Cyber attack: 'US infection rate lower' than other places
BY Agencies16 May 2017 4:01 PM GMT
Agencies16 May 2017 4:01 PM GMT
President Donald Trump's homeland security adviser has a message to those blaming US intelligence agencies for the cyberattack encircling the globe: Don't point a finger at the National Security Agency.
Since Friday, malware has infected an estimated 300,000 computers in 150 countries. Users' files at hospitals, companies and government agencies have been held for ransom.
Cybersecurity experts say the unknown hackers used a hole in Microsoft software that was discovered by the National Security Agency. The hole was exposed when NSA documents were leaked online.
Brad Smith, general counsel and executive vice president of Microsoft, laid some of the blame with the US government, criticising US intelligence agencies for "stockpiling" software code that can be used by hackers. "We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability, stolen from the NSA, has affected customers around the world," he said. Tom Bossert, Trump's assistant for homeland security and counterterrorism, defended the NSA, the lead US signals intelligence agency.
"This was not a tool developed by the NSA to hold ransom data," Bossert told reporters yesterday. "This was a tool developed by culpable parties potentially criminals or foreign nation-states."
Perpetrators put the malware together in a way to deliver it with phishing e-mails, put it into embedded documents and caused infection, encryption and locking, he said.
Cyber experts are telling government officials that the malware was built with parts and codes cobbled together from different places, a US official said. The official was not authorised to publicly discuss the investigation and spoke only on condition of anonymity. Cyber experts say the tools were stolen from the Equation Group, a powerful squad of hackers which some have ties to the NSA. The tools materialised as part of an internet electronic auction set up by a group calling itself "Shadow Brokers," which promised to leak more data into the public.
"I haven't found an analyst who doesn't say it doesn't come from the NSA cache," said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies.
"Think of it like a master key," Lewis said. "NSA identified a vulnerability in a Microsoft software that the Shadow Brokers, then released so anybody could use it." The Shadow Brokers "shared that vulnerability with the world and then these criminals took advantage of it," he said. V Miller Newton, president of PKWARE, a data protection and encryption company based in Milwaukee, Wisconsin, said leaks of purported NSA hacking tools have been coming out in dribs and drabs since August. "Criminals or terrorists are going to try to leverage these exploits," he said. "How damaging could it be? Extremely," Newton said. "Holy cow! The government can't protect itself from insiders?" — the Department of Homeland Security is leading the investigation.
Next Story