Deutsch
English
Sunday afternoon movies can be so wonderfully relaxing. Stations frequently show old spy movies with super villains stealing super secret weapons from government facilities. Armed with laser cannons and other gadgetry, they go on a raid until they're stopped by the hero at the last minute. With the world on the verge of unspeakable catastrophes, we hear the cuffs click and see secret societies of villains get uncovered and eradicated. This blog article tells a similar story except that, in this case, heroes are scarce, villains still out and about and the secret weapon is targeted at your PC.
It's a story that involves many unknown variables and that began with an information leak. A hacker group that goes by the name of "Shadow Brokers" had infiltrated NSA servers and discovered a series of spy tools. Nobody knows who they are and secret services would likely pay a lot of money for this information. First, the brokers tried to monetize their find, asking for the modest sum of 568 million dollars in return for the delicate files. Understandably, there were no buyers so they decided to publish the files along with an appeal to Donald Trump to stand by his election promises. Confusing, isn't it?
While there were no official explanations issued (after all, it's a little embarrassing to lose your weapons to hackers), experts did believe the documents to be genuine. Real action, however, was taken by another unknown group (no James Bond movie is that vague!) who took the files and adapted the software to their own malevolent needs. The NSA had found a vulnerability in Windows that made an excellent and inviting target for criminals. Hackers modified the code and gave birth to "Doublepulsar", a malware that was then to be distributed as quickly as possible. The goal: to slip malware into Windows PCs via remote access.
Doublepulsar is believed to have already infected about 200,000 Windows PCs, mainly in the United States, Hong Kong and the rest of China. From Windows Vista to Windows 10 and even various Windows Server editions - all computers had a serious security hole. The perfidious part is that the malicious software tool disappears at the next restart, only the malware introduced by the tool remains. This way, users may diagnose the damage but the infiltration method remains concealed. Infected machines are identifiable only if contacted in a special way (sending a ping to port 445). Though Microsoft doubts the validity of this approach, they haven't provided an alternative.
The problem chiefly affects Windows machines that don't receive updates on a regular basis. Microsoft have already taken action and published a patch that fixes the vulnerabilities exploited by Doublepulsar. Patch MS17-00 put a stop to the mischief and reduced the number of potential targets to machines that either have Windows Update disabled or rely on local system administrators for (often delayed) updates. If you must find a hero in this story, you may praise Microsoft for their quick reaction - or criticize them for having created the vulnerability in the first place, the choice is yours. I must admit I'd love to see Bill Gates strike a hero pose though, which is why, in this case, I tend to administer praise.
Heroes or not? You decide.
The whole affair raises another question: how can you prevent software from falling into the wrong hands? If for example a secret service agency uses such a piece of software, chances are that it will eventually be discovered either by mere coincidence through a hacker, by a rival agency or by a company that specializes in computer security - some traces will always be left behind. Once discovered, shady characters will leave no stone unturned to misuse the tool to their own dubious ends. Back in the days, you needed years and think tanks to copy or modify weapons, now it only takes hours or days to do the same with malware in front your computer.
What other unpleasant offspring will come from this NSA software remains to be seen. Don't be surprised if you receive sudden Windows Update notifications over the next couple of days - there may be good reason for them. It turns out that regular security updates are crucial to us all - provided that their creators act swiftly and this mishap definitely shows that spy tools are doubly perilous. Not only can they be abused by the authorities but they can also misused by others once they're exposed. The "other side" definitely has the means and motive to exploit any and all security leaks which only leaves us with the hope that the good guys will be smart and save the day - and now we're back to spy movies again.
Given all the trouble this Ransomware caused over the weekend, thanks for the warning. It made me aware before any problems could happen.
I had also hoped more English hospital workers or German railway engineers would be reading this blog.
There's a more accurate saying David Penrose:
"guns don't kill people - people with guns kill people"!
Surely we don't give these hackers the right by giving them the tools to do their work...
And then we come to the Intel ME debacle revealed this week where every X86 CPU after 2006 has a secret ARM based processor below the level accessible by the normal user, but has access to all YOUR files, peripherals etc, accessible only to Intel (and the NSA and the FBI and all the Five Eyes nations and the Russian FSB and . . .)
It seems that desktp users MAY be able to avoid this be installing their own NIC card and using that to connect to the net, rather than the default hardware that comes with your machine.
