Current Cybercrime Threats Originate In Espionage

Uploaded on 2017-05-31 in TECHNOLOGY--Hackers, NEWS-News Analysis, INTELLIGENCE--USA, INTELLIGENCE--International, FREE TO VIEW

The recent ransomware attack that brought down MRI scanners in the UK, railroad ticket machines in Germany, interior ministry computers in Russia and parts of the FedEx network in the US is bound to cause a backlash against spy agencies' cyber warfare capabilities. 

It shows that services such as the US National Security Agency hoard weapons that, by their very nature, target civilian infrastructure.

The WannaCry attack wasn't a big-time nation-state operation, though it's likely that it may have originated in Russia. Last year 75 percent of crypto ransomware, malware that encrypts files on the target machine to force its owner to pay a ransom in exchange for their decryption--originated from the Russian-speaking hacker underworld. 

The largest number of WannaCry attacks occurred in Russia and Ukraine. The hackers weren't playing some political interference game: They were after money, in bitcoin. Researchers who tracked the bitcoin addresses hardwired into the malware found that tens of thousands of dollars had been paid before the spread of the virus was halted by a cybersecurity expert who accidentally found a flaw in WannaCry.

That flaw, apparently the result of the hackers' rather clumsy attempt to prevent their malware from being analysed, shows the attack wasn't highly sophisticated. Its main element was developed by the NSA, not the hackers, a vulnerability code-named Eternalblue, which allowed the agency to commandeer old pre-Windows 10 versions of the Microsoft operating system. 

The NSA code was released in April by a hacking group calling itself Shadow Brokers, which had apparently failed to find a buyer for a large trove of NSA cyber-weapons.

After the recent leaks of hacking tools from the NSA and the Central Intelligence Agency, cyber espionage critics, including NSA whistle-blower Edward Snowden and WikiLeaks founder Julian Assange, have criticised the agencies for hoarding vulnerabilities for their own use instead of flagging them to companies like Microsoft in the interest of public safety. Following the WannaCry attack, one of the biggest in history, Microsoft itself has joined the ranks of the critics. In a strongly worded blog post, Brad Smith, the company's president and chief legal officer, wrote:
"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today--nation-state action and organized criminal action."

Microsoft and its peers shouldn't count on the NSA to hand over information about vulnerabilities; spies will be spies. Given the current regulatory environment, it's the responsibility of these companies themselves, with their enormous financial resources, to track down these gaps in the security of their products, paying to acquire information if necessary. Smith, however, is right when he calls for a Digital Geneva Convention that would protect civilians against nation-states' cyber wars, just as the Fourth Geneva Convention defends civilians in time of conventional war.

How the NSA planned to use Eternalblue in the first place is a good question. The fact that it only works against old Windows systems shows that it is specifically directed against civilian infrastructure such as public sector networks that are often administered cheaply by overworked, less qualified information technology professionals on obsolete hardware with software that won't run on Windows 10. The newest version of the Microsoft operating system now holds 26 percent of the global market. The share of Windows 7, released in 2009, is 48.5 percent, and 7 percent of the world's Internet-connected computers still use 16-year-old Windows XP. 

No matter how Microsoft pushes the newest system to customers (the upgrades are free), some systems stick with the old versions because they can't afford the switching effort in terms of the time required and the old hardware's insufficiency. Expensive MRI machines used by the British National Health Service are a good example; medical equipment everywhere is likely to run antiquated systems, and it's exposed to attacks delivered through the Internet.

The Russian interior ministry's computers affected by the WannaCry virus aren't military-use machines; they're old computers in police stations and service centers, the ones that are always the last to get an upgrade. For the German railroads, too, switching all the ticket terminals to Windows 10 is not exactly a priority.

It's easy to say everyone should be vigilant, install every patch released and preferably never miss an operating system update. Certainly many institutions and companies under-invest in this area. These civilian systems, however, will always lag behind, and that's why the NSA thinks old Windows vulnerabilities are worth hoarding.

It's tempting for an intelligence service to find ways to shut down an adversary's power grid or hospital system or to hack traffic lights in a big city to cause chaos. But that's as unethical as shooting or torturing the civilians in war. It should be illegal to develop such weapons, just as it is to produce nerve gas for military uses. Intelligence agencies should be legally required to give up any cyber weapons that don't specifically target the military capabilities of adversary states.

It would be naive to believe that would rule out the use of such cyber weapons. But it will improve intelligence services' accountability and, at the very least, force them to take better care of any dark stuff that comes into their hands.

As it is, if they have a piece of malware, it's highly likely that even small-time criminals will have it too.

NWAOnline

You Might Also Read: 

Government Sponsored Cyber-insecurity Is A Gift For Hackers:

WikiLeaks Has Published The CIA’s Secrets For Infecting Windows:

The CIA Has Lost Control Of Its Cyber Weapon Documents:

 

« Mathematical Analysis Suggests Marlowe And Shakespeare Co-Wrote
EU’s New Data Rules Are 1 Year Away »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ISACA

ISACA

ISACA is a global professional association and learning organization for members who work in information security, governance, assurance, rissk and privacy.

Continuum

Continuum

Continuum is the IT management platform company that allows Managed IT Services Providers to maintain and back up on-premise and cloud-based servers, desktops, mobile devices and other endpoints

maCERT

maCERT

maCERT is the national Computer Emergency Response Team for Morocco.

Wind River

Wind River

Wind River delivers the technology and expertise that enables the deployment of safe, secure, and reliable intelligent connected systems.

Silicon:SAFE

Silicon:SAFE

Silicon:SAFE develops impenetrable hardware solutions that prevent bulk data theft during a cyber-attack.

LEPL Cyber ​​Security Bureau - Georgia

LEPL Cyber ​​Security Bureau - Georgia

The aim of the LEPL Cyber Security Bureau is to create and strengthen stable, efficient and secure systems of information and communications technologies.

Sera-Brynn

Sera-Brynn

Sera-Brynn is one of the highest-ranked, pure-play cybersecurity compliance and advisory firms in the world.

Pipeline Security

Pipeline Security

Pipeline Security protects businesses with real-time threat data, threat detection & prevention, continuous cyber security monitoring and security analytics.

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

Department of Justice - Computer Crime and Intellectual Property Section (CCIPS)

The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing the Department's national strategies in combating computer and intellectual property crimes worldwide.

AdaCore

AdaCore

AdaCore is focused on helping developers build safe, secure and reliable software.

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance is a nonprofit, nonpartisan collaboration of individuals, businesses, government entities, and professionals advocating for more effective cyber security solutions.

Information Services Group (ISG)

Information Services Group (ISG)

As a leading global research and advisory firm, ISG partners with our clients to determine a future vision, lead rapid change and realize the value of your digital investments at scale.

Normalyze

Normalyze

Normalyze are solving some of the most painful problems enterprise IT security teams face in the cloud and data security space. We help enterprises protect all the data they run in the cloud.

VISO Cyber Security

VISO Cyber Security

VISO provide Cyber Security Consulting and CISO as a Service to companies who need to augment their leadership teams with information security expertise.

WillJam Ventures

WillJam Ventures

WillJam Ventures are a private equity firm focused on investing in world-class cybersecurity companies that will become the next generation of leaders in protecting the world’s digital assets.

Omdia

Omdia

Omdia is a technology research and advisory group. Our deep knowledge of tech markets combined with our actionable insights empower organizations to make smart growth decisions.