recentpopularlog in

jerryking : exploits   9

Hacks Raise Fear Over N.S.A.’s Hold on Cyberweapons - The New York Times
By NICOLE PERLROTH and DAVID E. SANGER JUNE 28, 2017

The Petya ransomware attack....was built on cyberweapons (i.e. hacking tools that exploited vulnerabilities in Microsoft software) stolen from the NSA in 2016 by Shadow Brokers and made public in April 2017. Now those weapons are being deployed against various U.S. partners include the United Kingdom and Ukraine.....there is growing concern that United States intelligence agencies have rushed to create digital weapons that they cannot keep safe from adversaries or disable once they fall into the wrong hands..... the government “employs a disciplined, high-level interagency decision-making process for disclosure of known vulnerabilities” in software, “unlike any other country in the world.”....Officials fret that the potential damage from the Shadow Brokers leaks could go much further, and the agency’s own weaponry could be used to destroy critical infrastructure in allied nations or in the United States.

“Whether it’s North Korea, Russia, China, Iran or ISIS, almost all of the flash points out there now involve a cyber element,” Leon E. Panetta, the former defense secretary and Central Intelligence Agency chief.....viruses can suddenly mutate into other areas you didn’t intend, more and more,” Mr. Panetta said. “That’s the threat we’re going to face in the near future.”..... ransomware that recently gained the most attention in the Ukraine attack is believed to have been a smoke screen for a deeper assault aimed at destroying victims’ computers entirely. .....Mr. Panetta was among the officials warning years ago of a “cyber Pearl Harbor” that could bring down the American power grid. But he and others never imagined that those same enemies might use the N.S.A.’s own cyberweapons.....rogue actors actors, like North Korea and segments of the Islamic State, who have access to N.S.A. tools who don’t care about economic and other ties between nation states,”.....So long as flaws in computer code exist to create openings for digital weapons and spy tools, security experts say, the N.S.A. is not likely to stop hoarding software vulnerabilities any time soon.
adversaries  CIA  computer_viruses  cyberattacks  cyberthreats  cyberweapons  David_Sanger  exploits  hackers  Leon_Panetta  malware  NSA  North_Korea  Pentagon  power_grid  ransomware  rogue_actors  security_&_intelligence  SecDef  vulnerabilities 
june 2017 by jerryking
Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool
MAY 12, 2017 | - The New York Times | By NICOLE PERLROTH and DAVID E. SANGER.

Hackers exploiting malicious software stolen from the National Security Agency executed damaging cyberattacks on Friday that hit dozens of countries worldwide, forcing Britain’s public health system to send patients away, freezing computers at Russia’s Interior Ministry and wreaking havoc on tens of thousands of computers elsewhere.....The attacks appeared to be the largest ransomware assault on record, but the scope of the damage was hard to measure. It was not clear if victims were paying the ransom, which began at about $300 to unlock individual computers, or even if those who did pay would regain access to their data.

Security experts described the attacks as the digital equivalent of a perfect storm. They began with a simple phishing email, similar to the one Russian hackers used in the attacks on the Democratic National Committee and other targets last year. They then quickly spread through victims’ systems using a hacking method that the N.S.A. is believed to have developed as part of its arsenal of cyberweapons. And finally they encrypted the computer systems of the victims, locking them out of critical data, including patient records in Britain.
tools  cyber_security  cyberweapons  cyberattacks  vulnerabilities  malware  Microsoft  ransomware  hackers  NSA  exploits  blackmail  David_Sanger 
may 2017 by jerryking
Software as Weaponry in a Computer-Connected World - The New York Times
JUNE 7, 2016 | NYT | By NICOLE PERLROTH.

On average, there are 15 to 50 defects per 1,000 lines of code in delivered software, according to Steve McConnell, the author of “Code Complete.” Today, most of the applications we rely on — Google Chrome, Microsoft, Firefox and Android — contain millions of lines of code. And the complexity of technology is increasing, and with it the potential for defects.

The motivation to find exploitable defects in widely used code has never been higher. Governments big and small are stockpiling vulnerabilities and exploits in hardware, software, applications, algorithms and even security defenses like firewalls and antivirus software.

They are using these holes to monitor their perceived enemies, and many governments are storing them for a rainy day, when they might just have to drop a payload that disrupts or degrades an adversary’s transportation, energy or financial system.

They are willing to pay anyone who can find and exploit these weaknesses top dollar to hand them over, and never speak a word to the companies whose programmers inadvertently wrote them into software in the first place.
adversaries  software  hackers  books  coding  vulnerabilities  exploits  software_bugs  bounties  black_markets  arms_race  cyber_warfare  cyber_security  Stuxnet  espionage  Iran  security_&_intelligence  malware  cyberweapons  weaponry  stockpiles  financial_system 
june 2016 by jerryking
U.S. Directs Cyberweapons at ISIS for First Time - The New York Times
APRIL 24, 2016 | NYT | By DAVID E. SANGER.

