the internet. These dams, power grids, pipelines, etc. functions flawlessly before there was an internet and will function fine today without a sword of Damocles / Hacking threatening disaster on a 24/7 basis.
Spoiler Alert: Successful Hacking Attacks are preventable failures on the part of IT Personnel.
IT Managers who fail to maintain adequate firewalls between public access and secure corporate access to the internet are deaf, dumb, and blind when it comes to protecting their systems. Likely these incompetents have failed to continue their platform education and are caught flat footed when their IT Operating System leaves open doors for attacks.
I further question the need to have public access to critical utilities which could be protected with Middle Ages Defenses - raise the drawbridge to protect the castle = cut the link to the internet. These dams, power grids, pipelines, etc. functions flawlessly before there was an internet and will function fine today without a sword of Damocles / Hacking threatening disaster on a 24/7 basis.
Spoiler Alert: Successful Hacking Attacks are preventable failures on the part of IT Personnel.
2
The talents of these hackers makes you wonder what they charge to manipulate the counts of election results, a little bit here, a little bit there - but just enough so as not to draw attention.
It is unbelievable that there is any trust at all in computerized voting.
The basic theory is ALL COMPUTER SYSTEMS ARE VULNERABLE. Even the NSA, and key government agencies
It is unbelievable that there is any trust at all in computerized voting.
The basic theory is ALL COMPUTER SYSTEMS ARE VULNERABLE. Even the NSA, and key government agencies
Will performing a daily backup redress such situation?
i.e. if I have an uninfected backup, could I not re-install it into my computer?
i.e. if I have an uninfected backup, could I not re-install it into my computer?
In answer to your question, "Will having a daily (uninfected) backup allow me to re-install it on my computer?", the answer I read from technology experts is Yes, that will work, =>IF<= you insure your backup itself is uninfected. One way to do this is to physically remove the backup from the computer. This could be done by backing up to a USB memory stick, or to an external hard drive that is then physically disconnected from the computer (I use these methods for family PCs that I support). Larger systems have other techniques, but the effect is the same: physically separating the backups from the computer systems. But the folks who run these systems know all about that. The problem is that security and backups are often an expensive afterthought (i.e, done poorly or not at all) until an even more expensive crisis, such as this one, comes along.
Albeit not all attacks are frontal against business & social services, government included, data bases, a stepped access can slow some of these unwanted intrusions by staying instant access. In many cases an email or "mock" update has commenced the attack via a PC etc. Good anti-viral scanning programs may also stay the attack.
Thank You MalwareTechBlog.
Doesn't any physical harm that comes from this fall to the responsibility of Mr Assange for making this "tool" available? Its got to be at least as much culpability as a bartender to continues serving someone he/she should not then lets that person leave and they kill another because of their impairment. In my mind it should be a greater level than that, it is as if he personally harmed every person whom has been harmed here.
Doesn't any physical harm that comes from this fall to the responsibility of Mr Assange for making this "tool" available? Its got to be at least as much culpability as a bartender to continues serving someone he/she should not then lets that person leave and they kill another because of their impairment. In my mind it should be a greater level than that, it is as if he personally harmed every person whom has been harmed here.
Ever since the "wonderful" operating system Vista I have avoided using Microsoft products. So it seems I have missed the joyful experience of becoming one of the "lucky" users who have had their PC's hacked.
2
The only question that remains is: how long until a major international firm sues our government for wanton recklessness in allowing these hacking tools to be stolen? How long until a family sues over death or injury to a loved one when hospitals are unable to perform vital procedures? It's inexcusable that the NSA and other taxpayer-funded agencies have the legal power to spy on all of us (although the nuances of this have not been adequately debated by our lawmakers, IMHO) and if they persist in this boneheaded behavior then perhaps it's time for international governments to lower the financial boom. Maybe then our lawmakers will finally see the folly of giving away all of our privacy in the name of "security. "
15
So by your logic, I should be sued if a thief uses my stolen vehicle to run over several people? Is it disgusting that the tool being used to wreak this havoc was written by and subsequently stolen from the NSA? Yes! Did the NSA have a legal or moral obligation to notify Microsoft as soon as they discovered this vulnerability? This is the more appropriate question, IMO.
This is the future of war. Weapons, dams, electric grids, etc. can be hijacked in a cyber war; in this sense it places less militarily powerful countries on par with a regional or global superpower in a military confrontation.
What if the hackers hadn't wanted money, just damage? All the targeted files in all the infected computers could be encrypted and unusable now. Sobering thought. Bank records much? What about these poor Brits' medical records?
1
It is interesting to note that there is no mention in the article that only computers using Microsoft operating system software are vulnerable to this malware.
It is interesting to note American taxpayers have funded the creation of the malware.
It is interesting to note American taxpayers have funded the creation of the malware.
1
Talk greater security all one wants, the only way to end this kind of international extortion is to shut down BitCoin, prohibiting it as well as other international online financial transfer schemes without ready, step-by-step traceable accounting. If hostage takers cannot collect the digital equivalent of a bag of cash at a dead drop, they will take no hostages, at least not for profit. BitCoin and other legalized conduits for Dark Money represent the kind of nefarious "freedom" the classic Social Contract theorists of the 17th and 18th centuries understood and well-explained it was necessary all "Men" relinquish to secure for all the many other, general Blessings of Liberty. One cannot fight crime for profit without directly attacking criminal finance. At times, it is the most and only effective means. This is one of them.
1
All complicated by governments strong arming software developers to include 'back doors' to their products. This only obliterates corporate trust for public entities everywhere. Consumers are only collateral damage.
One has to wonder why all these institutions left themselves vulnerable.
Stunning actually, Microsoft began offering patch protection from the Eternal/Bue hacking tool in March.
Stunning actually, Microsoft began offering patch protection from the Eternal/Bue hacking tool in March.
4
Exactly. And also critical business data should have been backed up and/or replicated.
1
"Yet security experts said the software upgrade, while laudable, came too late for many of the tens of thousands of machines that were locked and whose data could be erased."
Can you unpack that a bit? The upgrade was released in March. Why was that too late? Why wasn't that enough time?
Can you unpack that a bit? The upgrade was released in March. Why was that too late? Why wasn't that enough time?
1
We can't just treat this as a technical problem of computers being un-patched and IT backup policy being lacking. We need to fight these sorts of things both on the technical side by making it hard for the prospective criminal to infect the computers AND on the financial side by making it difficult for them to get paid for doing so.
These sorts of large scale ransomware attacks would simply not be possible without cryptocurrencies like Bitcoin. Thanks to hands-off regulation in most nations you can buy bitcoins without much trouble, they allow the program to automatically check for payment, and the nature of cryptocurrencies allows the criminal to easily launder it.
Most US banks already won't touch bitcoin and won't do business with anyone dealing in bitcoin because they've concluded through experience that the large money laundering risk involved vastly outweighs any other benefits it has. Perhaps it is time we made that official policy worldwide?
