Support NeoGAF

[low-G]

...it was WikiLeaks that unleashed a tool of destruction without notifying journalists or governments first because they think themselves agents of chaos.

WikiLeaks wasn't involved in this. There was a cracker group who got the exploits from a NSA contractor. First, the group sold the exploits for a large amount of money. Around this time someone notified MS, probably the NSA, and MS fixed the bug. Then about a month later the cracker group released the exploit for all for free.

Obviously, the next step is for someone to 'weaponize' the exploit. Put ransomware into it or carry out some vendetta or blackmail. That's what this malware is. Someone did the next logical step and made a weapon out of the exploit.

 

[kirblar]

Just think of the heads up WIkileaks gave Russia of these new fun tools they had access to?

Don't need to give someone a heads up if they're who you got them from.

 

[radios shipping overview]

Thanks Julian

 

[El Topo]

Is the Wikileaks thing a running joke or are people serious about this?

 

[Spoiled Milk]

They're not "agents of chaos", they're an arm of the Russian government. Hence they put something like this out in the open to get people pissed at the NSA for doing their jobs.

This wasn't WikiLeaks anyway

You are implicitly arguing for them when you say the NSA should be protecting this country. They can't do that without developing these tools, whether you like to admit it or not. Should they guard those tools better? Sure. But leaving our nation toothless in the face of attacks that will come regardless of how pure the NSA is in your eyes seems like folly.

There is some serious mental contortion necessary to think that just because I want the NSA to harden our computer infrastructure, I also want them to put backdoors in my operating system. Defense is not offense and vice versa. In fact, cyberweapons are not about protecting the country at all, they are either for threatening the civilian population of another country or for targeting individuals. The former is easily achievable with conventional weaponry and the latter is a hazardous road to go down. Limited constitutional government is the exception in human history, not the rule.

Just think of the heads up WIkileaks gave Russia of these new fun tools they had access to?

If a Russian Telecom company got hit hard by this then they obviously weren't given much notice.

WikiLeaks wasn't involved in this. There was a cracker group who got the exploits from a NSA contractor. First, the group sold the exploits for a large amount of money. Around this time someone notified MS, probably the NSA, and MS fixed the bug. Then about a month later the cracker group released the exploit for all for free.

Obviously, the next step is for someone to 'weaponize' the exploit. Put ransomware into it or carry out some vendetta or blackmail. That's what this malware is. Someone did the next logical step and made a weapon out of the exploit.

Wait. I mixed this up with the vault7 dump. My bad.

 

[Jason's Ultimatum]

Thanks, Nicky Parsons.

 

[Anteo]

This just shows how little companies care about updating. This was patched in march.

 

[fuzzyset]

This is a perfect illustration of the hubris and misguidance of the intelligence community. The NSA knows huge swaths of IT run insecure versions of Windows. If they really wanted to 'protect America' the NSA would inform Microsoft of these issues rather hoard them in their vaults. Their hoarding assumes that 1) no one else is smart enough to figure the exploits out and/or 2) their tools/knowledge won't be leaked. Both have been proven false time and time again. They are knowingly sacrificing the security of America for a shot at exploiting foreign countries.

 

[The Dutch Slayer]

Off course they used those tools what did they think was going to happen.
The attacks on hospitals are very scary specially on a big scale :O.

 

[PackAPunchedMick]

I wonder if Virgin media has been attacked, all my services have been disrupted for 8 hours

 

[Cronen]

I wonder if Virgin media has been attacked, all my services have been disrupted for 8 hours

For what it's worth, I am on Virgin Media and things are fine here.

 

[Dopus]

They're not "agents of chaos", they're an arm of the Russian government. Hence they put something like this out in the open to get people pissed at the NSA for doing their jobs.

Don't need to give someone a heads up if they're who you got them from.

Hyperbole galore. You should really limit the use of it when you're attempting to show your outrage, especially when it's completely untrue.

Also, the tools have been out there for a while. Not Wikileaks related.

 

[J4g3r]

For what it's worth, I am on Virgin Media and things are fine here.

+1 to this.

 

[Gallbaro]

Going to be a huge push to web apps after this. Client-Server software just does not get updated enough and no one patches for fear of breaking.

 

[PackAPunchedMick]

For what it's worth, I am on Virgin Media and things are fine here.

