13:07 GMT +317 November 2019
Listen Live
    A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13, 2017

    NSA 'Trained Virus Community to Do Significant Damage' With Hacking Tools

    © REUTERS / Kacper Pempel/Illustration
    Tech
    Get short URL
    686
    Subscribe

    The hackers that created the global "WannaCry" ransomware, based on a leaked NSA hacking exploit, probably didn't expect their creation to be this big, security expert John Safa told Radio Sputnik.

    On Friday, computer systems across the world were attacked by hackers in an attack dubbed "WannaCry," which uses an NSA exploit codenamed EternalBlue that was one of several tools leaked by the Shadow Brokers last month.

    The tool exploits a vulnerability in Microsoft's Server Message Block which allows attackers to crash systems with a denial of service attack. After scrambling computer files, the malware demands upwards of $300 in Bitcoin to restore documents.

    The cyber-attack hit nearly 100 countries, with Russia and the UK being among the most affected. The infections disabled at least 16 hospitals in the UK, Spain's main telecommunication services provider Telefonica, the Russian telecommunications provider Megafon, some Italian universities and the international shipper FedEx. It also attacked but was contained in other systems, among them the Russian Interior Ministry.

    Security expert John Safa, founder of Pushfor, a secure messaging and content sharing platform for businesses, told Radio Sputnik that the hackers who devised the WannaCry virus probably didn't expect it to wreak as much damage as it has done.

    "It just went wild, this is a big one. We've seen other ones that have had this sort of impact before but this is probably the biggest and had the largest impact. My view is that the hackers didn't actually anticipate it being this big," Safa said.

    "The actual virus is typically spread as an email attachment and this is the typical way the payload attacks your machine. You then click on the link or run the program or open the content, and the malware then gets onto your machine and then spreads through another vulnerability, what is called an SMB network issue that then allows it to spread."

    "Then what happens is, it looks for files, not only on your machine but also shares what you have with your network server and starts encrypting files. Obviously, it's very difficult to decrypt them because you don't know the key."

    The virus was able to spread so rapidly because although Microsoft quickly patched the vulnerabilities exposed in the Shadow Brokers leak, many organizations hadn't yet upgraded their software. Larger organizations tend to stagger their updates over several weeks as they are tested by administrators for compatibility with intranets and other internal systems.

    "Someone's developed a Windows malware that basically exploits a hole that was in Windows. Microsoft had patched it fairly quickly but a lot of companies hadn't upgraded their machines so this vulnerability then spread."

    The leak and consequent hack demonstrates the vulnerabilities of computer systems and the necessity of regularly upgrading and backing up systems.

    "The first lesson is that you have to be careful what you email, click on and receive. But I think it also shows that leaking information in this manner to show vulnerabilities in operating systems or applications can then be used for a bad cause. So, with this information the NSA have actually trained the virus and hacking community to do significant damage."

    "The biggest issue will be for organizations, because content drives businesses nowadays and they have to make sure they can have a layer of security between that content because if ransomware does attack, and it can't have access to your actual, genuine files, then it's going to limit the damage it can actually cause. So, that's what we are trying to educate people, email and content are typically the biggest risks and it's best to put a layer between those two," Safa said.

    On Saturday, a security researcher tweeting as @MalwareTechBlog, registered a domain name connected to the malware, thus activating a secret "kill switch" that can prevent the malware from spreading. 

    Unfortunately, the solution won't help fix systems already infected by the malware, and @MalwareTechBlog also warned that even though the breakthrough halted the unfolding epidemic, more attacks may soon follow. 

    The researcher explained that the attackers may still rewrite the code and relaunch the cycle and urged everyone to promptly patch their systems.

    Have you heard the news? Sign up to our Telegram channel and we'll keep you up to speed! 

    Related:

    Analysts Name NSA's Hacking Tool Reportedly Used in Global Cyber Strike
    Russia’s Sberbank Fends Off Hacking Attack as World Deals With Huge Cyber Strike
    False Flag en Francais: CIA Hacked Macron to Stop Russia-France Rapprochement?
    Hours Before French Election, Macron Claims to Be Victim of Hack
    Tags:
    hacker, hack attack, Microsoft, National Security Agency (NSA)
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik