The proliferation of the WannaCry ransomware last week unequivocally justifies Apple’s steadfast refusal to help the FBI break into an iPhone 5c used by one of the San Bernardino terrorists. As a quick refresher, the FBI last year wanted Apple engineers to create a brand new version of iOS that would allow them to skirt around iOS security measures. As a precaution, a security setting in iOS wipes a device clean after 10 erroneous passcode entry attempts. The FBI, as a result, tried to force Apple to release a specialized version of iOS that would not include this security limitation.
So while Cook’s cancer analogy might have struck some as being extreme, the WannaCry ransomware saga last week proves that once a piece of malicious software is created, it’s impossible to keep it out of the hands of malicious actors. According to reports, the WannaCry ransomware — which infected more than 200,000 computers across 150 different countries in less than 24 hours — was based on an NSA exploit released by a hacking collective known as the Shadow Brokers. In fact, WannaCry began infecting computers worldwide just about 4 weeks after the Shadow Brokers released a treasure trove of NSA hacking tools and exploits for anyone in the world to explore and use... There’s probably more information about you on your phone than there is in your house… they’re also loaded with the location of our kids in many cases, and so it’s not just about privacy but it’s also about public safety.”
.. Incidentally, Microsoft on Sunday issued a statement blasting government agencies for hoarding dangerous exploits.
Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.
‘Accidental hero’ halts ransomware attack and warns: this is not over
Expert who stopped spread of attack by activating software’s ‘kill switch’ says criminals will ‘change the code and start again’
I was out having lunch with a friend and got back about 3pm and saw an influx of news articles about the NHS and various UK organisations being hit,” he told the Guardian. “I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.”
The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and was immediately registering thousands of connections every second.
Trump questions quest for cybersecurity: ‘No computer is safe’
“Russia spying on the U.S. is not news,” said Rep. Devin Nunes (R-Calif.), the chairman of the House Intelligence Committee and a top Trump ally. “It’s what they do. A lot is being made about something that’s already known. To all the people acting shocked, it’s as if they’re shocked there is gambling going on in a casino.”
.. “We’re not going back to the world of couriers and letter-writing; we’re going to continue to do things online,” he said. “There are ways to do it where you can manage risk, and that’s really what the goal should be here — to get to the point where we can have the efficiencies and the benefits and still be secure.”
.. As long as Trump openly doubts the intelligence community’s ability to accurately assign responsibility for cyberattacks, he could find it difficult to identify, fend off and retaliate against cyberattackers. He has publicly compared the intelligence community’s Russian hacking assessment to its erroneous determination that Iraqi leader Saddam Hussein was stockpiling weapons of mass destruction — a comparison Spicer repeated Sunday.
Democrats fear ‘October surprise’ as White House ponders hack response Read more: http://www.politico.com/story/2016/08/clinton-democrats-hacking-dnc-october-surprise-226743#ixzz4GZEApo77 Follow us: @politico on Twitter | Politico on Facebook
Security experts from both parties want to see strong action if the U.S. concludes Russia is meddling in the election.
But Clinton supporters worry that Russian-backed hackers may indeed have free rein to try to influence the November election, depending on what information they’ve stolen and when they plan to release it. (The Aspen group also warned that the hackers may “salt the files they release with plausible forgeries” to worsen the fallout.)
WikiLeaks founder Julian Assange, whose site released the DNC emails July 22, has refused to confirm or deny their origins but has told CNN that he might release “a lot more material,” noting that “they are having so much political impact in the United States.”
Democrats like veteran political strategist Craig Varoga can easily see the worst-case scenario. “In all likelihood, Russia and Assange are already planning an October surprise to influence our election and otherwise destabilize the Western alliance,” he said in an interview.
.. Presenting this evidence in court could also expose valuable secret surveillance footholds in Russian intelligence agencies.
Raj De, a former National Security Agency general counsel, said spy agencies are typically “very reticent to burn sources and methods for any activity.” Revealing such tactics could even open up the NSA to lawsuits over its surveillance operations.
.. “It’s easier to level sanctions than to prosecute someone without jeopardizing intelligence sources and methods,”
.. But current and former officials say the White House is gradually favoring a public outing of foreign hackers.