Oh OK. Thanks for the info.

Fucking Virgin man, useless.

 

[bobbychalkers]

Thanks Ja Rule

 

[GreyWind]

Thanks Putin

 

[SwipeLeftHoney]

These tools have been on the open web for quite awhile now. Figured everyone would've been prepared for this..

 

[Lan Dong Mik]

Thanks internet

 

[PyroPaperPlanes]

****ing hell.

 

[Jezbollah]

Sky News now reporting 75 countries affected.

 

[MIMIC]

Dumb question, but would this be related to GPS being borked for the last 24 hours?

 

[Delusibeta]

FYI: the NSA had reported the vulnerabilities to Microsoft, who issued patches well before the Shadow Brokers leaked said vulnerabilities.

The problem: people not applying the patches. It's always not applying the damn patches. Always apply the patches, fools!

 

[Spoiled Milk]

Can a mod please update the title to "Global ransomware cyberattack happening now in at least 74 countries"

 

[Moosichu]

This is not... not good.

 

[Memory]

FYI: the NSA had reported the vulnerabilities to Microsoft, who issued patches well before the Shadow Brokers leaked said vulnerabilities.

The problem: people not applying the patches. It's always not applying the damn patches. Always apply the patches, fools!

This just reminded me that significant portion of GAF are against Win10 or forced updates.

Very scummy to hit the NHS, NHS funding issues have been on the news for years, blood from a damn stone.

 

[smokeymicpot]

Funny how Kaspersky did a IAMA on Reddit yesterday too.

MOSCOW (AP) - Russia's Interior Ministry says it has come under cyberattack


https://twitter.com/joshledermanAP/status/863122467333779456

 

[Nevasleep]

Imagine how many conference calls are going on right now...

The options for big companies are patch for MS17-010 immediately, or shutdown/isolate. It's like MS08-067

This just reminded me that significant portion of GAF are against Win10 or forced updates.

Well they haven't been very good about it, they should only force the restarts and disruption etc for critical situations/patches like this.

 

[smokeymicpot]

MOSCOW (AP) - Two security companies say more than 70 countries affected by cyberattack, with Russia hardest hit

https://twitter.com/joshledermanAP/status/863123798396194817

Russia was the hardest hit which is odd. Plus it being Kaspersky makes it odder. Since Cruz was asking about them yesterday during the hearing once again.

 

[Paganmoon]

FYI: the NSA had reported the vulnerabilities to Microsoft, who issued patches well before the Shadow Brokers leaked said vulnerabilities.

The problem: people not applying the patches. It's always not applying the damn patches. Always apply the patches, fools!

Yeah, about that, got linked this picture in april by a colleague, first I laughed... then I cried a bit.

Imagine how many conference calls are going on right now...

The options for big companies are patch for MS17-010 immediately, or shutdown/isolate. It's like MS08-067


Well they haven't been very good about it, they should only force the restarts and disruption etc for critical situations/patches like this.

Thing is, it's only SMBv1 that's affected afaik, if you can't patch (which isn't always an option for enterprises, due to downtime), remotely shutting down SMBv1 should make them safe.

 

[Kthulhu]

NSA is stupid for letting this get out and these organizations are stupid for not properly protecting themselves.

This just reminded me that significant portion of GAF are against Win10 or forced updates.

Very scummy to hit the NHS, NHS funding issues have been on the news for years, blood from a damn stone.

Fortunately, they have little say in the matter.

 

[Nevasleep]

Thing is, it's only SMBv1 that's affected afaik, if you can't patch (which isn't always an option for enterprises, due to downtime), remotely shutting down SMBv1 should make them safe.

Ah man, reminds me of this MS guy - https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

 

[shawnbuddy]

Saw doctors saying people are definitely going to die because of this. Some London hospitals are almost completely locked down from a tech and records standpoint.

 

[PdotMichael]

Then they wouldn't be doing their jobs? They're spies.

Well, they are pretty shit at their job anyway despite the total surveillance approach. .

 

[Realeza]

Saw doctors saying people are definitely going to die because of this. Some London hospitals are almost completely locked down from a tech and records standpoint.

Where did you see this?

 

[Kthulhu]

Saw doctors saying people are definitely going to die because of this. Some London hospitals are almost completely locked down from a tech and records standpoint.

Christ, do these people not have backups?

