Homepage / Technology / Hacks Raise Fear Over N.S.A.’s Hold on Cyberweapons
Business Online Solutions What Is a Board Analysis? The Importance of Planning and Programs Development How Board Governance Software Improves Meetings and Governance How to Craft a Successful Board Meeting Reminder Benefits of a Virtual Data Room for Bankruptcy VDR Example for Business Hong Kong ユースカジノの登録方法を初心者にも分かりやすく図解入りで解説 チェリカジ 5 Как быстро пополнить счет в Казино Х в любой валюте Официальный сайт Up X казино и мгновенные игры Paşa Casino Mobil Uygulama 2025 Giriş Üyelik Bonusu Freespin No Deposit Bonus Casino Free Spins In New Zealand What Are The Best Online Casinos For Real Money Pokies And Bonuses In Australia Дэдди Казино официальный сайт Джойказино: информация про официальный сайт Glory Casino giriş için buraya tıkla ve Türkiyede en popüler casino kullanıcısı ol Les Gambling establishments en Ligne en France 2024 200% Reward + 300 Free Rotates LevelUp Internet casino Melbourne En İyi ve Güvenilir Casino Siteleri Canlı Casino Siteleri 2023 Listesi En İyi ve Güvenilir Casino Siteleri Canlı Casino Siteleri 2023 Listesi Le meilleur casino en ligne franзais Extra Casino avec le dйpфt minimal le in addition bas Yeni Casino Siteleri ᐈ Çevrimiçi Kumarhaneler Mart 2024 Les gambling establishments en ligne proposent une grande variйtй de jeux de internet casino gratuits. Türkiye’deki Resmi Web Sitesi Google Play, Türkiye’de kumar oyunlarına izin verecek Her Gün Tatil Olsa ORDU’DA PAZARTESİ GÜNÜ FINDIK FİYATI NASIL? كازينو اون لاين الكازينوهات الممتازة على الإنترنت ألعاب الكازينو المباشرة مينا كازينو العر Google Play, Türkiye’de kumar oyunlarına izin verecek Domain Sorgulama & Domain Fýrsatlarý Canlı Casino Siteleri: 2024 Güvenilir Siteler Seçilmiştir Golden Easter Slot İncelemesi 2024, Demoyu Ücretsiz Oynayın Golden Easter Slot İncelemesi 2024, Demoyu Ücretsiz Oynayın 1xbet Türkiye Giriş Empieza Kayıt 202 Kumar Ve Kumarhaneler Hakkında Pek İlginç 21 Bilgi Kumarhane Doğru Yazımı Nedir? Tdk Ile Kumarhane Kelimesinin Doğru Yazılışı! Mobilbahiste En İyi Kumar Bonusları Ve Kazançlar Mobilbahis Giriş Sayfası On Line Casino Siteleri En Iyi Casino Siteleri 2024 Mostbet: Türkiye’de Internet Casino Mostbet Online Slotlar Ve Canlı-casin Pin Up Casino Oyna Türkiye, Pinup’un Sah Web Sites Ifade Haberleri Son Dakika Ifade Hakkında Güncel Haber Ve Bilgiler “önceliğimiz Transferin Önünü Açmak, Görüştüğümüz Yerler Var” On Line Casino Nuh’un Gemisi Deluxe Resort & Spa, Kıbrıs The Benefits of Document Management Bonus Veren Siteler 3 000 Den Fazla Online Oyunu Ücretsiz Oyna En Tehlikeli Kumar Oyunu Ekşi Sözlük Deneme Bonusu Veren Siteler Deneme Bonusu 2024 Explore the Magic of WildCardCity Güvenilir Bahis Siteleri En İyi Kumar Siteleri Balıkesir Triatlonuna Avrupadan Ödül Tricks of the Aviator gambling establishment game by Spribe Çevrim Içi Kumar Siteleri “bonus” Yalanıyla Kandırıyor En Güvenilir Canlı On Line Casino Siteleri Xbetting-tips Com Uncovering the Abundant Tapestry of Ozwin Gambling establishment Evaluating Board Portal Providers Uncovering the Wealthy Tapestry of Ozwin On line casino Electronic Data Area Providers Evaluation Cobra Internet casino: Raising the Australian On the internet Video gaming Practical experience 4 Things to Search for in Safeguarded Cloud Safe-keeping Fastpay On line casino Australia – Simple and No-Taxation Wagering Web page officielle franзaise de Joka Gambling establishment The Software Development Universe Game Woo Internet casino – Enjoy Slot machine games around australia Ostdeutsche Biersorten What Are Virtual Data Rooms? Vitamin D Receptor Polymorphisms Revue du Casino BlackLabel Faktory, kterй ovlivnujн hodnocenн ceskэch online kasin How to Make the Most of Your Web Development Organization and Advertising Efforts L’essor des casinos en ligne en France Boost Meeting Efficiency With Boardroom Technology Developments WildJoker Casino WildCardCity On line casino – Guaranteed Australian Gambling Portal WildCardCity Casino – The Ideal On the internet Gambling establishment within australia Modern Technologies Produce Sharing Documents Online Faster and More Protect Free Virtual Info Room pertaining to Speedy Due Diligence A Review of Data Area Software For people who do buiness Five Board Bedroom Features Which will help You Acquire a More Productive Boardroom Electronic Systems To your Business Understanding Legal Terms and Laws in Today’s World The Laws and Contracts of Hollywood: A Sunset Blvd. Tale Legal Discussion Between Johnny Cash and Antonin Scalia Legal Insights: What Teens Should Know Legal Issues and Exceptions: What You Need to Know Legal Insights and Expert Analysis Celebrity Dialogue: Legal Matters in the 21st Century Famous Personalities Discuss Legal Issues The Boys in the Boat: Legal Advisors and The Quest for Legal Knowledge Understanding Legal Matters: Q&A on Criminal Law, Joint Ventures, and More Enticing Title The Departed: Understanding Basic Work Requirements and Legal Rights Youth Slang Blog Article Legal Insights: A Journey into the World of Law The Ins and Outs of Legal Matters: Everything You Need to Know Legal Insights and Trends: A Rap Guide Mysterious Legal Matters Unveiled Insights and Information: Understanding Various Laws and Regulations Famous People of the 21st Century

Technology

Hacks Raise Fear Over N.S.A.’s Hold on Cyberweapons

Twice in the past month, National Security Agency cyberweapons stolen from its arsenal have been turned against two very different partners of the United States — Britain and Ukraine.

The N.S.A. has kept quiet, not acknowledging its role in developing the weapons. White House officials have deflected many questions, and responded to others by arguing that the focus should be on the attackers themselves, not the manufacturer of their weapons.

But the silence is wearing thin for victims of the assaults, as a series of escalating attacks using N.S.A. cyberweapons have hit hospitals, a nuclear site and American businesses. Now there is growing concern that United States intelligence agencies have rushed to create digital weapons that they cannot keep safe from adversaries or disable once they fall into the wrong hands.

On Wednesday, the calls for the agency to address its role in the latest attacks grew louder, as victims and technology companies cried foul. Representative Ted Lieu, a California Democrat and a former Air Force officer who serves on the House Judiciary and Foreign Affairs Committees, urged the N.S.A. to help stop the attacks and to stop hoarding knowledge of the computer vulnerabilities upon which these weapons rely.

In an email on Wednesday evening, Michael Anton, a spokesman for the National Security Council at the White House, noted that the government “employs a disciplined, high-level interagency decision-making process for disclosure of known vulnerabilities” in software, “unlike any other country in the world.”

More from The New York Times:
Security experts scramble to contain fallout from cyberattacks
The risk in using a public phone charger
With new digital tools, even nonexperts can wage cyberattacks

Mr. Anton said the administration “is committed to responsibly balancing national security interests and public safety and security,” but declined to comment “on the origin of any of the code making up this malware.”

Beyond that, the government has blamed others. Two weeks ago, the United States — through the Department of Homeland Security — said it had evidence North Korea was responsible for a wave of attacks in May using ransomware called WannaCry that shut down hospitals, rail traffic and production lines. The attacks on Tuesday against targets in Ukraine, which spread worldwide, appeared more likely to be the work of Russian hackers, though no culprit has been formally identified.

In both cases, the attackers used hacking tools that exploited vulnerabilities in Microsoft software. The tools were stolen from the N.S.A., and a group called the Shadow Brokers made them public in April. The group first started offering N.S.A. weapons for sale in August, and recently even offered to provide N.S.A. exploits to paid monthly subscribers.

