Tag Archives: Hacking

Every Keystroke on Every Device Is Logged Somewhere, by Sandra D. Lane

Everything you do on communications and computer devices is recorded, and hacking is ubiquitous. There are, however, ways to at least partially protect yourself. From Sandra D. Lane at theorganicprepper.com:

This isn’t supposition, or assumption, or even an opinion. It’s a fact.

If you have the minimum of a standard smartphone and/or leave your house at any time, what you say, what you type, what you do, is being listened to, recorded, monitored, and analyzed by software, technology, people, or all of the above. Cameras in the phone, virtual assistants, GPS (Global Positioning System) tracking, traffic cameras, store cameras, otherpeople’s phones, cameras and recording devices, dash cams, body cams, and even satellite and drone cameras, all watch, listen, and monitor what we do. And that’s just the tip of the iceberg.

Electronic anything is monitored and recorded. Every keystroke on a phone, every letter and number on a tablet, every ad clicked on a laptop or notebook, every site visited on any computer device, every subject entered on every single search engine ever created, is logged and held forever waiting for someone to request that information. Or to hack it. Even DuckDuckGo (which has been quietly added as a search engine option for Google).

Continue reading→

 

In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc, by Nicole Periroth and Scott Shane

The NSA won’t even admit that a trick has been stolen from its bag of tricks, but it’s playing hell with a number of local governments. From Nicole Periroth and Scott Shane at nytimes.com:

The National Security Agency headquarters in Maryland. A leaked N.S.A. cyberweapon, EternalBlue, has caused billions of dollars in damage worldwide. A recent attack took place in Baltimore, the agency’s own backyard.CreditCreditJim Lo Scalzo/EPA, via REX, via Shutterstock

For nearly three weeks, Baltimore has struggled with a cyberattack by digital extortionists that has frozen thousands of computers, shut down email and disrupted real estate sales, water bills, health alerts and many other services.

But here is what frustrated city employees and residents do not know: A key component of the malware that cybercriminals used in the attack was developed at taxpayer expense a short drive down the Baltimore-Washington Parkway at the National Security Agency, according to security experts briefed on the case.

Since 2017, when the N.S.A. lost control of the tool, EternalBlue, it has been picked up by state hackers in North Korea, Russia and, more recently, China, to cut a path of destruction around the world, leaving billions of dollars in damage. But over the past year, the cyberweapon has boomeranged back and is now showing up in the N.S.A.’s own backyard.

It is not just in Baltimore. Security experts say EternalBlue attacks have reached a high, and cybercriminals are zeroing in on vulnerable American towns and cities, from Pennsylvania to Texas, paralyzing local governments and driving up costs.

Continue reading→

 

The Looming Crisis You’re Not Hearing About, by Jim Rickards

It doesn’t get much press, but America’s infrastructure is exquisitely vulnerable to hacking and other malfeasance. From Jim Rickards at dailyreckoning.com:

All the talk about Russian tampering with the 2016 presidential election, which is vastly overstated by the way, diverts attention from the more fundamental problem:

The vulnerability of America’s critical infrastructure to cyberattack by hostile actors.

When I say critical infrastructure, I mean the power grid, hydroelectric systems, nuclear power plants, energy pipelines, railroads, air traffic control systems, internet and stock exchanges.

These are large, complex systems that affect the entire country. And they are computerized and automated like never before. The scale and degree of interconnectedness are increasing, which creates great vulnerabilities.

If any of them fail, it could lead to massive disruptions, panic and social unrest.

Look at the chaos that followed Hurricane Katrina in 2005, for example. That was an interesting case study in what I call the veneer of civilization and how quickly it can break down under emergency conditions.

Imagine what would happen, for example, if a virus implanted in the control system of a hydroelectric dam opened floodgates to inundate downstream targets, killing thousands by drowning and destroying bridges, roads and agriculture.

Meanwhile, hackers have targeted nuclear power plants. Last year alone, government sources say a dozen U.S. nuclear power plants were targeted, possibly by Russian hackers.

Now, the operations of most nuclear power plants use older analog systems, so they aren’t vulnerable to cyberattacks. They aren’t connected to the net. It’s one case where older and less sophisticated is better.

