| Developers: | National Security Agency (NSA) of the USA |
Content |
2019: Use of the EternalBlue tool for cracking of IT systems of state institutions of Baltimore
In May, 2019 hackers attacked computer systems of state bodies of the American city of Baltimore (State of Maryland). As a result of cyberattack all departmental systems, including e-mail and payment systems of the parking, taxes, housing and public utilities, etc. Read more here failed.
2017
New versions of Windows taught to crack an exploit of the NSA EternalSynergy
In July, 2017 it became known that a certain expert in security Worawit Wang improved an exploit of the NSA EternalSynergy so that it began to work for later, than earlier, versions of Windows - to Windows 8 inclusive. This exploit still does not function under Windows 10 owing to architectural features of this system.
This malware - one of those which were created by the Equation grouping connected with the U.S. National Security Agency. Its tools were stolen in 2016, and since then a certain Shadow Brokers grouping tries to sell them or distributes for nothing. It already had extremely negative effects: for example, the encoder of WannaCry used just one of these exploits - EternalBlue - for the distribution. It as a result poured out in large-scale epidemic worldwide.
Besides, the EternalBlue and EternalRomance exploits (one more program from the NSA), were used by creators of the encoder of NotPetya who also managed to cause significant damage.
EternalSynergy, in turn, is one of seven exploits used by the multifunction EternalRocks worm.
Both EternalBlue, and EternalSynergy use vulnerabilities in SMBv1 protocol (Server Message Block) in Windows. In particular, vulnerability of EternalSynergy appears under[1].
The "updated" version of an exploit executed by Van uses the same vulnerability, but applies a bit different method of operation so the probability of "fall" of the program or all system in general "tends to zero", the developer claims. Wang published the code with explanations here.
The EternalBlue exploit was much less reliable in this respect: on Windows XP it "fell" therefore the most part of infections fell on Windows 7[2]
Tests confirmed that the exploit works at the next versions of Windows:
- Windows 2016 x64
- Windows 2012 R2 x64
- Windows 8.1 x64
- Windows 2008 R2 SP1 x64
- Windows 7 SP1 x64
- Windows 8.1 x86
- Windows 7 SP1 x86
Vulnerability of CVE-2017-0143 is present at three quarters of all PCs based on different versions of Windows. On the website of Microsoft among vulnerable also all versions of Windows 10 to index 1607 inclusive are specified. The security updates fixing a problem were released even in the spring of 2017[3].
The publication of the "updated" exploit is, actually an alarm for system administrators and users, - Ksenia Shilak, the sales director of SEC Consult company considers. - Updates came out long ago, and they should be set as soon as possible, otherwise the high risk of epidemics like WannaCry or NotPetya will remain.
It should be noted, however, that EternalBlue already managed to adapt for Windows 10 so fast emergence of new versions and all other exploits is not excluded.
Tools of the NSA for cracking of Windows are offered for sale
In January, 2017 it became known that the hacker ShadowBrokers grouping offered for sale a set of exploits for Windows and circumventors of antivirus protection which was used by the cyberespionage Equation Group grouping which is presumably connected with intelligence agencies of the USA.[4]
In 2016 Shadow Brokers published the first set of the malware Equation in open access, and put the second up for sale. Now the third set under the name Equation Group Windows Warez is offered for sale. In addition to exploits and network "implants", it includes error detectors security of software and means of remote administration. At least one of them — DanderSpritz — was mentioned in the documents published by Edward Snowden. For all archive hackers ask 750 bitcoins (more than $600 thousand).
The first message about Equation Group belongs to February, 2015: Kaspersky Lab then called grouping by "Death star" and "the strongest at the moment the player in the world of cyber espionage". Experts of Laboratory carried out the analysis of a number of the Trojan programs used Equation, having noted that, most likely, their most part remains still unknown.[5]
In 2016 Shadow Brokers, earlier to nobody unknown hacker grouping, exposed on peculiar biddings a set of the malware which, according to sellers, was stolen at Equation. Shadow Brokers laid out two enrollments in Network: one was distributed free of charge, and the second was put up for sale. "Auction" differed in a big originality: potential buyers were offered to send bitcoins on the specified purse, and the one who will offer the greatest amount had to receive goods. At the same time nobody was going to return money to the rest. Shadow Brokers also promised that if gain one million bitcoins, then will publish all Equation arsenal which is available for them absolutely free of charge.
After Shadow Brokers complained that nobody wanted to buy the Equation tools on such conditions: sent them less than 2 bitcoins. In December, 2016 the group announced start of a crowdfunding campaign with the purpose to collect 10 thousand bitcoins (about $6.4 million) that then to publish the password to archive with the Equation malwares. Afterwards hackers began to sell the stolen tools by the piece.
