Posts Tagged ‘hacking tools’

Deadly attacks feared as hackers target industrial sites

May 31, 2018
Deadly attacks feared as hackers target industrial sites
© Getty

The hacking threat to critical infrastructure in the United States and beyond is growing larger, with nation states and other malicious actors looking to gain a foothold in sensitive technologies to conduct espionage and potentially stage disruptive or destructive attacks.

Dragos, a firm that specializes in industrial cybersecurity, has released new research asserting that a hacker group responsible for deploying highly sophisticated, destructive malware to an industrial plant in the Middle East last year has begun to expand its operations beyond its initial targets.

“This is no longer about data theft or business disruption. Someone can get hurt. It’s about physical consequences,” said Dan Scali, senior manager for FireEye’s industrial control system security consulting practice.

Last week, researchers at Dragos released new details about a threat group they call “Xenotime.” They said the group has developed hacking tools to compromise and disrupt industrial safety instrumented systems — hardware and software controls that are used to ensure the safe operations of large-scale nuclear, chemical and other industrial plants and allow for emergency stops to take place.

The group, whose origins are not publicly known, deployed malware to an industrial plant in the Middle East last year that specifically targeted Triconex safety systems manufactured by Schneider Electric. The attack caused the plant to shut down.

Now Dragos says that the actors have expanded their operations, making their way into networks of industrial organizations beyond the Middle East. The group has also demonstrated capabilities to potentially disrupt safety systems other than Triconex.

The developments have raised concerns that Xenotime could be moving to carry out destructive attacks, such as triggering chemical explosions.

“It is the most dangerous cyber threat in the world, period,” said Sergio Caltagirone, director of threat intelligence at Dragos.

“Really, there has been no malware in the world so far that has actually put lives at risk, demonstrably,” Caltagirone said. “This adversary is.”

Dragos has provided little technical details about the group’s behavior, and has not divulged the countries now affected by the activity, though CyberScoop reported that U.S. companies were among those breached. Dragos said it has alerted U.S. officials and other foreign governments to the threat.

The Department of Homeland Security, which is responsible for engaging with owners and operators of critical infrastructure to help them guard against cyber sabotage, did not return a request for comment.

Concerns about cyber threats to critical infrastructure from nation states like Russia have been mounting in Washington, particularly in light of twin attacks that knocked out power in Ukraine in 2015 and 2016.

Industrial organizations have stepped up monitoring of their control networks to detect potentially nefarious activity, offering security professionals new insight into malicious actors looking to target critical infrastructure systems around the globe.

“It’s hard to say that we’re seeing specifically a trend because we are working with small numbers,” Scali said.

“But we’ve seen an escalation in attackers capability and also willingness to conduct these types of attacks over time,” Scali added.

Forms of malware specifically designed to target industrial systems — used to power elements of the electric grid, water systems, and other critical services — are rare. The malware associated with Xenotime was only the fifth known malware family targeting these systems since the “Stuxnet” virus was used against Iranian nuclear power plants in 2010.

Both FireEye and Dragos identified the malware in December. While researchers have not publicly identified the breach victim, The New York Times reported it was a petrochemical plant in Saudi Arabia. While the attack inadvertently caused operations at the plant to shut down, experts warn the consequences could have been far worse.

“If you’re attacking the safety instrumented system and trying to make changes to how it operates, you’re trying to hurt or kill someone, damage equipment, cause some other physical consequence or impact on the environment,” Scali said. “There’s a level of audacity around attacking a safety system.”

The activity associated with Xenotime has not been traced to a particular country, though experts suspect the group is linked to a nation state. Private actors don’t have the financial incentive to stage destructive attacks, nor do they possess the significant resources that are needed to hone such capabilities.

Dragos also suspects that the hackers are working with another, unidentified hacking group that first gained access to industrial networks through spearphishing and watering hole attacks and then passed that access to Xenotime.

In most cases, hackers spent between nine months and multiple years inside these networks, conducting intelligence on industrial operations, Caltagirone said.

“Basically, they are learning to become operators themselves inside this environment,” he said.

There have been other signs of nation-state cyber actors conducting reconnaissance on systems powering critical services.

In March, U.S. officials revealed that Russian hackers had staged a multi-year intrusion campaign against companies in the energy sector and other critical services.

In some cases, hackers gained access to energy sector networks and moved laterally in order to gather intelligence on industrial control systems and supervisory control and data acquisition systems — information that could provide a foundation for developing capabilities to stage attacks against targets in the energy sector.

“You need not only to compromise the systems, you also need knowledge of the industrial process,” Scali said. “The more information and reconnaissance that you can do ahead of time … that makes the attacker’s job easer and fills in that missing information that a hacker would need to cause a physical disruption.”

Dragos will release research on Thursday detailing the activities of a threat group the firm calls Covellite, which has breached networks associated with electric companies in Europe, East Asia and North America to gather intelligence on internal industrial operations.

Last September, the group carried out a spearphishing campaign against a small number of U.S. electric companies, though researchers say the hackers have significantly scaled back operations against North American targets.

The hacker group’s techniques have the hallmarks of those used by North Korea’s army of hackers, a force known to U.S. officials as “Hidden Cobra,” though it is unclear exactly how the two are related.

As adversaries continue to evolve in cyberspace, officials are on high alert for attacks that could compromise critical services. Jeanette Manfra, a top Homeland Security cyber official, told The Hill earlier this year that she is keenly focused on working with industry to prevent attacks that could disrupt essential services, from the financial sector to the electric grid.

“I really believe that that is where the risk is,” Manfra said.

Meanwhile, experts anticipate an uptick in cyber activity targeting industrial control systems going forward.

“The ability to affect industrial control systems as part of a potential cyber war and larger kinetic or digital war environment is very high up on the list of many countries,” said Caltagirone. “We expect that, not only is our ability to find them going to get better … but we also know that there is going to be more adversaries entering in this space in the mid- to long-term.”

The Hill
Advertisements

U.S. Spies, Seeking to Retrieve Cyberweapons, Paid Russian Peddling Trump Secrets — Russian operation to create discord inside the American government

February 10, 2018
The headquarters of the National Security Agency in Fort Meade, Md. CreditJim Lo Scalzo/European Pressphoto Agency

BERLIN — After months of secret negotiations, a shadowy Russian bilked American spies out of $100,000 last year, promising to deliver stolen National Security Agency cyberweapons in a deal that he insisted would also include compromising material on President Trump, according to American and European intelligence officials.

The cash, delivered in a suitcase to a Berlin hotel room in September, was intended as the first installment of a $1 million payout, according to American officials, the Russian and communications reviewed by The New York Times. The theft of the secret hacking tools had been devastating to the N.S.A., and the agency was struggling to get a full inventory of what was missing.

Several American intelligence officials said they made clear that they did not want the Trump material from the Russian, who was suspected of having murky ties to Russian intelligence and to Eastern European cybercriminals. He claimed the information would link the president and his associates to Russia. Instead of providing the hacking tools, the Russian produced unverified and possibly fabricated information involving Mr. Trump and others, including bank records, emails and purported Russian intelligence data.

The United States intelligence officials said they cut off the deal because they were wary of being entangled in a Russian operation to create discord inside the American government. They were also fearful of political fallout in Washington if they were seen to be buying scurrilous information on the president.

The Central Intelligence Agency declined to comment on the negotiations with the Russian seller. The N.S.A., which produced the bulk of the hacking tools that the Americans sought to recover, said only that “all N.S.A. employees have a lifetime obligation to protect classified information.”

The negotiations in Europe last year were described by American and European intelligence officials, who spoke on the condition of anonymity to discuss a clandestine operation, and the Russian. The United States officials worked through an intermediary — an American businessman based in Germany — to preserve deniability. There were meetings in provincial German towns where John le Carré set his early spy novels, and data handoffs in five-star Berlin hotels. American intelligence agencies spent months tracking the Russian’s flights to Berlin, his rendezvous with a mistress in Vienna and his trips home to St. Petersburg, the officials said.

The N.S.A. even used its official Twitter account to send coded messages to the Russian nearly a dozen times.

The episode ended this year with American spies chasing the Russian out of Western Europe, warning him not to return if he valued his freedom, the American businessman said. The Trump material was left with the American, who has secured it in Europe.

The Russian claimed to have access to a staggering collection of secrets that included everything from the computer code for the cyberweapons stolen from the N.S.A. and C.I.A. to what he said was a video of Mr. Trump consorting with prostitutes in a Moscow hotel room in 2013, according to American and European officials and the Russian, who agreed to be interviewed in Germany on the condition of anonymity. There remains no evidence that such a video exists.

The Russian was known to American and European officials for his ties to Russian intelligence and cybercriminals — two groups suspected in the theft of the N.S.A. and C.I.A. hacking tools.

But his apparent eagerness to sell the Trump “kompromat” — a Russian term for information used to gain leverage over someone — to American spies raised suspicions among officials that he was part of an operation to feed the information to United States intelligence agencies and pit them against Mr. Trump. Early in the negotiations, for instance, he dropped his asking price from about $10 million to just over $1 million. Then, a few months later, he showed the American businessman a 15-second clip of a video showing a man in a room talking to two women.

