Wednesday, June 28, 2017

NSA Partly Responsible For Latest Cyber Attack? OF Course!

"The N.S.A. Needs to take a leadership address the plague that they've unleashed." - NY Times, today

Simpletons often see a temporary divergence from endorsing an agency, Bureau or person as a "contradiction" which probably harkens back to the old saw "a foolish consistency is the hobgoblin of little minds". So because I may have endorsed the NSA as part of the intel community that has exposed Russian hacking in the 2016 election, some may wonder why I'd now want to "attack" the NSA. But this is more in the way of a citizen's "pull yourself up!" mandate than attack.

I am referring, of course, to how the agency enabled and allowed a nasty worm to get loose some five years ago which has since been repurposed by "bad guys"  to attack our nation and others.  The guise is under a "ransomware" mode when the net user's computer turns into a 'brick'  unless he or she coughs up 300 Bitcoin bucks. So yeah, the NSA now bears responsibility - at least partial - for yesterday's global "Petya" attack, as it did last month's "Wannacry" attack. The most recent has one-upped the Wannacry attack in that no "kill switch" has yet been found."

Most would probably not recall the 60 Minutes episode from March 4, 2012, which sheds light on the current attacks.

In that episode, Gen. Michael Hayden (formerly of the NSA) was heard to say:

"We have entered into a new phase of conflict in which we use a cyberweapon to create physical destruction, and in this case, physical destruction in someone else's critical infrastructure. This was a good idea, alright? But I also admit this was a really big idea too. The rest of the world is looking at this and saying, 'Clearly someone has legitimated this kind of activity as acceptable international conduct.' The whole world is watching."

Following on, there appeared Sean McGurk - former head of cyber defense at The Department of Homeland Security, in charge of protecting critical infrastructure in the U.S. - who addressed Hayden's more or less glib patter:

"You can download the actual source code of Stuxnet now and you can repurpose it and repackage it and then, you know, point it back towards wherever it came from."

CBS' Steve Kroft then remarked: "Sounds a little bit like Pandora's box." To which McGurk responded, "Yes!"

McGurk added:

"They opened up the box. They demonstrated the capability. They showed the ability and the desire to do so. And it's not something that can be put back."

Kroft then pressed the issue, asking:

"If somebody in the government had come to you and said, "Look, we're thinking about doing this. What do you think?" What would you have told them?"

To which McGurk didn't hesitate in responding:

"I would have strongly cautioned them against it because of the unintended consequences of releasing such a code."

Kroft then surmised that one such "unintended consequence" is that this same code might be "re-purposed" and used against us. Perhaps against nuclear power plants or the power grid. Again, McGurk responded:"Yes", labeling the possible retributive cyber attack worm, "Son of Stuxnet".

But this was no laughing matter, certainly not five years ago and not now after obvious repurposed cyber attacks using NSA "exploits" have transpired.  As I noted in a post from 5 years ago:

"Because of the hubristic, belligerent and arrogant actions of an enclave of pointy-headed computer geeks at the Puzzle Palace, we're likely all in jeopardy (as we were with the Wall St. quants with the financial meltdown). These sort of reckless actions do not bode well, and although their creators and the guilty agency might argue they were done with the "best intentions" , i.e. to slow down Iranian processing of nuclear fuel, we know the road to Hell is paved with them."

In the case of Stuxnet, its malicious trail commenced in June of 2010, when it was first detected and isolated by a tiny company in Belarus after one of its clients in Iran complained about a software glitch. Subsequently, reports filtered in that Iran's centrifuges were somehow compromised, though they didn't let on that they were aware of the real culprits which I suspected at the time was the NSA, whose cryptological-computer-savvy 'fingerprints' were all over it.

Barely a month later, the FLAME virus was unleashed wreaking some havoc but not as much as Petya did yesterday with its ransomware attack.

An AP Report ('Digital Virus has Nations on Alert') noted at the time:

"Unlike a bullet or a missile fired at an enemy, a cyberweapon that spreads across the internet might circle back to infect computers it was never supposed to target. It's one of the unusual challenges facing the programmers who build such weapons."

According to the same AP report, Russian digital security provider Kaspersky Lab - which first identified the virus - stated that Flame's complexity and functionality 'exceeded those of all other cyber menaces know to date'"

Those words were enough to convince me that, like the Stuxnet worm, FLAME is a creature of the geeks at NSA.  Thus the AP report's ending "Yet FLAME's author remains unknown because there is no information in the code of the virus that would link it to a particular country" merely confirmed its place and source of origin.

In yesterday's manifestation of the latest virus reincarnation (as the 'Petya' ransomware), the origin appeared to be in the Ukraine, where officials reported the country's power grid as well as banks and government offices were affected.    Subsequently, Russia's Rosneft oil company also reported falling victim - but avoided major damage owing to a quick response - as did Danish shipping giant A.P. Moller-Maersk.  According to Anders Rosendahl, a spokesman for the shipping group:

"We're talking about a cyber attack. It has affected all branches of our business, at home and abroad."

The cyber attack rapidly snowballed into a world wide crisis, which also affected U.S. companies, as well as a hospital in Pennsylvania where surgeries had to be cancelled because the computers were down.

The worst aspect of this latest attack? It was "self spreading". That is, it possessed the capability to spread across networks without any human interactions. Such self-propagating software is called by the name "worms" because of the similarity to the way worm infestation diseases spread.  This is exactly the character of the original Stuxnet.

Let's bear in mind in the wake of the recent attacks that both Wannacry and Petya have managed to spread rapidly using break in tools originally created by the National Security Agency. Also, these tools were recently released to the Web. So yes, the NSA bears more than a little responsibility to try to get the cyber plague "evil genie" back into the "bottle."

Some bottle. Any bottle.  And then, think - really hard  and long - before unleashing the next cyber weapon that could boomerang back on the rest of us.

No comments: