Wikileaks Vault7 release - Printable Version
+- Roosh V Forum (https://rooshvforum.network)
+-- Forum: Main (https://rooshvforum.network/forum-1.html)
+--- Forum: Everything Else (https://rooshvforum.network/forum-7.html)
+---- Forum: Politics (https://rooshvforum.network/forum-8.html)
+---- Thread: Wikileaks Vault7 release (/thread-61614.html)
+- Roosh V Forum (https://rooshvforum.network)
+-- Forum: Main (https://rooshvforum.network/forum-1.html)
+--- Forum: Everything Else (https://rooshvforum.network/forum-7.html)
+---- Forum: Politics (https://rooshvforum.network/forum-8.html)
+---- Thread: Wikileaks Vault7 release (/thread-61614.html)
Wikileaks Vault7 release - zigZag - 03-25-2017
Quote: (03-25-2017 09:20 AM)Handsome Creepy Eel Wrote:
Does this qualify as a genuine Chinese CPU? https://en.wikipedia.org/wiki/Loongson
Well what qualifies as genuine? It's not a chinese ISA(It uses MIPS Architecture) and the other chinese processor used in supercomputers uses (SPARC). Technically you could take the source code for the UltraSPARC T2 which sun uses (you can find old servers on ebay as well) and build a chip out of it and get it fabbed at a manufacturing facility... But it would probably set you back $50k or so. For people who value privacy above all else i guess we'll have to wait for a RISC-V based board to come out or find open source Verilog code and get it fabbed.
Wikileaks Vault7 release - DamienCasanova - 03-31-2017
Vault 7, release #3
Like we all suspected, the CIA has an entire framework designed to spoof hacking attempts and blame it on other countries
https://wikileaks.org/vault7/?marble9#Ma...0Framework
Quote:[url=https://twitter.com/wikileaks/status/847773877954543616/photo/1?ref_src=twsrc%5Etfw&ref_url=http%3A%2F%2Fwww.zerohedge.com%2Fnews%2F2017-03-31%2Fwikileaks-reveals-marble-proof-cia-disguises-their-hacks-russian-chinese-arabic][/url]
Today, March 31st 2017, WikiLeaks releases Vault 7 "Marble" -- 676 source code files for the CIA's secret anti-forensic Marble Framework. Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.
Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.
Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code. It is "[D]esigned to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop."
The Marble source code also includes a deobfuscator to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015.
The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages.
The Marble Framework is used for obfuscation only and does not contain any vulnerabilties or exploits by itself.
B-B-B-BUT THE RUSSIANS DID IT!!!
Wikileaks Vault7 release - Elster - 03-31-2017
Thanks for the update,Damien!
Was actually going to ask when release #2 was ocming out, turns out number 3 is about!
Wikileaks Vault7 release - TravelerKai - 03-31-2017
That's typical. Most forensic specialists, use other indicators these days (last 4-5 years or so) to determine origin, or rather use a collection of markers. So if 4-5 things indicate Chinese, but 1 American, then you know that you either have Chinese obfuscating or some Western attacker doing it pretending to be Chinese. Long gone are the days where you could look at the source code see a few Russian or Chinese words or characters, then proclaim it's either country.
Back when APT/Spearphishing was discovered, the Chinese attackers wrote the crafted emails with terrible Chinglish. The grammar was so bad at times, many executives picked up on it themselves and called IT without clicking on the hot mess. After 2 years, that all but stopped and they stepped their English skills up so high, people started clicking on shit all the time. That's why security appliances like FireEye blew up in private and govt. sector organizations. FireEye could look at an email for things other than grammar and heuristics. It would watch an email throughout it's delivery and inspect any hotlinks inside by testing the link in a sandbox, etc. Proofpoint and Ironport do this too, as it is standard practice for email hygiene these days.
Word on the street was that the Chinese hackers got university students with majors in English to clean up their attack bait. They also did sneaky things such as steal a small amount of email from someone's mailbox, copy the text and writing style, then send a spoofed email with a hyperlink or a pdf that contained a hyperlink. Those fakes were practically perfect. They resend old financial spreadsheets, with a newer date and the same verbiage your CFO used when he sent you the previous one last quarter.
When fakes are that good, only something like a FireEye will watch to see what happens to your CEO's PC or stop it outright because of where the email came from.
Anyway, sometimes what was used to compile code can give away the true origin, but that is not always available. Malware and virus hashes used to be legit, but that stopped being legit a few years back. It's a never ending game and every country's government does this when making attacks now. It's gotten so bad in a way that if you see obfuscation and lots of it, you might as well just chalk it up to foreign govt. attacker. Plenty of mercenary hackers, in countries that cannot extradite to the target, don't bother hiding or obfuscating attacks and like using huge botnets like large attack ships in the sky, giving zero fucks what you think.
Some Chinese or Russian hackers will attack you without a VPN from home or a university campus with a naked IP address. You will give a Nick Cannon WTF facial expression while looking at your firewall getting assaulted, but think about it. If you called the FBI or the local police, what are they going to do about it? Jack shit.
Wikileaks Vault7 release - Deepdiver - 03-31-2017
Anyone know of any (the best) smb firewalls with WAF and AI to stop this shite?
Wikileaks Vault7 release - TravelerKai - 03-31-2017
Quote: (03-31-2017 11:29 AM)Deepdiver Wrote:
Anyone know of any (the best) smb firewalls with WAF and AI to stop this shite?
That's a big question that cannot yield a simple answer.
The news in question referred to viruses, trojans, malwares have fake fingerprints to look like other countries did it. The attack already got through and in a forensic analysis they found, whatever country. Unless you are doing DPI (Deep Packet Inspection) on all traffic with IDS (Intrusion Detection System) and IPS (Intrusion Prevention System), you are not going to stop shit. Even then, it isn't perfect, especially against APT.
A firewall in a very basic sense blocks ports and protects against Layer 3 threats for the most part. A WAF is Layer 7 only. You can get a firewall that does both, Cisco has solutions, Checkpoint, Palo Alto, and maybe Dell Sonicwall too (i forgot). If you want something with AI that is all these other things, that's probably going to be expensive. I could not give you price ranges on that either.
Maybe there is a firewall architect on the forum that can answer that better with prices. I don't do Firewall design. I usually outsource that someone else.
Zenedge and Cisco talk about their AI/NextGen firewalls as being better than Fireeye or PaloAlto appliances, but honestly, it's just a combo box of both styles. Probably costs around the same, or more, as having it separated out. No buyer at this level is going to find massive differences in purchase costs, maintenance costs, service subscription, etc. If it made more sense to buy a cheaper layer 3 firewall then buy an IPS solution to match up with it, why bother buying an expensive combo box? Like if you were concerned about Russian or Chinese hackers stealing your intellectual property or bids, zipping them up with encryption to send outside your network back to China or Russia. An regular IPS may be enough if you configure it right.
Zenedge's site talks about stopping Zero Day attacks. Pfft. I'd believe that shit if I saw it only. Maybe if the payload used to execute a zero day was used the same way as a known attack, I can see that, but I would be skeptical of any solutions making claims like that.
If anything throughput is what is going to give you issues. The initial setup could cripple your traffic until you figure out what to scan for and what is too much to scan inside your network or even at the perimeter. That is the core differences between just IDS and IPS. IDS is not always intrusive or impactful to your network. IPS can be more so, and is much more expensive.
Wikileaks Vault7 release - zigZag - 03-31-2017
Quote: (03-31-2017 11:29 AM)Deepdiver Wrote:
Anyone know of any (the best) smb firewalls with WAF and AI to stop this shite?
Well i'm not an expert but it really depends on a lot of factors as Travelerkai mentioned.
If you wanna go in balls deep though
https://www.openbsd.org/faq/pf/example1.html openBSD has the reputation has the most secure OS available anywhere. and you can create a gateway box as shown in the link i put up.
However if what is said about INTEL and AMD platform chips is true then all of this is moot because they have a CPU trojan that can read memory and read your communications.
Waiting now for someone to build Xbox 360 Level security for a personal computer....
Wikileaks Vault7 release - TravelerKai - 03-31-2017
Quote: (03-31-2017 01:42 PM)zigZag Wrote:
Quote: (03-31-2017 11:29 AM)Deepdiver Wrote:
Anyone know of any (the best) smb firewalls with WAF and AI to stop this shite?
