NSA Partly Responsible For Latest Cyber Attack? OF Course!

"The N.S.A. Needs to take a leadership role....to address the plague that they've unleashed." - NY Times, today

Simpletons often see a temporary divergence from endorsing an agency, Bureau or person as a "contradiction" which probably harkens back to the old saw "a foolish consistency is the hobgoblin of little minds". So because I may have endorsed the NSA as part of the intel community that has exposed Russian hacking in the 2016 election, some may wonder why I'd now want to "attack" the NSA. But this is more in the way of a citizen's "pull yourself up!" mandate than attack.

I am referring, of course, to how the agency enabled and allowed a nasty worm to get loose some five years ago which has since been repurposed by "bad guys"  to attack our nation and others.  The guise is under a "ransomware" mode when the net user's computer turns into a 'brick'  unless he or she coughs up 300 Bitcoin bucks. So yeah, the NSA now bears responsibility - at least partial - for yesterday's global "Petya" attack, as it did last month's "Wannacry" attack. The most recent has one-upped the Wannacry attack in that no "kill switch" has yet been found."


Most would probably not recall the 60 Minutes episode from March 4, 2012, which sheds light on the current attacks.

In that episode, Gen. Michael Hayden (formerly of the NSA) was heard to say:

"We have entered into a new phase of conflict in which we use a cyberweapon to create physical destruction, and in this case, physical destruction in someone else's critical infrastructure. This was a good idea, alright? But I also admit this was a really big idea too. The rest of the world is looking at this and saying, 'Clearly someone has legitimated this kind of activity as acceptable international conduct.' The whole world is watching."

Following on, there appeared Sean McGurk - former head of cyber defense at The Department of Homeland Security, in charge of protecting critical infrastructure in the U.S. - who addressed Hayden's more or less glib patter:

"You can download the actual source code of Stuxnet now and you can repurpose it and repackage it and then, you know, point it back towards wherever it came from."

CBS' Steve Kroft then remarked: "Sounds a little bit like Pandora's box." To which McGurk responded, "Yes!"

McGurk added:

"They opened up the box. They demonstrated the capability. They showed the ability and the desire to do so. And it's not something that can be put back."

Kroft then pressed the issue, asking:

"If somebody in the government had come to you and said, "Look, we're thinking about doing this. What do you think?" What would you have told them?"

To which McGurk didn't hesitate in responding:

"I would have strongly cautioned them against it because of the unintended consequences of releasing such a code."

Kroft then surmised that one such "unintended consequence" is that this same code might be "re-purposed" and used against us. Perhaps against nuclear power plants or the power grid. Again, McGurk responded:"Yes", labeling the possible retributive cyber attack worm, "Son of Stuxnet".

But this was no laughing matter, certainly not five years ago and not now after obvious repurposed cyber attacks using NSA "exploits" have transpired.  As I noted in a post from 5 years ago:

"Because of the hubristic, belligerent and arrogant actions of an enclave of pointy-headed computer geeks at the Puzzle Palace, we're likely all in jeopardy (as we were with the Wall St. quants with the financial meltdown). These sort of reckless actions do not bode well, and although their creators and the guilty agency might argue they were done with the "best intentions" , i.e. to slow down Iranian processing of nuclear fuel, we know the road to Hell is paved with them."

In the case of Stuxnet, its malicious trail commenced in June of 2010, when it was first detected and isolated by a tiny company in Belarus after one of its clients in Iran complained about a software glitch. Subsequently, reports filtered in that Iran's centrifuges were somehow compromised, though they didn't let on that they were aware of the real culprits which I suspected at the time was the NSA, whose cryptological-computer-savvy 'fingerprints' were all over it.

Barely a month later, the FLAME virus was unleashed wreaking some havoc but not as much as Petya did yesterday with its ransomware attack.

An AP Report ('Digital Virus has Nations on Alert') noted at the time:

"Unlike a bullet or a missile fired at an enemy, a cyberweapon that spreads across the internet might circle back to infect computers it was never supposed to target. It's one of the unusual challenges facing the programmers who build such weapons."

According to the same AP report, Russian digital security provider Kaspersky Lab - which first identified the virus - stated that Flame's complexity and functionality 'exceeded those of all other cyber menaces know to date'"

Those words were enough to convince me that, like the Stuxnet worm, FLAME is a creature of the geeks at NSA.  Thus the AP report's ending "Yet FLAME's author remains unknown because there is no information in the code of the virus that would link it to a particular country" merely confirmed its place and source of origin.

In yesterday's manifestation of the latest virus reincarnation (as the 'Petya' ransomware), the origin appeared to be in the Ukraine, where officials reported the country's power grid as well as banks and government offices were affected.    Subsequently, Russia's Rosneft oil company also reported falling victim - but avoided major damage owing to a quick response - as did Danish shipping giant A.P. Moller-Maersk.  According to Anders Rosendahl, a spokesman for the shipping group:

"We're talking about a cyber attack. It has affected all branches of our business, at home and abroad."

The cyber attack rapidly snowballed into a world wide crisis, which also affected U.S. companies, as well as a hospital in Pennsylvania where surgeries had to be cancelled because the computers were down.

The worst aspect of this latest attack? It was "self spreading". That is, it possessed the capability to spread across networks without any human interactions. Such self-propagating software is called by the name "worms" because of the similarity to the way worm infestation diseases spread.  This is exactly the character of the original Stuxnet.

Let's bear in mind in the wake of the recent attacks that both Wannacry and Petya have managed to spread rapidly using break in tools originally created by the National Security Agency. Also, these tools were recently released to the Web. So yes, the NSA bears more than a little responsibility to try to get the cyber plague "evil genie" back into the "bottle."

Some bottle. Any bottle.  And then, think - really hard  and long - before unleashing the next cyber weapon that could boomerang back on the rest of us.

Cyber-Spook Origins of 'FLAME' Computer Virus Confirmed

Some blogs ago, e.g.

http://brane-space.blogspot.com/2012/06/who-made-flame-virus-same-bunch-that.html

I predicted that the recently released 'FLAME' virus would be found to have the same sort of code origins as Stuxnet, namely engineered by the cyber-spooks embedded at NSA Headquarters, at Ft. Meade, Maryland. Now, that has been confirmed with the recent Washington Post report that "commercial security researchers last week confirmed the Flame virus contained some of the same code as Stuxnet". And we know, thanks to a terrific 60 Minutes piece some months ago, the NSA was behind that latter malware creation (though they tried to hedge around it while not outright denying responsibility).

But as the WaPo lead -in observed: "NSA is expert at breaking codes and creating malware".

Well, doh and duh! As anyone who's lived in the DC corridor can attest (I Iived nine years in Columbia, MD) one sees adverts all the time (e.g. in local papers like The Baltimore Sun)  for "exceptional mathematicians" and new math graduates to join the high profile team of encryptionists, code breakers and computer savants at.....NSA!  They probably have, no kidding, the biggest pool of Geek brains outside of the quants in the investment banks of Wall Street - especially since there are few other outlets for such brainiacs to go now that our space program has been pared down to a joke.

So, instead of having our eyes set on returning to the Moon or colonizing Mars, the drive is to be a well-paid super cyber-snoop (or Wall St. derivative pestilence) and either create malware ostensibly to attack 'enemy' computers (but which can boomerang and whack our own) or create obscure financial derivatives with the potential to cause yet another market crash ...or even depression. How the mighty have fallen! How vision has been reduced and perverted.

Anyway, this FLAME malware was evidently created five years ago "as part of a classified code named 'Olympic Games' " (do these cyber-spook  fuckers really believe these things amount to 'games'?) . The report went on to note the "U.S. -Israeli collaboration" was intended to "reduce the pressure for a conventional military attack and extend the timetable for negotiation, diplomacy".

All very noble to be sure. But what these would -be brainiacs never took into account is how possible malware that seizes computers (not just Iran's but maybe the Russkies' too) can have unintended consequences and exploit weaknesses and create glitches that may cause incorrect signal or information processing. This occurred in the 1990s as Russian computers mistakenly detected what first appeared to be a U.S. first strike and were prepared to launch a missile counter-strike. It was only with minutes to spare that it was discovered that the rising Moon had triggered missile radars but a computer glitch caused the warning machines to detect a nuclear missile! (Similarly, in 2002, an airburst meteoroid was briefly detected as a possible nuclear weapon air burst by Indian and Pakistani forces then engaged over the disputed province of Kashmir- but fortunately their computers and warning systems identified the cause at the last minute. But what if a rogue Stuxnet or Flame virus had appropriated the respective systems and distorted the information?)

What these eggheads never get is their potential to wreak more havoc. Will they change? Doubtful, because now with the post-9/11 terror-security frenzy still infecting most brains in the US of A, the security hawk or spook enclave is pulling in twenty times more money a year than NASA. They are the new kingpins on the Beltway funding block, and they will do everything to suck up more billions for their security networks and new bases of operation. If JFK were alive, he'd puke at what our nation's become and the lost vision.  Letting a bunch of robed punks induce us to spend ourselves into oblivion, essentially destroy our own Bill of Rights, and whatever constructive  future remains on offer. Sad!

Anyway, Flame - this outrageous boomerang -potential virus - was designed to 'replicate across even highly secure networks".  It then had the wherewithal to control all computer functions, including activating all computer microphones and cameras, taking screen shots of users, logging keystrokes, extracting geo-location data from images (better than a GPS) and dispatching all this to the creators ensconced at the Puzzle Palace - the modus operandi  (for sending and receiving commands, data) enhanced through "Bluetooth wireless technology."

