Tuesday, June 13, 2017

Russian Cyber Hacks on U.S. Electoral System Far Wider Than Previously Known

Russian Cyber Hacks on U.S. Electoral System Far Wider Than Previously Known - Bloomberg
That's what I heard MONTHS ago. Let's move this along already.

Russian Cyber Hacks on U.S. Electoral System Far Wider Than Previously Known

Russia's cyberattack on the U.S. electoral system before Donald Trump's election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.

In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said.

The scope and sophistication so concerned Obama administration officials that they took an unprecedented step -- complaining directly to Moscow over a modern-day "red phone." In October, two of the people said, the White House contacted the Kremlin on the back channel to offer detailed documents of what it said was Russia's role in election meddling and to warn that the attacks risked setting off a broader conflict.

Unwinding the Twists, Turns in Trump-Russia Probe: QuickTake Q&A

The new details, buttressed by a classified National Security Agency document recently disclosed by the Intercept, show the scope of alleged hacking that federal investigators are scrutinizing as they look into whether Trump campaign officials may have colluded in the efforts. But they also paint a worrisome picture for future elections: The newest portrayal of potentially deep vulnerabilities in the U.S.'s patchwork of voting technologies comes less than a week after former FBI Director James Comey warned Congress that Moscow isn't done meddling.

"They're coming after America," Comey told the Senate Intelligence Committee investigating Russian interference in the election. "They will be back."

A spokeswoman for the Federal Bureau of Investigation in Washington declined to comment on the agency's probe.

Kremlin Denials

Russian officials have publicly denied any role in cyber attacks connected to the U.S. elections, including a massive "spear phishing" effort that compromised Hillary Clinton's campaign and the Democratic National Committee, among hundreds of other groups. President Vladimir Putin said in recent comments to reporters that criminals inside the country could have been involved without having been sanctioned by the Russian government.

One of the mysteries about the 2016 presidential election is why Russian intelligence, after gaining access to state and local systems, didn't try to disrupt the vote. One possibility is that the American warning was effective. Another former senior U.S. official, who asked for anonymity to discuss the classified U.S. probe into pre-election hacking, said a more likely explanation is that several months of hacking failed to give the attackers the access they needed to master America's disparate voting systems spread across more than 7,000 local jurisdictions.

How to See If Russia Meddled With Your Vote

How to See If Russia Meddled With Your Vote

How to See If Russia Meddled With Your Vote

Such operations need not change votes to be effective. In fact, the Obama administration believed that the Russians were possibly preparing to delete voter registration information or slow vote tallying in order to undermine confidence in the election. That effort went far beyond the carefully timed release of private communications by individuals and parties.

One former senior U.S. official expressed concern that the Russians now have three years to build on their knowledge of U.S. voting systems before the next presidential election, and there is every reason to believe they will use what they have learned in future attacks.

Secure Channel

As the first test of a communication system designed to de-escalate cyber conflict between the two countries, the cyber "red phone" -- not a phone, in fact, but a secure messaging channel for sending urgent messages and documents -- didn't quite work as the White House had hoped. NBC News first reported that use of the red phone by the White House last December.

The White House provided evidence gathered on Russia's hacking efforts and reasons why the U.S. considered it dangerously aggressive. Russia responded by asking for more information and providing assurances that it would look into the matter even as the hacking continued, according to the two people familiar with the response.

"Last year, as we detected intrusions into websites managed by election officials around the country, the administration worked relentlessly to protect our election infrastructure," said Eric Schultz, a spokesman for former President Barack Obama. "Given that our election systems are so decentralized, that effort meant working with Democratic and Republican election administrators from all across the country to bolster their cyber defenses."

Illinois Database

Illinois, which was among the states that gave the FBI and the Department of Homeland Security almost full access to investigate its systems, provides a window into the hackers' successes and failures.

In early July 2016, a contractor who works two or three days a week at the state board of elections detected unauthorized data leaving the network, according to Ken Menzel, general counsel for the Illinois board of elections. The hackers had gained access to the state's voter database, which contained information such as names, dates of birth, genders, driver's licenses and partial Social Security numbers on 15 million people, half of whom were active voters. As many as 90,000 records were ultimately compromised.

But even if the entire database had been deleted, it might not have affected the election, according to Menzel. Counties upload records to the state, not the other way around, and no data moves from the database back to the counties, which run the elections. The hackers had no way of knowing that when they attacked the state database, Menzel said.

The state does, however, process online voter registration applications that are sent to the counties for approval, Menzel said. When voters are added to the county rolls, that information is then sent back to the state and added to the central database. This process, which is common across states, does present an opportunity for attackers to manipulate records at their inception.

Patient Zero

Illinois became Patient Zero in the government's probe, eventually leading investigators to a hacking pandemic that touched four out of every five U.S. states.

Using evidence from the Illinois computer banks, federal agents were able to develop digital "signatures" -- among them, Internet Protocol addresses used by the attackers -- to spot the hackers at work.

The signatures were then sent through Homeland Security alerts and other means to every state. Thirty-seven states reported finding traces of the hackers in various systems, according to one of the people familiar with the probe. In two others -- Florida and California -- those traces were found in systems run by a private contractor managing critical election systems.

(An NSA document reportedly leaked by Reality Winner, the 25-year-old government contract worker arrested last week, identifies the Florida contractor as VR Systems, which makes an electronic voter identification system used by poll workers.)

In Illinois, investigators also found evidence that the hackers tried but failed to alter or delete some information in the database, an attempt that wasn't previously reported. That suggested more than a mere spying mission and potentially a test run for a disruptive attack, according to the people familiar with the continuing U.S. counterintelligence inquiry.

States' Response

That idea would obsess the Obama White House throughout the summer and fall of 2016, outweighing worries over the DNC hack and private Democratic campaign emails given to Wikileaks and other outlets, according to one of the people familiar with those conversations. The Homeland Security Department dispatched special teams to help states strengthen their cyber defenses, and some states hired private security companies to augment those efforts.

In many states, the extent of the Russian infiltration remains unclear. The federal government had no direct authority over state election systems, and some states offered limited cooperation. When then-DHS Secretary Jeh Johnson said last August that the department wanted to declare the systems as national critical infrastructure -- a designation that gives the federal government broader powers to intervene -- Republicans balked. Only after the election did the two sides eventually reach a deal to make the designation.

Relations with Russia remain strained. The cyber red phone was announced in 2011 as a provision in the countries' Nuclear Risk Reduction Centers to allow urgent communication to defuse a possible cyber conflict. In 2008, what started during the Cold War as a teletype messaging system became a secure system for transferring messages and documents over fiber-optic lines.

After the Obama administration transmitted its documents and Russia asked for more information, the hackers' work continued. According to the leaked NSA document, hackers working for Russian military intelligence were trying to take over the computers of 122 local election officials just days before the Nov. 8 election.

While some inside the Obama administration pressed at the time to make the full scope of the Russian activity public, the White House was ultimately unwilling to risk public confidence in the election's integrity, people familiar with those discussions said.

Watch Next: How to See If Russia Meddled With Your Vote


Saturday, June 10, 2017

Your Secrets Are Weighing You Down

Your Secrets Are Weighing You Down

Your Secrets Are Weighing You Down

Research finds the experience of keeping a secret is akin to carrying a physical weight, diminishing motivation and performance.

Illustration by James Steinberg

You "carry" a secret. You feel "burdened" by a secret. Your secret "weighs" on you.

Secrecy may be an abstract concept, but there's a reason we talk about it in these concrete terms. New research from Michael Slepian found that keeping a secret is akin to being encumbered by a physical weight. And that weight may be holding you back at work.


"The more you feel preoccupied by a secret and are thinking about it, the more you are using your personal resources — cognitive and motivational — the less energy you feel you have available to pursue other tasks," Slepian says. "You see things around you as more challenging. It's the same outcome as when you are carrying a heavy burden."

In our personal lives, this dynamic can lead us to withdraw from people, activities, and relationships. In the workplace, it can result in decreased productivity and engagement — which spells trouble for employees and employers alike. "Being preoccupied by a secret at work can be demotivating," Slepian says. "And we know if you are less motivated, you perform less well."

Sign up to receive the latest thought leadership from Columbia Business School.

In a series of studies, Slepian, along with co-researchers Nicholas Camp of Stanford University and E.J. Masicampo of Wake Forest University, asked participants to think of either a "preoccupying" secret or a "non-preoccupying" secret and then to judge the steepness of a hill. Individuals' perception of "hill slant," as this test is known, has been shown to vary depending on whether subjects are carrying additional weight. The results were consistent: those participants who were asked to recall a preoccupying secret judged the hill to be steeper, and therefore more forbidding, just as if they were lugging a heavy load.