The United States has opened a new line of combat against the Islamic State, directing the military’s six-year-old Cyber Command for the first time to mount computer-network attacks that are now being used alongside more traditional weapons....The NSA, which specializes in electronic surveillance, has for years listened intensely to the militants of the Islamic State, and those reports are often part of the president’s daily intelligence briefing. But the N.S.A.’s military counterpart, Cyber Command, was focused largely on Russia, China, Iran and North Korea — where cyberattacks on the United States most frequently originate — and had run virtually no operations against what has become the most dangerous terrorist organization in the world...The goal of the new campaign is to disrupt the ability of the Islamic State to spread its message, attract new adherents, circulate orders from commanders and carry out day-to-day functions, like paying its fighters....The N.S.A. has spent years penetrating foreign networks — the Chinese military, Russian submarine communications, Internet traffic and other targets — placing thousands of “implants” in those networks to allow it to listen in.

But those implants can be used to manipulate data or to shut a network down. That frequently leads to a battle between the N.S.A. civilians — who know that to make use of an implant is to blow its cover — and the military operators who want to strike back. N.S.A. officials complained that once the implants were used to attack, the Islamic State militants would stop the use of a communications channel and perhaps start one that was harder to find, penetrate or de-encrypt.
ISIS  cyber_warfare  NSA  security_&_intelligence  terrorism  cyberweapons  exploits  hackers  software_bugs  vulnerabilities  Pentagon  U.S._Cyber_Command  campaigns  David_Sanger 
april 2016 by jerryking
F.B.I. Director Suggests Bill for iPhone Hacking Topped $1.3 Million - The New York Times
APRIL 21, 2016 | NYT | By ERIC LICHTBLAU and KATIE BENNER

The F.B.I. declined to confirm or deny Thursday whether the bureau had in fact paid at least $1.3 million for the hacking, and it declined to elaborate on Mr. Comey’s suggestive remarks.

But that price tag, if confirmed, appears in line with what other companies have offered for identifying iOS vulnerabilities.

Zerodium, a security firm in Washington that collects and then sells such bugs, said last fall that it would pay $1 million for weaknesses in Apple’s iOS 9 operating system. Hackers eventually claimed that bounty. The iPhone used by the San Bernardino gunman ran iOS 9.

“A number of factors go into pricing these bounties,” said Alex Rice, the co-founder of the security start-up HackerOne CTO, who also started Facebook’s bug bounty program. Mr. Rice said that the highest premiums were paid when the buyer didn’t intend to disclose the flaw to a party that could fix it.
bounties  FBI  hacking  encryption  James_Comey  iPhone  cyber_security  Apple  hackers  software_bugs  vulnerabilities  cryptography  exploits 
april 2016 by jerryking
Apple Policy on Bugs May Explain Why Hackers Would Help F.B.I. - The New York Times
MARCH 22, 2016 | NYT | By NICOLE PERLROTH and KATIE BENNER.

As Apple’s desktops and mobile phones have gained more market share, and as customers began to entrust more and more of their personal data to their iPhones, Apple products have become far more valuable marks for criminals and spies.....Exploits in Apple’s code have become increasingly coveted over time, especially as its mobile devices have become ubiquitous, with an underground ecosystem of brokers and contractors willing to pay top dollar for them (flaws in Apple’s mobile devices can typically fetch $1 million.)....Unlike firms like Google, Microsoft, Facebook, Twitter, Mozilla, Uber and other tech companies which all pay outside hackers, via bug bounty programs, to turn over bugs in their products and systems, Apple doesn't do this. So it's not surprising that a third party approached the F.B.I. with claims of being able to unlock an iPhone--and not Apple.
black_markets  exploits  arms_race  FBI  bounties  cyber_security  Apple  hackers  software_bugs  vulnerabilities  cryptography  encryption 
march 2016 by jerryking
Cyber-warfare: Turning worm
Dec 13th 2014 || The Economist |

Timekeeper
Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. By Kim Zetter. Crown; 433 pages; $25 and £20
computer_viruses  cyber_warfare  Stuxnet  security_&_intelligence  books  malware  software  coding  exploits 
december 2014 by jerryking
‘The Director,’ by David Ignatius, a Novel About the C.I.A.
June 3, 2014 | NYTimes.com |By MICHIKO KAKUTANI.

Mr. Ignatius writes that “The Director” is “ultimately about American intelligence in the age of WikiLeaks, and whether it can adapt to a more open digital world and still do the hard work of espionage.” And the novel does provide a harrowing sense of the vulnerability of governments and ordinary people alike to cybercrime, surveillance and digital warfare in this day when almost anything and everything can be stolen or destroyed with some malicious pieces of code and a couple clicks of a mouse.....giving an intimate sense of American intelligence operations in a post-Sept. 11 world, and puts them in historical perspective with operations from the World War II and Cold War eras. He also provides a detailed, energetically researched account of how hackers inside and outside the government operate: how malware and back doors and worms actually work, how easily security and privacy shields can be breached, how relatively defenseless many financial networks are.
back_doors  books  book_reviews  CIA  cyber_security  cyber_warfare  David_Ignatius  espionage  exploits  fiction  hackers  hard_work  malware  security_&_intelligence  software_bugs  vulnerabilities  WikiLeaks 
june 2014 by jerryking

Copy this bookmark:





to read