Sadly, I know you're right. Okay, so it will change how some of us **look** at security and connectedness. But not everyone. And it won't do much to change enough behavior.
Maybe after enough of the right people go through 2 or 3 bouts of Identity Theft cleanup, something will happen. Maybe. Regards, *ASB* *http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker>* *Providing Expert Technology Consulting Services for the SMB market…* * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842 On Fri, Jun 23, 2017 at 1:47 PM, Michael B. Smith <mich...@smithcons.com> wrote: > While it SHOULD, I’m not convinced it will. > > > > Especially the millennial generation really doesn’t care about privacy. > They are happy to give up phone numbers, email addresses, physical > addresses online – not only their own, but also those of friends and > family. Because: ease of use. Look at Alexa and Echo. “Appliances” sitting > in the home that can hear every word said. > > > > It’s endemic. > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Andrew S. Baker > *Sent:* Friday, June 23, 2017 1:32 PM > *To:* ntsysadm > *Subject:* Re: [NTSysADM] Thank you, NSA... > > > > Our nation-state is not the only one creating problems like this. > > > > You have to believe that combination of nation-state actors with organized > crime is creating a situation that might become very unmanageable in the > near future, and almost certainly change the way we look at internet usage > and cybersecurity. > > > Regards, > > *ASB* > *http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker>* > > *Providing Expert Technology Consulting Services for the SMB market…* > > * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842 > > > > > > On Thu, Jun 22, 2017 at 11:01 PM, Kurt Buff <kurt.b...@gmail.com> wrote: > > https://www.nytimes.com/2017/06/22/technology/ransomware- > attack-nsa-cyberweapons.html > > A Cyberattack ‘the World Isn’t Ready For’ > > NEWARK — There have been times over the last two months when Golan > Ben-Oni has felt like a voice in the wilderness. > > On April 29, someone hit his employer, IDT Corporation, with two > cyberweapons that had been stolen from the National Security Agency. > Mr. Ben-Oni, the global chief information officer at IDT, was able to > fend them off, but the attack left him distraught. > > In 22 years of dealing with hackers of every sort, he had never seen > anything like it. Who was behind it? How did they evade all of his > defenses? How many others had been attacked but did not know it? > > Since then, Mr. Ben-Oni has been sounding alarm bells, calling anyone > who will listen at the White House, the Federal Bureau of > Investigation, the New Jersey attorney general’s office and the top > cybersecurity companies in the country to warn them about an attack > that may still be invisibly striking victims undetected around the > world. > > And he is determined to track down whoever did it. > > “I don’t pursue every attacker, just the ones that piss me off,” Mr. > Ben-Oni told me recently over lentils in his office, which was strewn > with empty Red Bull cans. “This pissed me off and, more importantly, > it pissed my wife off, which is the real litmus test.” > > Two weeks after IDT was hit, the cyberattack known as WannaCry ravaged > computers at hospitals in England, universities in China, rail systems > in Germany, even auto plants in Japan. No doubt it was destructive. > But what Mr. Ben-Oni had witnessed was much worse, and with all eyes > on the WannaCry destruction, few seemed to be paying attention to the > attack on IDT’s systems — and most likely others around the world. > > The strike on IDT, a conglomerate with headquarters in a nondescript > gray building here with views of the Manhattan skyline 15 miles away, > was similar to WannaCry in one way: Hackers locked up IDT data and > demanded a ransom to unlock it. > > But the ransom demand was just a smoke screen for a far more invasive > attack that stole employee credentials. With those credentials in > hand, hackers could have run free through the company’s computer > network, taking confidential information or destroying machines. > > Worse, the assault, which has never been reported before, was not > spotted by some of the nation’s leading cybersecurity products, the > top security engineers at its biggest tech companies, government > intelligence analysts or the F.B.I., which remains consumed with the > WannaCry attack. > > Were it not for a digital black box that recorded everything on IDT’s > network, along with Mr. Ben-Oni’s tenacity, the attack might have gone > unnoticed. > > Scans for the two hacking tools used against IDT indicate that the > company is not alone. In fact, tens of thousands of computer systems > all over the world have been “backdoored” by the same N.S.A. weapons. > Mr. Ben-Oni and other security researchers worry that many of those > other infected computers are connected to transportation networks, > hospitals, water treatment plants and other utilities. > > An attack on those systems, they warn, could put lives at risk. And > Mr. Ben-Oni, fortified with adrenaline, Red Bull and the house beats > of Deadmau5, the Canadian record producer, said he would not stop > until the attacks had been shut down and those responsible were behind > bars. > > “The world is burning about WannaCry, but this is a nuclear bomb > compared to WannaCry,” Mr. Ben-Oni said. “This is different. It’s a > lot worse. It steals credentials. You can’t catch it, and it’s > happening right under our noses.” > > And, he added, “The world isn’t ready for this.” > > Targeting the Nerve Center > > Mr. Ben-Oni, 43, a Hasidic Jew, is a slight man with smiling eyes, a > thick beard and a hacker’s penchant for mischief. He grew up in the > hills of Berkeley, Calif., the son of Israeli immigrants. > > Even as a toddler, Mr. Ben-Oni’s mother said, he was not interested in > toys. She had to take him to the local junkyard to scour for > typewriters that he would eventually dismantle on the living room > floor. As a teenager, he aspired to become a rabbi but spent most of > his free time hacking computers at the University of California, > Berkeley, where his exploits once accidentally took down Belgium’s > entire phone system for 15 minutes. > > To his parents’ horror, he dropped out of college to pursue his love > of hacking full time, starting a security company to help the city of > Berkeley and two nearby communities, Alameda and Novato, set up secure > computer networks. > > He had a knack for the technical work, but not the marketing, and > found it difficult to get new clients. So at age 19, he crossed the > country and took a job at IDT, back when the company was a low-profile > long-distance service provider. > > As IDT started acquiring and spinning off an eclectic list of > ventures, Mr. Ben-Oni found himself responsible for securing shale oil > projects in Mongolia and the Golan Heights, a “Star Trek” comic books > company, a project to cure cancer, a yeshiva university that trains > underprivileged students in cybersecurity, and a small mobile company > that Verizon recently acquired for $3.1 billion. > > Which is to say he has encountered hundreds of thousands of hackers of > every stripe, motivation and skill level. He eventually started a > security business, IOSecurity, under IDT, to share some of the > technical tools he had developed to keep IDT’s many businesses secure. > By Mr. Ben-Oni’s estimate, IDT experiences hundreds of attacks a day > on its businesses, but perhaps only four each year that give him > pause. > > Nothing compared to the attack that struck in April. Like the WannaCry > attack in May, the assault on IDT relied on cyberweapons developed by > the N.S.A. that were leaked online in April by a mysterious group of > hackers calling themselves the Shadow Brokers — alternately believed > to be Russia-backed cybercriminals, an N.S.A. mole, or both. > > The WannaCry attack — which the N.S.A. and security researchers have > tied to North Korea — employed one N.S.A. cyberweapon; the IDT assault > used two. > > Both WannaCry and the IDT attack used a hacking tool the agency had > code-named EternalBlue. The tool took advantage of unpatched Microsoft > servers to automatically spread malware from one server to another, so > that within 24 hours North Korea’s hackers had spread their ransomware > to more than 200,000 servers around the globe. > > The attack on IDT went a step further with another stolen N.S.A. > cyberweapon, called DoublePulsar. The N.S.A. used DoublePulsar to > penetrate computer systems without tripping security alarms. It > allowed N.S.A. spies to inject their tools into the nerve center of a > target’s computer system, called the kernel, which manages > communications between a computer’s hardware and its software. > > In the pecking order of a computer system, the kernel is at the very > top, allowing anyone with secret access to it to take full control of > a machine. It is also a dangerous blind spot for most security > software, allowing attackers to do what they want and go unnoticed. In > IDT’s case, attackers used DoublePulsar to steal an IDT contractor’s > credentials. Then they deployed ransomware in what appears to be a > cover for their real motive: broader access to IDT’s businesses. > > The N.S.A. campus in Fort Meade, Md. Tens of thousands of computer > systems, some of which could be connected to public utilities, have > been “backdoored” using the agency’s stolen cyberweapons. Patrick > Semansky/Associated Press > > Mr. Ben-Oni learned of the attack only when a contractor, working from > home, switched on her computer to find that all her data had been > encrypted and that attackers were demanding a ransom to unlock it. He > might have assumed that this was a simple case of ransomware. > > But the attack struck Mr. Ben-Oni as unique. For one thing, it was > timed perfectly to the Sabbath. Attackers entered IDT’s network at 6 > p.m. on Saturday on the dot, two and a half hours before the Sabbath > would end and when most of IDT’s employees — 40 percent of whom > identify as Orthodox Jews — would be off the clock. For another, the > attackers compromised the contractor’s computer through her home modem > — strange. > > The black box of sorts, a network recording device made by the Israeli > security company Secdo, shows that the ransomware was installed after > the attackers had made off with the contractor’s credentials. And they > managed to bypass every major security detection mechanism along the > way. Finally, before they left, they encrypted her computer with > ransomware, demanding $130 to unlock it, to cover up the more invasive > attack on her computer. > > Mr. Ben-Oni estimates that he has spoken to 107 security experts and > researchers about the attack, including the chief executives of nearly > every major security company and the heads of threat intelligence at > Google, Microsoft and Amazon. > > With the exception of Amazon, which found that some of its customers’ > computers had been scanned by the same computer that hit IDT, no one > had seen any trace of the attack before Mr. Ben-Oni notified them. The > New York Times confirmed Mr. Ben-Oni’s account via written summaries > provided by Palo Alto Networks, Intel’s McAfee and other security > firms he used and asked to investigate the attack. > > “I started to get the sense that we were the canary,” he said. “But we > recorded it.” > > Since IDT was hit, Mr. Ben-Oni has contacted everyone in his Rolodex > to warn them of an attack that could still be worming its way, > undetected, through victims’ systems. > > “Time is burning,” Mr. Ben-Oni said. “Understand, this is really a war > — with offense on one side, and institutions, organizations and > schools on the other, defending against an unknown adversary.” > > ‘No One Is Running Point’ > > Since the Shadow Brokers leaked dozens of coveted attack tools in > April, hospitals, schools, cities, police departments and companies > around the world have largely been left to fend for themselves against > weapons developed by the world’s most sophisticated attacker: the > N.S.A. > > A month earlier, Microsoft had issued a software patch to defend > against the N.S.A. hacking tools — suggesting that the agency tipped > the company off to what was coming. Microsoft regularly credits those > who point out vulnerabilities in its products, but in this case the > company made no mention of the tipster. Later, when the WannaCry > attack hit hundreds of thousands of Microsoft customers, Microsoft’s > president, Brad Smith, slammed the government in a blog post for > hoarding and stockpiling security vulnerabilities. > > For his part, Mr. Ben-Oni said he had rolled out Microsoft’s patches > as soon as they became available, but attackers still managed to get > in through the IDT contractor’s home modem. > > Six years ago, Mr. Ben-Oni had a chance meeting with an N.S.A. > employee at a conference and asked him how to defend against > modern-day cyberthreats. The N.S.A. employee advised him to “run three > of everything”: three firewalls, three antivirus solutions, three > intrusion detection systems. And so he did. > > But in this case, modern-day detection systems created by Cylance, > McAfee and Microsoft and patching systems by Tanium did not catch the > attack on IDT. Nor did any of the 128 publicly available threat > intelligence feeds that IDT subscribes to. Even the 10 threat > intelligence feeds that his organization spends a half-million dollars > on annually for urgent information failed to report it. He has since > threatened to return their products. > > “Our industry likes to work on known problems,” Mr. Ben-Oni said. > “This is an unknown problem. We’re not ready for this.” > > No one he has spoken to knows whether they have been hit, but just > this month, restaurants across the United States reported being hit > with similar attacks that were undetected by antivirus systems. There > are now YouTube videos showing criminals how to attack systems using > the very same N.S.A. tools used against IDT, and Metasploit, an > automated hacking tool, now allows anyone to carry out these attacks > with the click of a button. > > Worse still, Mr. Ben-Oni said, “No one is running point on this.” > > Last month, he personally briefed the F.B.I. analyst in charge of > investigating the WannaCry attack. He was told that the agency had > been specifically tasked with WannaCry, and that even though the > attack on his company was more invasive and sophisticated, it was > still technically something else, and therefore the F.B.I. could not > take on his case. > > The F.B.I. did not respond to requests for comment. > > So Mr. Ben-Oni has largely pursued the case himself. His team at IDT > was able to trace part of the attack to a personal Android phone in > Russia and has been feeding its findings to Europol, the European law > enforcement agency based in The Hague. > > The chances that IDT was the only victim of this attack are slim. Sean > Dillon, a senior analyst at RiskSense, a New Mexico security company, > was among the first security researchers to scan the internet for the > N.S.A.’s DoublePulsar tool. He found tens of thousands of host > computers are infected with the tool, which attackers can use at will. > > “Once DoublePulsar is on the machine, there’s nothing stopping anyone > else from coming along and using the back door,” Mr. Dillon said. > > More distressing, Mr. Dillon tested all the major antivirus products > against the DoublePulsar infection and a demoralizing 99 percent > failed to detect it. > > “We’ve seen the same computers infected with DoublePulsar for two > months and there is no telling how much malware is on those systems,” > Mr. Dillon said. “Right now we have no idea what’s gotten into these > organizations.” > > In the worst case, Mr. Dillon said, attackers could use those back > doors to unleash destructive malware into critical infrastructure, > tying up rail systems, shutting down hospitals or even paralyzing > electrical utilities. > > Could that attack be coming? The Shadow Brokers resurfaced last month, > promising a fresh load of N.S.A. attack tools, even offering to supply > them for monthly paying subscribers — like a wine-of-the-month club > for cyberweapon enthusiasts. > > In a hint that the industry is taking the group’s threats seriously, > Microsoft issued a new set of patches to defend against such attacks. > The company noted in an ominously worded message that the patches were > critical, citing an “elevated risk for destructive cyberattacks.” > > Mr. Ben-Oni is convinced that IDT is not the only victim, and that > these tools can and will be used to do far worse. > > “I look at this as a life-or-death situation,” he said. “Today it’s > us, but tomorrow it might be someone else.” > > >