NSA Software Fuels Rise in Crypto Mining Malware

Discussion in '[H]ard|OCP Front Page News' started by AlphaAtlas, Sep 19, 2018.

  1. AlphaAtlas

    AlphaAtlas Gawd Staff Member

    Messages:
    557
    Joined:
    Mar 3, 2018
    The Cyber Threat Alliance claims that a software tool leaked from the NSA is fueling a massive rise in cryptocurrency mining malware. The cyber-security experts claim they detected a "459 percent increase in the past year of illicit crypto mining," and point to leaked NSA software called "EternalBlue" as a major contributing factor. Even though patches for this malware were released over a year ago, organizations across the world are still being victimized, the researchers say. Most of the malware mines Monero, which is extremely difficult for investigators to track.

    "Illicit mining is the 'canary in the coal mine' of cybersecurity threats," he said. "If illicit cryptocurrency mining is taking place on your network, then you most likely have worse problems and we should consider the future of illicit mining as a strategic threat."
     
  2. Twisted Kidney

    Twisted Kidney 2[H]4U

    Messages:
    3,170
    Joined:
    Mar 18, 2013
    There's a saying about the road to hell and good intentions.
     
    triwolf and griff30 like this.
  3. LanceDiamond

    LanceDiamond Limp Gawd

    Messages:
    361
    Joined:
    Oct 11, 2005
    Make sure your tires are full of good intentions before heading out onto the road to Hell? :p
     
    DigitalGriffin likes this.
  4. clockdogg

    clockdogg Gawd

    Messages:
    593
    Joined:
    Dec 12, 2007
    Nah. That's the job of the lowest-bidder paving company. :D
     
  5. DigitalGriffin

    DigitalGriffin [H]ardness Supreme

    Messages:
    4,806
    Joined:
    Oct 14, 2004
    Can't say I told ya so years ago but...

    I told ya so.

    The leaders of these programs are children with toys whom don't understand the implications or choose to ignore them.
     
  6. thebufenator

    thebufenator Gawd

    Messages:
    1,005
    Joined:
    Dec 8, 2004
    Better let only the rooskies do the hacking.
     
  7. Mega6

    Mega6 Gawd

    Messages:
    1,012
    Joined:
    Aug 13, 2017
    Leaked NSA Hacks, the gift that keeps on giving.
     
  8. DigitalGriffin

    DigitalGriffin [H]ardness Supreme

    Messages:
    4,806
    Joined:
    Oct 14, 2004
    Two wrongs doesn't make a right. And we still have nukes as a deterrent.
     
  9. thebufenator

    thebufenator Gawd

    Messages:
    1,005
    Joined:
    Dec 8, 2004
    That's not how any of this works.
     
  10. [21CW]killerofall

    [21CW]killerofall Aliens...

    Messages:
    2,723
    Joined:
    Mar 16, 2006
    And governments want built in back doors in everything. No way that could ever end up being abused or discovered by someone else and exploited :rolleyes:.
     
  11. DigitalGriffin

    DigitalGriffin [H]ardness Supreme

    Messages:
    4,806
    Joined:
    Oct 14, 2004
    Yes
    I realize Russia and china are going to hack and steal. You set up honey pots and neutralize them after monitoring them.

    But it was written into usa policy long ago that any attack on our infrastructure was considered an act of war.

    But to be honest it would do us all better if freaking DARPA would invent 2 new networking standards using existing hardware that are much harder to hack. one for private (ie:boeing) and one for military (ie: air force) Tcp/IP, smtp, http, ftp, udp are protocols that should never be used on secure systems. There's no verification of source and Target. Just a bunch of hops through nodes.

    Isolation isn't working because users are idiots

    Our own stupid fault.
     
    Last edited: Sep 20, 2018
    BSmith likes this.
  12. Mega6

    Mega6 Gawd

    Messages:
    1,012
    Joined:
    Aug 13, 2017
    Honepots only work on Amateur hackers, not the prios.

    Maybe a while ago, but it is public knowledge hackers have embeded hacks into our Infrastructure - Just like we have on them.


    DARPA is not a magic box that can just crank out new novel ideas, it takes many years and many misses to come up with crazy ideas that actually work.

    Agreed, partially. Where is our "Off the Grid" network to manage infrastructure connectivity? In the end, just too expensive as well.
     
  13. thebufenator

    thebufenator Gawd

    Messages:
    1,005
    Joined:
    Dec 8, 2004
    Don't forget that regardless of networking protocols, software application ride on them. And software always has a weakness.
     
  14. DigitalGriffin

    DigitalGriffin [H]ardness Supreme

    Messages:
    4,806
    Joined:
    Oct 14, 2004
    By effectively crippling standard protocols like TCP/IP and limiting ports, then the software you can run effectively drops to 0. For software that does require these protocols, effectively wrap each packet and only send them to verified white list. And nothing is allowed to go outside that white list in an unwrapped form. The communication wrapper would be encrypted using 4096 bit challenge response cipher key.

    Everything that needs to go outside the network on standard protocols has to pass through a gateway where it gets transferred to transferable storage and it gets logged which white list machine made the request and which user. Obviously live communication to an outside network would be a serious no-no. Every desk would have two computers classified for each.


    If you look at most windows networking services, that vast majority of them aren't needed. Even a number of linux daemons/services can be neutered.
     
  15. DigitalGriffin

    DigitalGriffin [H]ardness Supreme

    Messages:
    4,806
    Joined:
    Oct 14, 2004
    Honeypots can exist on any subnet. And it would be easy to install them on any defense contractor. Honeypots were also highly effective in the 80's. We intentionally sabotaged engineering plans for infrastructure pieces and let them be picked off by USSR (back then.)

    There have been cyber and physical pokes at our infrastructure. And warnings of attempts to get past security for control systems. Obviously all the control systems for things like power are highly classified. And I know power plant computers have been compromised. But none of the compromised plant computers were critical to infrastructure. They are isolated. (AFAIK) This is one of the reasons why nuclear facilities are hack proof. Their controls all have manual overrides, and are read only. Security through archiac primitive systems. It's the reason our nuclear missile system is so secure. Isolated systems with human intervention required and two part verification.



    They do spend an amazing amount of money. But we don't see any headlines about network defenses do we? Why is that? At least they could say they are working on it and we have $XYZ dollars allocated to it.



    Expensive is a country brought to it's knees by a nuclear meltdown or a destroyed grid, or a pesticide plant where safety valves are opened, or a fuel refinery that blows up.

    The fixes are cheap by comparison.

    Now don't get me wrong, I'm not against the military from using cyber warfare techniques out on the battle field. But when those methods endanger American companies and citizens, I'm not exactly pleased.

    I know they classify these hacks as to their possibility of being found out by others. Well Eternal flame was never supposed to be found, and guess what happened?

    Unfortunately good new hacks are always on the rise with new features. (ie: Intels Management Engine code) Reading tech literature on new releases, or looking at patents for design details always yields new hacks. Also testing APIs with bogus parameters also works. Sheer stupidity on both sides really.
     
  16. Mega6

    Mega6 Gawd

    Messages:
    1,012
    Joined:
    Aug 13, 2017
    In the '80 honeypots worked. I dont believe they are nearly as effective as they once were. I've set up a few and their signatures are easily detected. The amount of effort to setup a custom honeypot appears to be prohibitive when compared to the actual "return value".

    I would't be so sure that our critical systems are not compromised, we only know what we have found and what we have been told. Do you really think we would admit to our critical infrastructure is already compromised? No of course not, that would mean people in counter-intelligence would lose their jobs at the very least. Our only saving grace is that we have a finger on the button to wreak havoc on Russian infastructure on a moments notice. Et la Nuclear Deterrent - now an Infrastructure Cyber-Attack Deturrent,

    The public and congress s too naive and technologically uneducated to understand the core issue or care enough. DARPA funding is BlackBox so it is mostly classified.

    Agreed, but the upfront cost of an isolated network is the inhibitor. Foolproof secure encryption we have already fallen behind as the chinese have already lofted a satellite with unbreakable quantum encryption.

    A core issue is that in a democracy, after every election - the goals change. In a top down directed government such as china or russia, the goals DON'T change. They are in for the long-haul and the USA will continue down it's short sited path. Take NASA for instance - look how the changing goals have paralyzed that agency since the "land on the moon" goal was realized.
     
  17. DigitalGriffin

    DigitalGriffin [H]ardness Supreme

    Messages:
    4,806
    Joined:
    Oct 14, 2004
    It's easy. Each and every command issued to a device (ie: Substation) has a rolling checksum code. The machine that issues these commands should have the same rolling checksum code. The rolling code is generated by external read only hardware that runs a Burned ROM. If they don't match, you know someone injected something somewhere. There are other easy effective counter measures. For example, FLASH/PROM modification verification by a ROM with specialized digital signatures. You verify the new FLASH externally before you flip the switch enabling it.

    Simple solution similar to a block chain or XOR checksums from days gone by.


    I agree this is part of the problem. Most on the hill are technologically illiterate. Also the same reason I don't trust them to understand the policies they put into place with the Patriot Act and it's variants. "To understand what's in the the bill, we first have to pass it." (I know that's ACA, but you get where I'm coming from)
     
  18. Mega6

    Mega6 Gawd

    Messages:
    1,012
    Joined:
    Aug 13, 2017
    Are your referring to a aka "rolling hash"?
     
  19. DigitalGriffin

    DigitalGriffin [H]ardness Supreme

    Messages:
    4,806
    Joined:
    Oct 14, 2004
    It's a bit more than a rolling Hash, but yes.

    The weakness in this system is the host computer that issues the command isn't compromised. But a good systems designer should properly isolate it so this doesn't happen.
     
  20. Mega6

    Mega6 Gawd

    Messages:
    1,012
    Joined:
    Aug 13, 2017

    had to re-read your original post, got it. Interesting fix idea. Maybe we will get off our duff and invest more into quantum bit based security. With 1.4 billion people, china has the edge in engineering by sheer numbers, though talent with original ideas is questionable. Hacking and stealing appear to be making up for it but I am veering way off topic now.