These sorts of large scale ransomware attacks would simply not be possible without cryptocurrencies like Bitcoin. Thanks to hands-off regulation in most nations you can buy bitcoins without much trouble, they allow the program to automatically check for payment, and the nature of cryptocurrencies allows the criminal to easily launder it.
Most US banks already won't touch bitcoin and won't do business with anyone dealing in bitcoin because they've concluded through experience that the large money laundering risk involved vastly outweighs any other benefits it has. Perhaps it is time we made that official policy worldwide?
1
Do none of the victims of this cyberattack have secure and redundant online and near-line backup systems? That’s pretty basic in a reasonably well implemented IT strategy.
Attacks like this, especially on hospitals, have consequences: people die. It's usually hard to put names on the dead; it's hard to know which patients died because their medical care was compromised. But make no mistake, not only was their enormous economic loss from this attack, there was loss of live as well.
This case needs to be investigated and prosecuted like the mass murder that it is. Solving cybercrimes is difficult, but if enough resources are devoted, it can be solved. There's always a digital trail. The names of the guilty must see the light of day. This includes the immediate villians, and also those who stole or wrote the cyberweapons that made it possible.
And if the malware tools were indeed stolen from the NSA, people at the agency responsible for internal security need to be replaced. And the question must be asked: why does the NSA rely on so many contractors?
Then there's MIcrosoft. They need to spend more time designing reliable, secure, and usable software, and less times adding complex features that virtually no one uses, and that all to often contain bugs that leave the entire computer vulnerable.
This case needs to be investigated and prosecuted like the mass murder that it is. Solving cybercrimes is difficult, but if enough resources are devoted, it can be solved. There's always a digital trail. The names of the guilty must see the light of day. This includes the immediate villians, and also those who stole or wrote the cyberweapons that made it possible.
And if the malware tools were indeed stolen from the NSA, people at the agency responsible for internal security need to be replaced. And the question must be asked: why does the NSA rely on so many contractors?
Then there's MIcrosoft. They need to spend more time designing reliable, secure, and usable software, and less times adding complex features that virtually no one uses, and that all to often contain bugs that leave the entire computer vulnerable.
The British healthcare system sadly has a lot of really outdated equipment and that is why they are still using windows XP which is no longer supported by MS. That makes it very vulnerable to hackers. Surprisingly there are a lot of hospital systems in the states that still have XP deployed simply because it works and it is very expensive to install new operating systems.
Hopefully this will be a wake up call for hospital directors to upgrade their operating systems
Hopefully this will be a wake up call for hospital directors to upgrade their operating systems
How many US people are aware that their physicians are penalized by Medicare and other insurers if they choose not to carry their patients' private health information in an Electronic Health Record? None of the EHR's are universally linked to make data available if patient X has an emergency in city C. But they are all universally vulnerable to hacks and theft. Their main purpose, to all appearances, it to gather data for insurers to use in evaluating risk in every commercial liability policy they sell. Not to make health care safer, better, cheaper. Just wondered how many people were aware of the 'fines' in the form of lower payments that providers take when they choose to keep their patients' information in self-contained systems rather than on-line.
2
1. The flaw exploited by this attack was not created by the NSA. The tool used was developed by the NSA but the vulnerability has been a known issue for years. Anyone who wanted to launch an attack like this could have done so in many other ways; the NSA simply made it more efficient for them. While I would love to lay blame at the feet of the NSA as much as anybody, they are not responsible for this. The issue is ubiquitously poor security used throughout the world on critical infrastructure networks. Encryption needs to be a tool understood by anyone using a phone connected to the internet. It's not enough that Apple and other companies have been trying to do the job for us--we need to educate ourselves about the wider implications of what this attack means for the digital world moving forward. The press has an important role to play in this process of education.
2. Payments were required in bitcoin. That this is not mentioned even once is absurd. The hackers did not demand $300; they demanded the equivalent of 300USD in bitcoin, which is a completely different currency. I know most people still dismiss bitcoin as a silly weekend project cooked up by hackers over the weekend, but major international banks have begun looking into cryptocurrencies as a way of exchanging fiat currencies globally. Cryptocurrencies are rapidly becoming part of the global economy, and have a massive potential for growth. People need to become informed with how they will impact our lives.
2. Payments were required in bitcoin. That this is not mentioned even once is absurd. The hackers did not demand $300; they demanded the equivalent of 300USD in bitcoin, which is a completely different currency. I know most people still dismiss bitcoin as a silly weekend project cooked up by hackers over the weekend, but major international banks have begun looking into cryptocurrencies as a way of exchanging fiat currencies globally. Cryptocurrencies are rapidly becoming part of the global economy, and have a massive potential for growth. People need to become informed with how they will impact our lives.
5
One begins to wonder whether the cause of NSA's endless security problems is not a culture clash between the young computer nerds and hackers NSA depends upon to create it's toys and the older button down military officers and government types who run the place?
6
This very point was raised as the likely reason why the information was leaked.
The wonders of the internet and the phenomenal economic growth it created in the 1990s now seems to have sunk to the level of crime ridden sink hole.
5
This attack should be a reminder of a couple of basic rules of digital communication.
One, back up your critical data regularly - and store it on media not ordinarily connected to your PC, as a fail-safe against this kind of attack. In a worst case scenario, you can either wipe your infected hard drive or remove it and replace it with an uninfected drive, and restore that data.
Two, use email screening software (like Mailwasher) which allows you to inspect the headers of email, and delete all suspected or unwanted email directly on the internet server, before it ever reaches your PC.
Regularly update your anti-virus protection and do regular scans.
Use add-ons like NoScript for Firefox that completely disable scripts of websites from running, especially when browsing non-trusted sites. Once installed, you can specifically choose which scripts you're willing to trust (like here at the NYT) - while leaving all others unable to impact your machine.
In light of how ransom-wear hackers are using the telephone to gain access to computers, by claiming that they represent a reputable firm seeking to repair your machine, use caller ID to aggressively screen all calls, and accept no calls from any person or firm that you don't recognize. Force all unknown callers to leave a message, and then google the phone number and company name before ever calling back.
In short, assume everyone you don't already know attempting to contact you is a potential threat. It's come to this.
One, back up your critical data regularly - and store it on media not ordinarily connected to your PC, as a fail-safe against this kind of attack. In a worst case scenario, you can either wipe your infected hard drive or remove it and replace it with an uninfected drive, and restore that data.
Two, use email screening software (like Mailwasher) which allows you to inspect the headers of email, and delete all suspected or unwanted email directly on the internet server, before it ever reaches your PC.
Regularly update your anti-virus protection and do regular scans.
Use add-ons like NoScript for Firefox that completely disable scripts of websites from running, especially when browsing non-trusted sites. Once installed, you can specifically choose which scripts you're willing to trust (like here at the NYT) - while leaving all others unable to impact your machine.
In light of how ransom-wear hackers are using the telephone to gain access to computers, by claiming that they represent a reputable firm seeking to repair your machine, use caller ID to aggressively screen all calls, and accept no calls from any person or firm that you don't recognize. Force all unknown callers to leave a message, and then google the phone number and company name before ever calling back.
In short, assume everyone you don't already know attempting to contact you is a potential threat. It's come to this.
45
So the solution to being told we were getting an "Internet of Things" and instead being given an "Internet of Thieves" is for all of us to board up our virtual doors and windows, sit by the door with our photon shot gun, and distrust all strangers?
Great. Ever hear the phrase "Brave New World"?
Maybe before we all pretend it's all up to us to do this, we can go back to the hawker community that makes its billions on advertising, never hires American, never takes responsibility, and insists that it and it alone should control our future, and ask why the internet shouldn't be run with the consent of the governed, and freedom from fear?
Great. Ever hear the phrase "Brave New World"?
Maybe before we all pretend it's all up to us to do this, we can go back to the hawker community that makes its billions on advertising, never hires American, never takes responsibility, and insists that it and it alone should control our future, and ask why the internet shouldn't be run with the consent of the governed, and freedom from fear?
Best comment on this article. Thanks.
A young man inadvertently found the "kill switch", a lucky guess - it is over for now
https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds...
https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds...
12
Because pinging a domain name is so sophisticated?
It is not over.
Where is everyone's sense of outrage that our own signals intelligence agency, with it's billions of dollars budget, is repeatedly hacked or suffers security breaches. I mean these are the guys who finally admitted (after much lying to congress) that all there invasions of American citizen's privacy never caught a terrorist.
Now they have failed to protect some of their toys which are now endangering computer records all over the world. Congressional oversight is a joke. Certainly the NSA can't hide under the veil of secrecy as there are hardly any secrets that they haven't lost control over. These guys can't be so untouchable that they can't be called to account as they have the potential of destroying the modern world.
Now they have failed to protect some of their toys which are now endangering computer records all over the world. Congressional oversight is a joke. Certainly the NSA can't hide under the veil of secrecy as there are hardly any secrets that they haven't lost control over. These guys can't be so untouchable that they can't be called to account as they have the potential of destroying the modern world.
82
@Michael S
The outrage should be that the NSA knew of the Windows flaw but did not inform Microsoft so it could be fixed.
"National Security" should mean securing the nation against threats, not leaving a hole for others to access the nation's infrastructure.
The outrage should be that the NSA knew of the Windows flaw but did not inform Microsoft so it could be fixed.
"National Security" should mean securing the nation against threats, not leaving a hole for others to access the nation's infrastructure.
1
I wish I lived in your safe and perfect world
1
They should have kept their toys on Hillary Clinton's private server, which is probably the only server in US administration that wasn't hacked....
Yet an unrealised reality though, still as it's imperative to forge a well coordinated concerted international action against the conventional threats like terrorism, climate change, or the pandemics endangering humanity, so is it's an urgent task today to evolve a global response to meet the growing threats from the cyber attacks like the one the world is facing by yesterday's ransomware attack by some hackers.
15
That to-do list only gets longer, only accererated by the fact the we never seem to check anything off. But without them, what good is a refrigerator door?
I had assumed my PC was installing updates regularly and I didn't have to worry about this.
But to be safe I checked and glad I did. A setting I had made to Windows Firewall in order to get my Apple devices to stream audio was blocking updates from being downloaded. I'm now downloading and updating a few months worth of updates.
Go check your PC. Google 'Windows Update' if you aren't sure how. Apple owners should ensure their systems are updated too, you are far from invulnerable.
But to be safe I checked and glad I did. A setting I had made to Windows Firewall in order to get my Apple devices to stream audio was blocking updates from being downloaded. I'm now downloading and updating a few months worth of updates.
Go check your PC. Google 'Windows Update' if you aren't sure how. Apple owners should ensure their systems are updated too, you are far from invulnerable.
35
Just FYI I had disabled Windows Firewall to all Airplay streaming from iTunes.
I use Avast Internet Security for protection instead.
I use Avast Internet Security for protection instead.
2
There is no such thing as a secure PC! Windows based PCs represent 90%+ of the world's desktops, tablets, laptops, etc. and present hackers with a target rich environment. 3rd party security software combined with near-daily monitoring of threats to Microsoft Windows OS protect against known threats, it is the unknown - unpublished threats that blindside the PC world. Extreme diligence is the only way to win the hacking war.
The problem isn't just the hackers - it's the Monopolistic Company that sells very low quality operating system software.
Why would anyone use this low quality software? Because the monopolist is allowed by our government to pre-install it on almost every computer sold.
If computers can do brilliant work like decoding the human genome, they can certainly guard against a virus - but you need to start out with a decent operating system on your computer.
Anyone who pays the ransom, will have been ripped off twice - once by the criminals, and once by the the Monopolistic Company.
Disclaimer: I am not in the business of selling either computers or operating system software, nor have I invested in any such company. I have no financial interest in this issue whatsoever. This comment was written using an alternative operating system.
Why would anyone use this low quality software? Because the monopolist is allowed by our government to pre-install it on almost every computer sold.
If computers can do brilliant work like decoding the human genome, they can certainly guard against a virus - but you need to start out with a decent operating system on your computer.
Anyone who pays the ransom, will have been ripped off twice - once by the criminals, and once by the the Monopolistic Company.
Disclaimer: I am not in the business of selling either computers or operating system software, nor have I invested in any such company. I have no financial interest in this issue whatsoever. This comment was written using an alternative operating system.
66
There is no superior operating system. Windows is a target because it is the most used.
If everyone used Unix or Linux or Ubuntu or whatever your alternative is; exploits to those systems would be in abundance.
If everyone used Unix or Linux or Ubuntu or whatever your alternative is; exploits to those systems would be in abundance.
115
Windows operating systems are the target because they are far more vulnerable. They just put out an emergency fix that went back several releases tha had a huge flaw. The argument that it is because there are more of them is a very old one and not defensible. There are so many Apple devices out there now they are not behind the cheaper PCs by much.
1
Wrong. There are fundamental differences between Windows and Linux that makes Linux more secure and superior in terms of computing performance (memory management, file system access, system priviledges, etc). Most of the internet is actually running Linux, and yet you don't see mass infections such as this. A machine running an unpatched verson of Windows can get infected just being plugged into the internet, without any user intervention or opening links and attachments in"phishing" e-mails.
1
now we know why Hillary thought she needed to have her own private server. the government can and is hacked.
175
And interestingly enough, Hillary's server wasn't hacked, unlike other govt. servers including the White House's. And it was the Trumped-up email "debacle" that helped to bring her down. We deserve Trump for letting misogyny dictate the results of the election.
1
Yes, of course. That's also why Colin Powell told Clinton not to use the State Dept. servers when she became SOS. He said that he used AOL to talk with world leaders, according to leaked e-mails of his, not that the news media made a big deal out of it; it was so much more click-bait to pretend no one ever did it before Clinton.
2
Apparently so was Hillary's server (hacked) I don't think hacking of government servers was a legitimate excuse for her bad judgment.
1
Will deleting all cookies solve an attack? That's worked for me, with other hackers who flash a "Computer Blocked!" message. Shut down, restart but don't access Internet, then go to Settings and delete all cookies.
16
that sounds like a pretty basic hack, in which the hackers were mostly bluffing - from what I gather the current hack is not easily resolved, and all the data is scrambled and inaccessible, which has nothing to do with cookies.
1
I think once your data has been encrypted by hackers then deleting cookies won't help, you would need the key to unencrypt. If deleting cookies 'fixed' a problem you saw then perhaps the hackers were just bluffing and weren't actually able to encrypt your files?
Short answer: No, no it won't.
This particular virus is entirely different from those browser-based scareware pop ups.
This particular virus is entirely different from those browser-based scareware pop ups.
1
I wonder how many of the affected systems were running pirated copies of Windows, and thus weren't getting security updates. Perhaps that's why the third world, including Russia, got hit the hardest.
49
Data should always be backed up and stored off-line.
108
Agree. If possible, keep two backups in different locations.
The motivation here is money, and the way that "ransomware" money gets to the perpetrators is by so-called cryptocurrencies like Bitcoin. As long as governments turn a blind eye to the money flows, these attacks will continue.
62
But it always comes down to people being dumb, doesn't it?
A squad of 12-year-olds could help all the grownups out here.
Anyway. Remember when Britain ran a world empire on a system that ran on quill pens?
And--kids, as much as you do know--don't let them get rid of copper wire and landline phones; cherish any that remain in the family. I moved up here from Noo Yawk and left all that stuff behind. Guess what happens to my fake landline every time the power goes out? And the cable company wants me to pay for a backup battery on top of everything else I pay for.
A squad of 12-year-olds could help all the grownups out here.
Anyway. Remember when Britain ran a world empire on a system that ran on quill pens?
And--kids, as much as you do know--don't let them get rid of copper wire and landline phones; cherish any that remain in the family. I moved up here from Noo Yawk and left all that stuff behind. Guess what happens to my fake landline every time the power goes out? And the cable company wants me to pay for a backup battery on top of everything else I pay for.
19
If you were concerned about privacy at all, dumb is carrying a device in your pocket that's a 24/7 gps beacon and microphone on your conversations.
"But it always comes down to people being dumb, doesn't it?"
Not this time. This is not a virus from rich Nigerian princes, but a worm that will get you just browsing the wrong page of not having updated firewall.
people being dumb here are, as usual, the government....
Not this time. This is not a virus from rich Nigerian princes, but a worm that will get you just browsing the wrong page of not having updated firewall.
people being dumb here are, as usual, the government....
In light of Stuxnet, which was USG-developed and then turned into a cyber-weapon for hackers worldwide after we used it on the Iranians, this statement is ridiculous: "The attack is believed to be the first in which such a cyberweapon developed by the N.S.A. has been used by cybercriminals against computer users around the globe." "Intelligence" community got burned again by its own weapons. Vault 7 Shadow Brokers is contractors, probably liberal libertarians, just like Snowden.
18
Liberals are not Libertarians. The two ideologies are nearly diametrically opposed.
And Snowden never released anything other than documents detailing ethically, legally and morally questionable government espionage aimed at citizens. Please don't conflate whistle blowers exposing wrongdoing with gangsters stealing and releasing malicious software so they can extort the entire planet for financial gain.
And Snowden never released anything other than documents detailing ethically, legally and morally questionable government espionage aimed at citizens. Please don't conflate whistle blowers exposing wrongdoing with gangsters stealing and releasing malicious software so they can extort the entire planet for financial gain.
Here in the UK Prime Minister Theresa May, campaigning for the next election on June 8th, has been almost unable to utter a paragraph without using her scripted battlecry "strong and stable". Oddly, in interviews about the cyberattack on our National Health Service, this phrase seems to have become redundant.
25
Trump signed an Executive Order on cybersecurity on the same day the Russians came for tea and cookies, didn't he?
34
Anyone think North Korea is behind this? They need the money. Also, this is what you get when a unregulated, dark net currency like bitcoin is available. These folks are "lucky." A friend fell for a ransomeware attack several months ago and it cost her $1200 in bitcoin to retrieve all of her photos and files.
34
Good theory. They love counterfeit "real" money, why wouldn't they try a Bitcoin grab? My guess is not the Norks. Too random. Hackers in Europe. Didn't Vault 7 drop out of Zurich?
What an incredible screw up by the NSA to let these weapons out in the wild! Trump is totally silent on this issue and his attorney general is happy to throw tons of poor people in prisons for street drug offenses but has thus far said nothing about the brazen theft of our digital weapons. Imagine if someone stole a missile launcher and started using it against us? Why is this treated differently? My guess is because there are big words involved and it's too hard for Trump and Sessions to understand. Nonetheless the NSA needs more reform than the FBI, but again, too complicated for Trump to get.
258
I'm not in any way a fan of Trump(!), but it's not really fair to blame him for this. It's much too soon for that. Obama must bear responsibility, though, for giving NSA license to create this malware. But beyond blame, the US really needs a public commission to organize a general public plan with consensus of how to deal with both state and non-state actors in this area.
2
These tools are necessarily released everywhere whenever they are used, so it is not possible to contain them. For similar reasons, that's why there is an international agreement to not use bioweapons.
The history of American intelligence in the 21st Century: US puts top secret documents online to maximize profits and convenience. US loses top secret documents to online thieves and hackers.
1
It seems obvious to say, but any company that uses computers as part of their operations needs adequate security.
That being said, many, if not MOST companies look at IT as a tool with expenses to be cut to a minimum, until it is too late.
A company would not use a lock on their doors that could be easily picked, why do they use virtually no "locks" on their data and systems?
That being said, many, if not MOST companies look at IT as a tool with expenses to be cut to a minimum, until it is too late.
A company would not use a lock on their doors that could be easily picked, why do they use virtually no "locks" on their data and systems?
155
I was an IT manager for a number of decades and can answer your question. I think there are two factors. First, new "doors" that need to be locked are constantly being found and there must be an immediate effort to lock them. Second, most of the people who control budget allocations to IT don't have a good grasp of the issue. In the long run they will learn, but the cost has been high up until now and will continue to be high for some time to come. The cost of security is high, at one time I was IT manager in a post-secondary institution, where in my experience the problems are the worst, and 1/3 of our total service effort dealt with security issues.
Companies, at least publicly traded ones, only deal with risks that will make them worse off than their competitors. If the whole industry is equally affected, no individual company will do anything out of the ordinary to protect itself because it won't take a stock price hit worse than its competitors. It happened with Y2K and it happens now as well. It's unfortunate but true.
Because those using the systems with "virtually no "locks" on their data and systems" are those who don't have the money to constantly pay Microsoft, or other vendors for the privilege of not having their stuff stolen. The British NHS, the NGOs, the third world computer users aren't being stupid, they're being poor, and Microsoft, in this case, Google in the phishing worm case, not some hacker, is holding them to ransom for security or for lack of privacy or for some other price.
What's needed is to treat essential internet systems as public utilities, not robber baron empires we all need to feed and worship all the time. But then I suppose we would end up arguing about whether or not funding public systems properly was a "taking" by big gummint. Oh, well.
What's needed is to treat essential internet systems as public utilities, not robber baron empires we all need to feed and worship all the time. But then I suppose we would end up arguing about whether or not funding public systems properly was a "taking" by big gummint. Oh, well.
The NSA continues to undermine the security of the information systems of hospitals, banks, power grids and other critical infrastructure. They argue that this benefits the American people because they can then target our enemies' infrastructure. But no computer network is secure unless all computer networks are secure. And as this incident shows, no backdoors, or hacks, are secret for long. We need a serious conversation about whether the NSA should be directed to help patch, not corrupt, the security of the world's computer systems.
43
The NSA and FBI have divisions for "Penetration Testing" to access systems and learn to exploit their own equipment. Once an exploit has been found, it is then patched and system is stronger. This is the process of cybersecurity development but in order to fix and strengthen a system they must first break it open to find out how it is done.
Microsoft bears responsibility and should be required to fix their system. This is why I was willing to pay extra for a Macbook and have stayed with Apple ever since. Microsoft: just another mega corporation that smugly says, "Let them eat my faulty products."
5
Microsoft has issued a fix for this. They did it months ago. The problem is that many people and organizations don't bother to install the fixes.
This was patched back in March and the update was distributed.
With regard to medical offices in the US, Obamacare mandated that we all begin using electronic records, rather than paper. At a cost of over $300,000, our practice of 5 doctors complied with the conversion. It continues to cost us about $70,000 per year to maintain the EMR (hardware, security, backup, program license fees, tech support). The risk to the resulting data was known at that time, by us and by the government. This is a part of Obamacare that does not get much criticism, but should have. Increased cost, increased risk. No significant benefit. When your medical records are lost, do not blame your doctor or hospital; blame the architects of the policy that rushed it through before thinking it through.
9
Huge benefit to the patient. You have plenty of money...you can afford to use both.
1
As an IT specialist who spends day after day bring systems back from the dead, I feel your fear. It's one I share about sensitive personal data about real people.
But by all means, blame Barak Obama!
2
The underpinnings of today's connected world should not be dependent on the lack of seriousness taken by the company that in effect provides the electricity.......Microsoft must be held accountable for its failure to provide a secure environment while continuing to rake in billions. The model should become subscription based (as in $25 per year per computer) with guaranteed service levels and hefty penalties applied when things break down due to marketing trumping security....some people are probably going to die sooner deaths due to the NHS fiasco. This is the real story!
7
Is this the actual way "12 Monkeys" becomes real? It sounds like people will die by accident - collateral damage - in this extortion plot, when hospitals close their doors. When the attacks are more focused, on utility grids or air traffic control say, people will die on purpose. It's a human-caused plague by a different name.
What a world we are creating. Most of us are swept along in the currents of progress, happy to be able to write a letter to the NYT from our smartphone or buy something online and frustrated by having to remember a dozen passwords or by the inconvenience that an upgrade to our computer means it forgets the printer it is connected to (it took me 20 minutes to print a page yesterday after I got a three-hour Microsoft update the night before). We can only hope that the really smart people who are creating our modern world will stay ahead of the really smart thugs, crooks and terrorists who are trying to exploit its vulnerabilities, before we, too, become collateral damage.
What a world we are creating. Most of us are swept along in the currents of progress, happy to be able to write a letter to the NYT from our smartphone or buy something online and frustrated by having to remember a dozen passwords or by the inconvenience that an upgrade to our computer means it forgets the printer it is connected to (it took me 20 minutes to print a page yesterday after I got a three-hour Microsoft update the night before). We can only hope that the really smart people who are creating our modern world will stay ahead of the really smart thugs, crooks and terrorists who are trying to exploit its vulnerabilities, before we, too, become collateral damage.
17
So that's why my printer was disconnected yesterday!
We spend half the USA budget on bombs and ways to kill people with said bombs with our military yet our current government seems to be totally inept at protecting us from this kind of modern day attack . There might be some money being spent within our government to help deal with cyber security but instead of making it a priority the Trump administration chooses to be part of the problem with all this resistance being put up to what happened with the Russians using cyber warfare on us during the elections last Fall. Instead of spending an additional 50 billion on bombs how about we spend that much on cyber security and start putting cyber criminals in jail ?
14
I appreciate the advice in the accompanying article titled "Protecting Your Digital Life". However, what we need in addition is a way for people to back up their files, in a way that takes no effort, onto devices that cannot be reached by ransomware. Apparently, ransomware can encrypt external drives as well, so perhaps that's not a good way to create a backup.
1
Buy yourself a big flash drive, or external hard drive, copy everything to it, then unplug it. Plug it in once a week/fortnight/month, copy everything again, then unplug it. Its contents cannot be encrypted if it isn't connected to come kind of processor.
The problem here is the phrase "no effort". Unfortunately such security considerations require both thought and effort. That's the problem. People think it's some magical system. Turn it on and go. But it doesn't happen that way as we can all see. So yes some EFFORT is required, some thought on how this thing works, why am I opening this email?, why did Microsoft want me to install some kind of updates?
The same two lessons come out once again. 1. Install updates when you receive them - don't wait (the MS patch was issued in March). 2. When receiving emails containing an attachment, check the source and if not sure, delete the email.
Places like the UK's NHS hospitals say that it is difficult to update their systems since they depend on it 24/7. So is this shut down and subsequent mayhem worth not installing the patch? I suppose some will pay the ransom and thus encourage future attacks.
Places like the UK's NHS hospitals say that it is difficult to update their systems since they depend on it 24/7. So is this shut down and subsequent mayhem worth not installing the patch? I suppose some will pay the ransom and thus encourage future attacks.
7
"The British National Health Service said that 45 of its hospitals, doctors’ offices and ambulance companies had been crippled — making it perhaps one of the largest institutions affected worldwide."
I'm surprised that your style guide allows the word "crippled" as a metaphor for systems or things being broken. The word has a very negative connotation, and in this case draws on and judges the situations of real people with disabilities in order to make a rhetorical point. It's ironic that this usage occurred in a sentence about a hospital. Please consider rewording.
