NSA Exploit Leak is the Gift That Keeps on Giving

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
13,500
The folks from Imperva have found a new cryptomining bug out in the wild that targets database servers and application servers. What's unique about this thing is it's worm-like behavior and creation using NSA exploits that were leaked into the wild. This sucker shouldn't be able to mess with your servers if you have them appropriately patched and if you have your firewall rules set properly. However, expect hackers to continue to leverage the NSA exploits and build better and better malware. Thanks again NSA.

Recently cryptojacking attacks have been spreading like wildfire. At Imperva we have witnessed it firsthand and even concluded that these attacks hold roughly 90% of all remote code execution attacks in web applications.
 
gd government can't even do exploits right.

why do we pay them!?

Is that sarcasm? I dont see how this is their fault. Something they built to exploit our enemies (well within their mission parameters) was effectively stolen and is now being used for nefarious purposes...so remind me again why this is their fault?
 
Because hording exploits is never dangerous.

Wouldn't be surprised if NK is behind this.

I don't have to tell you I told you so NSA.

Lack of foresight will always nail you eventually.
 
Last edited by a moderator:
Is that sarcasm? I dont see how this is their fault. Something they built to exploit our enemies (well within their mission parameters) was effectively stolen and is now being used for nefarious purposes...so remind me again why this is their fault?

If I generate an actual virus and not computer one and it escapes, are you saying it wouldn't be my fault?
 
Last edited by a moderator:
Because hording exploits is never dangerous.

Wouldn't be surprised if no is behind this.

I don't have to tell you I told you so NSA.

Lack of foresight will always nail you eventually.
My understanding this was learned from Wikileaks "Vault 7". The contents are from the CIA including the fact the CIA prior to that lost a laptop with all the tools. They blame the NSA based on the supposition that the NSA is responsible for "Vault 7". I guess we know which agency is more savvy with the press. I guess having done things like give the Washing Post $300 million will do that.
 
If I generate an actual virus and not computer one and it escapes ate you saying it wouldn't be my fault?

Well you didnt include enough information there. So lets entertain your red herring argument. Did you do it legally as part of your job? Is it escaping because you let it out, your negligence, or was it stolen from you? If it was stolen from you its not your fault. The other two ARE you fault.
 
Well you didnt include enough information there. So lets entertain your red herring argument. Did you do it legally as part of your job? Is it escaping because you let it out, your negligence, or was it stolen from you? If it was stolen from you its not your fault. The other two ARE you fault.

If your the NSA and it's stolen from you, that should damn well be negligence.
 
Well you didnt include enough information there. So lets entertain your red herring argument. Did you do it legally as part of your job? Is it escaping because you let it out, your negligence, or was it stolen from you? If it was stolen from you its not your fault. The other two ARE you fault.

Whether I did it legally for my job or not, I have responsibility to make sure it doesn't escape. NSA are morons for letting virus code outside a contained facility. IT IS THEIR FAULT FOR NOT IMPLEMENTING PROPER CONTROLS. Did you see Oppenheimer walk out with uranium or implosion detonators?

Ladies and gentlemen, kju is the example of what's wrong with modern government: No f'n accountability.
 
Whether I did it legally for my job or not, I have responsibility to make sure it doesn't escape. NSA are morons for letting virus code outside a contained facility. IT IS THEIR FAULT FOR NOT IMPLEMENTING PROPER CONTROLS.

Fucking moron.

Perhaps youd care to rephrase that to not include a personal attack that undermines your argument? You could implement all the controls in the world and if you have a traitor that walks out the door nothing short of shooting everyone in the head that walks out the door would stop them. Not withstanding that according to someone above this isnt even an NSA thing. You just knee jerk blamed them because you are too short sighted to see otherwise.
 
My understanding this was learned from Wikileaks "Vault 7". The contents are from the CIA including the fact the CIA prior to that lost a laptop with all the tools. They blame the NSA based on the supposition that the NSA is responsible for "Vault 7". I guess we know which agency is more savvy with the press. I guess having done things like give the Washing Post $300 million will do that.
Really doesn't matter who, just that it was created. And the organization responsible for it's creation is responsible for making sure it doesn't get loose.
 
Perhaps youd care to rephrase that to not include a personal attack that undermines your argument? You could implement all the controls in the world and if you have a traitor that walks out the door nothing short of shooting everyone in the head that walks out the door would stop them. Not withstanding that according to someone above this isnt even an NSA thing. You just knee jerk blamed them because you are too short sighted to see otherwise.

STILL YOUR RESPONSIBILITY. And I already rephrased it. You're right, I shouldn't use that language. But I'm shocked at your answer it was so offensive. And I still think you lack any personal responsibility if that is your view. If you lock it up tight enough, then it wouldn't be possible. If there were proper safe guards, it would be possible. How the hell does a contractor walk out with a f'n laptop with secure data? Even if he put it on an SD card, services on the computer should have alerted management that a sensitive file transfer was in process. It's easy to write these services and make it hard to shut them down.
 
STILL YOUR RESPONSIBILITY. And I already rephrased it. And I still think you lack any personal responsibility. If you lock it up tight enough, then it wouldn't be possible. If there were proper safe guards, it would be possible. How the hell does a contractor walk out with a f'n laptop with secure data? Even if he put it on an SD card, services on the computer should have alerted management that a sensitive file transfer was in process. It's easy to write these services and make it hard to shut them down.

Why dont you tell me how you would do it then since you clearly know better than entire nation states...

I am not saying they are perfect, nobody is, but damn you have this unrealistic idea that its 100% preventable when thats just not the case...
 
Why dont you tell me how you would do it then since you clearly know better than entire nation states...

I am not saying they are perfect, nobody is, but damn you have this unrealistic idea that its 100% preventable when thats just not the case...

Easy, port monitors on the computer written as a system service that shuts down the computer if you try to stop or unload it. It's backed up with two other root kitted port monitors that check to see if you are trying to shut down the service and the other services. Anti viruses apply such measures. The port monitor then looks for common keys and phrases it knows that are associated with each file. If you try to transfer it or put it in an encrypted file, it stops and notifies management.

And if you are a security and can't stop someone from walking out the door with something the size of a laptop, then we might as well surrender now.
 
Tell me how that's a red herring. Your argument "We're the government so we can do what the fuck we want" is a red herring.

This was your original post:

upload_2018-3-9_10-48-33.png
 
Easy, port monitors on the computer written as a system service that shuts down the computer if you try to stop or unload it. It's backed up with two other root kitted port monitors that check to see if you are trying to shut down the service and the other services. Anti viruses apply such measures. The port monitor then looks for common keys and phrases it knows that are associated with each file. If you try to transfer it or put it in an encrypted file, it stops and notifies management.

And if you are a security and can't stop someone from walking out the door with something the size of a laptop, then we might as well surrender now.

Easy to bypass. Bring a tiny camera in and take pictures of the source code. There is always a way.
 
Easy to bypass. Bring a tiny camera in and take pictures of the source code. There is always a way.

There's ways to stop that as well. Half shifting polarizers. Basically you have to wear glasses to see the screen. Also been available for years.

Code can also be tagged in the system environment with a unique id that watermarks it so you know which machine was compromised.

Next?
 
There's ways to stop that as well. Half shifting polarizes. Basically you have to wear glasses to see the screen. Also been available for years.

Next?

Camera with half shifting polarizer on it. Or camera held up to glasses. or printing the file out and walking out with it (*cough* reality winner *cough*) How far you want to go down this rabbit hole? Every measure you come up with a determined actor can find a way around.

I am all for having tight security but you just cant mitigate everything. If they could I am sure they would. But these things cost time and money...would you have them raise your taxes 5% to pay for all that extra security?
 
Easy to bypass. Bring a tiny camera in and take pictures of the source code. There is always a way.

And quite frankly they should only be releasing source to the current ticket or task they are working on. There should be a limited access system in place so they can't get access to the whole enchilada. I sure and hell don't get access to everything, and I'm one of their best programmers on a non-classified system. It's easy to wipe code when the ticket is declared "closed"

Basic
Simple
Easy

And I figured them out in 10 seconds.
 
And quite frankly they should only be releasing source to the current ticket or task they are working on. There should be a limited access system in place so they can't get access to the whole enchilada. I sure and hell don't get access to everything, and I'm one of their best programmers on a non-classified system. It's easy to wipe code when the ticket is declared "closed"

And if youre so good you mean to tell me that you couldnt find away around just about any security control in place? I dont buy it.
 
Camera with half shifting polarizer on it. Or camera held up to glasses. or printing the file out and walking out with it (*cough* reality winner *cough*) How far you want to go down this rabbit hole? Every measure you come up with a determined actor can find a way around.

I am all for having tight security but you just cant mitigate everything. If they could I am sure they would. But these things cost time and money...would you have them raise your taxes 5% to pay for all that extra security?

Printing of files is also forbidden for obvious reasons. Very few programmers print code any more with the advent of multiple monitors and improved comparison software.

And holding your glasses up to a camera would be obvious. But if you wanted to get really fancy, you could prevent that from happening on the computer side as well.
 
And if youre so good you mean to tell me that you couldnt find away around just about any security control in place? I dont buy it.

Sure if security controls are lax, I could install a virus on a workstation that does have access. But we are told to lock our workstations when we walk away, and they auto lock with 1 minute inactivity.
 
Printing of files is also forbidden for obvious reasons.
And holding your glasses up to a camera would be obvious. But if you wanted to get really fancy, you could prevent that from happening on the computer side as well.

So everyone needs to be chained to their desk. With someone watching them even when they pee. With copy and paste disabled and no way to eat. Got it.

EDIT: I call BS on the computer locking in one minute. You would have it locking ALL freaking day on you when you sit at your desk even if you stop to take a drink of coffee. Try more like 5.
 
So everyone needs to be chained to their desk. With someone watching them even when they pee. With copy and paste disabled and no way to eat. Got it.

You work with a nuclear bomb, sometimes that's your only option. I can't even put an unauthorized device with an unknown MAC on the network like a switch.
 
So everyone needs to be chained to their desk. With someone watching them even when they pee. With copy and paste disabled and no way to eat. Got it.

EDIT: I call BS on the computer locking in one minute. You would have it locking ALL freaking day on you when you sit at your desk even if you stop to take a drink of coffee. Try more like 5.

Guess what, we do. We even have posters up of no-nos. Like leaving sensitive sales material laying on your desk. No open screens, physically (kingston) unlocked computers, etc etc. We even have encryption on our drives if someone tries to steal them straight from the computer.
 
You work with a nuclear bomb, sometimes that's your only option. I can't even put an unauthorized device with an unknown MAC on the network like a switch.

Bullshit. If you worked with nuclear bombs it wouldnt be unclassified.
 
Bullshit. If you worked with nuclear bombs it wouldnt be unclassified.

It was a simile for the weapons work the government does. But we are very security focused here.
 
It was a simile for the weapons work the government does. But we are very security focused here.

Yeha I dont buy it. Too many inconsistencies. First you say you are "one of the best programmers on their nonclassified systems" then you say you work with nuclear bombs. Then you edit a post to say you dont leave sales material laying around on your desk etc etc.

Have fun pretending youre better than entire nation states. Im done talking to the wall.
 
Yeha I dont buy it. Too many inconsistencies. First you say you are "one of the best programmers on their nonclassified systems" then you say you work with nuclear bombs. Then you edit a post to say you dont leave sales material laying around on your desk etc etc.

Have fun pretending youre better than entire nation states. Im done talking to the wall.

I never claimed I worked with nuclear bombs. I'm saying the government is the one creating these bombs, as such they need personal responsibility and be more careful. These aren't fucking toys.

I'm done with someone who takes no personal responsibility. The very problem with modern government. As it says here at work, "Security is everyone's job"
 
Is that sarcasm? I dont see how this is their fault. Something they built to exploit our enemies (well within their mission parameters) was effectively stolen and is now being used for nefarious purposes...so remind me again why this is their fault?

317.png


just gonna nope right out of that exchange.
 
This sucker shouldn't be able to mess with your servers if you have them appropriately patched and if you have your firewall rules set properly. However, expect hackers to continue to leverage the NSA exploits and build better and better malware. Thanks again NSA.

I just want to know who these morons are running unpatched servers...
 
I just want to know who these morons are running unpatched servers...

It doesn't have to be servers. Old network printers can run SMBv1. Those type of devices never get updates. Everyone thinks "It's a printer, what harm could it do?" Let me rephrase that, "It's a computer with network access that has access to printer hardware" Another case in point: Those very popular network cams from years ago with hard coded root admin passwords. Many of them still don't have updates.
 
It doesn't have to be servers. Old network printers can run SMBv1. Those type of devices never get updates. Everyone thinks "It's a printer, what harm could it do?" Let me rephrase that, "It's a computer with network access that has access to printer hardware" Another case in point: Those very popular network cams from years ago with hard coded root admin passwords. Many of them still don't have updates.


True, but printers usually don't use publicly facing IP addresses, and no one is browsing shady websites on them.

If they are getting infected, someone is already inside your firewall...
 
  • Like
Reactions: kju1
like this
Is that sarcasm? I dont see how this is their fault. Something they built to exploit our enemies (well within their mission parameters) was effectively stolen and is now being used for nefarious purposes...so remind me again why this is their fault?
National Security Agency
 
Back
Top