To make it even more sobering, the entry of Flame could be entirely innocuous - since Flame was designed to do all the above while "masquerading as a Microsoft software update". How did the blasted thing avoid detection for so many years? By "using a sophisticated program to crack an encryption algorithm"

And what do the spooks have to say about the WaPo report? What you'd expect spooks to say! According to the piece:

"Spokesmen for the CIA, the NSA and the Office of the Director of National Intelligence.....declined to comment".

So, what's new? All the evidence released so far tells us all we need to know. As for your privacy, that went out the window a long time ago. Just wait until the drone makers now put 30,000 of the spying little bastards up to fly around and monitor neighborhoods constantly.....and where do you think all that info will end up? One thing for sure: not on Mars!

Who Made the 'FLAME' Virus? The SAME Bunch That Created Stuxnet!

Once again, the world of computing and computer users is on the edge of its seat as we hear about a new, highly sophisticated computer virus that's been unleashed. Oh, we're still supposed to be mollified as the Homeland Security Dept. has assured companies and users that "so far no infections have been discovered inside the U.S.". That's some consolation!

'FLAME' is described as a sophisticated espionage "tool" which uses encryption and other techniques to "help break into computers and move through private or corporate networks. The virus can then eavesdrop on all data traffic, take screen shots and record audio and keystrokes. The Homeland Security Dept. said its origin was a "mystery".

Horse manure!

Some time ago I also blogged about the Stuxnet computer worm:

http://brane-space.blogspot.com/2012/03/stupidity-of-stuxnet.html

which had been unleased ostensibly to foul up Iran's nuclear program, via its centrifuge system. However, the viciousness of the thing was such that no one could ensure there'd be no collateral damage - and indeed there was as thousands of computers were infected and went down around the world.

In the case of Stuxnet, its malicious trail commenced in June of 2010, when it was first detected and isolated by a tiny company in Belarus after one of its clients in Iran complained about a software glitch. Subsequently, reports filtered in that Iran's centrifuges were somehow compromised, though they didn't let on that they were aware of the real culprits which I suspected at the time was the NSA, whose cryptological-computer-savvy 'fingerprints' were all over it.

Recent press reports, e.g. in The New York Times, have fully confirmed my suspicions - though seeking to dilute sponsorship by attribution to U.S. -Israeli sources. Don't buy it for a second. At least ninety percent was due to the code cracker, encryption eggheads and their ilk based at Ft. Meade, MD. (Sometime in 1995 while trying to get back to Columbia, MD from Laurel, wifey and I took a wrong turn and ended up on the parking lot of Spook City - and were numbed by its monstrous size. You can believe these guys can do anything there and this was confirmed for us after the appearance of The Baltimore Sun series: 'No Such Agency: America's Fortress of Spies', by Scott Shane and Tom Bowman, Dec. 3-15, 1995)

But as I noted in the earlier blog on Stuxnet, because of the hubristic, belligerent and arrogant actions of an enclave of pointy-headed computer geeks at the Puzzle Palace,  and maybe hints from allies, we were all put at risk and still are. Because the code was eventually unravelled and now can be used as is or more likely tweaked by any cyber enemy. Again, our own 'posse' has outwitted themselves and ended up opening a 'Pandora's Box' that can come back to bite us on the ass. One wonders if the release of these viruses is simply to see what they can do....not considering the consequences.

Let's bear in mind, as an AP Report piece has noted ('Digital Virus has Nations on Alert', today's Denver Post):

"Unlike a bullet or a missile fired at an enemy, a cyberweapon that spreads across the internet might circle back to infect computers it was never supposed to target. It's one of the unusual challenges facing the programmers who build such weapons."

"Challenges"? How about simple recognition of the Law of Unintended Consequences which most humans have been aware of since the year Dot, but which their hubris never seems to allow them to finally process. .

Again, if releasing Stuxnet was stupid, then releasing FLAME is mega-Stupid!

Meanwhile, according to the AP report today, Russian digital security provider Kaspersky Lab - which first identified the virus - SAID Flame's complexity and functionality 'exceed those of all other cyber menaces know to date'"

Those words were enough to convince me that, like the Stuxnet worm, FLAME is a creature of the geeks at NSA.  Thus the AP report's ending "Yet FLAME's author remains unknown because there is no information in the code of the virus that would link it to a particular country" merely confirmed its place and source of origin.

Well, at least it's nice to know where up to $100b of our yearly budget is going to. For my part pardon me, but I'd be much much happier with a manned Mars program! So would my computer, assured that it's not going to be boomerang- whacked by a virus created by guys allegedly out to "protect us".