Well i'm not an expert but it really depends on a lot of factors as Travelerkai mentioned.
If you wanna go in balls deep though
https://www.openbsd.org/faq/pf/example1.html openBSD has the reputation has the most secure OS available anywhere. and you can create a gateway box as shown in the link i put up.
However if what is said about INTEL and AMD platform chips is true then all of this is moot because they have a CPU trojan that can read memory and read your communications.
Waiting now for someone to build Xbox 360 Level security for a personal computer....
Yeah we would need at least your business requirements and budget ranges to really know for sure.
Yeah, no vendor for any firewall sold in the US can protect against the government's snooping. They have backdoors and exploits they can use on you, with or without their warrants. They could decrypt your traffic at the ISP level too with their fancy Utah facility. In lots of ways, you would have to go lower tech to avoid them at this time.
Wikileaks Vault7 release - DamienCasanova - 03-31-2017
Quote: (03-31-2017 01:42 PM)zigZag Wrote:
Quote: (03-31-2017 11:29 AM)Deepdiver Wrote:
Anyone know of any (the best) smb firewalls with WAF and AI to stop this shite?
Well i'm not an expert but it really depends on a lot of factors as Travelerkai mentioned.
If you wanna go in balls deep though
https://www.openbsd.org/faq/pf/example1.html openBSD has the reputation has the most secure OS available anywhere. and you can create a gateway box as shown in the link i put up.
However if what is said about INTEL and AMD platform chips is true then all of this is moot because they have a CPU trojan that can read memory and read your communications.
Waiting now for someone to build Xbox 360 Level security for a personal computer....
Balls Deep is the only way DeepDiver rolls!
![[Image: banana.gif]](https://rooshvforum.network/images/smilies/new/banana.gif)
Wikileaks Vault7 release - DJ-Matt - 03-31-2017
I'm using an old Pentium 4 desktop with gigabit network cards installed as the core router in my office. It's running a piece of software called pfSense. FreeBSD is the underlying OS:
https://www.pfsense.org/about-pfsense/features.html
It's very easy to setup and manage, we have a fairly simple setup with three interfaces, LAN (local network), WAN (internet), and OPT1 (public wireless network). OPT1 is configured to allow access to the internet ONLY, not my internal network, and is heavily throttled so they don't use all my bandwidth. It's "public" wifi in that I share the PSK with folks to use it, never run an open wireless network!
Wikileaks Vault7 release - zigZag - 03-31-2017
Quote: (03-31-2017 01:51 PM)TravelerKai Wrote:
Quote: (03-31-2017 01:42 PM)zigZag Wrote:
Quote: (03-31-2017 11:29 AM)Deepdiver Wrote:
Anyone know of any (the best) smb firewalls with WAF and AI to stop this shite?
Well i'm not an expert but it really depends on a lot of factors as Travelerkai mentioned.
If you wanna go in balls deep though
https://www.openbsd.org/faq/pf/example1.html openBSD has the reputation has the most secure OS available anywhere. and you can create a gateway box as shown in the link i put up.
However if what is said about INTEL and AMD platform chips is true then all of this is moot because they have a CPU trojan that can read memory and read your communications.
Waiting now for someone to build Xbox 360 Level security for a personal computer....
Yeah we would need at least your business requirements and budget ranges to really know for sure.
Yeah, no vendor for any firewall sold in the US can protect against the government's snooping. They have backdoors and exploits they can use on you, with or without their warrants. They could decrypt your traffic at the ISP level too with their fancy Utah facility. In lots of ways, you would have to go lower tech to avoid them at this time.
Theoretically i guess you could build out a secure openbsd system and sshtunnel it to a squidproxy install outside of the country... that way every gateway you go through in USA would be encrypted. if you value privacy to that level (we all should) Then essentially you'd operate
OpenBSD secure desktop/workstation ->connect to your own squidproxy install in a foreign country through an encrypted ssh tunnel. I think (in theory) this would be able to get passed the NSA data collection methods (all your data would be encrypted).. however the endpoint in the foreign country when you make that request then your data wouldnt be encrypted but AFAIK NSA only has taps in North America and the Brits have one for the cable that goes to europe. I could be wrong though....
