28 May 2017


In the aftermath of the ‘success; of the cyber worm, WannaCry, the Financial Times is reporting this afternoon, May 15, 2017, that “criminal hacking groups have re-purposed a second, stolen, classified U.S. cyber weapon; and, have made it available [for sale] on the Dark Web.” 

According to BREAKING NEWSs this afternoon, the New York Times is reporting that the WannaCry hack appears to have originated in North Korea — more to follow later.

Financial Times reporters, Sam Jones in London and Max Seddon in Moscow, write “the hacking tool, developed by the U.S. National Security Agency (NSA) and code-named, EsteemAudit, has been adapted and available for criminal use,” according to cyber security experts whom the Financial Times spoke to. “As with the NSA’s Eternal Blue — the tool on which the WannaCry hack was based — EsteemAudit exploits a vulnerability in older versions of Microsoft’s Windows software, in the way in which networked machines communicate with each other,” Mr. Jones and Mr. Seddon wrote.

“At least a dozen other NSA [hacking] tools are currently being discussed and worked on, as the basis of potential cyber weapons on hacking forums on the Dark Web, parts of the Internet not accessible via normal search engines,” Mr. Jones and Mr. Seddon warned.

Who Is The Likely Culprit Behind The WannaCry Hack?

“Six analysts and intelligence officials ,” who spoke to the Financial Times, told the publication that “they were beginning to piece together the origins of the WannaCry attack, although the perpetrators are still unknown. Mr. Jones and Mr Seddon add that “three main sources,” [suspects]: The U.S. National Security Agency, which developed a number of digital espionage capabilities; a second cluster of unidentified hackers who are working to “weaponize” those tools following their leaking online; and, a third group — WannaCry’s operators — who added the ransomware that demads a fee for unlocking infected computers.”

“We believe they [WannaCry’s operatorrs] are amateurs,” said Catalin Cosi, Chief Security Strategist at the cyber security firm, BitFinder. “They saw an opportunity, and they took it.” Mr. Corsi told the Financial Times that “a number of groups were very active on the Dark Web, looking to turned leaked NSA tools in viable weapons.”

We have to be careful here of potential false flag operations, making it appear that a particular group, or country was the likely suspect, when it in reality is someone else who wanted to make it appear that North Korea was responsible. I have no trouble at all believing North Korea was responsible; but, this kind of false flag operation is not out of the question and is one reason why it is so difficult to definitively conclude who is responsible. Perhaps when we get to a point that we can tag data, like we do explosives, maybe we will be able to do so.

Uiwix, Yet Another Ransomware-Like WannaCry — Only More Dangerous

Jahanzaib Hassan, writing for/on the website, HackRead.com, (May 15, 2017), notes that a more sinister, destructive ransomware known as “Uiwix, has emerged, which is exploiting the vulnerabilities found in Windows SMB v1 and SMB v2,” this according to a recent report by HeimadlSecurity. Mr. Hassan warns that although “traces of WannaCry can be found in Uiwix,” this ransomware “cannot be stopped from spreading by registering a domain. The only way to contain the virus is to fix the vulnerability that appears to be present in Windows,” he notes. Uiwix has already affected 200,000 users in around 150 countries.”

There is somewhat of a silver lining with both WannaCry and now Uiwix — victims had difficulty paying the ransom because they found difficulty in trying to use Bitcoin as the medium for the transaction. As a consequence, most reporting indicates that while this episode has garnered a lot of public attention, worldwide, the cyber thieves reportedly have not made much money.

Former NATO Allied Supreme Commander, Warns “U.S. Is Not Ready For A Cyber Pearl Harbor”

Whether or not Uiwix morphs into a global problem or not, one has to assume that al Qaeda, the Islamic State, North Korea, Iran, etc. are paying attention to hold this cyber event unfolds, how countries react, how long it takes countries and institutions to know they have been digitally attacked/penetrated, and so on. Are we building to a Cyber Pearl Harbor? No one really knows of course; but, we should not deny that it could happen. More likely, in my opinion, is that a Black Swan-type cyber attack would not be used in isolation; but, in conjunction with a large-scale kinetic attack — like detonating a weapon of mass destruction (WMD), or some other terrorist weapon of choice. The thought would be to make us ‘deaf, dumb, and blind.’ Terrorists, other darker angels of our nature, likely think that a profound cyber attack would substantially hamper first responders and other state and federal officials from quickly and adequately addressing a conventional/kinetic event, and thus prolong the damage and from their perspective — kill more people.

Admiral James Stavridis, former NATO Supreme Allied Commander, Europe, and now the Dean of the Fletcher School of Law and Diplomacy at Tufts University, has an article in the May 15, 2017 edition of Foreign Affairs, whereby he warns that “the U.S. is not ready for a Cyber Pearl Harbor.” I believe that ADM (Ret.) Stavirdis would be the fist to admit that fear is not new. People have been warning about the potential for a Cyber Pearl Harbor for at least the past decade, if not longer. And, I do not believe that his recommendations about how to address this threat break any new ground.

We basically know what the problem is, and, that the chances of a large-scale, catastrophic cyber attack/event are increasing. We just haven’t decided that this threat is so profound and threatening, that we need to swing into action and have a Manhattan-style program/initiative to implement the measures needed to substantially diminish this threat. I am not saying that is right, or wrong, it is where we are. And, maybe that is okay. Only time will tell. In the meantime, the ransomware threat is likely to become more sinister, as those who are sick and twisted and hate the United States, think of new creative ways to damage America.

No comments: