• Tag Archives NSA
  • Culpability for this Ransomware Belongs to the NSA

    Culpability for this Ransomware Belongs to the NSA

    In all the coverage of the recent ransomware attack shutting down computer systems around the world, one point has been buried and obscured. The focus has been on precisely who spread this horrid thing, what damage it has done, what to do once you have it, and how to prevent it.

    All fascinating questions. But an equally, if not more, important question is: who created this weapon of mass computer destruction? What was its origin? How did it get released in the first place?

    And here, the answer is as sure as it is alarming. The culpability belongs to the National Security Agency. That’s right. The government that claims to be protecting us against cybercrime both made the virus and failed to secure it from being stolen by malicious actors.



    ComputerWorld explains

    The tools, which security researchers suspect came from the NSA, include an exploit codenamed EternalBlue that makes hijacking older Windows systems easy. It specifically targets the Server Message Block (SMB) protocol in Windows, which is used for file-sharing purposes…. The developer of Wanna Decryptor appears to have added the suspected NSA hacking tools to the ransomware’s code, said Matthew Hickey, the director of security provider Hacker House, in an email.

    ArsTechnica explains:

    A highly virulent new strain of self-replicating ransomware shut down computers all over the world, in part by appropriating a National Security Agency exploit that was publicly released last month by the mysterious group calling itself Shadow Brokers…. Another cause for concern: wcry copies a weapons-grade exploit codenamed Eternalblue that the NSA used for years to remotely commandeer computers running Microsoft Windows. Eternalblue, which works reliably against computers running Microsoft Windows XP through Windows Server 2012, was one of several potent exploits published in the most recent Shadow Brokers release in mid-April.

    The New York Times says:

    The attacks on Friday appeared to be the first time a cyberweapon developed by the N.S.A., funded by American taxpayers and stolen by an adversary had been unleashed by cybercriminals against patients, hospitals, businesses, governments and ordinary citizens…. The United States has never confirmed that the tools posted by the Shadow Brokers belonged to the N.S.A. or other intelligence agencies, but former intelligence officials have said that the tools appeared to come from the N.S.A.’s “Tailored Access Operations” unit, which infiltrates foreign computer networks. (The unit has since been renamed.)

    The furious president of Microsoft weighed in:

    Starting first in the United Kingdom and Spain, the malicious “WannaCrypt” software quickly spread globally, blocking customers from their data unless they paid a ransom using Bitcoin. The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States…. The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits. This is one reason we called in February for a new “Digital Geneva Convention” to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them.

    Cyberscoop interviewed several experts:

    “In my view, there isn’t a policy problem, it’s an operational problem,” [former White House National Security Council cyber staffer Rob] Knake, now with the Council on Foreign Relations, told CyberScoop. “NSA should not have lost those tools. No way for policymakers to account for that problem other than to move quickly to get info on the vulnerabilities out, which they apparently did. Loss of the tools is an operational problem. The response was appropriate and timely.”

    This is obviously terrible for the United States in terms of international relations. It is the equivalent of having built a weapon of mass destruction and inadvertently failing to secure it from access by criminals. Yes, the people who use such weapons are bad actors, but the bureaucracy that made the weapon and allowed its release in the first place bears primary responsibility.

    And while the NSA’s responsibility is certainly being downplayed in the American mainstream media – NPR reported it but quietly and inauspiciously – you can bet it is all the talk in the 100 countries that are affected.

    Yes, it would be very sweet if users around the world were forgiving and understanding. Everyone makes mistakes. Sadly, that is not the case. The NSA developed this virus to use against network systems of enemy countries and failed to secure it. The head of Microsoft is correct that this really is an outrage, and cries out for a fix.

    Had a private company been responsible, its stock would now sit at nearly zero and the feds would be all over it for responsibility for cybercrime. Probably there would be jail time.

    What will be the fallout from the NSA screw up? Watch for it: surely a bigger budget.


    Jeffrey A. Tucker

    Jeffrey Tucker is Director of Content for the Foundation for Economic Education. He is also Chief Liberty Officer and founder of Liberty.me, Distinguished Honorary Member of Mises Brazil, research fellow at the Acton Institute, policy adviser of the Heartland Institute, founder of the CryptoCurrency Conference, member of the editorial board of the Molinari Review, an advisor to the blockchain application builder Factom, and author of five books. He has written 150 introductions to books and many thousands of articles appearing in the scholarly and popular press.

    This article was originally published on FEE.org. Read the original article.


  • Vault 7 Confirms, You’re Right to Be Paranoid

    Vault 7 Confirms, You’re Right to Be Paranoid

    On March 7, the transparency/disclosure activists at Wikileaks began releasing a series of documents titled “Vault 7.” According to the New York Times, Vault 7 consists of “thousands of pages describing sophisticated software tools and techniques used by the [US Central Intelligence Agency] to break into smartphones, computers and even Internet-connected televisions.”

    Stranger Than Fiction


    If the documents are authentic — and WikiLeaks has a sterling reputation when it comes to document authenticity — every paranoid thriller you’ve ever watched or read was too timid in describing a hypothetical Surveillance State. Even the telescreens and random audio bugs of George Orwell’s 1984 don’t come close to the reality of the CIA’s surveillance operations.

