Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool

Hackers exploiting malicious software stolen from the National Security Agency executed damaging cyberattacks on Friday that hit dozens of countries worldwide, forcing Britain’s public health system to send patients away, freezing computers at Russia’s Interior Ministry and wreaking havoc on tens of thousands of computers elsewhere.

The attacks amounted to an audacious global blackmail attempt spread by the internet and underscored the vulnerabilities of the digital age.

Transmitted via email, the malicious software locked British hospitals out of their computer systems and demanded ransom before users could be let back in — with a threat that data would be destroyed if the demands were not met.

By late Friday the attacks had spread to more than 74 countries, according to security firms tracking the spread. Kaspersky Lab, a Russian cybersecurity firm, said Russia was the worst-hit, followed by Ukraine, India and Taiwan. Reports of attacks also came from Latin America and Africa.

U.K. Health Service, Targeted in Cyberattack, Ignored Warnings for Months MAY 12, 2017

Hacker Leaks Episodes From Netflix Show and Threatens Other Networks APRIL 29, 2017
Hackers Use New Tactic at Austrian Hotel: Locking the Doors JAN. 30, 2017

Los Angeles Hospital Pays Hackers $17,000 After Attack FEB. 18, 2016

He’s Bitcoin’s Creator, He Says, but Skeptics Pounce on His Claim MAY 2, 2016
The attacks appeared to be the largest ransomware assault on record, but the scope of the damage was hard to measure. It was not clear if victims were paying the ransom, which began at about $300 to unlock individual computers, or even if those who did pay would regain access to their data.

Security experts described the attacks as the digital equivalent of a perfect storm. They began with a simple phishing email, similar to the one Russian hackers used in the attacks on the Democratic National Committee and other targets last year. They then quickly spread through victims’ systems using a hacking method that the N.S.A. is believed to have developed as part of its arsenal of cyberweapons. And finally they encrypted the computer systems of the victims, locking them out of critical data, including patient records in Britain.

The connection to the N.S.A. was particularly chilling. Starting last summer, a group calling itself the “Shadow Brokers” began to post software tools that came from the United States government’s stockpile of hacking weapons.

The attacks on Friday appeared to be the first time a cyberweapon developed by the N.S.A., funded by American taxpayers and stolen by an adversary had been unleashed by cybercriminals against patients, hospitals, businesses, governments and ordinary citizens.

Something similar occurred with remnants of the “Stuxnet” worm that the United States and Israel used against Iran’s nuclear program nearly seven years ago. Elements of those tools frequently appear in other, less ambitious attacks.

The United States has never confirmed that the tools posted by the Shadow Brokers belonged to the N.S.A. or other intelligence agencies, but former intelligence officials have said that the tools appeared to come from the N.S.A.’s “Tailored Access Operations” unit, which infiltrates foreign computer networks. (The unit has since been renamed.)

The attacks on Friday are likely to raise significant questions about whether the growing number of countries developing and stockpiling cyberweapons can avoid having those same tools purloined and turned against their own citizens.

They also showed how easily a cyber-weapon can wreak havoc, even without shutting off a country’s power grid or its cellphone network.

In Britain, hospitals were locked out of their systems and doctors could not call up patient files. Emergency rooms were forced to divert people seeking urgent care.

In Russia, the country’s powerful Interior Ministry, after denying reports that its computers had been targeted, confirmed in a statement that “around 1,000 computers were infected,” which it described as less than 1 percent of its total. The ministry, which oversees Russia’s police forces, said technicians had contained the attack.

Some intelligence officials were dubious about that announcement because they suspect Russian involvement in the theft of the N.S.A. tools.

But James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington, said he suspected that criminals operating from Eastern Europe acting on their own were responsible. “This doesn’t look like state activity, given the targets that were hit,” he said.

Those targets included corporate computer systems in many other countries — including FedEx in the United States, one of the world’s leading international shippers, as well as Spain’s Telefónica and Russia’s MegaFon telecom giant.

It could take months to find who was behind the attacks — a mystery that may go unsolved. But they alarmed cybersecurity experts everywhere, reflecting the enormous vulnerabilities to internet invasions faced by disjointed networks of computer systems.

There is no automatic way to “patch” their weaknesses around the world.

“When people ask what keeps you up at night, it’s this,” said Chris Camacho, the chief strategy officer at Flashpoint, a New York security firm tracking the attacks. Mr. Camacho said he was particularly disturbed at how the attacks spread like wildfire through corporate, hospital and government networks.

The following two tabs change content below.

Sasha Perkins

Administrative Assistant and Journalist at the Pluto Daily since 2012.
,