No audio could be heard on the video, and there was no way to verify if the man was Mr. Trump, as the Russian claimed. But the choice of venue for showing the clip heightened American suspicions of a Russian operation: The viewing took place at the Russian Embassy in Berlin, the businessman said.

American Intelligence Horror Story

November 13, 2017

Are U.S. spies losing their technological edge?

The National Security Agency campus in Fort Meade, Maryland in 2013.
The National Security Agency campus in Fort Meade, Maryland in 2013. PHOTO: PATRICK SEMANSKY/ASSOCIATED PRESS
.

NSA, sometimes said to stand for Never Say Anything, does not want to talk about this. But it’s a momentous crisis for the largest US intelligence agency. https://nyti.ms/2jlglTa 

The N.S.A.’s headquarters at Fort Meade in Maryland. Cybertools the agency developed have been picked up by hackers from North Korea to Russia and shot back at the United States and its allies.

Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core

A serial leak of the agency’s cyberweapons has damaged morale, slowed intelligence operations and resulted in hacking attacks on businesses and civilians worldwide.

nytimes.com

For years technologists have been warning about the possibility of a sort of digital Pearl Harbor in which a hostile foreign power launches a devastating cyber-attack on the United States. Is it already happening?

A disturbing report in the New York Timesdescribes the damage that has been done—and is still being done—by a mysterious group called the Shawdow Brokers, which managed to steal the hacking tools the U.S. National Security Agency has used to spy on other countries. The Times describes an “earthquake that has shaken the N.S.A. to its core” and adds:

Current and former agency officials say the Shadow Brokers disclosures, which began in August 2016, have been catastrophic for the N.S.A., calling into question its ability to protect potent cyberweapons and its very value to national security. The agency regarded as the world’s leader in breaking into adversaries’ computer networks failed to protect its own.

A reported breach of the NSA has been described as “catastrophic” and even worse than Edward Snowden’s massive data leak. CBS News Senior National Security Contributor @MichaelJMorelljoins @CBSThisMorning to discuss

Among the most disturbing aspects of the case is the fact that, long after the theft of critical data was detected, our government still doesn’t know how it happened. The Times writes:

Fifteen months into a wide-ranging investigation by the agency’s counterintelligence arm, known as Q Group, and the F.B.I., officials still do not know whether the N.S.A. is the victim of a brilliantly executed hack, with Russia as the most likely perpetrator, an insider’s leak, or both. Three employees have been arrested since 2015 for taking classified files, but there is fear that one or more leakers may still be in place. And there is broad agreement that the damage from the Shadow Brokers already far exceeds the harm to American intelligence done by Edward J. Snowden, the former N.S.A. contractor who fled with four laptops of classified material in 2013.

Mr. Snowden’s cascade of disclosures to journalists and his defiant public stance drew far more media coverage than this new breach. But Mr. Snowden released code words, while the Shadow Brokers have released the actual code; if he shared what might be described as battle plans, they have loosed the weapons themselves. Created at huge expense to American taxpayers, those cyberweapons have now been picked up by hackers from North Korea to Russia and shot back at the United States and its allies.

15 mos intensive investigation & FBI still can’t solve catastrophic NSA hack … but surprised people question certainty of conclusions on DNC hack where it never examined server. https://www.nytimes.com/2017/11/12/us/nsa-shadow-brokers.html 

The N.S.A.’s headquarters at Fort Meade in Maryland. Cybertools the agency developed have been picked up by hackers from North Korea to Russia and shot back at the United States and its allies.

Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core

A serial leak of the agency’s cyberweapons has damaged morale, slowed intelligence operations and resulted in hacking attacks on businesses and civilians worldwide.

nytimes.com

This NSA disaster occurred on President Obama’s watch and the Times report suggests that Mr. Obama ignored advice from top officials in his national security team to address the management failure because he prioritized the effort to search for potential 2016 Trump campaign links to Russia:

One N.S.A. official who almost saw his career ended by the Shadow Brokers is at the very top of the organization: Adm. Michael S. Rogers, director of the N.S.A. and commander of its sister military organization, United States Cyber Command. President Barack Obama’s director of national intelligence, James R. Clapper Jr., and defense secretary, Ashton B. Carter, recommended removing Admiral Rogers from his post to create accountability for the breaches.

But Mr. Obama did not act on the advice, in part because Admiral Rogers’s agency was at the center of the investigation into Russia’s interference in the 2016 election.

As for President Trump, the question is why he has not initiated a house-cleaning at the top of the NSA.