To assert that the internet is responsible for "stealing, threatening, bullying, stalking, paedophelia and more" is like saying that guns are responsible for murder.
There's an old saying: "guns don't kill people - people kill people".
I would be an idiot to claim that there isn't a lot of nefarious stuff happening on the internet, but the technology is not to blame for this - it's malevolent people who are responsible. And if the internet didn't exist, they'd probably be finding some other cruel, criminal way to flex their evil muscles.
You can of course place some blame on the software/OS engineers who leave loopholes in their systems, but the battle against crime has always been (and will always be) a game of leapfrog. We create locks and criminals find a way to pick them. So we create better locks... and again the bad guys learn their weaknesses. And so it goes on.
All we can really do is take sensible, reasonable precautions. Other than that, we simply have to remember that the number of people who are affected by criminal internet activity is - in the grand scheme of things - still pretty small. So you should just hope that it's the next guy who gets hit and not you!
"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had."
Eric Schmidt
Hi Keith/Sven,
I don't know your locations; but maybe the update methods you describe are available/apply to those within the USA.
There are several instances of such in Microsoft's protocols.
These are also behind many security lapses in their Software/Operating Systems; but their computers were 'open-plan' too, which greatly benefited PC development.
Cheers, Ray
A useful blog.... but:
Checking the URL you gave I see I should have (or be getting) 3210721 (W10/1511). I got a security update on the 13th April (4015219) but don't think this is relevant. ping port 445 gives the response "Could not find host port...".
Can I presume I will be getting the patch - and that (at the moment) I'm not infected?
Keith
Hi Keith,
I can’t explain why none of the updates is mentioned in your installation history. It is possible that it was part of a cumulative update you received and won’t be listed separately. Since your ping was negative it is indeed likely that you’re not infected.
More information: http://searchsecurity.techtarget.com/news/450417509/NSA-spyware-found-infecting-tens-of-thousands-worldwide
Hi Guys,
Intel gathering; plus, counter-Intel; have been going on since time immemorial. Methods have improved, literally out of sight/site, throughout that period; 'malware' is purely an extension of this, current, explosive, expansion of techniques available to: NSA, GCHQ & Russian/Chinese equivalents.
Expenditure, and culture, have a direct bearing on the usage of such, both in offence/defence; with the Western Block popularly considered as 'White Hats', whilst those in the East, 'Black'.
However, recent revelations have shown more than a slight blurring & 'Trumping', of these definitions.
The launch of Sputnik, in October of 1957, marked a watershed in the American efforts/interest in this area, as did 9/11, both, effectively, a Pearl Harbour; releasing a similar response to escalate resources.
The 50s saw the introduction/development of swept frequency radio receivers, e.g. Racal, replacing banks of HROs and later derivatives. Moreover, the swing from analogue to digital, rode on the back of the establishment of the Radar Early Warning System; culminating in the Western Satellite System.
Welcome Siding Springs & Menwith Hill, together with Parkes & Jodrell Bank etc. etc. etc.!!??
This technology, like Nuclear Physics, is a blunt instrument, once out of the box, cannot be returned.
Moreover, it now lies largely within the competency of a solo, dedicated & connected, laptop operator.
Consequently, we 'Plebs', must rely on well funded & intentioned 'White Hats', and follow their lead.
Keep on keeping on, Ray
The same people will be around whatever you do the difference is that they will be hidden from view and work in the wings on the stage of society. So could Joseph Stalin ..or someone like him ...become HiMSELF or would ...he or she... have to present himherself in a different manner? The here and now is the reality of our situation so we make the best of it as we work our way through time we must face reality or it will become untenable ..
Hi Sven, if the Internet was an animal with the same seething sickness inside it would be destroyed.
The days and nights of our lives were satisfactory before the Internet arrived.
The use of the Internet for any and every reason involving the use of it is not needed anywhere in the world. Criminals and our 'enemies', being those who give nothing and take everything, have used it to the extent that it has become a dangerous weapon being used for abuse, stealing, threatening, bullying, stalking, paedophelia and more, as the honest and vulnerable people of the world continue to be subversely 'attacked' by the mentally deranged, sub-human cretins loose on Earth.
Tim Berners-Lee has made similar comments.
10 years ago, I would have vehemently objected but now I mostly agree with you. The Internet has had a lot of benefits, yet the downsides are becoming increasingly apparent and have a profound impact on societies. The latest trends aren’t exactly cause for optimism either.