I'm surprised that your style guide allows the word "crippled" as a metaphor for systems or things being broken. The word has a very negative connotation, and in this case draws on and judges the situations of real people with disabilities in order to make a rhetorical point. It's ironic that this usage occurred in a sentence about a hospital. Please consider rewording.
5
Oh go away with your "I am the speech police"
I am disable - orthopedic injury
I use a mobility Service Dog
I am not hysterically hyper-sensitive
I don't read insults into regular words
Get over it.
GO AWAY
I am disable - orthopedic injury
I use a mobility Service Dog
I am not hysterically hyper-sensitive
I don't read insults into regular words
Get over it.
GO AWAY
1
I'd guess they've taken the word from descriptions given out by we Brits, we use crippled as a standard word over here. Having (in the main) got past it being a perjorative term for a physically disabled person. I haven't heard it used that way over here for at least 20 years.
There are thousands of internet processing nodes that locally centralize data but are globally decentralized. Would think each node should be able to trap and filter out obnoxious code without slowing things down much. But maybe not.
3
Although ransom attacks are not new, the breadth of this attack reveals just how vulnerable our IT infrastructure is. Business as usual is no longer an option. The bad guys are not going away and now that they armed with NSA designed cyberweapons, the risk is existential to our current way of life. Drastic action is called for to address this risk. I don't know enough to suggest what that is, but it has to be multifaceted, a combination of minimum security standards, best practices and a liability scheme on software manufacturers and officers and directors of corporations, who do not take steps to implement reasonable cybersecurity measures.
25
On one hand, when the IT infrastructure is designed for access, ubiquitous and seamless, do you want your 'other hand' developing weapons? What did Pogo say about meeting the enemy?
There is so much wrong in the way cyber is conducted by the NSA and other American spying Agency.
First, there's no accountability. Malware that costs tens of millions of dollars to develop is stolen. Was the head of the NSA fired? Instead he would more likely be called to a Congress hearing to be treated like a rockstar. In a private company he would forgo employment for the rest of his life.
Second, the spy agencies are showered with so much money which enables them to spend huge sums on developing cyber spying tools that they (the decision makers) don't understand and don't know how to protect.
Third, the cyber spying tools created by these agencies target compromising internet servers, operating systems, and applications. Even worse trying to enforce backdoor access. This is the wrong target. They should instead identify vulnerabilities in these systems and make it mandatory to fix.
Finally, spying agencies don't understand technology and especially software. The US should create a specialized agency for cyber security run by engineers (this is important) and not by law enforcement.
First, there's no accountability. Malware that costs tens of millions of dollars to develop is stolen. Was the head of the NSA fired? Instead he would more likely be called to a Congress hearing to be treated like a rockstar. In a private company he would forgo employment for the rest of his life.
Second, the spy agencies are showered with so much money which enables them to spend huge sums on developing cyber spying tools that they (the decision makers) don't understand and don't know how to protect.
Third, the cyber spying tools created by these agencies target compromising internet servers, operating systems, and applications. Even worse trying to enforce backdoor access. This is the wrong target. They should instead identify vulnerabilities in these systems and make it mandatory to fix.
Finally, spying agencies don't understand technology and especially software. The US should create a specialized agency for cyber security run by engineers (this is important) and not by law enforcement.
17
Why we still have to remind people to update their software whenever their operating system's manufacturer sends one out is beyond me. One might think that with almost monthly news of yet another cyberattack on computer systems that individuals updating their machines would be a no-brainer...especially when large corporate systems like FedEx and the NHS are affected. You KNOW their systems are strong.
Then, of course, here comes Mr. Ed Snowden, the guy who made all this NSA software available to the criminal hackers of the world. He sits in his comfortable Russian domicile, protected from prosecution (for now) and his response? Well, NSA should have shared the stuff or at least told everybody the weapons were stolen.
He, of course, is not sorry at all for the part he has played and will continue to play in these worldwide attacks.
Then, of course, here comes Mr. Ed Snowden, the guy who made all this NSA software available to the criminal hackers of the world. He sits in his comfortable Russian domicile, protected from prosecution (for now) and his response? Well, NSA should have shared the stuff or at least told everybody the weapons were stolen.
He, of course, is not sorry at all for the part he has played and will continue to play in these worldwide attacks.
12
While you're correct about updating systems, you're wrong about Snowden being involved. While he released a large number of documents, the NSA software leak was a separate incident.
Snowden had nothing to do with the NSA cyber arsenal being released to then public domain. That was shadow brokers. So he has nothing to be sorry for. Indeed had he not made the NSA/GCHQ capabilities known about there's be a lot more systems damaged today. The checks/changes carried out after he whistle blew capabilities, probably aided protecting some systems from this.
1
Snowden has nothing to do with this, but keep beating that dead horse if you want. It's not going to feel it.
1
The day we disconnect will be the day we can fee secure again. And for institutions, stand alone systems, "un-webbed" for essential functions, would be the way to go. To get from the "outside" to the "inside" a physical intervention would be needed. Yes "efficiency" suffers but safety increases by orders of magnitude.
16
This is the only real solution to this problem. Eliminating our dependence on electronic media via the internet for information will eliminate the vulnerability to unauthorized electronic access. I'm not saying shut down the internet, but a return to hard copy records or at least utilizing electronic networks that are not linked to the internet will minimize the threat.
While this is troublesome, it pales alongside the price we'll pay for the Trump leadership. This economy will crash .. just like under Reagan and Bush. While conservative economic theory, in its utter simplicity, sounds good (to some people), it can only have the same outcome as any shell game. You cannot ramp up, without some cost, somewhere. Driven-ramping as opposed to the development that derives from solving the whole spectrum of problems instead of narrow economic growth, has absolutely no history of success.
At a bare minimum, de-regulation means greater cut-throat action -- inherently designed to separate people into wealthy wolves and poorer sheep. However, the really ugly consequence is environmental destruction, social debasement, species extinction, and increasing loss of freedom of the individual.
While these outcomes are also seen under 'democratic' administrations, you will kindly notice that thye are less severe, and highly focused on corrective processes. As wrongs are observed, we try to fix them. The most you'll see from GOP-driven remedies are Band-aids.
At a bare minimum, de-regulation means greater cut-throat action -- inherently designed to separate people into wealthy wolves and poorer sheep. However, the really ugly consequence is environmental destruction, social debasement, species extinction, and increasing loss of freedom of the individual.
While these outcomes are also seen under 'democratic' administrations, you will kindly notice that thye are less severe, and highly focused on corrective processes. As wrongs are observed, we try to fix them. The most you'll see from GOP-driven remedies are Band-aids.
27
You're off topic.
1
The proliferation of private contractors in the government, especially the NSA, guarantees that corners will be cut for profit, including in the hiring of men and women who will have access to incredibly damaging weapons. Worse than this attack by far--electrical grids, telecommunications, and military operations are in the sights of cyber-weapons. And these companies, and the government itself, develop these weapons and put them in the hands of people who can make themselves rich using them. Not all have the conscience of a Snowden--and some feel that he should be in prison or worse (not that I'm one of them). But there are untrustworthy people with access to these malevolent weapons through the NSA and other organizations who go blindly on profiting through pretending our security depends on their products. They themselves may be the biggest risk factors of all.
42
Revenge of a nerd.
It's not as if security experts haven't been warning us for a long time that leaving the back doors open, as the NSA wants, wouldn't have negative side effects. It's time to close the doors to give us protection from *all* unwanted visitors including our governments.
31
Shut down Bitcoin for a start, so ransom payments are easier to track. Treasury dept should invoke the government's exclusive right "To coin money, regulate the value thereof, and of foreign coin" and declare all Bitcoin transactions illegal. UK and other governments should do the same.
203
I don't understand why the perpetrators can't be tracked when they recover the ransom. Now, their sense of invulnerability is emboldening them.
It would be like putting a bandage over the hemorrhage. A legal barter system will replace it in no time.
Any such law would be ruled unconstitutional in the US. But banks already use Bitcoin, and even more banks use the algorithms underlying the use of Bitcoin. Also, rich and famous people, like the Winklevoss brothers, invest millions in Bitcoin. So not only is what you suggest unconstitutional, the powerful elites wouldn't let you do it anyway.
Security for cyber weapons is just as important as security for nuclear weapons. If someone stole a nuke, and used it to hold a city for ransom, the military would bear responsibility for failing to keep nuclear weapons secured. Now that something analogous has happened with a cyber weapon, the practices of the NSA and other cyber-warfare organizations need to be examined and revised to reduce the chances it will happen again.
55
Overstatement. Serious, but not as serious as nuclear weapons.
1
A couple of thoughts as to vulnerabilities:
The main line of defense is the computer operator; (s)he needs to acquire some basic knowledge on how to keep the computer safe.
The operating system security is also obviously paramount. I have already read some comments as to how this is expensive/hard, etc. The thing to know is that Microsoft had already provided a patch to guard against this particular attack. I just checked my computer and the patch had already been installed automagically. There is obviously some operator responsibility on the proper settings here as well.
The NSA and other security agencies obviously bear some important responsibility in this specific instance. There are ongoing attacks every day of the week; most of those are easily handled by security software, but when the NSA develops some really sophisticated tools and then allows these to be stolen the game is altogether different. It is actually quite amazing than, in a post Snowden era, a rogue employee can actually steal anything from the CIA/NSA/ etc. They obviously need to tighten their own security.
Lastly, the software security companies were obviously caught sleeping. After the NSA tools were stolen and published them, was only a matter of time until somebody used them to cause havoc. Probably the NSA itself should have worked to provide safeguards. After all they, as well as everybody else, knew the footprints of these tools.
The main line of defense is the computer operator; (s)he needs to acquire some basic knowledge on how to keep the computer safe.
The operating system security is also obviously paramount. I have already read some comments as to how this is expensive/hard, etc. The thing to know is that Microsoft had already provided a patch to guard against this particular attack. I just checked my computer and the patch had already been installed automagically. There is obviously some operator responsibility on the proper settings here as well.
The NSA and other security agencies obviously bear some important responsibility in this specific instance. There are ongoing attacks every day of the week; most of those are easily handled by security software, but when the NSA develops some really sophisticated tools and then allows these to be stolen the game is altogether different. It is actually quite amazing than, in a post Snowden era, a rogue employee can actually steal anything from the CIA/NSA/ etc. They obviously need to tighten their own security.
Lastly, the software security companies were obviously caught sleeping. After the NSA tools were stolen and published them, was only a matter of time until somebody used them to cause havoc. Probably the NSA itself should have worked to provide safeguards. After all they, as well as everybody else, knew the footprints of these tools.
50
Snowden is not the bad guy here. He's the messenger. The NSA wants to weaponize your appliances. Governments require 'back doors' from developers regardless of platform. You cell phone listens whether you think its turned on or not.
Are the hackers staffed sufficiently to handle the incoming money and requests to un-encrypt millions of compromised systems before the clock runs out? Or are millions out of luck because the domain and website was not activated by the perpetrators - so there is no way to pay up to get your data released?
Is the day coming when the capability to encrypt the "Cloud" holding the world's data hostage? Yes we should have offline backups of the entire cloud data but what happens when you try to restore that backup data? Will it be vulnerable or do they have a way of duplicating quadrillions of bytes of data in a quarantined way before trying to restore? Next they will start encrypting actual programs, operating systems, SCADA systems and other infrastructure critical components of countries. How well are the restore programs and software quarantined?
Remember the days of the floppy and the "physical" write protect tab? It is a placebo tab. That was not a guaranty a program would not write or overwrite the data on the disk - as Microsoft products proved to me on many occasions. There are no fail safes anymore and systems are so complex that no one can know for certainty about the flaws, vulnerabilities, or even the accuracy of these systems.
When you boot up your self driving car and the heads-up screen says your car has been hacked - is it VW playing funny with the software again or a hacker looking for money?
Is the day coming when the capability to encrypt the "Cloud" holding the world's data hostage? Yes we should have offline backups of the entire cloud data but what happens when you try to restore that backup data? Will it be vulnerable or do they have a way of duplicating quadrillions of bytes of data in a quarantined way before trying to restore? Next they will start encrypting actual programs, operating systems, SCADA systems and other infrastructure critical components of countries. How well are the restore programs and software quarantined?
Remember the days of the floppy and the "physical" write protect tab? It is a placebo tab. That was not a guaranty a program would not write or overwrite the data on the disk - as Microsoft products proved to me on many occasions. There are no fail safes anymore and systems are so complex that no one can know for certainty about the flaws, vulnerabilities, or even the accuracy of these systems.
When you boot up your self driving car and the heads-up screen says your car has been hacked - is it VW playing funny with the software again or a hacker looking for money?
5
VW or hacker? Its your money either way.
There are two issues, the unaware computer user on the network, but also the operating system that allows arbitrary code to be run on it.
I get those fake warnings to "click here" to update my password. So what I do is go directly to the real site and update my password. The hackers have given me a valuable reminder in that case.
As for the operating system, there is a lot of work on building secure code, but it makes the operating system that much more expensive; people don't want to pay the price. It's 2017, we've had 70 years of operating systems and we still suffer security breeches.
Plus, security is the dual of sharability. We all want access to everything on the internet. But the ideal of security would be to allow *no* access. That way your data would be safe. But you wouldn't be able to buy anything, either, or share photos. We struggle with these norms.
This NSA instance is evidence why I don't want Apple to engineer a back door into my computers. In the San Bernardino case, there were people who were adamant that Apple should provide one. Maybe those naive individuals have learned something from this current security incident.
