--> Secret tool created by the United States becomes a destructive online weapon | My Hack Stuff

Secret tool created by the United States becomes a destructive online weapon

The abduction of the public system of the US city of Baltimore is the latest evidence of the criminal use of resources developed by governments. 

On May 7, part of the computers of the Baltimore City Administration (USA) was blocked. hacker , or group of hackers , had encrypted system files and requested 13 bitcoins to free them. The price of bitcoins varies a lot: now, they are 92,467 euros.

The attack blocked, among other things, municipal emails, a database of parking tickets, a system used to pay water bills and the home sales system. The deadline to pay blackmail has been extended so far, one month after the attack. "We won't talk anymore, all we want is MONEY! Quick!" Said the note that appeared on some screens. Baltimore has announced that it has recovered some systems and that the final cost of this attack for the city will be around 18 million dollars.

The case of Baltimore would have remained as an example if it were not for a detail that revealed The New York Times and that is at the center of the debate of the cybersecurity community: so that the virus that blocked computers was faster, it was used Allegedly, a tool called EternalBlue, created by the American NSA (National Security Agency, in English) around 2012.
EternalBlue had served the United States Government to take advantage of an unknown bug in Windows software and infiltrate without being discovered on any computer with that operating system. "It was a Holy Grail," says Sergio de los Santos, director of innovation and laboratory at ElevenPaths, cybersecurity unit of Telef√≥nica Digital. "It didn't require user intervention, it could go unnoticed and it worked on any modern Windows," he adds.
EternalBlue had served the US Government to take advantage of an unknown bug in Windows 'software' and infiltrate
Computer viruses like Baltimore's are called ransomware or "reward" and are more common than it seems. In Spain there were 54 attacks against critical infrastructures of the Administration in 2018, according to data from the National Center for Critical Infrastructure Protection (CNPIC). There were also two against critical infrastructure in the private sector. The CNPIC does not disclose the names of the companies and organizations affected.
The 56 "critical infrastructures" attacked with ransomware are, according to the law, "strategic infrastructures whose operation is indispensable and does not allow alternative solutions, so that their disturbance or destruction would have a serious impact on essential services". Cases in recent years, according to the CNPIC, do not grow because they depend primarily on what type of ransomware becomes fashionable and works best.
The code used in Baltimore is called Robinhood, but there are more than 700 registered worldwide. They go for streaks or fashions: now one has just closed, GandCrab, which presumed to collect commissions from the rewards that its "users" obtained. They say that 2,000 million dollars have been paid thanks to their virus.

The biggest leak in history

In Spain there were 54 attacks against critical infrastructures of the Administration in 2018
The story of EternalBlue goes far beyond computer science. In 2017 a group called Shadow Brokers published online tools, including EternalBlue. Suddenly, one of the best weapons in the US arsenal was available to any government or criminal gang. It was as if there were an F-35 squad thrown at any airport available to anyone who knew how to fly them. The big question is how they got there.
The FBI arrested Harold T. Martin, a subcontracted NSA employee in 2016, such as Edward Snowden. At home they found lots of classified information, including hacking tools that the NSA used to enter enemy systems. Did anyone help Martin? Who continued speaking for the Shadow Brokers after their arrest? There are many unanswered questions. Shadow Brokers' leak was worse than Snowden's.
When the NSA learned that his tool had been stolen, he told Microsoft to patch the software . The action is logical, but it is still cynical: the NSA advised Microsoft to fix a hole they had used for years. Microsoft did, but not all systems in the world were updated right away.
It was as if there were an F-35 squad thrown at any airport
That leak resulted in the WannaCry virus in May 2017. "WannaCry only served to cause chaos and for EternalBlue to lose all its value because it became known," says De los Santos. WannaCry was a massive ransomware . It was like taking an F-35 squad to rob random banks: something absurd. The attackers collected "only" about $ 140,000 from about 400 computers that paid.
The US Department of Justice charged North Korean programmer Park Jin Hyok with WannaCry. The origin is therefore established. That virus reached about 300,000 computers, including several public hospitals in the United Kingdom, Renault, Telef√≥nica, FedEx or the German railways.
A month after WannaCry, NotPetya arrived. Through the servers of a Ukrainian company that served to make income statements, NotPetya encrypted computers from all over Ukraine and multinationals that had servers there. It affected 45,000 computers in the Maersk network, a shipping company. To restore the system again, they had to resort to a hard drive in Ghana that had been disconnected from the network by a power outage a while before NotPetya destroyed the entire system. The pharmaceutical company Merck, for example, cost 870 million in repairs. The main suspect in this case is Russia.
Until that moment, the ransomware had depended mainly on the seizure of users: it was necessary to click for example on a false message. But thanks to the combination of EternalBlue with others, the virus burst computers in chain without any intervention.

Why do you come back now?

That was all in 2017. Why is it current again? Because he has returned home. The NSA headquarters is next to Baltimore. It is as if weapons manufactured only in the United States were used to attack the country from outside. The precise use of EternalBlue in Baltimore is under discussion, but the lack of caution of the NSA, or of any government, with such tools is a huge risk.
Why didn't companies and public agencies update their systems right away?
Now a great NSA weapon is in the hands of anyone: "Once these tools are out there, they can fall into the hands of anyone, even children," says Ross Anderson, a professor at the University of Cambridge. Two years later it is no longer sophisticated because many systems have been updated, but there will always be gaps.
The NSA is not solely responsible. Microsoft, after all, had published the patch to avoid the assault of EternalBlue. Why didn't companies and public agencies update their systems right away? There are, above all, two reasons: one, there are large companies that need their systems to be running 24 hours a day and stopping them to update them requires a lot of effort; And two, there are systems that work well with older versions and an update can spoil the operation.
There is a third more diffuse reason: negligence. Backups, for example, are a simple resource to restore systems if a virus appears. "There is a fundamental difference between security equipment and systems in a company," explains Alfredo Reino, cybersecurity consultant. "The systems are measured for how long they work, and if something falls they have to lift it. That conflicts with security. Things as fundamental as permits, patches and backups seem secondary. And they may delay or don't do it, it won't fall off. " Visit our main blog for more content.
There are scanners looking for how many computers have not yet been updated. In the United States alone, there are more than 400,000. In Spain there are also many uncovered equipment: "In the case of private citizens or small businesses where the use of unlicensed software (and without official updates) is more common, the incidence of such an attack could affect several thousand teams, "CNPIC sources say.
That is not the worst. The worst part is that Microsoft has announced a new patch this May for a hole that was not yet known. It is likely that someone - a government? - has been using it as a spy weapon. That is, perhaps there is a tool out there to enter hundreds of thousands of machines without updating. The versions of Windows through which it sneaks are older than EternalBlue, but its scope is still a mystery.



Business,1,Coronavirus,2,Cristiano Ronaldo,1,Dortmund,1,Ethical Hacking,3,Exploitation,2,Featured,73,Football,71,Google Adsense,1,Kali Linux,2,LaLiga,3,Live Streams,12,Offensive Security,2,Penetration Testing,2,Politics,2,Post Exploitation,1,Premier League,33,PSG,1,Search Engine Optimization,1,Sports,68,Technology,7,Tips,2,Trending,122,UEFA Champions League,28,United States,1,World News,6,
My Hack Stuff: Secret tool created by the United States becomes a destructive online weapon
Secret tool created by the United States becomes a destructive online weapon
The abduction of the public system of the US city of Baltimore is the latest evidence of the criminal use of resources developed by governments.
My Hack Stuff
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content