NSA Exploit Leak is the Gift That Keeps on Giving

DooKey

DooKey

[H]F Junkie
Joined
Apr 25, 2001
Messages
12,706
The folks from Imperva have found a new cryptomining bug out in the wild that targets database servers and application servers. What's unique about this thing is it's worm-like behavior and creation using NSA exploits that were leaked into the wild. This sucker shouldn't be able to mess with your servers if you have them appropriately patched and if you have your firewall rules set properly. However, expect hackers to continue to leverage the NSA exploits and build better and better malware. Thanks again NSA.

Recently cryptojacking attacks have been spreading like wildfire. At Imperva we have witnessed it firsthand and even concluded that these attacks hold roughly 90% of all remote code execution attacks in web applications.
 
Master_shake_ said:
gd government can't even do exploits right.

why do we pay them!?
Click to expand...

Is that sarcasm? I dont see how this is their fault. Something they built to exploit our enemies (well within their mission parameters) was effectively stolen and is now being used for nefarious purposes...so remind me again why this is their fault?
 
Because hording exploits is never dangerous.

Wouldn't be surprised if NK is behind this.

I don't have to tell you I told you so NSA.

Lack of foresight will always nail you eventually.
 
Last edited by a moderator:
kju1 said:
Is that sarcasm? I dont see how this is their fault. Something they built to exploit our enemies (well within their mission parameters) was effectively stolen and is now being used for nefarious purposes...so remind me again why this is their fault?
Click to expand...

If I generate an actual virus and not computer one and it escapes, are you saying it wouldn't be my fault?
 
Last edited by a moderator:
DigitalGriffin said:
Because hording exploits is never dangerous.

Wouldn't be surprised if no is behind this.

I don't have to tell you I told you so NSA.

Lack of foresight will always nail you eventually.
Click to expand...
My understanding this was learned from Wikileaks "Vault 7". The contents are from the CIA including the fact the CIA prior to that lost a laptop with all the tools. They blame the NSA based on the supposition that the NSA is responsible for "Vault 7". I guess we know which agency is more savvy with the press. I guess having done things like give the Washing Post $300 million will do that.
 
DigitalGriffin said:
If I generate an actual virus and not computer one and it escapes ate you saying it wouldn't be my fault?
Click to expand...

Well you didnt include enough information there. So lets entertain your red herring argument. Did you do it legally as part of your job? Is it escaping because you let it out, your negligence, or was it stolen from you? If it was stolen from you its not your fault. The other two ARE you fault.
 
kju1 said:
Well you didnt include enough information there. So lets entertain your red herring argument. Did you do it legally as part of your job? Is it escaping because you let it out, your negligence, or was it stolen from you? If it was stolen from you its not your fault. The other two ARE you fault.
Click to expand...

If your the NSA and it's stolen from you, that should damn well be negligence.
 
kju1 said:
Well you didnt include enough information there. So lets entertain your red herring argument. Did you do it legally as part of your job? Is it escaping because you let it out, your negligence, or was it stolen from you? If it was stolen from you its not your fault. The other two ARE you fault.
Click to expand...

Whether I did it legally for my job or not, I have responsibility to make sure it doesn't escape. NSA are morons for letting virus code outside a contained facility. IT IS THEIR FAULT FOR NOT IMPLEMENTING PROPER CONTROLS. Did you see Oppenheimer walk out with uranium or implosion detonators?

Ladies and gentlemen, kju is the example of what's wrong with modern government: No f'n accountability.
 
DigitalGriffin said:
Whether I did it legally for my job or not, I have responsibility to make sure it doesn't escape. NSA are morons for letting virus code outside a contained facility. IT IS THEIR FAULT FOR NOT IMPLEMENTING PROPER CONTROLS.

Fucking moron.
Click to expand...

Perhaps youd care to rephrase that to not include a personal attack that undermines your argument? You could implement all the controls in the world and if you have a traitor that walks out the door nothing short of shooting everyone in the head that walks out the door would stop them. Not withstanding that according to someone above this isnt even an NSA thing. You just knee jerk blamed them because you are too short sighted to see otherwise.
 
jpm100 said:
My understanding this was learned from Wikileaks "Vault 7". The contents are from the CIA including the fact the CIA prior to that lost a laptop with all the tools. They blame the NSA based on the supposition that the NSA is responsible for "Vault 7". I guess we know which agency is more savvy with the press. I guess having done things like give the Washing Post $300 million will do that.
Click to expand...
Really doesn't matter who, just that it was created. And the organization responsible for it's creation is responsible for making sure it doesn't get loose.
 
kju1 said:
Perhaps youd care to rephrase that to not include a personal attack that undermines your argument? You could implement all the controls in the world and if you have a traitor that walks out the door nothing short of shooting everyone in the head that walks out the door would stop them. Not withstanding that according to someone above this isnt even an NSA thing. You just knee jerk blamed them because you are too short sighted to see otherwise.
Click to expand...

STILL YOUR RESPONSIBILITY. And I already rephrased it. You're right, I shouldn't use that language. But I'm shocked at your answer it was so offensive. And I still think you lack any personal responsibility if that is your view. If you lock it up tight enough, then it wouldn't be possible. If there were proper safe guards, it would be possible. How the hell does a contractor walk out with a f'n laptop with secure data? Even if he put it on an SD card, services on the computer should have alerted management that a sensitive file transfer was in process. It's easy to write these services and make it hard to shut them down.
 
DigitalGriffin said:
STILL YOUR RESPONSIBILITY. And I already rephrased it. And I still think you lack any personal responsibility. If you lock it up tight enough, then it wouldn't be possible. If there were proper safe guards, it would be possible. How the hell does a contractor walk out with a f'n laptop with secure data? Even if he put it on an SD card, services on the computer should have alerted management that a sensitive file transfer was in process. It's easy to write these services and make it hard to shut them down.
Click to expand...

Why dont you tell me how you would do it then since you clearly know better than entire nation states...

I am not saying they are perfect, nobody is, but damn you have this unrealistic idea that its 100% preventable when thats just not the case...
 
kju1 said:
Why dont you tell me how you would do it then since you clearly know better than entire nation states...

I am not saying they are perfect, nobody is, but damn you have this unrealistic idea that its 100% preventable when thats just not the case...
Click to expand...

Easy, port monitors on the computer written as a system service that shuts down the computer if you try to stop or unload it. It's backed up with two other root kitted port monitors that check to see if you are trying to shut down the service and the other services. Anti viruses apply such measures. The port monitor then looks for common keys and phrases it knows that are associated with each file. If you try to transfer it or put it in an encrypted file, it stops and notifies management.

And if you are a security and can't stop someone from walking out the door with something the size of a laptop, then we might as well surrender now.
 
DigitalGriffin said:
Tell me how that's a red herring. Your argument "We're the government so we can do what the fuck we want" is a red herring.
Click to expand...

This was your original post:

upload_2018-3-9_10-48-33.png
 
DigitalGriffin said:
Easy, port monitors on the computer written as a system service that shuts down the computer if you try to stop or unload it. It's backed up with two other root kitted port monitors that check to see if you are trying to shut down the service and the other services. Anti viruses apply such measures. The port monitor then looks for common keys and phrases it knows that are associated with each file. If you try to transfer it or put it in an encrypted file, it stops and notifies management.

And if you are a security and can't stop someone from walking out the door with something the size of a laptop, then we might as well surrender now.
Click to expand...

Easy to bypass. Bring a tiny camera in and take pictures of the source code. There is always a way.
 
kju1 said:
Easy to bypass. Bring a tiny camera in and take pictures of the source code. There is always a way.
Click to expand...

There's ways to stop that as well. Half shifting polarizers. Basically you have to wear glasses to see the screen. Also been available for years.

Code can also be tagged in the system environment with a unique id that watermarks it so you know which machine was compromised.

Next?
 
DigitalGriffin said:
There's ways to stop that as well. Half shifting polarizes. Basically you have to wear glasses to see the screen. Also been available for years.

Next?
Click to expand...

Camera with half shifting polarizer on it. Or camera held up to glasses. or printing the file out and walking out with it (*cough* reality winner *cough*) How far you want to go down this rabbit hole? Every measure you come up with a determined actor can find a way around.

I am all for having tight security but you just cant mitigate everything. If they could I am sure they would. But these things cost time and money...would you have them raise your taxes 5% to pay for all that extra security?
 
kju1 said:
Easy to bypass. Bring a tiny camera in and take pictures of the source code. There is always a way.
Click to expand...

And quite frankly they should only be releasing source to the current ticket or task they are working on. There should be a limited access system in place so they can't get access to the whole enchilada. I sure and hell don't get access to everything, and I'm one of their best programmers on a non-classified system. It's easy to wipe code when the ticket is declared "closed"

Basic
Simple
Easy

And I figured them out in 10 seconds.
 
DigitalGriffin said:
And quite frankly they should only be releasing source to the current ticket or task they are working on. There should be a limited access system in place so they can't get access to the whole enchilada. I sure and hell don't get access to everything, and I'm one of their best programmers on a non-classified system. It's easy to wipe code when the ticket is declared "closed"
Click to expand...

And if youre so good you mean to tell me that you couldnt find away around just about any security control in place? I dont buy it.
 
kju1 said:
Camera with half shifting polarizer on it. Or camera held up to glasses. or printing the file out and walking out with it (*cough* reality winner *cough*) How far you want to go down this rabbit hole? Every measure you come up with a determined actor can find a way around.

I am all for having tight security but you just cant mitigate everything. If they could I am sure they would. But these things cost time and money...would you have them raise your taxes 5% to pay for all that extra security?
Click to expand...

Printing of files is also forbidden for obvious reasons. Very few programmers print code any more with the advent of multiple monitors and improved comparison software.

And holding your glasses up to a camera would be obvious. But if you wanted to get really fancy, you could prevent that from happening on the computer side as well.
 
kju1 said:
And if youre so good you mean to tell me that you couldnt find away around just about any security control in place? I dont buy it.
Click to expand...

Sure if security controls are lax, I could install a virus on a workstation that does have access. But we are told to lock our workstations when we walk away, and they auto lock with 1 minute inactivity.
 
DigitalGriffin said:
Printing of files is also forbidden for obvious reasons.
And holding your glasses up to a camera would be obvious. But if you wanted to get really fancy, you could prevent that from happening on the computer side as well.
Click to expand...

So everyone needs to be chained to their desk. With someone watching them even when they pee. With copy and paste disabled and no way to eat. Got it.

EDIT: I call BS on the computer locking in one minute. You would have it locking ALL freaking day on you when you sit at your desk even if you stop to take a drink of coffee. Try more like 5.
 
kju1 said:
So everyone needs to be chained to their desk. With someone watching them even when they pee. With copy and paste disabled and no way to eat. Got it.
Click to expand...

You work with a nuclear bomb, sometimes that's your only option. I can't even put an unauthorized device with an unknown MAC on the network like a switch.
 
kju1 said:
So everyone needs to be chained to their desk. With someone watching them even when they pee. With copy and paste disabled and no way to eat. Got it.

EDIT: I call BS on the computer locking in one minute. You would have it locking ALL freaking day on you when you sit at your desk even if you stop to take a drink of coffee. Try more like 5.
Click to expand...

Guess what, we do. We even have posters up of no-nos. Like leaving sensitive sales material laying on your desk. No open screens, physically (kingston) unlocked computers, etc etc. We even have encryption on our drives if someone tries to steal them straight from the computer.
 
DigitalGriffin said:
You work with a nuclear bomb, sometimes that's your only option. I can't even put an unauthorized device with an unknown MAC on the network like a switch.
Click to expand...

Bullshit. If you worked with nuclear bombs it wouldnt be unclassified.
 
kju1 said:
Bullshit. If you worked with nuclear bombs it wouldnt be unclassified.
Click to expand...

It was a simile for the weapons work the government does. But we are very security focused here.
 
DigitalGriffin said:
It was a simile for the weapons work the government does. But we are very security focused here.
Click to expand...

Yeha I dont buy it. Too many inconsistencies. First you say you are "one of the best programmers on their nonclassified systems" then you say you work with nuclear bombs. Then you edit a post to say you dont leave sales material laying around on your desk etc etc.

Have fun pretending youre better than entire nation states. Im done talking to the wall.
 
kju1 said:
Yeha I dont buy it. Too many inconsistencies. First you say you are "one of the best programmers on their nonclassified systems" then you say you work with nuclear bombs. Then you edit a post to say you dont leave sales material laying around on your desk etc etc.

Have fun pretending youre better than entire nation states. Im done talking to the wall.
Click to expand...

I never claimed I worked with nuclear bombs. I'm saying the government is the one creating these bombs, as such they need personal responsibility and be more careful. These aren't fucking toys.

I'm done with someone who takes no personal responsibility. The very problem with modern government. As it says here at work, "Security is everyone's job"
 
kju1 said:
Is that sarcasm? I dont see how this is their fault. Something they built to exploit our enemies (well within their mission parameters) was effectively stolen and is now being used for nefarious purposes...so remind me again why this is their fault?
Click to expand...

317.png


just gonna nope right out of that exchange.
 
Montu said:
This sucker shouldn't be able to mess with your servers if you have them appropriately patched and if you have your firewall rules set properly. However, expect hackers to continue to leverage the NSA exploits and build better and better malware. Thanks again NSA.
Click to expand...

I just want to know who these morons are running unpatched servers...
 
Zarathustra[H] said:
I just want to know who these morons are running unpatched servers...
Click to expand...

It doesn't have to be servers. Old network printers can run SMBv1. Those type of devices never get updates. Everyone thinks "It's a printer, what harm could it do?" Let me rephrase that, "It's a computer with network access that has access to printer hardware" Another case in point: Those very popular network cams from years ago with hard coded root admin passwords. Many of them still don't have updates.
 
DigitalGriffin said:
It doesn't have to be servers. Old network printers can run SMBv1. Those type of devices never get updates. Everyone thinks "It's a printer, what harm could it do?" Let me rephrase that, "It's a computer with network access that has access to printer hardware" Another case in point: Those very popular network cams from years ago with hard coded root admin passwords. Many of them still don't have updates.
Click to expand...


True, but printers usually don't use publicly facing IP addresses, and no one is browsing shady websites on them.

If they are getting infected, someone is already inside your firewall...
 
  • Like
Reactions: kju1
like this
kju1 said:
Is that sarcasm? I dont see how this is their fault. Something they built to exploit our enemies (well within their mission parameters) was effectively stolen and is now being used for nefarious purposes...so remind me again why this is their fault?
Click to expand...
National Security Agency
 
You must log in or register to reply here.
Back
Top