Wikileaks Vault7 release - Cattle Rustler - 03-31-2017
Quote: (03-31-2017 04:43 PM)DJ-Matt Wrote:
never run an open wireless network!
And the niggas that do....are going to get pineapple'd by Cattle Rustler.
Wikileaks Vault7 release - Rigsby - 04-01-2017
Indeed.
Elvis was a hero to most, but he didn't mean shit to me.
Wikileaks Vault7 release - zigZag - 05-04-2017
I found https://www.whonix.org/ for those looking for ultimate privacy
Wikileaks Vault7 release - DamienCasanova - 05-12-2017
Well that didn't take long....those stolen NSA tools have now been weaponized as ransomware that encrypts a computer and demands BTC to unlock it. Hospitals and universities across the world shut down...
http://www.zerohedge.com/news/2017-05-12...lobal-huge
![[Image: 20170512_hack_0.jpg]](http://www.zerohedge.com/sites/default/files/images/user3303/imageroot/2017/05/10/20170512_hack_0.jpg)
In a shocking revelation, The FT reports that hackers responsible for the wave of cyber attacks that struck organisations across the globe used tools stolen from the US National Security Agency.
A hacking tool known as “eternal blue”, developed by US spies has been weaponised by the hackers to super-charge an existing form of ransomware known as WannaCry, three senior cyber security analysts said. Their reading of events was confirmed by western security officials who are still scrambling to contain the spread of the attack. The NSA’s eternal blue exploit allows the malware to spread through file-sharing protocols set up across organisations, many of which span the globe.
According to Avast, the ransomware has also targeted Russia, Ukraine and Taiwan. The virus is apparently the upgraded version of the ransomware that first appeared in February. Believed to be affecting only Windows operated computers, it changes the affected file extension names to ".WNCRY." It then drops ransom notes to a user in a text file, demanding $300 worth of bitcoins to be paid to unlock the infected files within a certain period of time.
While the victim's wallpaper is being changed, affected users also see a countdown timer to remind them of the limited time they have to pay the ransom. If they fail to pay, their data will be deleted, cybercriminals warn. According to the New York Times, citing security experts, the ransomware exploits a "vulnerability that was discovered and developed by the National Security Agency (NSA)." The hacking tool was leaked by a group calling itself the Shadow Brokers, the report said, adding, that it has been distributing the stolen NSA hacking tools online since last year.
Predictably, Edward Snowden - who has been warning about just such an eventuality - chimed in on Twitter, saying "Whoa: @NSAGov decision to build attack tools targeting US software now threatens the lives of hospital patients."
Wikileaks Vault7 release - DJ-Matt - 05-12-2017
Quote: (05-12-2017 02:54 PM)DamienCasanova Wrote:
Well that didn't take long....those stolen NSA tools have now been weaponized as ransomware that encrypts a computer and demands BTC to unlock it. Hospitals and universities across the world shut down...
http://www.zerohedge.com/news/2017-05-12...lobal-huge
Actually those are nothing new, people here at work have been hit by those before. And you're pretty much fucked if you get infected because those viruses can run under a non-admin account and ruin all your data. Plus some variants even look for network drives.
So far I've yet to see anyone just get randomly infected, you have to DO something like clicking on a link in an email or running and EXE sent to you, which IMO is really stupid. I always inspect weird-looking e-mails like the super-aspie I am and see shit right away.
Also this exploit was patched a little while ago so make sure you're up to date:
http://thehackernews.com/2017/04/window-...patch.html
https://blogs.technet.microsoft.com/msrc...ting-risk/
Wikileaks Vault7 release - budoslavic - 05-12-2017
Quote: (03-24-2017 01:47 AM)Valentine Wrote:
More on the Intel Management Engine backdoor:
And more on IME, AMD and the baseband processor on all mobile phones:
...
![[Image: id88hvysu3ny.png]](https://i.redd.it/id88hvysu3ny.png)
Forgot about this. Had been meaning to post a reply to this a few months ago when I came across a Slashdot post about Intel's announcement where they came out with an EFI rootkits detection tool.
Quote:Quote:
After CIA leak, Intel Security releases detection tool for EFI rootkits
A new module for Intel Security's CHIPSEC framework can find rogue binaries inside the low-level firmware of computers.
