Tag Archives: NSA hacking tools

Fear of the Enemy Within: Unrestricted Surveillance

Leave a reply

The Supreme Court declined to hear a constitutional challenge to a secretive government surveillance program, dealing a setback to privacy groups including the American Civil Liberties Union ahead of a looming debate in Congress over whether to renew the law that authorizes the intelligence tool.

In a brief order issued on February 2023, the high court said it wouldn’t hear arguments challenging the legality of the National Security Agency program known as “Upstream,” in which the intelligence agency collects and monitors internet communications without obtaining search warrants. Classified details about the program were among those exposed a decade ago by former intelligence contractor Edward Snowden, who has been charged with theft of government property and violating espionage laws and lives in Russia.

The legal challenge was brought by Wikimedia, the nonprofit owner of the Wikipedia online encyclopedia. Wikimedia was represented by lawyers at the ACLU, Cooley LLP and the Knight First Amendment Institute at Columbia University. Wikimedia’s lawyers urged the high court to rein in the “state secrets privilege,” a legal doctrine that allows the government to shut down lawsuits that could jeopardize sensitive national-security information. 

“The Supreme Court’s refusal to grant our petition strikes a blow against an individual’s right to privacy and freedom of expression—two cornerstones of our society and the building blocks of Wikipedia,” said James Buatti, Wikimedia’s legal director, in a statement.

Excerpts from  Jan Wolfe  and Dustin Volz, Justices Won’t Hear Challenged to NSA Surveillance, Feb. 22, 2023

From Pegasus to Pariah: Israeli Spying is Not Sexy

Leave a reply

When international news organizations revealed that at least ten governments had used Pegasus, a powerful software tool created by Israel’s NSO Group, to hack into the smartphones of thousands of people around the world, including politicians, human-rights activists and journalists, the Israeli government shrugged. None of its ministers has publicly commented….Israeli defence exporters privately expressed ridicule. “Arms companies can’t keep track of every rifle and bullet they sell to legitimate customers,” said one. “Why should we have higher expectations when it comes to software?…Israeli spying is a sexy subject and these reports are the price for doing business.”

Countries that have received Pegasus software include Brazil, Hungary and India, along with Sunni Arab regimes with whom Israel recently established diplomatic relations: Bahrain, Morocco and the United Arab Emirates. Saudi Arabia, a fellow enemy of Iran, is listed, too. “Deals on cyber-surveillance are the kind of sweetener you can throw into a diplomatic package with a foreign leader,” says a former NSO consultant.

Excerpts from Let Pegasus fly: Israel is loth to regulate its spyware exports, Economist, July 31, 2021

Firing Back with Vengeance: the NSA Weapons

Leave a reply

The strike on IDT, a conglomerate,… was similar to WannaCry in one way: Hackers locked up IDT data and demanded a ransom to unlock it.  But the ransom demand was just a smoke screen for a far more invasive attack that stole employee credentials. With those credentials in hand, hackers could have run free through the company’s computer network, taking confidential information or destroying machines….Were it not for a digital black box that recorded everything on IDT’s network, …the attack might have gone unnoticed.

Scans for the two hacking tools used against IDT indicate that the company is not alone. In fact, tens of thousands of computer systems all over the world have been “backdoored” by the same N.S.A. weapons. Mr. Ben-Oni and other security researchers worry that many of those other infected computers are connected to transportation networks, hospitals, water treatment plants and other utilities…

Both WannaCry and the IDT attack used a hacking tool the agency had code-named EternalBlue. The tool took advantage of unpatched Microsoft servers to automatically spread malware from one server to another, so that within 24 hours… hackers had spread their ransomware to more than 200,000 servers around the globe. The attack on IDT went a step further with another stolen N.S.A. cyberweapon, called DoublePulsar. The N.S.A. used DoublePulsar to penetrate computer systems without tripping security alarms. It allowed N.S.A. spies to inject their tools into the nerve center of a target’s computer system, called the kernel, which manages communications between a computer’s hardware and its software.

In the pecking order of a computer system, the kernel is at the very top, allowing anyone with secret access to it to take full control of a machine. It is also a dangerous blind spot for most security software, allowing attackers to do what they want and go unnoticed. In IDT’s case, attackers used DoublePulsar to steal an IDT contractor’s credentials. Then they deployed ransomware in what appears to be a cover for their real motive: broader access to IDT’s businesses…

But the attack struck Mr. Ben-Oni as unique. For one thing, it was timed perfectly to the Sabbath. Attackers entered IDT’s network at 6 p.m. on Saturday on the dot, two and a half hours before the Sabbath would end and when most of IDT’s employees — 40 percent of whom identify as Orthodox Jews — would be off the clock. For another, the attackers compromised the contractor’s computer through her home modem — strange.

The black box of sorts, a network recording device made by the Israeli security company Secdo, shows that the ransomware was installed after the attackers had made off with the contractor’s credentials. And they managed to bypass every major security detection mechanism along the way. Finally, before they left, they encrypted her computer with ransomware, demanding $130 to unlock it, to cover up the more invasive attack on her computer.

A month earlier, Microsoft had issued a software patch to defend against the N.S.A. hacking tools — suggesting that the agency tipped the company off to what was coming. Microsoft regularly credits those who point out vulnerabilities in its products, but in this case the company made no mention of the tipster. Later, when the WannaCry attack hit hundreds of thousands of Microsoft customers, Microsoft’s president, Brad Smith, slammed the government in a blog post for hoarding and stockpiling security vulnerabilities.  For his part, Mr. Ben-Oni said he had rolled out Microsoft’s patches as soon as they became available, but attackers still managed to get in through the IDT contractor’s home modem.

There are now YouTube videos showing criminals how to attack systems using the very same N.S.A. tools used against IDT, and Metasploit, an automated hacking tool, now allows anyone to carry out these attacks with the click of a button….

“Once DoublePulsar is on the machine, there’s nothing stopping anyone else from coming along and using the back door,” Mr. Dillon said.More distressing, Mr. Dillon tested all the major antivirus products against the DoublePulsar infection and a demoralizing 99 percent failed to detect it.  “We’ve seen the same computers infected with DoublePulsar for two months and there is no telling how much malware is on those systems,” Mr. Dillon said. “Right now we have no idea what’s gotten into these organizations.”..

Could that attack be coming? The Shadow Brokers resurfaced last month, promising a fresh load of N.S.A. attack tools, even offering to supply them for monthly paying subscribers — like a wine-of-the-month club for cyberweapon enthusiasts.

Excerpts from NICOLE PERLROTHJUNE, A Cyberattack ‘the World Isn’t Ready For’,  New York Times, June 20, 2017