For all Americans, the question is whether the technological edge that the United States has enjoyed in defense and intelligence for essentially all of our lifetimes is now in jeopardy.

***

Bottom Stories of the Day

Why would Kim Jong-un insult me by calling me “old,” when I would NEVER call him “short and fat?” Oh well, I try so hard to be his friend – and maybe someday that will happen!

Does This Tweet Make Me Look Apophatic?
“Trump mocks North Korea’s Kim, says he would never call him ‘short and fat’,” Fox News, Nov. 12

Annals of Single-Payer Health Care
“Canadian Patients And Doctors Are Sharing ‘Excruciating’ Wait Times On Twitter,” Huff Post, Nov. 3

So Much for the War on Drugs
“GOP Tax Plan Could Deal Blow to Seniors Paying for Long-Term Care,” ElderLawAnswers,” Nov. 10

Hypothesis and Proof

  • “Without Humans, Artificial Intelligence Is Still Pretty Stupid,” The Wall Street Journal, Nov. 12
  • “How to Survive a Robot Apocalypse: Just Close the Door,” The Wall Street Journal, Nov. 10

***

Follow James Freeman on Twitter.

Subscribe to the Best of the Web email with one click.

To suggest items, please email best@wsj.com.

https://www.wsj.com/articles/american-intelligence-horror-story-1510594127

(Carol Muller helps compile Best of the Web. Thanks to Irene DeBlasio, Myles Pollin, Jordan Bruneau, Rod Pennington and Paul Wood.)

Related:

Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core

November 13, 2017

A serial leak of the agency’s cyberweapons has damaged morale, slowed intelligence operations and resulted in hacking attacks on businesses and civilians worldwide.

Kaspersky antivirus software sometimes copies your files files

November 4, 2017

Image may contain: tree, sky and outdoor

SAN FRANCISCO (Reuters) – Eugene Kaspersky said his company’s widely used antivirus software has copied files that did not threaten the personal computers of customers, a sharp departure from industry practice that could increase suspicions that the Moscow-based firm aids Russian spies.

The acknowledgement, made in an interview last Friday as part of the Reuters Cyber Security Summit, comes days after Kaspersky’s company said its software had copied a file containing U.S. National Security Agency hacking tools from the home computer of an agency worker in 2014.

 Image may contain: sky and outdoor

Kaspersky’s firm has for years faced suspicions that it has links with Russian intelligence and state-sponsored hackers. Kaspersky denies any cooperation with Russian authorities beyond cyber crime enforcement.

In September, the U.S. Department of Homeland Security banned Kaspersky software from use in federal offices, citing the company’s ties with Russian intelligence. The company is the subject of a long-running probe by the U.S. Federal Bureau of Investigation, sources have told Reuters.

Antivirus software is designed to burrow deeply into computer systems and has broad access to their contents, but it normally seeks and destroys only files that contain viruses or are otherwise threatening to a customer’s computers, leaving all other files untouched.

Searching for and copying files that might contain hacking tools or clues about cyber criminals would not be part of normal operations of antivirus software, former Kaspersky employees and cyber security experts said.

In the Reuters interview, conducted at Kaspersky Lab’s offices in Moscow, Eugene Kaspersky said the NSA tools were copied because they were part of a larger file that had been automatically flagged as malicious.

He said the software removed from the agency worker’s computer included a tool researchers dubbed GrayFish, which the company has called the most complex software it has ever seen for corrupting the startup process for Microsoft’s Windows operating system.

Kaspersky said he had ordered the file to be deleted “within days” because it contained U.S. government secrets.

But he defended the broader practice of taking inert files from machines of people that the company believes to be hackers as part of a broader mission to help fight cyber crime.

“From time to time, yes, we have their code directly from their computers, from the developers’ computers,” Kaspersky told Reuters.

‘IMPROPER PRACTICE’

Three former Kaspersky employees and a person close to the FBI probe of the company, who first described the tactic to Reuters this summer, said copying non-infectious files abused the power of antivirus software. The person associated with the FBI said in one case Kaspersky removed a digital photo of a suspected hacker from that person’s machine.

Eugene Kaspersky declined to discuss specific instances beyond the NSA case, saying he did not want to give hackers ideas for avoiding detection.

“Sometimes we are able to catch cyber criminals, that’s why I am not so comfortable to speak about this to media,” he said in the interview. “Many of them are very clever, they can learn from what I am saying.”

Other industry experts called the practice improper. Mikko Hypponen, chief research officer at Finnish security company F-Secure, said that when his firm’s software finds a document that might contain dangerous code, “it will prompt the user or the administrator and ask if it can upload a copy to us.”

Dan Guido, chief executive of cyber security firm Trail of Bits, which has performed audits on security software, said Kaspersky’s practices point to a larger issue with all antivirus software.

“All of them aggregate a huge amount of information about their clients, which can be easily exploited when put in willing hands,” he said.

U.S. news organizations have reported that Kaspersky, or Russian spies hijacking its service, have been searching widely among customers’ computers for secret files, citing anonymous U.S. intelligence officials. Reuters has not verified such reports.

Kaspersky said he hoped to alleviate concerns about his company by opening up his source code for review by third parties in independently run centers, as well as by raising the maximum amount it offers for information about security flaws in its programs to $100,000.

To read the latest Reuters coverage of cyber security, click on www.reuters.com/cyberrisk

Reporting by Joseph Menn in San Francisco; Additional reporting by Jack Stubbs in Moscow, Jim Finkle and Alastair Sharp in Toronto and Dustin Volz in Washington; Editing by Jonathan Weber and Bill Rigby

Mysterious hacking collective called ‘The Shadow Brokers’ stole NSA superweapon and caused global cyber attack that has shut hospitals, hit FedEx and is causing chaos in 99 countries

May 13, 2017

The NHS has been hit by a major cyber attack hitting computers, phones and emergency bleepers in hospitals and GP surgeries - and pop-ups like this one have appeared demanding a ransom
  • Hackers hit dozens of countries on Friday by exploiting a stolen tool used by the US National Security Agency  
  • The cyber attack rapidly spread and infected computers across the globe 
  • Hackers are believed to have exploited the NSA tool, which was stolen and released to the world by a group known as the Shadow Brokers last month
  • British hospitals, the Russian government and German railways were among those affected by the cyber attack 
  • Victims have been reported in 99 countries including Germany, Spain and USA

A global cyber attack using hacking tools widely believed to have been developed by the US National Security Agency and leaked online by a group called the Shadow Brokers has caused chaos around the world.

British hospitals, the Russian government, German railways and big companies like FedEx were among those affected on Friday when they were crippled by the ‘ransomware’ that rapidly spread across the globe and infected tens of thousands of computers in 99 countries.

Security experts say the malicious software behind the onslaught appeared to exploit a vulnerability in Microsoft Windows that was identified by the US National Security Agency for its own intelligence-gathering purposes.

The NSA documents were stolen and then released to the world last month by a mysterious group known as the Shadow Brokers.

The hackers, who have not come forward to claim responsibility, likely made it a ‘worm’, or self spread malware, by exploiting a piece of NSA code known as Eternal Blue, according to several security experts.

The Shadow Brokers released Eternal Blue last month as part of a trove of hacking tools that they said belonged to the US spy agency. It has stoked fears that the spy agency’s powerful cyber weapons had been stolen and repurposed by hackers with nefarious goals.

The malicious software was blocking access to computers and demanding payments of as much as $600 to restore access and scrambling data. It is thought to have impacted at least 75,000 computers, including machines in the Russian government.

Scroll down for video

This map released by cybersecurity experts, shows the impact of the ransomware around the world - with affected countries shown in orange and red. Russia is thought to be the worst affected

This map released by cybersecurity experts, shows the impact of the ransomware around the world – with affected countries shown in orange and red. Russia is thought to be the worst affected

The NHS has been hit by a major cyber attack hitting computers, phones and emergency bleepers in hospitals and GP surgeries - and pop-ups like this one have appeared demanding a ransom

The NHS has been hit by a major cyber attack hitting computers, phones and emergency bleepers in hospitals and GP surgeries – and pop-ups like this one have appeared demanding a ransom

The technological meltdown began earlier on Friday afternoon in Britain when more than 40 NHS organisations including hospitals and GP surgeries were hit by the virus.

But with the virus spreading at a rate of five million emails per hour, tens of thousands of victims have now been reported in 99 countries including the US, Australia, Belgium, France,Germany, Italy and Mexico.

Russia is thought to have been among the worst hit by the ransomware amid reports that 1,000 computers in the country’s Interior Ministry were affected, but sources say no information was leaked.

Ministry spokeswoman Irina Volk told Russian news agencies it had ‘recorded a virus attack on the ministry’s personal computers controlled by a Windows operating system.’

WHO HAS BEEN AFFECTED BY CYBER ATTACK?

The UK’s National Health Service: British hospitals and clinics were forced to send patients away and cancel appointments.

Russia: The country was believed to be among the worst hit when computers in the interior ministry were hit. Megafon – Russia’s second largest phone network – had also been affected.

German railway stations: Photos surfaced on social media appeared to show ticketing computers at train stations having been affected by the cyber attack.