    In theory, the CIA doesn’t spy on Americans in America. In fact, digital traffic pays no heed to national borders, and the tools and tactics described have almost certainly been made available to, or independently developed by, other US surveillance agencies, not to mention foreign governments and non-government actors.

    Bottom line: You should accept the possibility that for the last several years anything you’ve done on, or in the presence of, a device that can connect to the Internet was observed, monitored, and archived as accessible data.

    Paranoid? Yes. But the paranoia is justified.

    Even if “they”  — the CIA, the NSA, the FBI, some random group of credit card thieves or voyeurs or whatever — aren’t out to get you in particular, they consider your personal privacy a technical obstacle to overcome, not a value to respect.

    All the Skeletons

    If you’ve got nothing to hide you’ve got nothing to fear? Everyone has something to hide. Somewhere, sometime, you’ve said or done something you regret or wouldn’t want the world to know. And you probably said or did it within a few feet of your smartphone, your laptop, or your Internet-connected television. Maybe nobody was listening or watching. Or maybe someone was. The only plausible conclusion from the Vault 7 disclosures is that you should assume the latter.

    Vault 7 confirms that as a State entity, the CIA answers to philosopher Anthony de Jasay’s description of the State as such. Just as a firm acts to maximize profits, the State and its arms act to maximize their own discretionary power. Even if it doesn’t do some particular thing, it requires the option, the ability to do that thing. It seeks omnipotence.

    The abuses of our privacy implied by the WikiLeaks dump aren’t an aberration. They’re the norm. They’re what government does.

    Reprinted from Libertarian Institute.


    Thomas Knapp

    Thomas L. Knapp, aka KN@PPSTER, is Director and Senior News Analyst at the William Lloyd Garrison Center for Libertarian Advocacy Journalism and publisher of Rational Review News Digest. He lives and works in north central Florida.

    This article was originally published on FEE.org. Read the original article.


  • Why We’re Being Watched

    Why We’re Being Watched

    Wikileaks has just published over 8,000 files they say were leaked from the CIA, explaining how the CIA developed the capacity to spy on you through your phone, your computer, and even your television. And Wikileaks’s Julian Assange claims these “Vault 7” documents are just one percent of all the CIA documents they have.

    The media will be combing through these for weeks or months, so now is a perfect moment for us to reconsider the role of privacy, transparency, and limited government in a free society.

    We’ve put together a quick list of the six best Learn Liberty resources on government spying and whistleblowing to help inform this discussion.



    1. War Is Why We’re Being Watched

    Why is the US government spying on its citizens in the first place? Professor Abby Hall Blanco says that expansive state snooping at home is actually the result of America’s military interventionism abroad:

    2. Is Privacy the Price of Security?

    Yes, you may think, the government is snooping on us, but it’s doing that to keep us safe!

    That’s the most common justification for sweeping and intrusive surveillance, so we held a debate between two experts to get right to the heart of it. Moderated by TK Coleman, this debate between Professor Ronald Sievert and Cindy Cohn, the Executive Director of the Electronic Frontier Foundation, was inspired in part by the revelations about NSA surveillance leaked by Edward Snowden in June 2013.

    3. Freedom Requires Whistleblowers

    People are already drawing parallels between the Snowden leaks and the Vault 7 revelations. If the leaks are indeed coming from a Snowden-like whistleblower, that will once again raise the issue of government prosecution of people who reveal classified information to the public.

    Professor James Otteson argues that a free society requires a transparent government, and whistleblowers play a key role in creating that accountability. Otteson also sounds a warning that should resonate with many Americans today:

    Maybe you’re not concerned about the invasions of privacy that the federal government agencies are engaging in because you think, “Well, I haven’t done anything wrong. What do I have to fear?” Maybe you think, “I like and support this president. I voted for him.”

    But what about the next president?  The powers that we let the government have under one president are the same powers that the next president will have too.

    What if the next president is one you don’t support? He, too, will have all the power that you were willing to give the president you now support.”

    4. Encryption Is a Human Rights Issue

    Documents from Vault 7 suggest that the CIA has been so stymied by encrypted-messaging apps, such as Signal and Whatsapp, that it has resorted to taking over entire smartphones to read messages before they are sent.

    That turns out to be a costly, targeted, and time-consuming business that doesn’t allow for mass data collection. But for decades, government officials have tried to require tech companies to give the government a backdoor into their encryption. In “Encryption Is a Human Rights Issue,” Amul Kalia argues that protecting encryption from government is essential to our safety and freedom.

    5. The Police Know Where You Live

    It turns out that it’s not just spy agencies that have access to detailed information about your life. Ordinary police officers have it, too, and they often face little supervision or accountability. As Cassie Whalen explains, “Across the United States, police officers abuse their access to confidential databases to look up information on neighbors, love interests, politicians, and others who had no connection to a criminal investigation.”

    Surveillance is a serious issue at every level of government.

    6. Understanding NSA Surveillance

    If you’re ready to take your learning to the next level, check out our complete video course on mass government surveillance with Professor Elizabeth Foley. In it, you’ll learn what you need to know to make sense of the NSA scandal in particular and mass surveillance in general.

    Reprinted from Learn Liberty.


    Kelly Wright

    Kelly Wright is an Online Programs Coordinator at the Institute for Humane Studies.

    This article was originally published on FEE.org. Read the original article.