Top NSA Spying Tools Leaked, Auctioned Online for $500 Million

It’s 3 months since some of the NSA’s top-secret hacking tools were dumped for public inspection by person or persons unknown. Various commentators and experts voiced theories about the motive and perpetrator. People such as Edward Snowden and security experts pointed fingers at Russia almost immediately. The picture of the event has changed somewhat in the intervening period and the salient facts have been re-examined in a different light:

  • The suggested price for the remainder of the cache at $568 million was way too high to be credible. This indicated the likelihood of a simple publicity stunt rather than a serious attempt to obtain money.
  • Some of the tools were zero-day exploits (tools that take advantage of unreported vulnerabilities) and could have fetched over $100,000 each on the black market instead of being given away for free. That would have been the obvious route to take if money were the objective.
  • The timestamps indicated that the material was 3 years old. Although its authenticity has been corroborated, why keep it under wraps for that long?
  • The FBI, who are leading the investigation, now say they believe it was accidentally exposed by an NSA employee or subcontractor and subsequently discovered by the perpetrator.

So the infamous hack looks like it was not a hack at all. The most likely explanation is that the act was a veiled threat by Russia to lay off further actions against it over the much-publicized hacks of several Democratic Party organizations. The implication being that the network serving up the malware could be identified, which could severely embarrass the US should they be linked to actions against allies.

Probably the most shocking aspect of the entire affair is the realization that the NSA “good guys” are happy to uncover vulnerabilities but not inform the equipment manufacturer. Just like any black hat hackers, they utilize the information to develop exploits. The most infamous exploit attributed to that group.

The target equipment is major league serious network components used in government networks, large corporations and their like – routers and firewalls manufactured by major American and Chinese vendors such as, Cisco, Juniper Networks, and Fortinet. Seemingly the material consisted of exploits (tools), command-and-control server configurations and installation scripts. Substantially different from the more commonplace malware site drive-by infection that dumps criminalware on the computers of unsuspecting visitors. Some sources believe that the exploits, numbering about ten apparently, were supplied to the NSA by a cyber espionage organization called the Equation Group, who were also linked to the computer worm, Stuxnet.

It is not only the NSA that suffered a significant credibility setback. One can only imagine the reactions of the top brass of the equipment manufacturers that were impacted. In the highly competitive world of international equipment, the perception of buying a totally secure network is paramount. Suddenly, the Cisco salesman or OEM may be asked if the equipment can be guaranteed to be completely secure, or does the US Government effectively own the keys to a back door?

Spotify Free Users Beware: Infected Ads Serve Malware, May Hold Your Computer Hostage

Why is a well-known exploit kit that hit the headlines back in 2010 still just as deadly as we head into 2017? Spotify users were the latest victims of the Blackhole Exploit Kit. The ads that help pay for the free version of Spotify are delivered by third party ad servers. So are the majority of online ads these days. One of the ads took users to a malware infection website where the exploit kit was activated to contaminate users’ Windows computers.

Exploit kits are software toolkits designed to be installed on web servers. They utilize scripts to detect vulnerabilities in software installed on the computer that visitors use to navigate to a site that is served up by the malignant web server. Users do not even have to click on the infected ad – it is enough for the ad’s code to be downloaded to the user’s browser. Typically, exploit kits are classified as criminalware and are mostly targeted at Windows users and platforms. The objective is to potentially download a whole range of malware agents from key loggers to online banking Trojans. The best defense against this type of attack is simply to keep your anti-malware software up to date.

Assuming that the bulk of tech-savvy online users do just that, there is a very obvious reason why the criminals behind the Spotify attack invested time and money (presumably) in setting up the malignant ad. There is a substantially large number of users who don’t understand the nature of the hostile online world and are blissfully unaware of the critical need for security software on their devices. That is why what should be a relatively obscure exploit kit from seven years ago is still worth persisting with today.

So how exactly do these exploit kits work?

First of all, it’s important to realize that the majority of malware sites are regular sites that have been hacked and infected. That makes it impossible for you or anybody to know they are on a “bad” site without the aid of a security tool to launch an instant alert. Exploit kits very quickly test a user’s complete environment. That includes OS, browser, installed applications, security settings and systems. It takes less than a second for the complete operation of discovering a vulnerability and downloading the payload of malware. This article explains the infection process very well.

There are many exploit kits available to purchase. Perhaps the most worrying category is the Zero Day kits. Whilst browser and application vendors are constantly watching for and testing for potential vulnerabilities, there is an inevitable delay between warning users about the risk and having those users apply the required patch. Zero Day exploits become available immediately, hence the zero tag in the name. They can be deployed by hackers long before a segment of the user community gets around to patching the vulnerability.

If you want to delve deeper into the technology and ever-evolving incarnations of exploit kits, visit malware-traffic-analysis where Brad maintains a blog that records new discoveries on an almost daily basis. The blog at commercial protection vendor MalwareBytes provides a less techie and more high level discussion of current exploits, trends and observations.

Hackers Take Control In 2014

If we didn’t know if before, we definitely did by the end of 2014: hacking and cybercrime are on the rise, and all of us are at risk.

From the nude photos of Jennifer Lawrence, to Sony’s private staff emails, to stolen credit card details, 2014 was filled with some of the biggest and most worrying hacking events we have ever seen.

To find out more click here for International Business Times.

What Can A Hacker Learn In 20 Minutes?

Public wifi is not safe and neither is it secure. As an experiment, one journalist took a hacker to a café to see just what damage he could do by hacking into the public wifi.

Within 20 minutes the hacker knew the names, passwords and personal lives of almost everyone around them. He knew everything from people’s sexual orientation to their Google searches.

To find out more click here for full article by Maurits Martijnt

Most Used iCloud Passwords

After the iCloud hacking scandal, Apple introduced a two-step login process designed to stop brute force attacks (attacks where hackers try to guess your password). However, as expected, hackers soon found a new tool to overcome this problem.

The chances of hackers being able to hack your iCloud account by brute force are significantly higher if you have one of the passwords.

To find out more click here for full story at Gizmodo.

Sony’s Hacked Emails Expose Internal Drama

The Sony servers were hacked at the end of 2014, exposing employees’ private work emails and personal information, gender pay gap problems, and some of the juiciest and most damaging Hollywood gossip ever revealed to the public.

It has been speculated that North Korea was responsible for the hacking, possibly in response to the upcoming movie,The Interview, starring Seth Rogan and James Franco. The fictional plot is about a fictional CIA mission to assassinate North Korea’s leader, Kim Jong Un. However, there are a number of experts who do not believe that the hacking was North Korea’s doing.

To find out more click here for Washington Post.

The Security Question Is The Achilles’ Heel Of Every Password

When we set up two-step verification for our online accounts, we think that we are secure. By protecting ourselves with both a password and a security question (or even a whole series of security questions), we think that we are safe.

Security questions often relate to information such as mother’s maiden name, date of birth, childhood nickname, favourite school teacher, etc.

The problem is, much of this information can be found through both our own and our friend’s social media accounts. We often list our date of birth and high school on Facebook, and our friends may well refer to our nickname when posting on our comments and photos. If you have a personal website, blog or vlogging account, the chances of people finding out that information are even higher.

To find out more click here for Washington Post