Intel Security has released a tool that allows users to check if their computer's low-level system firmware has been modified and contains unauthorized code.
The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple's Macbooks. A rootkit is a malicious program that runs with high privileges -- typically in the kernel -- and hides the existence of other malicious components and activities.
The documents from CIA's Embedded Development Branch (EDB) mention an OS X "implant" called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter.
EFI, also known as UEFI (Unified EFI), is the low-level firmware that runs before the operating system and initializes the various hardware components during the system boot process. It's the replacement for the older and much more basic BIOS in modern computers and resembles a mini operating system. It can have hundreds of "programs" for different functions implemented as executable binaries.
A malicious program hidden inside the EFI can inject malicious code into the OS kernel and can restore any malware that has been removed from the computer. This allows rootkits to survive major system updates and even reinstallations.
In addition to DarkMatter, there is a second project in the CIA EDB documents called QuarkMatter that is also described as a "Mac OS X EFI implant which uses an EFI driver stored on the EFI system partition to provide persistence to an arbitrary kernel implant."
The Advanced Threat Research team at Intel Security has created a new module for its existing CHIPSEC open-source framework to detect rogue EFI binaries. CHIPSEC consists of a set of command-line tools that use low-level interfaces to analyze a system's hardware, firmware, and platform components. It can be run from Windows, Linux, macOS, and even from an EFI shell.
The new CHIPSEC module allows the user to take a clean EFI image from the computer manufacturer, extract its contents and build a whitelist of the binary files inside. It can then compare that list against the system's current EFI or against an EFI image previously extracted from a system.
If the tool finds any binary files that don't match the clean EFI list, it's possible that the firmware has been infected. The rogue files are listed and can then be further analyzed.
"We recommend generating an EFI 'whitelist' after purchasing a system or when sure it hasn’t been infected," the Intel Security researchers said in a blog post. "Then check EFI firmware on your system periodically or whenever concerned, such as when a laptop was left unattended."
EFI firmware updates for various Mac and Macbook versions are available on Apple's support website.
Why should we trust Intel again by using their tool? What prompted them to release the tool immediately after the Vault7 released? They were obviously protecting their own ass when they got caught working secretly with a government agency.
Wikileaks Vault7 release - Foolsgo1d - 05-12-2017
All of a sudden liberals, the MSM and governments now give a shit about the overwhelming power the CIA and NSA has or had even when they despise Trump.
Fucking idiots.
Nothing says you fucked up by not taking heed of warnings or events that took place. Microsoft states they released updates for the holes in their software but the IT guys (liberal dickless idiots most of them) didn't even bother upgrading the systems they manage.
Feelings>>logic.
Wikileaks Vault7 release - DamienCasanova - 05-12-2017
Quote: (05-12-2017 03:22 PM)DJ-Matt Wrote:
Quote: (05-12-2017 02:54 PM)DamienCasanova Wrote:
Well that didn't take long....those stolen NSA tools have now been weaponized as ransomware that encrypts a computer and demands BTC to unlock it. Hospitals and universities across the world shut down...
http://www.zerohedge.com/news/2017-05-12...lobal-huge
Actually those are nothing new, people here at work have been hit by those before. And you're pretty much fucked if you get infected because those viruses can run under a non-admin account and ruin all your data. Plus some variants even look for network drives.
So far I've yet to see anyone just get randomly infected, you have to DO something like clicking on a link in an email or running and EXE sent to you, which IMO is really stupid. I always inspect weird-looking e-mails like the super-aspie I am and see shit right away.
Also this exploit was patched a little while ago so make sure you're up to date:
http://thehackernews.com/2017/04/window-...patch.html
https://blogs.technet.microsoft.com/msrc...ting-risk/
Normally you'd be right, but this isn't your typical ransomware. This one has specific features from the NSA hacking tools that got released last month, and is using these built in backdoor exploits. The cryptography used to lock these computers is beyond anything most techs are capable of dealing with.
Wikileaks Vault7 release - Foolsgo1d - 05-12-2017
Live Reddit hread about it.
https://www.reddit.com/r/worldnews/comme...argescale/
The Eastern world is in the process of waking up so it will be very interesting to see how far this has come. My earlier post was a bit critical so it looks like it is a real, significant problem most experienced people have never dealt with before.