It should be noted that third-party experts, having analyzed keeping of the first — free — a set of software published by Shadow Brokers agreed that it is really the Equation tools, and is more specific — exploits for products of Cisco, Fortigate, Juniper, TOPSEC and Watchguard. The newest exploit was dated 2013, the others — and that are more senior.
Experts guess who such Shadow Brokers. All messages of representatives of this grouping are written in expressly broken English and differ in elaborate emotionality. About origin of Shadow Brokers there are two theories. The first assumes that it is the hackers who are acting for the benefit of Russia and probably the USA, involved in cracking of e-mail of Democratic party. Edward Snowden on twitter specifies in a series of publications that "leakage" of the Equation tools is "warning that someone can prove participation of the USA in the attacks", made from the specific server which, according to Snowden, is used by the NSA for distribution of the malware.[6]
 | All leak looks as if someone sends a signal: games in attribution will have substantial effects — Snowden wrote. |  |
Other theory says that leakage of the Equation tools was organized for some reason by the insider from the NSA.
2016
Hackers stole the Equation Group tools, connected with the NSA
As stated in the statement[7] (still this group was not widely known), to hackers was succeeded to crack creators of known computer "worm" of Stuxnet using whom computers of nuclear objects in Iran were infected. Stuxnet call the cyber weapon created at a fate of the U.S. Government, and the hacker Equation Group group is considered his authors.
The Russian experts in security of Kaspersky Labs told about existence of this group in 2015. According to them, Equation Group controlled creation of "worms" of Stuxnet and Flame and also is involved in not less than 500 cracking in 42 countries of the world. Government institutions were objects of cracking of Equation Group often. There is an opinion that this hacker group is directly connected with the NSA and acts for the benefit of U.S. authorities[8]
Hackers have proofs — and they are convincing. In the statement for cracking of Equation Group references to the source code of a part of the stolen tools are given. According to The New York Times[9], generally a computer security specialists consider that the speech really goes about tools of the NSA — at least, the programs which are laid out by hackers remind about what it was told in the materials of the NSA published using Snowden. The researchers of Kaspersky Lab who originally revealed Equation Group studied the proofs published by hackers and came to a conclusion: Shadow Brokes with high probability really cracked the group close to the NSA.
Suspected the Russian trace of cracking of the NSA. This version became popular including because of broken English in which the declaration of sale of hacker tools is written. The Motherboard edition, for example, writes[10]that "the enemy of times of Cold War plays an old game, this time does it publicly". The experts polled by Motherboard incline to the version that cracking could be performed by either Russia, or China. Speaks well for the version about "the Russian trace" as well the fact that files were published on Russian "Yandex.Disk". According to Edward Snowden, can point demonstrativeness of an act which looks as warning for the USA to communication of hackers with Russia. The subject of the Russian hackers is extremely popular in America now: they are accused of transfer of WikiLeaks of correspondence of the management of Democratic party and of a game on a hand to Donald Trump.
The cyber weapon will be given the one who will pay more. Hackers from Shadow Brokers organized some kind of auction: they promise to give a key from the ciphered archive with tools of the NSA (anyone can download archive) to the one who will transfer the greatest number of bitcoins to their purse. At the same time nobody is going to return money to the lost participants of an auction and how many the auction will last, remains at the discretion of hackers. Any guarantee that hackers in general are going to transfer a key from archive, no. If suddenly hackers are given in total more than one million bitcoins (more than half a billion dollars), then they will lay out one more part of information stolen from the NSA in open access — according to their statements, it is not less qualitative, than that which is offered at an auction.
Hackers of the NSA published the manifesto against "rich elite". The declaration of sale of a cyber weapon comes to the end with the address to certain "rich elite" which sets laws for protection of and friends, and destroy life of other people. This elite is on friendly terms with the authorities, breaks laws — all know of it, but no measures are taken. Reporters, said in the manifesto, can luxuriate, only once having well written about "elite" and having convinced "stupid herd" that everything is normal. And then, said in the manifesto, this elite tries to take control of the power that can probably be considered as a hint on presidential elections in the USA, part in which is taken at this time by the influential politician Hillary Clinton and the billionaire Donald Trump. Perhaps, the appeal says, Equation Group had tools for penetration into banking systems and if they fall into the necessary hands, then it is unknown that "rich elite" will happen to these.
