recentpopularlog in

jerryking : cyberweapons   11

Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core
NOV. 12, 2017 | The New York Times | By SCOTT SHANE, NICOLE PERLROTH and DAVID E. SANGER.

“These leaks have been incredibly damaging to our intelligence and cyber capabilities,” said Leon E. Panetta, the former defense secretary and director of the Central Intelligence Agency. “The fundamental purpose of intelligence is to be able to effectively penetrate our adversaries in order to gather vital intelligence. By its very nature, that only works if secrecy is maintained and our codes are protected.”
adversaries  data_breaches  hacking  vulnerabilities  counterintelligence  counterespionage  moles  malware  ransomware  Fedex  Mondelez  Edward_Snowden  security_&_intelligence  Russia  Leon_Panetta  NSA  cyber_security  cyber_warfare  cyberweapons  tools  David_Sanger  SecDef  CIA 
november 2017 by jerryking
Hacks Raise Fear Over N.S.A.’s Hold on Cyberweapons - The New York Times
By NICOLE PERLROTH and DAVID E. SANGER JUNE 28, 2017

The Petya ransomware attack....was built on cyberweapons (i.e. hacking tools that exploited vulnerabilities in Microsoft software) stolen from the NSA in 2016 by Shadow Brokers and made public in April 2017. Now those weapons are being deployed against various U.S. partners include the United Kingdom and Ukraine.....there is growing concern that United States intelligence agencies have rushed to create digital weapons that they cannot keep safe from adversaries or disable once they fall into the wrong hands..... the government “employs a disciplined, high-level interagency decision-making process for disclosure of known vulnerabilities” in software, “unlike any other country in the world.”....Officials fret that the potential damage from the Shadow Brokers leaks could go much further, and the agency’s own weaponry could be used to destroy critical infrastructure in allied nations or in the United States.

“Whether it’s North Korea, Russia, China, Iran or ISIS, almost all of the flash points out there now involve a cyber element,” Leon E. Panetta, the former defense secretary and Central Intelligence Agency chief.....viruses can suddenly mutate into other areas you didn’t intend, more and more,” Mr. Panetta said. “That’s the threat we’re going to face in the near future.”..... ransomware that recently gained the most attention in the Ukraine attack is believed to have been a smoke screen for a deeper assault aimed at destroying victims’ computers entirely. .....Mr. Panetta was among the officials warning years ago of a “cyber Pearl Harbor” that could bring down the American power grid. But he and others never imagined that those same enemies might use the N.S.A.’s own cyberweapons.....rogue actors actors, like North Korea and segments of the Islamic State, who have access to N.S.A. tools who don’t care about economic and other ties between nation states,”.....So long as flaws in computer code exist to create openings for digital weapons and spy tools, security experts say, the N.S.A. is not likely to stop hoarding software vulnerabilities any time soon.
adversaries  CIA  computer_viruses  cyberattacks  cyberthreats  cyberweapons  David_Sanger  exploits  hackers  Leon_Panetta  malware  NSA  North_Korea  Pentagon  power_grid  ransomware  rogue_actors  security_&_intelligence  SecDef  vulnerabilities 
june 2017 by jerryking
U.S. Cyberweapons, Used Against Iran and North Korea, Are a Disappointment Against ISIS - The New York Times
By DAVID E. SANGER and ERIC SCHMITT JUNE 12, 2017.

In 2016, U.S. cyberwarriors began training their arsenal of cyberweapons on a more elusive target, internet use by the Islamic State. Thus far, the results have been a consistent disappointment......The effectiveness of the nation’s arsenal of cyberweapons hit its limits against an enemy that exploits the internet largely to recruit, spread propaganda and use encrypted communications, all of which can be quickly reconstituted after American “mission teams” freeze their computers or manipulate their data..... the U.S. is rethinking how cyberwarfare techniques, first designed for fixed targets like nuclear facilities, must be refashioned to fight terrorist groups that are becoming more adept at turning the web into a weapon......one of the rare successes against the Islamic State belongs at least in part to Israel, which was America’s partner in the attacks against Iran’s nuclear facilities. Top Israeli cyberoperators penetrated a small cell of extremist bombmakers in Syria months ago, the officials said. That was how the United States learned that the terrorist group was working to make explosives that fooled airport X-ray machines and other screening by looking exactly like batteries for laptop computers......ISIS' agenda and tactics make it a particularly tough foe for cyberwarfare. The jihadists use computers and social media not to develop or launch weapons systems but to recruit, raise money and coordinate future attacks.

Such activity is not tied to a single place, as Iran’s centrifuges were, and the militants can take advantage of remarkably advanced, low-cost encryption technologies. The Islamic State, officials said, has made tremendous use of Telegram, an encrypted messaging system developed largely in Germany......disruptions often require fighters to move to less secure communications, making them more vulnerable. Yet because the Islamic State fighters are so mobile, and their equipment relatively commonplace, reconstituting communications and putting material up on new servers are not difficult.
ISIS  NSA  security_&_intelligence  disappointment  Israel  encryption  disruption  London  London_Bridge  tools  cyber_security  cyberweapons  vulnerabilities  terrorism  Pentagon  U.S._Cyber_Command  campaigns  David_Sanger 
june 2017 by jerryking
Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool
MAY 12, 2017 | - The New York Times | By NICOLE PERLROTH and DAVID E. SANGER.

Hackers exploiting malicious software stolen from the National Security Agency executed damaging cyberattacks on Friday that hit dozens of countries worldwide, forcing Britain’s public health system to send patients away, freezing computers at Russia’s Interior Ministry and wreaking havoc on tens of thousands of computers elsewhere.....The attacks appeared to be the largest ransomware assault on record, but the scope of the damage was hard to measure. It was not clear if victims were paying the ransom, which began at about $300 to unlock individual computers, or even if those who did pay would regain access to their data.

Security experts described the attacks as the digital equivalent of a perfect storm. They began with a simple phishing email, similar to the one Russian hackers used in the attacks on the Democratic National Committee and other targets last year. They then quickly spread through victims’ systems using a hacking method that the N.S.A. is believed to have developed as part of its arsenal of cyberweapons. And finally they encrypted the computer systems of the victims, locking them out of critical data, including patient records in Britain.
tools  cyber_security  cyberweapons  cyberattacks  vulnerabilities  malware  Microsoft  ransomware  hackers  NSA  exploits  blackmail  David_Sanger 
may 2017 by jerryking
Software as Weaponry in a Computer-Connected World - The New York Times
JUNE 7, 2016 | NYT | By NICOLE PERLROTH.

On average, there are 15 to 50 defects per 1,000 lines of code in delivered software, according to Steve McConnell, the author of “Code Complete.” Today, most of the applications we rely on — Google Chrome, Microsoft, Firefox and Android — contain millions of lines of code. And the complexity of technology is increasing, and with it the potential for defects.

The motivation to find exploitable defects in widely used code has never been higher. Governments big and small are stockpiling vulnerabilities and exploits in hardware, software, applications, algorithms and even security defenses like firewalls and antivirus software.

They are using these holes to monitor their perceived enemies, and many governments are storing them for a rainy day, when they might just have to drop a payload that disrupts or degrades an adversary’s transportation, energy or financial system.

They are willing to pay anyone who can find and exploit these weaknesses top dollar to hand them over, and never speak a word to the companies whose programmers inadvertently wrote them into software in the first place.
adversaries  software  hackers  books  coding  vulnerabilities  exploits  software_bugs  bounties  black_markets  arms_race  cyber_warfare  cyber_security  Stuxnet  espionage  Iran  security_&_intelligence  malware  cyberweapons  weaponry  stockpiles  financial_system 
june 2016 by jerryking
U.S. Directs Cyberweapons at ISIS for First Time - The New York Times
APRIL 24, 2016 | NYT | By DAVID E. SANGER.

The United States has opened a new line of combat against the Islamic State, directing the military’s six-year-old Cyber Command for the first time to mount computer-network attacks that are now being used alongside more traditional weapons....The NSA, which specializes in electronic surveillance, has for years listened intensely to the militants of the Islamic State, and those reports are often part of the president’s daily intelligence briefing. But the N.S.A.’s military counterpart, Cyber Command, was focused largely on Russia, China, Iran and North Korea — where cyberattacks on the United States most frequently originate — and had run virtually no operations against what has become the most dangerous terrorist organization in the world...The goal of the new campaign is to disrupt the ability of the Islamic State to spread its message, attract new adherents, circulate orders from commanders and carry out day-to-day functions, like paying its fighters....The N.S.A. has spent years penetrating foreign networks — the Chinese military, Russian submarine communications, Internet traffic and other targets — placing thousands of “implants” in those networks to allow it to listen in.

But those implants can be used to manipulate data or to shut a network down. That frequently leads to a battle between the N.S.A. civilians — who know that to make use of an implant is to blow its cover — and the military operators who want to strike back. N.S.A. officials complained that once the implants were used to attack, the Islamic State militants would stop the use of a communications channel and perhaps start one that was harder to find, penetrate or de-encrypt.
ISIS  cyber_warfare  NSA  security_&_intelligence  terrorism  cyberweapons  exploits  hackers  software_bugs  vulnerabilities  Pentagon  U.S._Cyber_Command  campaigns  David_Sanger 
april 2016 by jerryking
An Elizabethan Cyberwar - NYTimes.com
May 31, 2013 | NYT | By JORDAN CHANDLER HIRSCH and SAM ADELSBERG.

Instead of trying to beat back the New World instability of the Internet with an old playbook, American officials should embrace it. With the conflict placed in its proper perspective, policy makers could ratchet down the rhetoric and experiment with a new range of responses that go beyond condemnation but stop short of all-out cyberwar — giving them the room to maneuver without approaching cyberconflict as a path to Defcon 1.

In these legally uncharted waters, only Elizabethan guile, not cold war brinkmanship, will steer Washington through the storm.
cunning  cyber_warfare  China  China_rising  U.S.  security_&_intelligence  guile  lessons_learned  contextual  Elizabethan  cyber_security  instability  resilience  perspectives  tools  frenemies  espionage  risk-mitigation  policy_tools  cyberweapons  U.S.-China_relations  policymakers  policymaking  playbooks 
june 2013 by jerryking

Copy this bookmark:





to read