Probably akin to a nuclear device.
Wikileaks Vault7 release - Rigsby - 05-12-2017
Quote: (05-12-2017 02:54 PM)DamienCasanova Wrote:
Well that didn't take long....those stolen NSA tools have now been weaponized as ransomware that encrypts a computer and demands BTC to unlock it. Hospitals and universities across the world shut down...
http://www.zerohedge.com/news/2017-05-12...lobal-huge
In a shocking revelation, The FT reports that hackers responsible for the wave of cyber attacks that struck organisations across the globe used tools stolen from the US National Security Agency.
A hacking tool known as “eternal blue”, developed by US spies has been weaponised by the hackers to super-charge an existing form of ransomware known as WannaCry, three senior cyber security analysts said. Their reading of events was confirmed by western security officials who are still scrambling to contain the spread of the attack. The NSA’s eternal blue exploit allows the malware to spread through file-sharing protocols set up across organisations, many of which span the globe.
According to Avast, the ransomware has also targeted Russia, Ukraine and Taiwan. The virus is apparently the upgraded version of the ransomware that first appeared in February. Believed to be affecting only Windows operated computers, it changes the affected file extension names to ".WNCRY." It then drops ransom notes to a user in a text file, demanding $300 worth of bitcoins to be paid to unlock the infected files within a certain period of time.
While the victim's wallpaper is being changed, affected users also see a countdown timer to remind them of the limited time they have to pay the ransom. If they fail to pay, their data will be deleted, cybercriminals warn. According to the New York Times, citing security experts, the ransomware exploits a "vulnerability that was discovered and developed by the National Security Agency (NSA)." The hacking tool was leaked by a group calling itself the Shadow Brokers, the report said, adding, that it has been distributing the stolen NSA hacking tools online since last year.
Predictably, Edward Snowden - who has been warning about just such an eventuality - chimed in on Twitter, saying "Whoa: @NSAGov decision to build attack tools targeting US software now threatens the lives of hospital patients."
I predicted this six months ago when all that shadow-brokers stuff kicked off. I mentioned it in a paranoid rant to a highly-repped, high-post count member, when we were talking about other stuff, but hacking was on the agenda.
I think I might have even said 'in six months time'. There was no way this shit was not going to make its way to the wild. More to come.
I was reading one of the comments on the register about this and they said it's like a 200 Million GBP ransom for the NHS. They don't have that kind of cash. I guess we find out in the next few days just how good their back up plan is/was.
We also get to find out if patient's details have been stolen, and that is another gold mine. A savvy hacker after infiltrating a system would steal all the sensitive data first, then ransom later. I don't know how savvy these idiots are. It looks like they have bitten off more than they can chew. They have bullets out there now with their names on them. If the encryption is un-crackable, it all comes down to backups.
Some damage will have been done for sure. If the back-up regime was poor (unlikely) then well, we could be looking at a catastrophe. But it won't come to that. Services will be disrupted. Backups and images will by deployed. John J Hacker won't get his bitcoin. And will be hunted. They are going to have to be good to get away with this.
Basically, no one knows what is happening. It's real life.
And there are millions of legacy systems out there still running exploitable OS/software - mainly microsoft stuff like Internet explorer and word and whatnot. Read the register, it gives a good write up, but even they don't know how this will end.
Sometimes I hate to say I told you so. This is one of those times. That could be my folks in hospital having MRI scans cancelled because they still run on windows. A lot of machines have just been shut down as damage control, so the infection can't spread. It looks like it was a Worm. So that makes sense.
And these tools that Shadow-Brokers offered for bitcoin equivalent to half a million bucks, well they just gave them all away for free a few weeks ago didn't they? Coincidence.
These tools are in the wild now. This will only embolden any psychopath to wreak havoc. This is just the beginning.
Many people that know much more than me (Snowden) predicted events like this. I just followed their lead (not really understanding just how deployable these tools were). But it looks like they were right as well.
The fucking NHS getting hacked by GCHQ and people dying. How fucking glorious can you get. Wonder if it will be any of their relatives.