Preoccupying secrets can take many forms, from sexual orientation, infidelities, and money troubles to benign bad habits and personal quirks, Slepian says. But because one person's major skeleton-in-the-closet might be another person's peccadillo, the troubling nature of secrets is subjective. Couple that with the inherent complications of sharing personal information at the office, and workers might be at a loss as to how to handle their private concerns.

For workers pinned down under the weight of their secrets, the best solution is simply to get them off their chests. "Sometimes people feel like the right thing to do is to keep the secret," Slepian explains. "But by doing that, you may set yourself up for negative consequences."

Slepian urges those burdened by their secrets to talk to a real, live person if possible — but only someone they trust, someone who can keep their secret and who does not have control over any potential spillover effects of the revelation. In the workplace, that might be a colleague in another department or even a friend in a different industry. For those without a confidant, anonymous hotlines offer individuals a way to talk about their secrets without revealing their identities.

Even if divulging your secret out loud isn't a possibility, there are still ways to reduce your preoccupation with it. One way to do that is to write it down, whether that means posting it to an online message board or forum, sending it to a website like PostSecret, which shares submissions confidentially, or just jotting it down in a personal journal.  Getting the secret out there, even in written form, "tends to make people very relieved," Slepian says.

Not only does the sheer act of talking about your secret relieve the pressure of keeping it, by explaining and acknowledging your feelings about your secret to another person, you can begin to move forward and regain your productivity. "When you talk about your secret," Slepian says "you start thinking about it constructively — processing it, making sense of it, learning how to cope with it — reducing your preoccupation with that secret and taking you off the path of burden."

About the researcher

Michael Slepian

Michael Slepian is Assistant Professor in the Management Division of Columbia Business School. His program of research examines secrecy and trust. He studies the...

Read more.


Monday, June 5, 2017

Light and Love to the London; Solidarity to Portland

This is the reality. Far right extremists pose a far greater risk to our safety than Muslims.

No "Travel" (Muslim) Ban or Wall will solve that problem and Trump is too busy trolling and harassing the Mayor of London to even take notice of ANOTHER mass shooting unfolding in Florida this mourning. (Spelling intentional)

He continues to incite violence and troll the planet with his insanity on Twitter and through ridiculous speeches making Whitehouse press statements through Alex Jones and Infowars. 



Far right extremists and White Supremacists don't realize they have been played by Trump any more than Trump realizes he was played by Putin.

All I know right now is that the truth is Comey-ing. 

Thursday will have the highest ratings EVER. More people are going to be watching Comey than the OJ Simpson trial. 

The Whitehouse has a serious credibility problem. Trump took Mayor Sadiq's statement completely out of context. 

While most leaders would know the best way to handle a crisis is to reassure the public that measures are being taken to assure their safety, instead, Trump is using the tragedy for political gain. 

Trump has launched a personal attack on Mayor Sadiq inciting violence against Muslims and further appealing to disenfranchised youth who are vulnerable towards being radicalized by ISIS or White Supremacist Cults. Imagine if the Prime Minister did something so heinous after 9/11 of the Orlando shooting. 

This is truly dreadful. He's an opportunist and is a very sick and twisted man.

Sending light and love to my friends in the U.K. and solidarity to my friends in Portland. I stand with you. 

That's your DailyDDoSe from Chilleh Penguin © Elyssa D. Durant 2017


Homegrown Terrorism and Why the Threat of Right-Wing Extremism Is Rising in America

This article was originally published on The Conversation. Read the original article.

The murder in College Park, Maryland of Richard Collins III, an African-American student who had recently been commissioned as a second lieutenant in the U.S. Army and was days away from his graduation from Bowie State University, underscores the violence of America’s far-right wing. Sean Urbanski, the University of Maryland student who allegedly stabbed Collins to death, belongs to a racist Facebook group called Alt-Reich: Nation.

It makes sense that the FBI is helping the police investigate this incident as a suspected hate crime. But my 15 years experience of studying violent extremism in Western societies has taught me that dealing effectively with far-right violence requires something more: treating its manifestations as domestic terrorism.

Subscribe to Newsweek from $1 per week

While attacks such as the recent suicide bombing in Manchester that left 22 people dead and several dozen injured will probably continue to garner more headlines, this growing domestic menace deserves more attention than it’s getting.

Domestic terrorism

Terrorism is a form of psychological warfare. Most terrorist groups lack the resources, expertise and manpower to defeat state actors. Instead, they promote their agenda through violence that shapes perceptions of political and social issues.

Collins’ murder, if it was motivated by racist sentiments, should be treated as an act of domestic terrorism, which I define here as the use of violence in a political and social context that aims to send a message to a broader target audience. Like lynching, cross-burning and vandalizing religious sites, incidents of this kind deliberately aim to terrorize people of color and non-Christians.

I consider domestic terrorism a more significant threat than the foreign-masterminded variety in part because it is more common in terms of the number of attacks on U.S. soil. For example, my report published by the Combating Terrorism Center at West Point identified hundreds of domestic terror incidents per year between 2008 and 2012.

Another report initially published in 2014 by New America Foundation on domestic incidents of extremist violence shows that excluding the Orlando nightclub massacre, between 2002-2016, far-right affiliated perpetrators conducted 18 attacks that killed 48 people in the United States, while terrorists motivated by al-Qaida’s or the Islamic State’s ideology killed 45 people in nine attacks.

The Orlando mass shooting, given its mix of apparent motives, is hard to categorize.

A spontaneous appearance

In briefings with law enforcement and policymakers, I have sometimes encountered a tendency to see U.S. right-wing extremists as a monolith. But traditional Ku Klux Klan chapters operate differently than skinhead groups, as do anti-government “patriot” and militia groups and anti-abortion extremistsChristian Identity groups, which believe Anglo-Saxons and other people of Northern European descent are a chosen people, are distinct too.

Certainly, there is some overlap. But these groups also differ significantly in terms of their methods of violence, recruitment styles and ideologies. Across the board, undermining the threat they pose requires a more sophisticated approach than investigating their criminal acts as suspected hate crimes.

In an ongoing study I’m conducting at the University of Massachusetts Lowell with several students, we have determined that, as apparently occurred with Collins’ recent murder in Maryland, many attacks inspired by racist or xenophobic sentiments may appear spontaneous. That is, no one plans them in advance or targets the victim ahead of time. Instead, chance encounters that enrage the perpetrators trigger these incidents.

Sporadic attacks with high numbers of casualties that are plotted in advance, such as Dylann Roof’s murder of nine African-Americans in a Charleston, South Carolina church, are always big news. More typical incidents of far-right violence tend to draw less attention.

The fatal stabbing of Taliesin Myrddin Namkai Meche and Ricky John Best aboard a train in Portland, Oregon on May 26 seems to be emerging as an exception. The alleged killer of these two white men, Jeremy Joseph Christian, attacked them with a knife after they stood up to him for haranguing two young women who appeared to be Muslim, police said. A third injured passenger is expected to survive. Much of the media coverage is focused on Christian’s violent and racist background.

Given the spontaneous nature of so much far-right violence, U.S. counterterrorism policies should, in my view, target the dissemination of white supremacist ideology, rather than just identifying planned attacks and monitoring established white supremacy groups.

An iceberg theory

The number of violent attacks on U.S. soil inspired by far-right ideology has spiked since the beginning of this century, rising from a yearly avarage of 70 attacks in the 1990s to a yearly avarage of more than 300 since 2001. These incidents have grown even more common since President Donald Trump’s election.

The Southern Poverty Law Center, a nonprofit that researches U.S. extremism, reported 900 bias-related incidents against minorities in the first 10 days after Trump’s election—compared to several dozen in a normal week—and the group found that many of the harassers invoked the then-president-elect’s name. Similarly, the Anti-Defamation League, a nonprofit that tracks anti-Semitism, recorded an 86 percent rise in anti-Semitic incidents in the first three months of 2017.

Beyond the terror that victimized communities are experiencing, I would argue that this trend reflects a deeper social change in American society.

The iceberg model of political extremism, initially developed by Ehud Shprinzak, an Israeli political scientist, can illuminate these dynamics.

Murders and other violent attacks perpetrated by U.S. far-right extremists compose the visible tip of an iceberg. The rest of this iceberg is under water and out of sight. It includes hundreds of attacks every year that damage property and intimidate communities, such as the recent attempted burning of an African-American family’s garage in Schodack, New York. The garage was also defaced with racist graffiti.

Data my team collected at the Combating Terrorism Center at West Point show that the significant growth in far-right violence in recent years is happening at the base of the iceberg. While the main reasons for that are still not clear, it is important to remember that changes in societal norms are usually reflected in behavioral changes. Hence, it is more than reasonable to suspect that extremist individuals engage in such activities because they sense that their views are enjoying growing social legitimacy and acceptance, which is emboldening them to act on their bigotry.

Budget cuts

Despite an uptick in far-right violence and the Trump administration’s plan to increase the Department of Homeland Security budget by 6.7 percent to US$44.1 billion in 2018, the White House wants to cut spending for programs that fight non-Muslim domestic terrorism.