Spanish companies: Telecoms giant Telefonica, power firm Iberdrola and utility provider Gas Natural all suffered from the virus.

FedEx: The shipping company confirmed they were affected and were implementing remediation steps.

Leading international shipper FedEx Corp was among the companies whose Microsoft Corp Windows systems were affected. They said they were ‘implementing remediation steps’.

The German rail system was also experiencing issues due to the ransomware. Photos surfaced on social media appeared to show ticketing computers at train stations having been affected by the cyber attack.

In Spain, the Telefonica mobile phone network, power firm Iberdrola and utility provider Gas Natural all suffered from the virus.

Some big firms in Spain took pre-emptive steps to thwart ransomware attacks following a warning from the National Cryptology Centre of ‘a massive ransomware attack’.

Iberdrola and Gas Natural, along with Vodafone’s unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised.

Security teams at large financial services firms and businesses were reviewing plans for defending against cyber attacks, according to executives with private cyber security firms.

Chris Wysopal, chief technology officer with cyber security firm Veracode, said: ‘Seeing a large telco like Telefonica get hit is going to get everybody worried.

‘Now ransomware is affecting larger companies with more sophisticated security operations.’

A cybersecurity researcher told AFP they appeared to have discovered a ‘kill switch’ that could prevent the spread of the ransomware for now.

The researcher, tweeting as @MalwareTechBlog, said the discovery was accidental, but that registering a domain name used by the malware stops it from spreading.

‘Essentially they relied on a domain not being registered and by registering it, we stopped their malware spreading,’ @MalwareTechBlog told AFP in a private message on Twitter.

The researcher warned however that people ‘need to update their systems ASAP’ to avoid attack: ‘The crisis isn’t over, they can always change the code and try again.’

The German rail system was also experiencing issues due to the ransomware. Photos surfaced on social media showing ticket machines at train stations having been affected

The German rail system was also experiencing issues due to the ransomware. Photos surfaced on social media showing ticket machines at train stations having been affected

Medics have claimed that messages are flashing up on screens saying they must pay cash or terminals are down completely

Medics have claimed that messages are flashing up on screens saying they must pay cash or terminals are down completely

Some hospitals said they were forced to divert emergencies on Friday after a suspected national cyber attack.

Some hospitals said they were forced to divert emergencies on Friday after a suspected national cyber attack.

Several computers at a university in Italy were also randomly targeted in the cyber attack

Several computers at a university in Italy were also randomly targeted in the cyber attack

Computer expert Lauri Love, who is facing extradition to the US over the alleged theft of data from government computers, said the attack is being powered by a ‘top of the range cyber weapon’ used by spies in the US.

‘It appears the cyber attack affected so many computers in the UK in the NHS and in Spain by taking advantage of a very nasty vulnerability in Microsoft Windows, which was dumped by hacking group Shadow Brokers who obtained it from the NSA in America.’

RANSOMWARE: THE CYBER ATTACK THAT CRIPPLED THE WORLD

What is ransomware?

Ransomware is a type of malicious software that criminals use to attack computer systems.

Hackers often demand the victim to pay ransom money to access their files or remove harmful programs.

The aggressive attacks dupe users into clicking on a fake link – whether it’s in an email or on a fake website, causing an infection to corrupt the computer.

In some instances, adverts for pornographic website will repeatedly appear on your screen, while in others, a pop-up will state that a piece of your data will be destroyed if you don’t pay.

In the case of the NHS attack, the ransomware used was called Wanna Decryptor or ‘WannaCry’ Virus.

What is the WannaCry virus?

The WannaCry virus targets Microsoft’s widely used Windows operating system.

The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files.

It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.

When opened the software tells users that their files have been encrypted and gives them a few days to pay up or their files will be deleted.

It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.

How to protect yourself from ransomware

Thankfully, there are ways to avoid ransomware attacks, and Norton Antivirus has compiled a list of prevention methods:

1. Use reputable antivirus software and a firewall

2. Back up your computer often

3. Set up a popup blocker

4. Be cautious about clicking links inside emails or on suspicious websites

5. If you do receive a ransom note, disconnect from the Internet

6. Alert authorities

In December last year it was revealed about 90 per cent of NHS Trusts were still running Windows XP, two and a half years after Microsoft stopped supporting the system.

Citrix, an American software company, sent a Freedom of Information request to 63 NHS Trusts, 42 of which responded. It revealed that 24 Trusts were unsure when they would even upgrade, The Inquirer reported.

Windows XP was released more than 15 years ago and is now particularly vulnerable to viruses. Microsoft stopped providing virus warnings for the ageing Windows XP in 2015.

