Other author’s opinions
Spy scandal: how leaks from the NSA confirmed the data Snowden 2016 24 Aug, 18:26
Era hackers: why privacy may forget APR 1 2016, 14:47
Virus epidemic WannaCry — implementation of only a small proportion of the threats hanging over the users due to the leakage of information about cyber-warfare intelligence
10 days that shook the world
Beginning of may was very hectic for all aspects of global information security (is). It all started with the publication of the technical details “of the vulnerability of the decade” in Intel ME related to the possibility of obtaining remote access to even off the computer if it is connected to the mains or running on battery. This logical “bug” (or bookmark? ) shocked the world because it was the first documented dangerous vulnerability in the processor.
Then the “distinguished” company Microsoft. In the protective mechanisms of Windows was discovered one of the most dangerous vulnerabilities (or bookmarks? ) over the past few years also allows you to get remote access to the OS, for example, even after receiving the letter, without any user action. The researcher who discovered the issue, emphasized that it can easily be used to create a dangerous worm.
Further, in the audio driver of HP was detected a Keylogger (a program for recording click on the keyboard keys). And again I wonder: bookmark or accidentally introduced code? HP representatives declined to comment, but released a few days patch antikeylogger did not remove a malicious code from the driver, but only limited his run, leaving the ability to run the Keylogger in the registry of the OS, that is, even the loud scandal has prompted the vendor to remove malicious code. Why HP did this, hard to say — the case is still unmatched.
It ended the global epidemic of the virus-ransomware WannaCry (“Hotelsatlanta”), which on the morning of may 15, was struck by more than 100 thousand computers around the world, and this is not the final figure. The virus used a vulnerability in Windows code and Trojans, which became public in April this year after the disclosure of the hacking group Shadow Brokers of the next part of the stolen files cyber weapons technical intelligence NSA. Microsoft in advance (obviously, having received information from the Shadow Brokers) released a patch covering the “hole” for all the currently supported versions of Windows. WannaCry virus used a vulnerability, which was closed nearly two months ago, in March 2017. Moreover, it was involved in the rare attack vector on a rarely used legacy Protocol, which, however, did not prevent him to organize the chaos in the world. Particularly affected Russia, where the number of infections reached a record high. There is no need to search for someone’s intrigues: probably due to the fact that users had not installed the correct patch, mindlessly opened ports to the Internet, using a lot of outdated, not supported by Microsoft versions of Windows. The vendor, seeing widespread infection, immediately released a patch for older versions of Windows, however it was too late.
An unprecedented ten days that shook the world, allow us to make a number of conclusions that can be interesting not only for professionals of IB.
A danger to society
After the leak of the NSA cyberweapons in August last year and then a recent leak of another archive — the cyber weapons of the CIA — many people, including experts on information security, did not immediately realize the seriousness of the situation. However, it was obviously not once it is noted that the materials pose a serious danger to everyone, from private users to corporations, because the public domain began as zero-day vulnerabilities (unknown at the moment, “bugs”), and various software for hacking and fixing systems (implants, etc.). Cyber criminals around the world and technical intelligence of the less developed countries has received a great Arsenal that you can use for their own purposes. In the example WannaCry the whole world saw that criminals will not miss the chance. No wonder the gray brokers estimated the minimum cost of only solved in March Shadow Brokers zero-day vulnerabilities from the archive of NSA’s $2 million And it’s not the weapon, its design and even its possible use (all this after all and must do special services), and the fact of his loss. This is about how to forget a few nuclear bombs on the Playground, and then pretend that nothing happened. And this is only the beginning.
Capabilities of the intelligence services and criminal groups
Now let’s think together. If such consequences have caused WannaCry to start which might a normal teenager, who used the “gift” of the NSA in closed about two months ago, vulnerability and extremely unpopular attack vector, what can happen or already happening, if the professionals employ a popular threat vector, and an unknown “bug”? For example, if used recently found a “hole” in the protective mechanism of Windows, which was mentioned just above? A global pandemic with tens of millions of infected computers and have total chaos around the world. Now even the skeptics understood the real possibility of leading technical intelligence services and, unfortunately, serious criminal groups, who already has an Arsenal of implants NSA and the CIA. Do not forget that they are free to buy any dangerous zero-day vulnerability. It is likely that soon WannaCry will be “a light flu in the barracks for lepers”, so a serious situation.
If you go back 10-15 years ago, each of the above stories with vulnerabilities would cause a huge scandal, which would be a grave blow to the reputation of the vendor. And today nothing. We are all accustomed to the vulnerabilities of even the most egregious, or rather, we carefully accustomed to this vendor. We are no longer getting through almost anything. All this leads to a dangerous apathy of society and the apparent “inflation” of the value of vulnerability, because whatever the researchers find, is no longer a powerful response. So, the vendors can go unpunished, continuing cynical to embed keyloggers and add in their products accidentally left vulnerability, part of which suspiciously resembled intentionally left bookmarks, which in some cases require vendor American intelligence services.
A nervous reaction to WannaCry demonstrates that we forgot about the situation 10-15 years ago. We don’t remember about viral pandemics 2000’s when I was infected millions of machines. We have forgotten how it goes. A relatively simple virus caused such chaos. It’s clear why: it’s not in the virus and its methods of distribution, and its “payload”, — the damage it does to users. In this case the encryption data, which, most likely, will be lost forever, unless you pay the extortionist. It is absolutely obvious that without this requirement, WannaCry, most likely, would have remained practically invisible to all, as probably have passed unnoticed pandemic of the past years.
What do you say vendors?
After writing this note came the official statement from Microsoft. The vendor has traditionally blamed the U.S. intelligence services and offered to establish control over cyberweapons. The position of the developer in this case is clear and extremely cynical to shift public attention from cause to consequence. All the troubles are not from the security services. Their (and only their) successful work on finding vulnerabilities is a consequence of the negligent attitude of vendors toward the development and abandonment in the code of dangerous vulnerabilities or bookmarks embedded with the knowledge of the security services. So all this is nothing more than an attempt to divert attention and responsibility.
Instead of a conclusion
There is little hope that the epidemic WannaCry will make society Wake up from the hypnotic sleep, in which we introduced the vendors, and to draw attention to the problems of modern information security. If you long to gaze into the abyss, then after a while the abyss starts to look at you. Society, like corporations, get rid of tolerance to the vulnerabilities in developed vendor software products. Only this can stop the gradual slide into the abyss of it-chaos. And if we think about the Internet of things by 2020 take over the world, the current picture in four or five years seem to us all just idyllic landscape by Monet before the onset of total Apocalypse.
The authors ‘ point of view, articles which are published in the section “Opinions” may not coincide with ideas of editorial.