Things are not as they appear in cyberspace

Remember the 'accidental hero' that stopped one of the largest cyberattacks in history?
Today he got arrested for unrelated cybercrimes.

A British computer expert who helped shut down the WannaCry cyber attack that crippled the NHS has been arrested in the US for his alleged role in an unrelated malware attack.
....
"Marcus Hutchins ... was arrested in the United States on August 2, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan," DOJ spokesperson Wyn Hornbuckle said in a statement to The Independent.

Meanwhile, someone actually claimed the $140,000 in ransom payments from the WannaCry attack. No one was arrested.

Speaking of cybercrimes, let's talk about Russian hackers.

The hackers behind the dump of Democratic Party emails in the midst of last year’s presidential race left apparent evidence of their identity — a breadcrumb trail winding from the stolen files back to the Russian government, according to assessments from the U.S. intelligence community. Some of this evidence was there from the beginning, embedded inside the first documents to hit the web, raising a niggling question: Why would diabolically skilled Russian operatives operate so sloppily?
This question has persisted, and last week the White House seized upon it, promulgating the idea that if the Russian government were really behind the attacks, its online agents wouldn’t have left any fingerprints. Russia quickly repeated this claim through its UK embassy.
But a 2011 presentation to the NSA and its foreign partners by Canada’s signals intelligence agency, the Communications Security Establishment, undermines the notion of a foreign hacker so skilled that a victim would never know their identity. The document calls Russian hackers “morons” for routinely compromising the security of a “really well designed” system intended to cover their tracks; for example, the hackers logged into their personal social and email accounts through the same anonymizing system used to attack their targets, comparable to getting an anonymous burner phone for illicit use and then placing calls to your girlfriend, parents, and roommate.

Maybe, just maybe, not all Russian hackers work in the Kremlin?
The article criticizes Trump for his belief that those nasty Russian hackers were brilliant, but fails to mention how the Dems are also stirring up fear of clever Russian hackers.

The problem here is that cybercrime is a HUUGGEEE problem that is being dumbed down so much that the spin totally distracts from the reality of the situation.
It's like trying to have a conversation about the MIC, but only by using metaphors about the Coyote/Roadrunner experiences with Acme's exploding products.

Here's a dose of reality.

“We believe that data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true—even inevitable—then cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world."

That prophetic commentary was shared in a Forbes post, when some vendor and media forecasts put the cybercrime figure as high as $500 billion annually. Last year, the Microsoft Secure Blog reported that The World Economic Forum estimated the economic cost of cybercrime to be $3 trillion worldwide. That was a six-fold jump in cybercrime damage estimates in just one year.
Cybercrime damage costs are now predicted to reach $6 trillion annually by 2021, according to the latest research conducted by Cybersecurity Ventures

Identify theft alone is growing by 80 per cent a year. Which means it's totally and completely out of control.
50% of small and midsized organisations reported suffering at least one cyber-attack in the last 12 months.

Now you might think that these facts will stir up some sort of response in the media and Washington.
Nope. All we get is Russian hackers employed by the Kremlin hacking our sacred democracy.
When this finally blows up in all of our faces (and it will), the public and the press will be left wondering what happened, and how did Putin do it.

Share
up
0 users have voted.

Comments

zett's picture

So, is this how it goes now?

Let me see if I've got it right. Either brilliant or moronic, but def EVIL RUSSIAN HACKERS!!1! got the DNC emails, gave them to Seth Rich, who then put at least some of them in a "secure" drop box but then Wikileaks got the password to the drop box, extracted the emails and published them.

Do I have it right?

It would be nice if good guy hackers could use Kronos to drain the bank accounts of oligarchs the world over then transfer the funds to poor people the world over. I know, that's just a nice fantasy...

up
0 users have voted.

@zett It would be so much fun. We could make them pee in a cup for food.

up
0 users have voted.

"Religion is what keeps the poor from murdering the rich."--Napoleon

zett's picture

@dkmich I love how you think!

up
0 users have voted.
Steven D's picture

and the Bernie screwed the Dems narrative, and the we can't have single payer because - reasons you wouldn't understand narrative.

It's why I've been turned off on writing anything lately. Our economy is in a crisis and at some point will collapse like 2008 (quite likely much worse), our world is headed for a climate catastrophe, WWIII is a real possibility and no one in the news talks about it, politicians don't talk about it, it's as if anything significant fell into a black hole never to be heard from again.

up
0 users have voted.

"You can't just leave those who created the problem in charge of the solution."---Tyree Scott

zett's picture

@Steven D Not watching TV helps a little - but I'm also tired of being fed bullshit and fluff while all around us shit's going to hell in a hand basket.

I don't know whether we'll die quick from nukes or slow from climate change. I feel powerless and like I'm surrounded by people out of their god damned minds.

up
0 users have voted.

@zett

I feel like I'm surrounded by crazy idiots, and I want to round them up and dump them in Texas.

up
0 users have voted.

"Religion is what keeps the poor from murdering the rich."--Napoleon

@dkmich We have tons of idiots, but Texas is really big. Plenty of room for more, and they would fit right in.

up
0 users have voted.

"We'll know our disinformation program is complete when everything the American public believes is false." ---- William Casey, CIA Director, 1981

detroitmechworks's picture

then maybe I shouldn't keep all my government records in an easily deletable electronic form, and instead send memos like they used to?

Maybe I should insist on Hand Counted Ballots.

Maybe I should not keep all my money in an electronic form and instead insist on hard currency or documents?

Maybe they're just full of shit.

up
0 users have voted.

I do not pretend I know what I do not know.

earthling1's picture

@detroitmechworks
If anything, it will really throw a wrench in the works. Everyone's works, hackers, the IRS, the big banks and their credit cards, the data miners, and all the alphabet government agencies tracking you.
If only we could get all Americans to switch to a cash existence.
Why, we could make America great again!

up
0 users have voted.

Neither Russia nor China is our enemy.
Neither Iran nor Venezuela are threatening America.
Cuba is a dead horse, stop beating it.

@earthling1

And that would be one of the reasons they want to take cash money out of our hands...

up
0 users have voted.

Psychopathy is not a political position, whether labeled 'conservatism', 'centrism' or 'left'.

A tin labeled 'coffee' may be a can of worms or pathology identified by a lack of empathy/willingness to harm others to achieve personal desires.

Cant Stop the Macedonian Signal's picture

that, assuming the Russian government is the one behind the purported hackers, no, they wouldn't leave a trail of breadcrumbs back to the Russian government that's as wide as the interstate.

Felix Edmundovich? FFS. Do NSA hackers call themselves "J Edgar Hoover?"

Which leads to the following question about cybercrime (of the hacking variety, not the bullying variety):

What about the cybercrimes committed by agencies like the NSA and their private-sector colleagues?

This isn't just me venting my spleen at the security sector, which you all know by now I don't like and don't trust.

It's a question that not only has importance because of the cybercrimes such agencies commit, but because, if we're to believe various whistleblowers, software has "holes" or "back doors" built into it which compromise its security in relation to everyone with a certain level of digital skill, and those back doors are being put in for the convenience of such agencies and related private-sector corporations.

up
0 users have voted.

"More for Gore or the son of a drug lord--None of the above, fuck it, cut the cord."
--Zack de la Rocha

"I tell you I'll have nothing to do with the place...The roof of that hall is made of bones."
-- Fiver

https://www.cnet.com/news/microsoft-slams-spy-agencies-for-stockpiling-v...

Microsoft slams spy agencies for 'stockpiling' vulnerabilities

The tech giant's chief counsel calls the WannaCry attack a "wake-up call" for greater communication on vulnerabilities.

by Steven Musil
May 14, 2017

... Brad Smith, Microsoft's chief counsel, said Sunday in a company blog post that by keeping software vulnerabilities secret from vendors, governments open up users to attacks like Friday's WannaCry -- or WannaCrypt/WanaCrypt -- hack in which malware locked down computers worldwide while demanding hefty sums for freedom. ...

... We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."

This isn't the first time US spy agencies have been accused of knowing about vulnerabilities and keeping them secret. The NSA reportedly knew of the Heartbleed bug for at least two years in order to exploit it for intelligence gathering before the security vulnerability was revealed in 2014.

The WannaCry attack has hit thousands of computers across around the world, but hospitals in the UK have attracted the most attention because lives are at risk when hospital systems get locked down. As of Sunday morning, more than 100,000 organizations in at least 150 countries had been affected, according to Europol, the European Union's police agency. ...

...Attacks of this kind have spiked in the last year, jumping from 340,665 in 2015 to 463,841 in 2016, according to online security company Symantec. The health care industry has become a major target, with ransomware making up more than 70 percent of malware attacks against hospitals, pharmacies and insurance agencies.

Please note, in the manner of the Clintons and others with no regard for law, rules or national security, it's stated below that:

... the documents were “circulated among former US government hackers and contractors in an unauthorised manner...

Did this also include donors?

Oddly, the modification notice listed below only appeared when I went back to get the title and writer/date info I'd missed copying (edit: and after I'd blued-out the date area then showing, to copy-paste that.) And I'd first tried searching for the article using the copy-pasted stunted portion of the URL showing in the Preview section which, instead of listing anything close to this on a page of options, said it 'couldn't connect to the page'? So I'm guessing that Google's alteration of search results to make 'fake news' harder to find affects other search engines which, I believe I've read, use the Google system as a base? (Please correct me if I'm mistaken?)

https://www.theguardian.com/technology/2017/mar/08/wikileaks-vault-7-cia...

'Am I at risk of being hacked?' What you need to know about the 'Vault 7' documents

Should you be worried about agency snooping? Is this WikiLeaks release just the tip of the iceberg? And is someone at the CIA watching too much Doctor Who?

Julian Assange’s WikiLeaks described ‘Vault 7’ as ‘the largest ever publication of confidential documents on the CIA’.
Julian Assange’s WikiLeaks described ‘Vault 7’ as ‘the largest ever publication of confidential documents on the CIA’.

Alex Hern and agencies

Julian Assange’s WikiLeaks described ‘Vault 7’ as ‘the largest ever publication of confidential documents on the CIA’.
Julian Assange’s WikiLeaks described ‘Vault 7’ as ‘the largest ever publication of confidential documents on the CIA’. Photograph: Kirsty Wigglesworth/AP

Alex Hern and agencies
@alexhern

Wednesday 8 March 2017 13.08 GMT Last modified on Friday 14 July 2017 18.31 BST

... Who’s behind the leak?

WikiLeaks said the material came from “an isolated, high-security network” inside the CIA’s Center for Cyber Intelligence, the spy agency’s internal arm that conducts cyber offence and defence. It said the documents were “circulated among former US government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive”. It did not make it clear who was behind the leak, leaving several possibilities: espionage, a rogue employee, a theft involving a federal contractor or a break-in of a staging server where such information may have been temporarily stored. ...

... How has the CIA and US government responded to the release?

A spokesman for the CIA said the agency would not comment “on the authenticity or content of purported intelligence documents”. Trump administration spokesman Sean Spicer declined comment as well. ...

And what was already known well before this?

https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-...

The NSA files
Glenn Greenwald on security and liberty

Revealed: how US and UK spy agencies defeat internet privacy and security
• NSA and GCHQ unlock encryption used to protect emails, banking and medical records
• $250m-a-year US program works covertly with tech companies to insert weaknesses into products
• Security experts say programs 'undermine the fabric of the internet'

Computer screen data
Through covert partnerships with tech companies, the spy agencies have inserted secret vulnerabilities into encryption software.

James Ball, Julian Borger and Glenn Greenwald

Friday 6 September 2013

...The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.

The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – "the use of ubiquitous encryption across the internet".

Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with "brute force", and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.

Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.

The files, from both the NSA and GCHQ, were obtained by the Guardian, and the details are being published today in partnership with the New York Times and ProPublica. They reveal:

• A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made "vast amounts" of data collected through internet cable taps newly "exploitable".

• The NSA spends $250m a year on a program which, among other goals, works with technology companies to "covertly influence" their product designs.

• The secrecy of their capabilities against encryption is closely guarded, with analysts warned: "Do not ask about or speculate on sources or methods."

• The NSA describes strong decryption programs as the "price of admission for the US to maintain unrestricted access to and use of cyberspace".

• A GCHQ team has been working to develop ways into encrypted traffic on the "big four" service providers, named as Hotmail, Google, Yahoo and Facebook. ...

... But security experts accused them of attacking the internet itself and the privacy of all users. "Cryptography forms the basis for trust online," said Bruce Schneier, an encryption specialist and fellow at Harvard's Berkman Center for Internet and Society. "By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet." Classified briefings between the agencies celebrate their success at "defeating network security and privacy".

"For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption technologies," stated a 2010 GCHQ document. "Vast amounts of encrypted internet data which have up till now been discarded are now exploitable." ...

Evidently exploitable by anyone with the know-how and desire to tap such vulnerabilities in virtually everyone's computers.

The spy agencies are obviously destroying national security in an even more damaging manner than are the greed-maddened megalomaniacs infiltrating the US government.

up
0 users have voted.

Psychopathy is not a political position, whether labeled 'conservatism', 'centrism' or 'left'.

A tin labeled 'coffee' may be a can of worms or pathology identified by a lack of empathy/willingness to harm others to achieve personal desires.