{"id":17624,"date":"2020-02-04T04:30:09","date_gmt":"2020-02-04T12:30:09","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/02\/04\/news-11359\/"},"modified":"2020-02-04T04:30:09","modified_gmt":"2020-02-04T12:30:09","slug":"news-11359","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/02\/04\/news-11359\/","title":{"rendered":"Come on, NSA, it\u2019s time to join the fight against Windows hacking"},"content":{"rendered":"

<\/p>\n

Credit to Author: Preston Gralla| Date: Tue, 04 Feb 2020 03:00:00 -0800<\/strong><\/p>\n

It\u2019s no secret that hackers the world over target Windows vulnerabilities in order to wreak havoc, hold up data and networks for ransom, pull off money-making scams, and disrupt elections and the workings of democracy. They target Windows for a simple reason: volume. The operating system is on the vast majority of desktop and laptop computers worldwide.<\/p>\n

Over the years, the U.S. National Security Agency (NSA) has unwittingly helped hackers in some of the world\u2019s most dangerous and notoriously successful attacks by developing tools to exploit Windows security holes, rather than alert Microsoft to those vulnerabilities. Some of the tools have been leaked to hackers and used in massive attacks, including the EternalBlue cyber-exploit, which was used in the WannaCry global ransomware attack that affected computers in more than 150 countries and is estimated to have caused billions of dollars in damage.<\/p>\n

The NSA may be changing its ways, but perhaps not completely. In mid-January, the agency alerted Microsoft to a severe Windows security breach rather than develop tools to exploit it. Microsoft patched the hole, and the world \u2014 and your computer and data \u2014 is now safer.<\/p>\n

That\u2019s all to the good. But the NSA hasn\u2019t gone nearly far enough in helping keep Windows safe from hackers. To understand why \u2014 and what the NSA ***should be doing \u2014 let\u2019s start by looking back at EternalBlue and Microsoft\u2019s very public spat with the NSA about its role in the attack.<\/p>\n

In 2017, malicious Windows software developed by the NSA called EternalBlue was leaked by a group called the Shadow Brokers<\/a> and used to launch WannaCry<\/a>, the largest ransomware attack the world has ever seen. The software exploited the 30-year-old Windows networking protocol SMB1<\/a> that even Microsoft acknowledged at the time should no longer be used by anyone, anywhere, at any time.<\/p>\n

The exploit lives on and has been used to launch successful ransomware attacks against the city of Baltimore and other municipalities. The New York Times<\/em> noted in 2019<\/a>: \u201cSecurity experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.\u201d<\/p>\n

When the WannaCry attack was first launched in 2017, Microsoft President Brad Smith wrote a blistering blog post<\/a> about the NSA\u2019s role in it. He noted that when the NSA finds security holes in Windows and other software, rather than alerting the appropriate vendors so they can quickly patch them, it instead stockpiles them and writes software to exploit them. He wrote: \u201cThis attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. \u2026 Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.\u201d<\/p>\n

He added, \u201cThe governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.\u201d<\/p>\n

Finally, he concluded that a Digital Geneva Convention should be convened, \u201cincluding a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.\u201d<\/p>\n

Since then, there\u2019s only been radio silence from the NSA. Presumably, the agency has been continuing to uncover Windows security holes and write malware to exploit it.<\/p>\n

However, in mid-January the NSA changed its approach \u2014 at least for a moment. It uncovered an exceedingly dangerous security hole in Microsoft’s CryptoAPI service, which Windows uses to determine whether software being installed is legitimate, and to establish secure internet connections with web sites.<\/p>\n

Kenn White, security principal at MongoDB and director of the Open Crypto Audit Project, explained to Wired<\/em> magazine<\/a> just how dangerous the hole is: \u201cThis is a core, low-level piece of the Windows operating system and one that establishes trust between administrators, regular users, and other computers on both the local network and the internet. If the technology that ensures that trust is vulnerable, there could be catastrophic consequences.\u201d<\/p>\n

For once, the NSA did the right thing. Instead of hoarding the Windows vulnerability and writing malware to take advantage of it, the agency warned Microsoft about it. Microsoft quickly issued a patch. There\u2019s no evidence that any hackers have been able to take advantage of the hole.<\/p>\n

All that is to the good. But the NSA hasn\u2019t said it will follow Smith\u2019s recommendation to report all Windows and other vulnerabilities, rather than stockpile them and write malware to exploit them. The Times<\/em> reports<\/a>, \u201cIt was not clear how much of a strategic shift the agency\u2019s announcement amounted to. The agency presumably is still hunting for vulnerabilities and flaws that could allow them to infiltrate Iranian computer systems, as well as those used by Russia, China and other adversarial countries.\u201d<\/p>\n

As we\u2019ve seen, though, the NSA\u2019s actions in doing that make the United States and the world a less safe place, not a safer one. Microsoft\u2019s Smith is right. In the same way governments of the world recognized in the Geneva Convention that some weapons and ways of waging war should be outlawed, they need to ban countries from stockpiling cyber-vulnerabilities and writing Windows malware and other software to take advantage of them. What the NSA did in January was a good first step. But it should follow through and never again stockpile Windows and other vulnerabilities, and instead report them to software makers so they can plug them and keep us safe.<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Preston Gralla| Date: Tue, 04 Feb 2020 03:00:00 -0800<\/strong><\/p>\n

\n
\n

It\u2019s no secret that hackers the world over target Windows vulnerabilities in order to wreak havoc, hold up data and networks for ransom, pull off money-making scams, and disrupt elections and the workings of democracy. They target Windows for a simple reason: volume. The operating system is on the vast majority of desktop and laptop computers worldwide.<\/p>\n

Over the years, the U.S. National Security Agency (NSA) has unwittingly helped hackers in some of the world\u2019s most dangerous and notoriously successful attacks by developing tools to exploit Windows security holes, rather than alert Microsoft to those vulnerabilities. Some of the tools have been leaked to hackers and used in massive attacks, including the EternalBlue cyber-exploit, which was used in the WannaCry global ransomware attack that affected computers in more than 150 countries and is estimated to have caused billions of dollars in damage.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714,10525],"class_list":["post-17624","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17624","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17624"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17624\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17624"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17624"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}