Interview
Hacker attacks: "Governments and agencies make a mess, hackers clean it up"
For both the WannaCry and Petya case the cyber attack happened because of a vulnerability in Windows that the NSA used as a surveillance medium before losing control of it
In recent years, hackers have become both political and media subjects. “Every time there is a cyber attack, they blame hackers,” said Emmanuel Goldstein, hacker and journalist based in New York, founder of the magazine and the group “2600”, during his weekly radio show, Off the Hook, “like with Trump’s election. Actually the governments make the mess, hackers are the ones that take away the trouble.”
How do hackers “solve problems”?
“The hackers are the ones who not only find vulnerabilities, but who
figure out how to fix them, and how to beat the exploits. – explains Rob Vincent, part of 2600 group – For example when the original WannaCry attack happened, a hacker researching the problem discovered that the WannaCry malware tried to connect to a nonexistent domain. The domain turned out to be a “kill switch” in WannaCry placed there by its programmer; when the hacker registered the domain, WannaCry malware all over the world connected to it and then shut itself down.”
Vulnerabilities in Microsoft have been used by the National Security Agency to infiltrate Swift network and, last April, made public by the mysterious Shadow Brokers group: what part does the NSA have in these scandals?
“That agency as well as the surveillance state in general, has a lot to answer for in the current state of affairs by virtue of how they direct the public discourse and push their agenda of further invading the lives of innocent people without cause in the name of keeping us safe” – says Vincent.
“Consider the recent attacks using ransomware called WannaCry and Petya.
The attack happened because there was a years-old vulnerability in
Windows (called “EternalBlue”) that the NSA built themselves a surveillance tool to exploit, but they lost control of that tool when it was leaked online by a group called the Shadow Brokers. The NSA did responsibly disclose the vulnerability to Microsoft after they learned the tool had been stolen, but before it’d been leaked; however, the fact that they’d apparently discovered that vulnerability and then held onto it for their own use for five years rather than informing Microsoft or the security community about it meant that the vulnerability was there not only for them to exploit, but for anyone else who happened to discover it.
WannaCry and Petya both spread via the EternalBlue vulnerability after it was known thanks to the leaks, but any number of other pieces of EternalBlue-based malware created and used by anyone for any purpose might have been spreading around out there for all those previous years that the exploit remained unfixed.
It’s a standard piece of wisdom in the security community that if you
discover some weakness in a system, you assume that someone else either
has or will discover the same weakness. You never assume you are the only one with a big enough brain or the good enough luck to find something which exists in millions of computers all over the world!
That means the priority, for the good of all, is to responsibly disclose
the weakness you find to those who are able to address and fix it. If
you just keep the knowledge of that weakness to yourself for your own
ends, as the NSA and similar agencies do routinely, you are merely ensuring that the situation stays dangerous for all.”
On the last attack with the Petja malware, both the New York Times and 2600 have agreed that the reason of this hacking is probably not a financial one..
The malware which became widespread was disguised as a new variant of the Petya ransomware, which would assume a financial component; with the normal ransomware the victim finds their data encrypted, they pay the ransom, and they get the key to decrypt their data in return.
When the new malware was further examined that was found to not be the case; this software gives the victims the standard Petya-style ransomware instruction to send Bitcoin to a particular address, but instead of encrypting anything the malware just destroyed the victim’s data. Why someone would do this is unknown, but it means that no matter how much money the operators of this new malware (which researchers are now calling “NotPetya” to distinguish it) receives from the victims there is no way to get the victims their data
back.
What can we “regular people ” do to fix the problem?
“Follow best security practices” – suggests Vincent. “On the technical side you can keep your computers and devices’ software updated to the latest version, use well-known firewall and antivirus solutions, and avoid downloading and running anything you don’t have reason to trust. Also, take frequent backups of any files you don’t want to lose forever; keep them on separate drives you don’t always have hooked up to your own computer, like a USB-based drive you can unplug or removable media you can write data to and then file away in a safe place.
More importantly, on the non-technical human side, simply be careful with how readily you accept anything you don’t fully understand. Be aware of social engineering attacks, where people will try to trick you into giving them private information they can exploit. Be conscious of how much of your private and valuable data about yourself you routinely give away on social media or allow various apps and services to access, and whether it’s truly worth it.”
Originally published at https://ilmanifesto.it/attacchi-informatici-governi-e-agenzie-combinano-i-pasticci-gli-hacker-li-risolvono/ on 2017-07-05