Imagine that. Deploying hacking/cracking software to undermine the very infrastructure of the internet at its core, and your father/mother dying because they couldn't get the operation to get that tumour cut out in time, because of what you did.
tfw: being responsible for your loved one's and family member's deaths.
There is poetry in there. But I don't see much justice.
It's fog of war right now, but things will become clearer in the next few days.
Wikileaks Vault7 release - Rigsby - 05-12-2017
Quote: (05-12-2017 03:22 PM)DJ-Matt Wrote:
Quote: (05-12-2017 02:54 PM)DamienCasanova Wrote:
Well that didn't take long....those stolen NSA tools have now been weaponized as ransomware that encrypts a computer and demands BTC to unlock it. Hospitals and universities across the world shut down...
http://www.zerohedge.com/news/2017-05-12...lobal-huge
Actually those are nothing new, people here at work have been hit by those before. And you're pretty much fucked if you get infected because those viruses can run under a non-admin account and ruin all your data. Plus some variants even look for network drives.
So far I've yet to see anyone just get randomly infected, you have to DO something like clicking on a link in an email or running and EXE sent to you, which IMO is really stupid. I always inspect weird-looking e-mails like the super-aspie I am and see shit right away.
Also this exploit was patched a little while ago so make sure you're up to date:
http://thehackernews.com/2017/04/window-...patch.html
https://blogs.technet.microsoft.com/msrc...ting-risk/
UAC is only a stop-gap. A lot of these systems don't even run that because they are legacy and still using XP. A good virus writer can hop out of UAC and escalate privileges.
Same with sandboxes. Even they can be hopped out of. It's frightening stuff.
It does look as if this was an email attack though, with the propagation vector: popping up in only random parts of the UK - like a very convincing email was sent out and a few people clicked on it. Probably managers and important people. Who knows? I don't have a clue. And the NHS doesn't either. This will be dissected for years to come. I just hope there is not too much carnage and no lives are lost.
There is only one strategy in modern IT, constant, every day backups that can be deployed at the flick of a switch. But then again, ransomware doesn't play by the rules and they lay in wait infecting your backups too.
This day was always going to come. It probably won't be that bad. It won't be dealt with and worse is to come.
Wikileaks Vault7 release - Rigsby - 05-12-2017
Quote: (05-12-2017 06:06 PM)Foolsgo1d Wrote:
All of a sudden liberals, the MSM and governments now give a shit about the overwhelming power the CIA and NSA has or had even when they despise Trump.
Fucking idiots.
Nothing says you fucked up by not taking heed of warnings or events that took place. Microsoft states they released updates for the holes in their software but the IT guys (liberal dickless idiots most of them) didn't even bother upgrading the systems they manage.
Feelings>>logic.
Talking of that, I thought I smelled a canary in the coal mine the last few days with all the PR about Microsoft warning about impending disasters if coders rape users machines too much. Like Microsoft aren't the fucking biggest rapists on the planet. Microsoft: everyone else has to be really careful about hacking people's machines, it might lead to some real disasters! (I can dig the stories out if you can't find them)
It was like watching Mike Tyson lobby for boxers to not hit too hard, lest someone might get hurt. It was bizarre.
Fucking autistic IT bods gonna get hit hard with this one. People screaming at them: PEOPLE ARE DYING HERE DO SOMETHING.
Hopefully people won't die this time. But they will next time or the time after. And Microsoft and the Security Services will be responsible. Russian hackers gonna hack, do you think it was a good idea to back door everything and then give them the tools? Rhetorical question.
Wikileaks Vault7 release - Easy_C - 05-13-2017
And that's why if you're doing ANY kind of extremely sensitive work, you should stay the fuck away from anything made by Microsoft. They ALL have backdoors built in. Your best bet is to use an off-brand CPU with a home-built OS, or at least a reputable Linux build.
Wikileaks Vault7 release - DarkTriad - 05-13-2017
Quote: (05-13-2017 12:54 PM)Easy_C Wrote:
And that's why if you're doing ANY kind of extremely sensitive work, you should stay the fuck away from anything made by Microsoft. They ALL have backdoors built in. Your best bet is to use an off-brand CPU with a home-built OS, or at least a reputable Linux build.
The Russians are back to using type writers. No joke. They assume no matter what the protections, the CIA has circumvented them. And they're usually right.