Though the identities of the Shadow Brokers remain a mystery, former intelligence officials say there is no question from where the weapons came: a unit deep within the agency that was until recently called “Tailored Access Operations.”

While the government has remained quiet, private industry has not. Brad Smith, the president of Microsoft, said outright that the National Security Agency was the source of the “vulnerabilities” now wreaking havoc and called on the agency to “consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”

For the American spy agency, which has invested billions of dollars developing an arsenal of weapons that have been used against the Iranian nuclear program, North Korea’s missile launches and Islamic State militants, what is unfolding across the world amounts to a digital nightmare. It was as if the Air Force lost some of its most sophisticated missiles and discovered an adversary was launching them against American allies — yet refused to respond, or even to acknowledge that the missiles were built for American use.

Officials fret that the potential damage from the Shadow Brokers leaks could go much further, and the agency’s own weaponry could be used to destroy critical infrastructure in allied nations or in the United States.

“Whether it’s North Korea, Russia, China, Iran or ISIS, almost all of the flash points out there now involve a cyber element,” Leon E. Panetta, the former defense secretary and Central Intelligence Agency chief said in a recent interview, before the weapons were turned against American interests.

“I’m not sure we understand the full capability of what can happen, that these sophisticated viruses can suddenly mutate into other areas you didn’t intend, more and more,” Mr. Panetta said. “That’s the threat we’re going to face in the near future.”

Using the remnants of American weapons is not entirely new. Elements of Stuxnet, the computer worm that disabled the centrifuges used in Iran’s nuclear weapons program seven years ago, have been incorporated in some attacks.

In the past two months, attackers have retrofitted the agency’s more recent weapons to steal credentials from American companies. Cybercriminals have used them to pilfer digital currency. North Korean hackers are believed to have used them to obtain badly needed currency from easy hacking targets like hospitals in England and manufacturing plants in Japan.
And on Tuesday, on the eve of Ukraine’s Constitution Day — which commemorates the country’s first constitution after breaking away from the Soviet Union — attackers used N.S.A.-developed techniques to freeze computers in Ukrainian hospitals, supermarkets, and even the systems for radiation monitoring at the old Chernobyl nuclear plant.

The so-called ransomware that gained the most attention in the Ukraine attack is believed to have been a smoke screen for a deeper assault aimed at destroying victims’ computers entirely. And while WannaCry had a kill switch that was used to contain it, the attackers hitting Ukraine made sure there was no such mechanism. They also ensured that their code could infect computers that had received software patches intended to protect them.

“You’re seeing a refinement of these capabilities, and it only heads in one direction,” said Robert Silvers, the former assistant secretary of cyber policy at the Department of Homeland Security, now a partner at the law firm Paul Hastings.

Though the original targets of Tuesday’s attacks appear to have been government agencies and businesses in Ukraine, the attacks inflicted enormous collateral damage, taking down some 2,000 global targets in more than 65 countries, including Merck, the American drug giant, Maersk, the Danish shipping company, and Rosneft, the Russian state owned energy giant. The attack so crippled operations at a subsidiary of Federal Express that trading had to be briefly halted for FedEx stock.

“When these viruses fall into the wrong hands, people can use them for financial gain, or whatever incentive they have — and the greatest fear is one of miscalculation, that something unintended can happen,” Mr. Panetta said.

Mr. Panetta was among the officials warning years ago of a “cyber Pearl Harbor” that could bring down the American power grid. But he and others never imagined that those same enemies might use the N.S.A.’s own cyberweapons.

For the past six years, government officials were comforted by the fact that their

most fervent adversaries — North Korea, Iran, extremist groups — did not have the skills or digital tools to inflict major damage. The bigger cyberpowers, Russia and China in particular, seemed to exercise some restraint, though Russia’s meddling in the 2016 presidential election added a new, more subtle threat.

But armed with the N.S.A.’s own tools, the limits are gone.

“We now have actors, like North Korea and segments of the Islamic State, who have access to N.S.A. tools who don’t care about economic and other ties between nation states,” said Jon Wellinghoff, the former chairman of the Federal Energy Regulatory Commission.

So long as flaws in computer code exist to create openings for digital weapons and spy tools, security experts say, the N.S.A. is not likely to stop hoarding software vulnerabilities any time soon.

Source: Tech CNBC
Hacks Raise Fear Over N.S.A.’s Hold on Cyberweapons

Comments are closed.