A number of UK hospitals continue to run the outdated software, including East Sussex, Sheffield’s Children’s hospital and Guy’s and St Thomas’ NHS Trust.

Hours after news of the cyber attacks broke, a Microsoft spokesman revealed that customers who were running the company’s free antivirus software and who had enabled Windows updates were ‘protected’ from the attack.

It raises questions about why NHS computers using the operating system were not shielded from the ransomware.

The spokesman said: ‘Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt.

‘In March, we provided a security update which provides additional protections against this potential attack.

‘Those who are running our free antivirus software and have Windows updates enabled, are protected.

‘We are working with customers to provide additional assistance.’

One message circulated online claims the hackers demand 300 US dollars (£230) in the virtual currency bitcoins to relinquish control of their IT systems.

The pop-up contains a countdown clock with a deadline of next Friday. At least 10 payments of around USD$ 300 have been made to Bitcoin accounts that the hackers have asked to be paid on Friday.

But, although all Bitcoin transactions are public, we cannot see who made the payments so cannot know if they have been made by anyone in the NHS.

‘Non urgent’ appointments and operations were postponed across the UK and some hospitals diverted ambulances to neighbouring ones to ensure patient safety.

Computer systems were switched off or immobilised and key services including the bleeper system for doctors were also believed to be down.

In the minutes after the attack one doctor in the UK tweeted: ‘Massive NHS hack cyber attack today. Hospital in shut down. Thanks for delaying emergency patient care & endangering lives. A******s’.

NHS Digital, which is responsible for the health service’s cyber security, says computer systems are believed to have been hit by a ransomware cyber attack using malware called ‘Wanna Decryptor’.  Three hospitals in America were hit in the same way last year.

Ransomware: How do hackers take your data hostage?

Ransomware: How do hackers take your data hostage?

The National Cyber Security Centre is investigating and is working with Britain’s FBI – the National Crime Agency. 

GP surgeries hit in the attack say their phones went down and patients should avoid calling unless ‘absolutely necessary’ and doctors were back to using pen and paper in some areas.

Explaining the fallout, one doctor said in a message shared on Twitter: ‘So our hospital is down. We got a message saying your computers are now under their control and pay a certain amount of money. And now everything is gone.’

A screenshot obtained by the Health Service Journal (HSJ) purported to show the pop-up that appeared on at least one of the computers affected.

It said: ‘Your important files are encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time.

‘Nobody can recover your files without our decryption service.’

It goes on to demand payment, otherwise the files will be deleted. It gives a deadline of next Friday afternoon, May 19, to pay.

The HSJ said services affected were thought include archiving systems for X-rays, pathology test results, phone and bleep systems, and patient admin systems.

OUR SCREENS WERE ‘WIPED OUT ONE BY ONE’

A shocked worker at Colchester General Hospital described how her office’s computers were ‘wiped out, one by one’.

She said: ‘My computer locked at about 3pm and I couldn’t get anything to work. Then my colleague sat next to me said her computer was down.

‘It swept through the office and everyone was effected and didn’t know what was going on. One by one the computers were wiped out.

‘Nothing was working and switching them off and on did not solve the problems.

The NHS has been hit by a major cyber attack and criminals have taken control of computers and cut off phone lines across England, leaving some departments working with pen and paper

The NHS has been hit by a major cyber attack and criminals have taken control of computers and cut off phone lines across England, leaving some departments working with pen and paper

‘Some of our colleagues from a neighbouring department came in and they’d been told to unplug their internet cables and await further instruction.’

The health worker said the effect of such a hack on modern hospitals would be catastrophic because ‘all the doctors’ notes’ are kept on the computers now.

‘They record their notes to a dictaphone during a consultation but that’s only so the the notes can be typed up and stored on the computer.

‘It’s very worrying that the impact has been so far-reaching in such a short space of time.’

A Colchester Hospital University NHS Foundation Trust spokesman, which runs Colchester General, confirmed patients are being warned to told to avoid A&E where possible.

According to a hospital official statement patients are being warned that all non-urgent activity is being postponed.

Hackers demand ransom money in major NHS cyber attack
East and North Herts NHS Trust issued this warning to patients on their website

East and North Herts NHS Trust issued this warning to patients on their website

Blackpool Victoria Hospital is one of many across the country hit - operations have been cancelled and ambulances diverted 

Blackpool Victoria Hospital is one of many across the country hit – operations have been cancelled and ambulances diverted

Ambulances outside the accident and emergency department (stock image)

Ambulances outside the accident and emergency department (stock image)

Fylde and Wyre NHS Trust and Blackpool Hospitals in Lancashire, East and North Hertfordshire NHS Trust and Derbyshire Community Health Services NHS Trust have admitted having problems.