If you believe that your computer should be hackable in order to catch criminals, they your computer will be hacked by criminals. Evidently we have a long way to go in deploying computer systems and security policy.
I get those fake warnings to "click here" to update my password. So what I do is go directly to the real site and update my password. The hackers have given me a valuable reminder in that case.
As for the operating system, there is a lot of work on building secure code, but it makes the operating system that much more expensive; people don't want to pay the price. It's 2017, we've had 70 years of operating systems and we still suffer security breeches.
Plus, security is the dual of sharability. We all want access to everything on the internet. But the ideal of security would be to allow *no* access. That way your data would be safe. But you wouldn't be able to buy anything, either, or share photos. We struggle with these norms.
This NSA instance is evidence why I don't want Apple to engineer a back door into my computers. In the San Bernardino case, there were people who were adamant that Apple should provide one. Maybe those naive individuals have learned something from this current security incident.
If you believe that your computer should be hackable in order to catch criminals, they your computer will be hacked by criminals. Evidently we have a long way to go in deploying computer systems and security policy.
146
"This NSA instance is evidence why I don't want Apple to engineer a back door into my computers. In the San Bernardino case, there were people who were adamant that Apple should provide oneMaybe those naive individuals have learned something from this current security incident."
Engineering a back door and one existing because of vulnerabilities are two separate items. The former can also help prevent the latter.
Many of the vulnerabilities are not OS related but are microprocessor related. The operating system patches are putting bandaid on those vulnerabilities.
Engineering a back door and one existing because of vulnerabilities are two separate items. The former can also help prevent the latter.
Many of the vulnerabilities are not OS related but are microprocessor related. The operating system patches are putting bandaid on those vulnerabilities.
2
@jp, one could look to hardware for a security solution; again, it costs more money. But you've used the term "many". So some are OS related. You don't know what all the vulnerabilities are, but you are claiming that a purposefully engineered back door to a system increases its security.
What you miss when proposing a "helpful" back door is what all people miss when proposing it: you are extending the security boundary of the device to the FBI and other agencies. It is a logical problem. It's difficult to contain information within a large security boundary. You, @jp now have to establish a trust relationship with thousands of people.
You trust the FBI not to release information, but look what happened with the NSA incident; the breach methodology escaped the NSA into hackers' hands. The NSA couldn't protect their information. That could be *your* information. This recent incident is a counterexample to your argument.
An engineered back door and a vulnerability due to a bad design result in the same ability to break into a system. You *feel* that they don't, but that's the problem. Security has to be approached rationally, not emotionally.
What you miss when proposing a "helpful" back door is what all people miss when proposing it: you are extending the security boundary of the device to the FBI and other agencies. It is a logical problem. It's difficult to contain information within a large security boundary. You, @jp now have to establish a trust relationship with thousands of people.
You trust the FBI not to release information, but look what happened with the NSA incident; the breach methodology escaped the NSA into hackers' hands. The NSA couldn't protect their information. That could be *your* information. This recent incident is a counterexample to your argument.
An engineered back door and a vulnerability due to a bad design result in the same ability to break into a system. You *feel* that they don't, but that's the problem. Security has to be approached rationally, not emotionally.
1
A computer or any other personal digital device should be as inviolable as one's home to the government.
Governments invariably make themselves opaque to their citizens for whom they supposedly exist, but they use any overwrought excuse - public safety, national security - to bore deep into your privacy.
Due to our 20,000,000 to 1 chance of being killed by a terrorist, the government states that it can do anything at all - it can militarize the police, listen to all your communications, it can even become an authoritarian state. The goal of power is to create an acquiescence for their control based on their alternative reality, fear-based programming and under a pretext of safety.
Hands off our computers. It is the government hacking - into Iraq, into Afghanistan, into your home, into your life, that open us to real vulnerabilities. It's no different with bioweapons, nuclear weapons, or with NSA hacking code - the government makes it because they're above the law, but criminals steal it and use it. Or consider guns: no guns, no gun killing.
Governments invariably make themselves opaque to their citizens for whom they supposedly exist, but they use any overwrought excuse - public safety, national security - to bore deep into your privacy.
Due to our 20,000,000 to 1 chance of being killed by a terrorist, the government states that it can do anything at all - it can militarize the police, listen to all your communications, it can even become an authoritarian state. The goal of power is to create an acquiescence for their control based on their alternative reality, fear-based programming and under a pretext of safety.
Hands off our computers. It is the government hacking - into Iraq, into Afghanistan, into your home, into your life, that open us to real vulnerabilities. It's no different with bioweapons, nuclear weapons, or with NSA hacking code - the government makes it because they're above the law, but criminals steal it and use it. Or consider guns: no guns, no gun killing.
Were a President to order an attack on these folks and the robocallers the din from the celebration would be heard in the farthest reaches of the galaxy.
61
The FBI has a capable department dedicated to the investigation of cybercrimes.
Were its budget not under constant attack by small-government advocates, and its director fired by the man who appointed him for doing his job, the galaxy would already be ringing with the din of your celebration.
Were its budget not under constant attack by small-government advocates, and its director fired by the man who appointed him for doing his job, the galaxy would already be ringing with the din of your celebration.
14
How would you locate them? I think if it was that easy, then at lest in some cases there would be mass arrests.
"The FBI has a capable department dedicated to the investigation of cybercrimes.
Were its budget not under constant attack by small-government advocates, and its director fired by the man who appointed him for doing his job, the galaxy would already be ringing with the din of your celebration."
This.
Were its budget not under constant attack by small-government advocates, and its director fired by the man who appointed him for doing his job, the galaxy would already be ringing with the din of your celebration."
This.
Ultimately, this attack is due to a vulnerability in the Windows Operating System, only one of many. It's unreasonable to expect Microsoft's customers to implement all of its software patches because some break critical software or because some organizations are not security conscientious. As long as there are well known vulnerabilities plus sample code from the NSA or CIA, there are going to be widespread cyber attacks. If software companies had financial liability, these vulnerabilities would disappear a lot faster.
130
Yes, make all companies that collect our data liable for hacking. Then they'd have to think twice about whether to collect it in the first place. Right now, there's no downside to data collection, and even a hazy potential upside means they do it by default.
17
Stop blaming the software companies. They could and should do more to help prevent these kinds of attacks but failing to implement patches is lazy, stupid and negligent.
Malware scans are free and ought to be on everyone's computer and used regularly.
And learn to recognize spam and phishing scams and stop clicking on them.
Malware scans are free and ought to be on everyone's computer and used regularly.
And learn to recognize spam and phishing scams and stop clicking on them.
Here we are talking of a very well know security issue. Microsoft released a patch for any supported OS long time ago. The problem is the laziness and ignorance of users and organizations that keep up and running OS without the current security patch or worst running outdated one like WindowsXP (year 2001)
2