The federal government has also frozen $10 million in grants aimed at countering domestic violent extremism. This approach is bound to weaken the authorities’ power to monitor far-right groups, undercutting public safety.

How many more innocent people like Richard Collins III—and Taliesin Myrddin Namkai Meche and Ricky John Best—have to die before the U.S. government starts taking the threat posed by violent white supremacists more seriously?

Arie Perliger is Director of Security Studies and a professor at University of Massachusetts Lowell.


Sunday, May 28, 2017

Raise the Terror Alert!! They are already here!!

The U.K. has raised the threat level of Terrorist attacks to critical. Now the USA needs to do the same thing. And let me assure you, building a wall or deporting small children will NOT keep terrorists out. They are ALREADY here. They are White, homegrown Far Right Extremists. 

I will say this as many times as I need to. And calling me a Bitch or ugly or even death threats won't shut me up. It will only amplify my message. Can you here me now?? 

Elyssa Durant, Ed.M.
Nashville, Tennessee

"You may not care how much I know, but you don't know how much I care."


Friday, May 26, 2017

Hey hey! Ho ho! Donald Trump Has GOT to go!!

I worked on the Obama Campaign and with the Obama Transition Team. 

People have asked me if I was this critical of Obama and the answer is yes. However, not once did I ever feel that Obama was in it for the money or his ego. I'm done placating a 70 year old loser. 

Once Obama was in and I wrote my up policy briefs and proposals I was done. I'm not done with Trump because I don't think he has the moral character, integrity or human decency to represent me or anyone else in the United States. 

I've put up with Trump as a neighbor half a mile from Mar-A-Lago and that was bad enough. Now Trump is alienating all of our allies the same way he did with Palm Beach Residents. 

Donald Trump has GOT to go.
Elyssa Durant, Ed.M.
Nashville, Tennessee

"You may not care how much I know, but you don't know how much I care."


Saturday, May 13, 2017

It Looks Like Someone Else Might Be Using Your Account | Hotmail Support UK

It Looks Like Someone Else Might Be Using Your Account | Hotmail Support UK
There's like 100 people using my account. 

It Looks Like Someone Else Might Be Using Your Account

If you login into your Hotmail account and you get a message saying

'It looks like someone else might be using your account', then it is a sign that your Hotmail account has been hacked.

You will not get this message if you access the Hotmail account on multiple devices.

Instead, this message only comes up when someone has accessed your Hotmail account from outside your native country and they have sent out lots of spam emails from your Hotmail account.

These hackers will sometimes also send out emails to your contacts stating that you are stranded in a remote island and that you need money.

The message 'It looks like someone else might be using your account' will look a bit like the picture below:

It looks like someone else might be using your account

If you notice any of the above with your Hotmail account,

Please contact us for Hotmail Support.


  1. You clicked on a malicious link in an email.We have noticed emails which say 'Whats App' or 'Private Message' to be the cause of this problem.
  2. If your computer has malware infections which are capable of stealing passwords, then this problem can occur.Even if you have virus protection software on the computer, the problem can still occur, since there is nothing in this world which is capable of giving 100% protection against all infections.
  3. One of the most common causes of the problem is Phishing.You have entered your password on a phishing website which appeared to be a genuine Hotmail website. Your password gets stolen and is then used by the hacker to hack into your Hotmail account.
  4. You use the same password for all accounts on all websites. This may cause one of your passwords to be stolen and the hacker getting hold of your Hotmail account with the help of that same password.

What's Next?

Please contact us for Hotmail Support if you are getting the message saying It looks like someone else might be using your account.


Data breach notification fatigue: Do consumers (eventually) tune out? | CSO Online

Data breach notification fatigue: Do consumers (eventually) tune out? | CSO Online

Data breach notification fatigue: Do consumers (eventually) tune out?

Data breach notifications are flying en masse following the Epsilon Interactive breach, but are they doing customers any good?

Earlier this month more than 50 companies were involved in a massive heist of names and email addresses from Epsilon Interactive. With millions of customers of companies such as Best Buy, Brookestone, Dell, Marriott and many others affected, the question is being raised: are so many breach notifications from so many companies numbing their impact?

As for the breach that started it all for Epilson, it's becoming an all-too common story: employees were spear-phished with emails that linked to a malicious web site, or contained an attachment designed to infect end points with malware. Once a foothold was established, the attackers moved in on what they were after. Such attack techniques have been behind, among many other incidents, the now infamous Operation Aurora and recent RSA Security breach.