But hackers are extremely creative, and increasing digitization of these plants could allow hackers backdoor entry points into critical operating systems. I don’t need to spell out the possibilities.

Or think of what would happen if the power grid went down for an extended stretch. Imagine what it would mean for air travel if air traffic control systems were down for a long period.

That’s just for starters.

To continue reading: The Looming Crisis You’re Not Hearing About

The Cost Of Arrogance, by Karl Denninger

The computer security infrastructure is riddled with holes. What happened with WannaCry this past weekend will happen again and again, and future incidents will be even more serious. From Karl Denninger at theburningplatform.com:

I hate having to use this….

smiley

It wasn’t that long ago that I wrote a few articles on the hubris of our government thinking they were the smartest people in the room when it came to computer hacking.  I pointed out that while we undoubtedly have very smart people working for the NSA and other three-letter agencies so do other nations and their people, along with “unaffiliated” folks who are just plain old-fashioned troublemakers, are equally smart.

Indeed, that was the focus of an article from 10/2014 in relation to one of Comey’s brain-farts in which he implored Congress to basically force back doors into US-made equipment and software.

Now we get treated to the outcome without the force first, because the NSA was writing that code anyway and a group of crooks got their hands on it, perverted it to force cryptolocker software on computers and is spamming it all over the globe.

 How did they get their hands on it?  That’s the subject of much debate. Many are pointing to the “all Russians, all the time” narrative run by many in the so-called “security industry” (including some who have been caught lying in the past) along with half the left-leaning idiocracy parade that makes up most of the mainstream media punditry.
A more-plausible explanation is that it was an inside job, although in reality it doesn’t matter because the entire point is that no matter how good you are someone’s equal or better and thus whether they work for you or someone else it only takes one such person with their own motives and you’re toast.
What we do know is that the “weaponization” of this apparent NSA code took mere hours after the password to the encrypted archive was posted publicly.
There’s another key point here though that nobody in the media is talking about and yet it’s the key point when it comes to this particular aspect of cybersecurity:

I have also said repeatedly that nobody in their right mind runs “packaged” software, say much less “cloud based” software, for critical system purposes from places like Microsoft or any of the other big vendors.  Why?  Because there are too many damned cooks in the kitchen, too many of them are incompetent and will drop a rat in the stew pot whether on accident or otherwise and too many shortcuts will be taken.

To continue reading: The Cost of Arrogance

WikiLeaks Reveals “Marble”: Proof CIA Disguises Their Hacks As Russian, Chinese, Arabic… by Tyler Durden

The latest from Wikileaks documents CIA hacking practices, particularly its ability to disguise its hacks. From  Tyler Durden at zerohedge.com:

WikiLeaks’ latest Vault 7 release contains a batch of documents, named ‘Marble’, which detail CIA hacking tactics and how they can misdirect forensic investigators from attributing viruses, trojans and hacking attacks to their agency by inserted code fragments in foreign languages. The tool was in use as recently as 2016. Per the WikiLeaks release:

“The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, — but there are other possibilities, such as hiding fake error messages.”

 

Follow
WikiLeaks ✔@wikileaks
RELEASE: CIA Vault 7 part 3 “Marble” https://wikileaks.org/vault7/?marble#Marble%20Framework … #Vault7
2:58 AM – 31 Mar 2017
3,110 3,110 Retweets 2,862 2,862 likes

The latest release is said to potentially allow for ‘thousands’ of cyber attacks to be attributed to the CIA which were originally blamed on foreign governments.

WikiLeaks said Marble hides fragments of texts that would allow for the author of the malware to be identified. WikiLeaks stated the technique is the digital equivalent of a specialized CIA tool which disguises English language text on US produced weapons systems before they are provided to insurgents.

It’s “designed to allow for flexible and easy-to-use obfuscation” as “string obfuscation algorithms” often link malware to a specific developer, according to the whistleblowing site.

The source code released reveals Marble contains test examples in Chinese, Russian, Korean, Arabic and Farsi.

To continue reading: WikiLeaks Reveals “Marble”: Proof CIA Disguises Their Hacks As Russian, Chinese, Arabic…

US Intel Vets Dispute Russia Hacking Claims, by Veteran Intelligence Agents for Sanity

According to this group of intelligence professionals, if the DNC was actually hacked, the NSA would know about it and who did it. Because the NSA has not come forward, it points to the probability of a leak, rather than a hack, that led to the WikiLeaks leaks. The leaks could have come from a DNC insider, or from an intelligence agency or the FBI, but it couldn’t have come from Russia. From VIPS at consortiumnews.com:

As the hysteria about Russia’s alleged interference in the U.S. election grows, a key mystery is why U.S. intelligence would rely on “circumstantial evidence” when it has the capability for hard evidence, say U.S. intelligence veterans.

Veteran Intelligence Professionals for Sanity

MEMORANDUM

Allegations of Hacking Election Are Baseless

A New York Times report on Monday alluding to “overwhelming circumstantial evidence” leading the CIA to believe that Russian President Vladimir Putin “deployed computer hackers with the goal of tipping the election to Donald J. Trump” is, sadly, evidence-free. This is no surprise, because harder evidence of a technical nature points to an inside leak, not hacking – by Russians or anyone else.

Monday’s Washington Post reports that Sen. James Lankford, R-Oklahoma, a member of the Senate Intelligence Committee, has joined other senators in calling for a bipartisan investigation of suspected cyber-intrusion by Russia. Reading our short memo could save the Senate from endemic partisanship, expense and unnecessary delay.

In what follows, we draw on decades of senior-level experience – with emphasis on cyber-intelligence and security – to cut through uninformed, largely partisan fog. Far from hiding behind anonymity, we are proud to speak out with the hope of gaining an audience appropriate to what we merit – given our long labors in government and other areas of technology. And corny though it may sound these days, our ethos as intelligence professionals remains, simply, to tell it like it is – without fear or favor.

We have gone through the various claims about hacking. For us, it is child’s play to dismiss them. The email disclosures in question are the result of a leak, not a hack. Here’s the difference between leaking and hacking:

Leak: When someone physically takes data out of an organization and gives it to some other person or organization, as Edward Snowden and Chelsea Manning did.

Hack: When someone in a remote location electronically penetrates operating systems, firewalls or any other cyber-protection system and then extracts data.

All signs point to leaking, not hacking. If hacking were involved, the National Security Agency would know it – and know both sender and recipient.

In short, since leaking requires physically removing data – on a thumb drive, for example – the only way such data can be copied and removed, with no electronic trace of what has left the server, is via a physical storage device.

To continue reading: US Intel Vets Dispute Russia Hacking Claims

Did the Russians Hack Hillary? by Andrew P. Napolitano

The infamous Democratic emails weren’t hacked, by Wikileaks, the Russians, or anyone else, they were leaked. From Andrew P. Napolitano at antiwar.com:

Earlier this week, leaders of the Democratic National Committee and former officials of Hillary Clinton’s presidential campaign made the startling allegation that the Russian government hacked into Clinton’s colleagues’ email accounts to tilt the presidential election toward Donald Trump. They even pointed to statements made by CIA officials backing their allegations.

President-elect Trump has characterized these claims as “ridiculous” and just an “excuse” to justify the Clinton defeat, saying they’re also intended to undermine the legitimacy of his election. He pointed to FBI conclusions that the CIA is wrong. Who’s right?

Here is the back story.

The American intelligence community rarely speaks with one voice. The members of its 17 publicly known intelligence agencies – God only knows the number of secret agencies – have the same biases, prejudices, jealousies, intellectual shortcomings and ideological underpinnings as the public at large.

The raw data these agencies examine is the same. Today America’s spies rarely do their own spying; rather, they rely on the work done by the National Security Agency. We know that from the Edward Snowden revelations. We also know from Snowden that the NSA can monitor and identify all digital communications within the United States, coming into the United States and leaving the United States. Hence, it would be foolhardy and wasteful to duplicate that work. There is quite simply no fiber-optic cable anywhere in the country transmitting digital data to which the NSA does not have full-time and unfettered access.

To continue reading: Did the Russians Hack Hillary?