 

[Paganmoon]

Christ, do these people not have backups?

backups are not restored instantaneously. Depending on the amount of data, it could take hours, hell even days at worst.

 

[Corpsepyre]

Are personal computers affected as well?

 

[LoveCake]

Something like this was always going to happen and I the future there will be something released that is even worse.

The Tories in the UK and many other countries are trying to get encryption weakened.

IT systems like the NHS us shouldn't even have a terminal that is connected to the external internet or have it so external storage devices can be connected to it, it should be a closed system.

Stay safe everyone.

 

[lensoftruth]

Christ, do these people not have backups?

Lots of equipment runs XP too, they don't just have backups, there's 1000s of computers on all hospitals.

Not should be running Windows IMO.

 

[lensoftruth]

IT systems like the NHS us shouldn't even have a terminal that is connected to the external internet or have it so external storage devices can be connected to it, it should be a closed system.

Easy to say, difficult to implement with all the changing contracts for maintenance of these systems.

 

[dLMN8R]

(nm)

 

[AlphaDump]

Why do I feel like, despite the US sabotaging Iran's nuclear program, widespread astroturfing and social engineering during an important US election year, and a seeming increase in high profile institutions being hit with ransomware.. nobody is really taking cyberwarfare as serious as they seem to do in their press releases?

Or is cybersecurity just a shit show in general?

You cant guard everything with a tank, and the biggest threat is the ones inside, though they do need to work with vendors more. Why do complicated espionage when you can just fool or charm the weakest links.

People, processes, technology, but it is really the people.


/Now click this link for a hilarious youtube video. Each click donates to local schools.

 

[Kthulhu]

backups are not restored instantaneously. Depending on the amount of data, it could take hours, hell even days at worst.

I know that. But if they're saying it's gone forever then it means there are no backups.

Lots of equipment runs XP too, they don't just have backups, there's 1000s of computers on all hospitals.

Not should be running Windows IMO.

Then they need a better IT department or to listen to said department more.

 

[Paganmoon]

I know that. But if they're saying it's gone forever then it means there are no backups.



Then they need a better IT department or to listen to said department more.

Didn't see it mentioned that they were gone forever, just that they are currently locked out? Geezes, though, the scale of this, I'm happy I don't work there, cause to restore everything holy shit.

 

[Kthulhu]

Didn't see it mentioned that they were gone forever, just that they are currently locked out? Geezes, though, the scale of this, I'm happy I don't work there, cause to restore everything holy shit.

The NHS's IT department is probably pissed.

I'm told doing IT for the medical industry sucks as it is, but they probably never expected this to happen.

 

[Ravensmash]

Why do I feel like, despite the US sabotaging Iran's nuclear program, widespread astroturfing and social engineering during an important US election year, and a seeming increase in high profile institutions being hit with ransomware.. nobody is really taking cyberwarfare as serious as they seem to do in their press releases?

Or is cybersecurity just a shit show in general?

Oh you best believe this will make the UK pay attention.

Is there any potential risk of patient files being accessed?

That would be fucking chaos if so...

Edit: Realised that this isn't the UK specific thread so I'm referencing the NHS here.

 

[Beer Monkey]

I wonder what Trump will say?

"I guess I should start sucking Putin's dick harder and go full isolationist so this doesn't happen again"?

These hack tools were released because he hasn't appeased his Nazi masters enough yet.

https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1

Of course Pandora's box is wide open now, there's no going back until security is hardened sufficiently.

 

[Kthulhu]

Article in the OP has been updated to 99 countries.

Oh you best believe this will make the UK pay attention.

Is there any potential risk of patient files being accessed?

That would be fucking chaos if so...

Edit: Realised that this isn't the UK specific thread so I'm referencing the NHS here.

Unlikely. Ransomware usually just holds your files hostage.

 

[Syder]

Comment from reddit

I'm a doctor in one of the affected hospitals, a major trauma center in London. Everything has gone down. No blood results, no radiology images, there's no group specific blood available. They've declared an internal major incident, the hospital is diverting major trauma and stroke patients. All elective surgery was cancelled from about 1pm. We're not doing anything in theatre that's not life or limb threatening.
There will almost certainly be deaths as a result of this. I sincerely hope whichever cunts were responsible for this get utterly fucked by GCHQ.