Fylde and Wyre NHS Trust and Blackpool Hospitals in Lancashire, East and North Hertfordshire NHS Trust and Derbyshire Community Health Services NHS Trust have admitted having problems.

Barts NHS Trust in east London said they are treating it as a ‘major incident’ to ensure they can ‘maintain the safety and welfare of patients’.

A spokesman said: ‘We are experiencing a major IT disruption and there are delays at all of our hospitals.

‘Ambulances are being diverted to neighbouring hospitals. The problem is also affecting the switchboard at Newham hospital but direct line phones are working. All our staff are working hard to minimise the impact and we will post regular updates on the website’.

Fylde and Wyre NHS Trust and Blackpool Hospitals in Lancashire, East and North Hertfordshire NHS Trust and Derbyshire Community Health Services NHS Trust have admitted having problems. Colchester University Hospitals Trust is also a victim as is neighbouring Chelmsford in Essex.

York Teaching Hospital NHS Foundation Trust which runs York and Scarborough hospitals has confirmed its computers have been affected by the widespread attack.

They have urged people to be patient and avoid calling GP surgeries and hospitals unless ‘absolutely necessary’.

NHS Merseyside said: ‘Following a suspected national cyber attack we are taking all precautionary measures possible to protect our local NHS systems and services’.

Read more: http://www.dailymail.co.uk/news/article-4500738/NHS-hack-huge-global-cyber-attack.html#ixzz4gwZ7JYCh
Follow us: @MailOnline on Twitter | DailyMail on Facebook

Related:

Silk Road illegal internetwebsite mastermind faces lengthy jail term for narcotics trafficking, computer hacking and money laundering

May 29, 2015

AFP

.

“This hidden site has been seized” is shown on the screenshot of the illegal internet retail platform “Silk Road 2.0” during a press conference at the Hesse Office of Criminal Investigations in Wiesbaden, Germany, on November 11, 2014

NEW YORK (AFP) – The American convicted of masterminding criminal website Silk Road, which sold $200 million worth of drugs to customers all over the world using digital currencyBitcoin, will be jailed Friday.Ross Ulbricht, a Texan-born Californian, was found guilty in February by a New York jury on seven counts of narcotics trafficking, criminal enterprise, computer hacking and money laundering.

The highly educated 31-year-old, whose devoted parents have followed every twist and turn in the case, faces a minimum sentence of 20 years. But the government is pushing for a much tougher penalty.

His trial was considered a landmark case in the murky world of online crime and government surveillance, and his sentencing by Federal Judge Katherine Forrest will be closely watched.

In March it emerged that two undercover FBI agents extorted and stole hundreds of thousands of dollars in virtual currency Bitcoin during their 2013 investigation against Ulbricht.

Ulbricht last week wrote to Forrest, equating his maximum possible sentence of life imprisonment with the death penalty, and begging to live out his old age in freedom.

– ‘Terrible mistake’ –

“Even now I understand what a terrible mistake I made,” he said.

“Please leave a small light at the end of the tunnel, an excuse to stay healthy, an excuse to dream of better days ahead, and a chance to redeem myself in the free world before I meet my maker.”

Prosecutors say Ulbricht set up a massive narcotics-trafficking enterprise that resulted in at least six drug-related deaths and amassed him millions of dollars in commissions.

“At no point has he acknowledged full responsibility or shown true remorse for his actions,” Manhattan attorney Preet Bharara wrote to Forrest on Tuesday.

Defense lawyer Joshua Dratel argued during the trial that someone else was behind online alias “Dread Pirate Roberts” that operated Silk Road, but the jury took just hours to conclude otherwise.

The government brought overwhelming evidence against Ulbricht, who was arrested red-handed, with a laptop in a San Francisco library by FBI agents in October 2013.

The government said 95 percent of the products on Silk Road were drugs, with the rest fake IDs, hacking tools and hacking services.

It said Ulbricht made buying heroin, cocaine and crystal meth as easy as online shopping from eBay and Amazon.

A second version of Silk Road sprung up just weeks after the FBI shut down the first and arrested Ulbricht. It was also shut down and alleged operator Blake Benthall was charged last November.

Ulbricht told Forrest he had never advocated the abuse of drugs or sought to create a website that would feed people’s addictions.

He spoke about the difficulty of being separated from his family and loved ones, and “the grief it has caused them.”

“I ruined my life and destroyed my future. I squandered the enviable upbringing my family provided me, all of the opportunities I have been given, and the ones I have earned, and my talents,” he said