See Also
- Censorship on the Internet. World experience
- Censorship (control) on the Internet. Experience of China
- Censorship (control) on the Internet. Experience of Russia, Roskomnadzor
- Law on regulation of Runet
- VPN and privacy (anonymity, anonymizers)
- Protection of critical information infrastructure of Russia
- Law On security of critical information infrastructure of the Russian Federation
- National Biometric Platform (NBP)
- Single Biometric System (SBS) of these clients of banks
- Biometric identification (market of Russia)
- Directory of solutions and projects of biometrics
- Digital economy of Russia
- Information security of digital economy of Russia
- SORM (System for Operative Investigative Activities)
- State detection system, warnings and mitigations of consequences of the computer attacks (State system of detection, prevention and elimination of consequences of computer attacks)
- National filtering system of Internet traffic (NASFIT)
- Yastreb-M Statistics of telephone conversations
- How to bypass Internet censorship of the house and at office: 5 easy ways
- The auditor - a control system of blocking of the websites in Russia
- The Single Network of Data Transmission (SNDT) for state agencies (Russian State Network, RSNet)
- Data network of public authorities (SPDOV)
- Single network of telecommunication of the Russian Federation
- Electronic Government of the Russian Federation
- Digital economy of Russia
- Cyber crime in the world
- Requirements of a NIST
- Global index of cyber security
- Cyber wars, Cyber war of Russia and USA
- Cyber crime and cyber conflicts: Russia, FSB, National coordination center for computer incidents (NKTsKI), Information Security Center (ISC) of FSB, Management of K BSTM of the Ministry of Internal Affairs of the Russian Federation, Ministry of Internal Affairs of the Russian Federation, Ministry of Defence of the Russian Federation, National Guard of the Russian Federation
- Cyber crime and cyber conflicts: Ukraine
- Cyber crime and cyber conflicts: USA, CIA, NSA, FBI, US Cybercom, U.S. Department of Defense, NATO, Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA)
- Cyber crime and cyber conflicts: Europe, ENISA
- Cyber crime and cyber conflicts: Israel
- Cyber crime and cyber conflicts: Iran
- Cyber crime and cyber conflicts: China
- As the USA spied on production of chips in the USSR
- Security risks of communication in a mobile network
- Information security in banks
- Digital transformation of the Russian banks
- Overview: IT in banks 2016
- The policy of the Central Bank in the field of data protection (cyber security)
- Losses of the organizations from cyber crime
- Losses of banks from cyber crime
- Trends of development of IT in insurance (cyberinsurance)
- Cyber attacks
- Overview: Security of information systems
- Information security
- Information security (world market)
- Information security (market of Russia)
- The main trends in data protection
- Software for data protection (world market)
- Software for data protection (the market of Russia)
- Pentesting (pentesting)
- Cybersecurity - Means of enciphering
- Cryptography
- VPN - Virtual private networks
- Security incident management: problems and their solutions
- Authentication systems
- Law on personal data No. 152-FZ
- Personal data protection in the European Union and the USA
- Quotations of user data in the market of cybercriminals
- Jackpotting
- Virus racketeer (encoder)
- WannaCry (virus racketeer)
- Petya/ExPetr/GoldenEye (virus racketeer)
- Malware (malware)
- APT - Targeted or target attacks
- DDoS and DeOS
- Attacks on DNS servers
- DoS-attacks on content delivery networks, CDN Content Delivery Network
- How to be protected from DDoS attack. TADetails
- Rootkit
- Fraud Detection System (fraud, fraud, fraud detection system)
- Solutions Antifraud directory and projects
- How to select an antifraud system for bank? TADetails
- Security Information and Event Management (SIEM)
- Directory of SIEM solutions and projects
- Than a SIEM system is useful and how to implement it?
- For what the SIEM system is necessary and as it to implement TADetails
- Intrusion detection and prevention systems
- Reflections of local threats (HIPS)
- Confidential information protection from internal threats (IPC)
- Phishing, DMARC, SMTP
- Trojan
- Botha's botnet
- Backdoor
- Worms Stuxnet Regin
- Flood
- Information loss preventions (DLP)
- Skimming (shimming)
- Spam
- Sound attacks
- Antispam software solutions
- Classical file infectors
- Antiviruses
- Cybersecurity: means of protecting
- Backup system
- Backup system (technologies)
- Backup system (security)
- Firewalls
Notes
- ↑ the CVE-2017-0143 CVE-2017-0143 Eternalblue exploit for Windows 7/2008 index
- ↑ Exploit Derived From ETERNALSYNERGY Upgraded to Target Newer Windows Versions
- ↑ of CVE-2017-0143 of Windows SMB Remote Code Execution Vulnerability
- ↑ ShadowBrokers offers for sale the stolen NSA Windows Hacking Tools
- ↑ Equation: Star of death of Galaktika of the Malware
- ↑ Edward Snowden's page on Twitter
- ↑ of Equation Group - Cyber Weapons Auction Shadow Brokers
- ↑ in the middle of August, 2016 on the website Pastebin the declaration of the hacker Shadow Brokers group in broken English appeared. Hackers offered for sale stolen tools for penetration into computer systems. Hackers claim that they managed to catch "cyber weapon" which was used by the group connected with National Security Agency. References of the programs similar to stolen occurred in the documents of the NSA published by Edward Snowden.
- ↑ of 'Shadow Brokers' of Leak Raises Alarming Question: Was the N.S.A. Hacked?
- ↑ Hack of NSA-Linked Group Signals a Cyber Cold War
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |