NSA Software Fuels Rise in Crypto Mining Malware

AlphaAtlas

[H]ard|Gawd
Staff member
Joined
Mar 3, 2018
Messages
1,713
The Cyber Threat Alliance claims that a software tool leaked from the NSA is fueling a massive rise in cryptocurrency mining malware. The cyber-security experts claim they detected a "459 percent increase in the past year of illicit crypto mining," and point to leaked NSA software called "EternalBlue" as a major contributing factor. Even though patches for this malware were released over a year ago, organizations across the world are still being victimized, the researchers say. Most of the malware mines Monero, which is extremely difficult for investigators to track.

"Illicit mining is the 'canary in the coal mine' of cybersecurity threats," he said. "If illicit cryptocurrency mining is taking place on your network, then you most likely have worse problems and we should consider the future of illicit mining as a strategic threat."
 
D

Deleted member 93354

Guest
Can't say I told ya so years ago but...

I told ya so.

The leaders of these programs are children with toys whom don't understand the implications or choose to ignore them.
 
Joined
Mar 16, 2006
Messages
4,002
And governments want built in back doors in everything. No way that could ever end up being abused or discovered by someone else and exploited :rolleyes:.
 
D

Deleted member 93354

Guest
That's not how any of this works.
Yes
I realize Russia and china are going to hack and steal. You set up honey pots and neutralize them after monitoring them.

But it was written into usa policy long ago that any attack on our infrastructure was considered an act of war.

But to be honest it would do us all better if freaking DARPA would invent 2 new networking standards using existing hardware that are much harder to hack. one for private (ie:boeing) and one for military (ie: air force) Tcp/IP, smtp, http, ftp, udp are protocols that should never be used on secure systems. There's no verification of source and Target. Just a bunch of hops through nodes.

Isolation isn't working because users are idiots

Our own stupid fault.
 
Last edited by a moderator:

Mega6

2[H]4U
Joined
Aug 13, 2017
Messages
3,556
Yes
I realize Russia and china are going to hack and steal. You set up honey pots and neutralize them after monitoring them.
Honepots only work on Amateur hackers, not the prios.

But it was written into usa policy long ago that any attack on our infrastructure was considered an act of war.
Maybe a while ago, but it is public knowledge hackers have embeded hacks into our Infrastructure - Just like we have on them.


But to be honest it would do us all better if freaking DARPA would invent 2 new networking standards using existing hardware that are much harder to hack. one for private (ie:boeing) and one for military (ie: air force) Tcp/IP, smtp, http, ftp, udp are protocols that should never be used on secure systems. There's no verification of source and Target. Just a bunch of hops through nodes.

DARPA is not a magic box that can just crank out new novel ideas, it takes many years and many misses to come up with crazy ideas that actually work.

Isolation isn't working because users are idiots

Our own stupid fault.

Agreed, partially. Where is our "Off the Grid" network to manage infrastructure connectivity? In the end, just too expensive as well.
 

thebufenator

[H]ard|Gawd
Joined
Dec 8, 2004
Messages
1,367
Don't forget that regardless of networking protocols, software application ride on them. And software always has a weakness.
 
D

Deleted member 93354

Guest
Don't forget that regardless of networking protocols, software application ride on them. And software always has a weakness.

By effectively crippling standard protocols like TCP/IP and limiting ports, then the software you can run effectively drops to 0. For software that does require these protocols, effectively wrap each packet and only send them to verified white list. And nothing is allowed to go outside that white list in an unwrapped form. The communication wrapper would be encrypted using 4096 bit challenge response cipher key.

Everything that needs to go outside the network on standard protocols has to pass through a gateway where it gets transferred to transferable storage and it gets logged which white list machine made the request and which user. Obviously live communication to an outside network would be a serious no-no. Every desk would have two computers classified for each.


If you look at most windows networking services, that vast majority of them aren't needed. Even a number of linux daemons/services can be neutered.
 
D

Deleted member 93354

Guest
Honepots only work on Amateur hackers, not the prios.

Honeypots can exist on any subnet. And it would be easy to install them on any defense contractor. Honeypots were also highly effective in the 80's. We intentionally sabotaged engineering plans for infrastructure pieces and let them be picked off by USSR (back then.)

Maybe a while ago, but it is public knowledge hackers have embeded hacks into our Infrastructure - Just like we have on them.
There have been cyber and physical pokes at our infrastructure. And warnings of attempts to get past security for control systems. Obviously all the control systems for things like power are highly classified. And I know power plant computers have been compromised. But none of the compromised plant computers were critical to infrastructure. They are isolated. (AFAIK) This is one of the reasons why nuclear facilities are hack proof. Their controls all have manual overrides, and are read only. Security through archiac primitive systems. It's the reason our nuclear missile system is so secure. Isolated systems with human intervention required and two part verification.



DARPA is not a magic box that can just crank out new novel ideas, it takes many years and many misses to come up with crazy ideas that actually work.

They do spend an amazing amount of money. But we don't see any headlines about network defenses do we? Why is that? At least they could say they are working on it and we have $XYZ dollars allocated to it.



Agreed, partially. Where is our "Off the Grid" network to manage infrastructure connectivity? In the end, just too expensive as well.

Expensive is a country brought to it's knees by a nuclear meltdown or a destroyed grid, or a pesticide plant where safety valves are opened, or a fuel refinery that blows up.

The fixes are cheap by comparison.

Now don't get me wrong, I'm not against the military from using cyber warfare techniques out on the battle field. But when those methods endanger American companies and citizens, I'm not exactly pleased.

I know they classify these hacks as to their possibility of being found out by others. Well Eternal flame was never supposed to be found, and guess what happened?

Unfortunately good new hacks are always on the rise with new features. (ie: Intels Management Engine code) Reading tech literature on new releases, or looking at patents for design details always yields new hacks. Also testing APIs with bogus parameters also works. Sheer stupidity on both sides really.
 

Mega6

2[H]4U
Joined
Aug 13, 2017
Messages
3,556
Honeypots can exist on any subnet. And it would be easy to install them on any defense contractor. Honeypots were also highly effective in the 80's. We intentionally sabotaged engineering plans for infrastructure pieces and let them be picked off by USSR (back then.)
In the '80 honeypots worked. I dont believe they are nearly as effective as they once were. I've set up a few and their signatures are easily detected. The amount of effort to setup a custom honeypot appears to be prohibitive when compared to the actual "return value".

There have been cyber and physical pokes at our infrastructure. And warnings of attempts to get past security for control systems. Obviously all the control systems for things like power are highly classified. And I know power plant computers have been compromised. But none of the compromised plant computers were critical to infrastructure. They are isolated. (AFAIK) This is one of the reasons why nuclear facilities are hack proof. Their controls all have manual overrides, and are read only. Security through archiac primitive systems. It's the reason our nuclear missile system is so secure. Isolated systems with human intervention required and two part verification.
I would't be so sure that our critical systems are not compromised, we only know what we have found and what we have been told. Do you really think we would admit to our critical infrastructure is already compromised? No of course not, that would mean people in counter-intelligence would lose their jobs at the very least. Our only saving grace is that we have a finger on the button to wreak havoc on Russian infastructure on a moments notice. Et la Nuclear Deterrent - now an Infrastructure Cyber-Attack Deturrent,

They do spend an amazing amount of money. But we don't see any headlines about network defenses do we? Why is that? At least they could say they are working on it and we have $XYZ dollars allocated to it.
The public and congress s too naive and technologically uneducated to understand the core issue or care enough. DARPA funding is BlackBox so it is mostly classified.

Expensive is a country brought to it's knees by a nuclear meltdown or a destroyed grid, or a pesticide plant where safety valves are opened, or a fuel refinery that blows up.

The fixes are cheap by comparison.

Agreed, but the upfront cost of an isolated network is the inhibitor. Foolproof secure encryption we have already fallen behind as the chinese have already lofted a satellite with unbreakable quantum encryption.

A core issue is that in a democracy, after every election - the goals change. In a top down directed government such as china or russia, the goals DON'T change. They are in for the long-haul and the USA will continue down it's short sited path. Take NASA for instance - look how the changing goals have paralyzed that agency since the "land on the moon" goal was realized.
 
D

Deleted member 93354

Guest
In the '80 honeypots worked. I dont believe they are nearly as effective as they once were. I've set up a few and their signatures are easily detected. The amount of effort to setup a custom honeypot appears to be prohibitive when compared to the actual "return value".


I would't be so sure that our critical systems are not compromised, we only know what we have found and what we have been told. Do you really think we would admit to our critical infrastructure is already compromised? No of course not, that would mean people in counter-intelligence would lose their jobs at the very least. Our only saving grace is that we have a finger on the button to wreak havoc on Russian infastructure on a moments notice. Et la Nuclear Deterrent - now an Infrastructure Cyber-Attack Deturrent,

It's easy. Each and every command issued to a device (ie: Substation) has a rolling checksum code. The machine that issues these commands should have the same rolling checksum code. The rolling code is generated by external read only hardware that runs a Burned ROM. If they don't match, you know someone injected something somewhere. There are other easy effective counter measures. For example, FLASH/PROM modification verification by a ROM with specialized digital signatures. You verify the new FLASH externally before you flip the switch enabling it.

Simple solution similar to a block chain or XOR checksums from days gone by.


The public and congress s too naive and technologically uneducated to understand the core issue or care enough. DARPA funding is BlackBox so it is mostly classified.

I agree this is part of the problem. Most on the hill are technologically illiterate. Also the same reason I don't trust them to understand the policies they put into place with the Patriot Act and it's variants. "To understand what's in the the bill, we first have to pass it." (I know that's ACA, but you get where I'm coming from)
 

Mega6

2[H]4U
Joined
Aug 13, 2017
Messages
3,556
It's easy. Each and every command issued to a device (ie: Substation) has a rolling checksum code. The machine that issues these commands should have the same rolling checksum code. The rolling code is generated by external read only hardware that runs a Burned ROM. If they don't match, you know someone injected something somewhere. There are other easy effective counter measures. For example, FLASH/PROM modification verification by a ROM with specialized digital signatures. You verify the new FLASH externally before you flip the switch enabling it.

Simple solution similar to a block chain or XOR checksums from days gone by.

Are your referring to a aka "rolling hash"?
 
D

Deleted member 93354

Guest
Are your referring to a aka "rolling hash"?
It's a bit more than a rolling Hash, but yes.

The weakness in this system is the host computer that issues the command isn't compromised. But a good systems designer should properly isolate it so this doesn't happen.
 

Mega6

2[H]4U
Joined
Aug 13, 2017
Messages
3,556
It's a bit more than a rolling Hash, but yes.

The weakness in this system is the host computer that issues the command isn't compromised. But a good systems designer should properly isolate it so this doesn't happen.


had to re-read your original post, got it. Interesting fix idea. Maybe we will get off our duff and invest more into quantum bit based security. With 1.4 billion people, china has the edge in engineering by sheer numbers, though talent with original ideas is questionable. Hacking and stealing appear to be making up for it but I am veering way off topic now.
 
Top