The Epsilon breach is relatively tame by breach standards. As far as we know, no Social Security numbers, financial account numbers or even physical street addresses were stolen: only name, email address, and the knowledge of where that customer had a business relationship. What worries experts now is that customers will become targeted themselves by spear-phishing attacks.

Gartner analyst Avivah Litan, told CSOOnline that the banks -- Barclays Bank of Delaware, CapitalOne, Citibank, JPMorgan Chase TD Ameritrade, and others are "freaking out" over the breach.

Now, with a breach that in all likelihood involved millions of notifications, will people pay attention or will they receive so many breach notifications that they tune out?

"The Epsilon breach resulted in many consumers receiving multiple notifications, almost exclusively by email, that systems storing emails may have been compromised and that they shouldn't trust emails. There is a lot of irony in that," says Mark Rasch, director of cybersecurity and privacy consulting at Computer Sciences Corporation. "Then there is the idea of notification fatigue. People get these notices and they wonder what they can do about it. The frank answer is there is nothing they can do about it."

But Rafal Los, security evangelist at HP Software, says the notices have built considerable awareness around the dangers of phishing attacks.

"People not only see these notifications, but it's made the headlines of national newspapers and has been all over the TV. It's helping to tune people in to the fact that they may be targeted in their email boxes," he says. "And following this email breach those concerns are real."

Gartner analyst John Pescatore classifies breach notifications into two camps: those where nothing happens to those notified, and the notifications where bad stuff does happen. "There is definite notification fatigue happening on the former. For example, there has never actually been a publicly acknowledged customer account compromise due to a lost backup tape, but there were scads of notifications," he says. "But, I think more importantly, there are two reasons for requiring breach notifications: First, to give the information into how well or how badly companies are protecting their information. Second, to give the owners of the companies an incentive to want to minimize how often they have to issue press releases saying dear customers, we lost your sensitive information. "Both of those are really good things, worth some notification fatigue."

Still, others think that all of the breach notifications regarding names and email addresses are not doing anyone any good. "I certainly think it's a mistake," says Rasch. "It's not that I think corporations should conceal these incidents. When it's a name and email address the statutes don't require a notification. But that's not why I think that they shouldn't do it. They shouldn't do it because it's not helpful."

George V. Hulme writes about security and technology from his home in Minneapolis. He hasn't opened any email since the Epsilon breach went public. But you can still find him on Twitter at @georgevhulme.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.


Massive ransomware cyber-attack hits nearly 100 countries around the world | Technology | The Guardian

Massive ransomware cyber-attack hits nearly 100 countries around the world | Technology | The Guardian

Massive ransomware cyber-attack hits nearly 100 countries around the world

More than 45,000 attacks recorded in countries including the UK, Russia, India and China may have originated with theft of 'cyber weapons' from the NSA

The attack hit England's National Health Service (NHS) on Friday, locking staff out of their computers and forcing some hospitals to divert patients.

A ransomware cyber-attack that may have originated from the theft of "cyber weapons" linked to the US government has hobbled hospitals in England and spread to countries across the world.

Security researchers with Kaspersky Lab have recorded more than 45,000 attacks in 99 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt. In Spain, major companies including telecommunications firm Telefónica were infected.

By Friday evening, the ransomware had spread to the United States and South America, though Europe and Russia remained the hardest hit, according to security researchers Malware Hunter Team. The Russian interior ministry says about 1,000 computers have been affected.

Markus Jakobsson, chief scientist with security firm Agari, said that the attack was "scattershot" rather than targeted.

"It's a very broad spread," Jakobsson said, noting that the ransom demand is "relatively small".

"This is not an attack that was meant for large institutions. It was meant for anyone who got it."

MalwareHunterTeam (@malwrhunterteam)

Fresh IDR based heatmap for WanaCrypt0r 2.0 ransomware (WCry/WannaCry).
Also follow @MalwareTechBlog's tracker: https://t.co/mjFwsT3JzH pic.twitter.com/SPeZfBpckm

May 12, 2017

The malware was made available online on 14 April through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of "cyber weapons" from the National Security Agency (NSA). At the time, there was skepticism about whether the group was exaggerating the scale of its hack.

On Twitter, whistleblower Edward Snowden blamed the NSA.

"If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened," he said.

"It's very easy for someone to say that, but the reality is the US government isn't the only one that has a stockpile of exploits they are leveraging to protect the nation," said Jay Kaplan, CEO of Synack, who formerly worked at the NSA.

"It's this constant tug of war. Do you let intelligence agencies continue to take advantage of vulnerabilities to fight terrorists or do you give it to the vendors and fix them?"

The NSA is among many government agencies around the world to collect cyber weapons and vulnerabilities in popular operating systems and software so they can use them to carry out intelligence gathering or engage in cyberwarfare. The agency did not immediately respond to a request for comment.

Ransomware is a type of malware that encrypts a user's data, then demands payment in exchange for unlocking the data. This attack used malicious software called "WanaCrypt0r 2.0" or WannaCry, that exploits a vulnerability in Windows. Microsoft released a patch (a software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.

"This was eminently predictable in lots of ways," said Ryan Kalember from cybersecurity firm Proofpoint. "As soon as the Shadow Brokers dump came out everyone [in the security industry] realized that a lot of people wouldn't be able to install a patch, especially if they used an operating system like Windows XP [which many NHS computers still use], for which there is no patch."

The ransomware demands users pay $300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the "payment will be raised" after a certain amount of time. Translations of the ransom message in 28 languages are included. The malware spreads through email.

"Attacks with language support show a progressive increase of the threat level," Jakobsson said.

The attack hit England's National Health Service (NHS) on Friday, locking staff out of their computers and forcing some hospitals to divert patients.

"The attack against the NHS demonstrates that cyber-attacks can quite literally have life and death consequences," said Mike Viscuso, chief techology officer of security firm Carbon Black. "When patients' lives are at stake, there is no time for finger pointing but this attack serves as an additional clarion call that healthcare organizations must make cybersecurity a priority, lest they encounter a scenario where lives are risked."

Ransomware attacks are on the rise. Security company SonicWall, which studies cyberthreats, saw ransomware attacks rise 167 times in 2016 compared to 2015.

"Ransomware attacks everyone, but industry verticals that rely on legacy systems are especially vulnerable," said Dmitriy Ayrapetov, executive director at SonicWall.

A Los Angeles hospital paid $17,000 in bitcoin to ransomware hackers last year, after a cyber-attack locked doctors and nurses out of their computer system for days.

Jakub Kroustek (@JakubKroustek)

36,000 detections of #WannaCry (aka #WanaCypt0r aka #WCry) #ransomware so far. Russia, Ukraine, and Taiwan leading. This is huge. pic.twitter.com/EaZcaxPta4

May 12, 2017

Jakobsson said that the concentration of the attack in Russia suggested that the attack originated in Russia. Since the malware spreads by email, the level of penetration in Russia could be a sign that the criminals had access to a large database of Russian email addresses.

However, Jakobsson warned that the origin of the attack remains unconfirmed.


What is 'WanaCrypt0r 2.0' ransomware and why is it attacking the NHS? | Technology |

What is 'WanaCrypt0r 2.0' ransomware and why is it attacking the NHS? | Technology | The Guardian

What is 'WanaCrypt0r 2.0' ransomware and why is it attacking the NHS?

Malicious software has attacked computers across the NHS and companies in Spain, Russia, the Ukraine and Taiwan. What is it and how is it holding data to ransom?

What is ransomware, how does it work, how does it spread and why is it attacking the NHS?

'WanaCrypt0r 2.0' malicious software has hit the NHS, some of Spain's largest companies including Telefónica, as well as computers across Russia, the Ukraine and Taiwan, leading to PCs and data being locked up and held for ransom.

The ransomware uses a vulnerability first revealed to the public as part of a leaked stash of NSA-related documents in order to infect Windows PCs and encrypt their contents, before demanding payments of hundreds of dollars for the key to decrypt files.

The co-ordinated attack had managed to infect large numbers of computers across the health service less than six hours after it was first noticed by security researchers, in part due to its ability to spread within networks from PC to PC

The ransomware has already caused hospitals across England to divert emergency patients – but what is it, how does it spread and why is this happening in the first place?

What is ransomware?

Ransomware is a particularly nasty type of malware that blocks access to a computer or its data and demands money to release it.

How does it work?

When a computer is infected, the ransomware typically contacts a central server for the information it needs to activate, and then begins encrypting files on the infected computer with that information. Once all the files are encrypted, it posts a message asking for payment to decrypt the files – and threatens to destroy the information if it doesn't get paid, often with a timer attached to ramp up the pressure.

How does it spread?

Most ransomware is spread hidden within Word documents, PDFs and other files normally sent via email, or through a secondary infection on computers already affected by viruses that offer a back door for further attacks.

MalwareHunterTeam (@malwrhunterteam)

There is a new version of WCry/WannaCry ransomware: "WanaCrypt0r 2.0".
Extension: .WNCRY
Note: @Please_Read_Me@.txt@BleepinComputer pic.twitter.com/tdq0OBScz4

May 12, 2017

What is WanaCrypt0r 2.0?

The malware that has affected Telefónica in Spain and the NHS in Britain is the same software: a piece of ransomware first spotted in the wild by security researchers MalwareHunterTeam, at 9:45am on 12 May.

Less than four hours later, the ransomware had infected NHS computers, albeit originally only in Lancashire, and spread laterally throughout the NHS's internal network. It is also being called Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2.

How much are they asking for?

WanaCrypt0r 2.0 is asking for $300 worth of the cryptocurrency Bitcoin to unlock the contents of the computers.

Myles Longfield (@myleslongfield)

Shocking that our @NHS is under attack and being held to ransom. #nhscyberattack pic.twitter.com/1bcrqD9vEz

May 12, 2017

Who are they?

The creators of this piece of ransomware are still unknown, but WanaCrypt0r 2.0 is their second attempt at cyber-extortion. An earlier version, named WeCry, was discovered back in February this year: it asked users for 0.1 bitcoin (currently worth $177, but with a fluctuating value) to unlock files and programs.

How is the NSA tied in to this attack?

Once one user has unwittingly installed this particular flavour of ransomware on their own PC, it tries to spread to other computers in the same network. In order to do so, WanaCrypt0r uses a known vulnerability in the Windows operating system, jumping between PC and PC. This weakness was first revealed to the world as part of a huge leak of NSA hacking tools and known weaknesses by an anonymous group calling itself "Shadow Brokers" in April.

Was there any defence?

Yes. Shortly before the Shadow Brokers released their files, Microsoft issued a patch for affected versions of Windows, ensuring that the vulnerability couldn't be used to spread malware between fully updated versions of its operating system. But for many reasons, from lack of resources to a desire to fully test new updates before pushing them out more widely, organisations are often slow to install such security updates on a wide scale.

Who are the Shadow Brokers? Were they behind this attack?

In keeping with almost everything else in the world of cyberwarfare, attribution is tricky. But it seems unlikely that the Shadow Brokers were directly involved in the ransomware strike: instead, some opportunist developer seems to have spotted the utility of the information in the leaked files, and updated their own software accordingly. As for the Shadow Brokers themselves, no-one really knows, but fingers point towards Russian actors as likely culprits.

Will paying the ransom really unlock the files?

Sometimes paying the ransom will work, but sometimes it won't. For the Cryptolocker ransomware that hit a few years ago, some users reported that they really did get their data back after paying the ransom, which was typically around £300. But there's no guarantee paying will work, because cybercriminals aren't exactly the most trustworthy group of people.

There are also a collection of viruses that go out of their way to look like ransomware such as Cryptolocker, but which won't hand back the data if victims pay. Plus, there's the ethical issue: paying the ransom funds more crime.

What else can I do?

Once ransomware has encrypted your files there's not a lot you can do. If you have a backup of the files you should be able to restore them after cleaning the computer, but if not your files could be gone for good.

Some badly designed ransomware, however, has been itself hacked by security researchers, allowing recovery of data. But such situations are rare, and tend not to apply in the case of widescale professional hits like the WanaCrypt0r attack.

Disrupted patients 'fed up' with delays due to cyber-attack

How long will this attack last?

Ransomware often has a short shelf life. As anti-virus vendors cotton on to new versions of the malware, they are able to prevent infections originating and spreading, leading to developers attempting "Big Bang" introductions like the one currently underway.

Will they get away with it?

Bitcoin, the payment medium through which the hackers are demanding payment, is difficult to trace, but not impossible, and the sheer scale of the attack means that law enforcement in multiple countries will be looking to see if they can follow the money back to the culprits.

Why is the NHS being targeted?

The NHS does not seem to have been specifically targeted, but the service is not helped by its reliance on old, unsupported software. Many NHS trusts still use Windows XP, a version of Microsoft's operating system that has not received publicly available security updates for half a decade, and even those which are running on newer operating systems are often sporadically maintained. For an attack which relies on using a hole fixed less than three months ago, just a slight oversight can be catastrophic.

Attacks on healthcare providers across the world are at an all-time high as they contain valuable private information, including healthcare records.