In times of universal deceit, telling
the truth is a revolutionary act.
         - George Orwell

Napoleon once observed that "history" is a set of lies agreed upon. In an era of ubiquitous fake news and information warfare, this has never been more true. The very concept of objective truth in history is fading out of our world. Pure propaganda and outright lies are passing into our history textbooks as unquestioned truth, condemning future generations to false views about historical reality. But the task of sifting through the lies and propaganda is overwhelming, limited by the ambition and time constraints of most observors. Only those who have dedicated their lives to sorting reality from falsehood are qualified to rewrite "consensus" history as a duty to humanity. The contributors to this site endeavor to do just that.

(Read More)

Monday, May 15, 2017

Is The WannaCry Ransomeware Attack Being Pinned on North Korea to Justify an American First-Strike Attack?

    Just when you thought things were beginning to return to "normal" on the Korean peninsula, reports are now coming out that pin blame for the recent global malware attack - WannaCry ransomware - squarely on North Korea. Internet security companies are beginning to trace the origins of the attack to an outfit called the 'Lazarus Group'. (Remember him from the Bible? The man Jesus raised from the dead?) Lazarus Group is run by North Korea.  So is it possible that, in order to have war plans raised from the dead, the US intelligence agencies (with Mossad help?) created the WannaCry ransomeware, and carefully spread it around the world in such a way that the traces of its origins would lead to Lazarus, and hence, to North Korea?  Is this the causus belli the US is looking for to justify launching a first-strike attack against North Korea?  Time will tell...

Consider the following article posted on

North Korean Hackers Emerge As "Culprits" Behind Global Malware Cyberattack

Tyler Durden's picture
Remember when North Korea "hackers" breached several firewall layers at Sony, exposing gigabytes of confidential data, only for it to eventually emerge that it was all the work of a disgruntled Sony employee?
Apparently not, because the same plot line is being re-run all over again.
Two of the world's largest anti-virus companies said they are "looking into clues" that suggest a North Korea-linked group may be behind last week's cyberattack. According to Reuters, Symantec and Kaspersky are investigating whether hackers from the Lazarus Group were responsible for infecting an estimated 300,000 machines in 150 countries. The two companies have said that "some code in an earlier version of the WannaCry ransomware had also appeared in programs used by the Lazarus Group, which researchers from many companies said is run by North Korea."
While we reserve judgment at the amusing possibility that North Korea could have brought a substantial portion of the world's computer infrastructure to a halt until there is some actual evidence, it is worth noting that said inquiries emerged shortly after the White House said that paying ransom money to unlock files encrypted by the global cyberattack does not work. It was not clear how North Korean hackers planned to convert bitcoin into any practical currency in a nation whose major banks have been barred from SWIFT.
In any case, speaking to reporters on Monday afternoon, Homeland security adviser Tom Bossett told reporters he is not aware of a case where transferring $300 in Bitcoin - the amount demanded from victims of last week's attack - has "led to any data recovery". The Trump administration estimated that less than $70,000 has been paid to the criminals behind the ransomware so far.
During the White House briefing, Bossert also said no federal systems in the US had been affected by the malicious software, known as WannaCry. He told reporters that he had spoken with his British counterparts, who said they now had a "feeling of control" after the attack struck 47 NHS organisations.
Meanwhile, security experts have been monitoring the Bitcoin accounts used to collect the ransom payments, because although account holders can remain anonymous, clues can often emerge when the money is converted back into real-world currency. Earlier today, in its latest update on the cyberattack, Europol said it was the "largest ransomware attack observed in history".
The traditional scapegoat for - well - pretty much anything these days, Russia, denied it had anything to do with the cyberattack, with President Vladimir Putin describing it as payback for the US intelligence services. His remarks echoed what Microsoft's chief legal officer Brad Smith said on Sunday night when he slammed the NSA for developing the original code used in the attack, which was later leaked in a document dump. Microsoft said the attack was a "wake-up call" and identified "nation-state action and organised criminal action" as "the two most serious forms of cybersecurity threats in the world today". The company also said it had released a security update back in March to protect Windows system computers against such attacks, but said many computers "remained unpatched globally".
Adding insult to (apparently North Korean injury), Putin said during a trip to Beijing: "A genie let out of a bottle of this kind, especially created by secret services, can then cause damage to its authors and creators." 
As for North Korea being the scapegoat, we admit we were wrong: we were certain the Kremlin would be blamed again, in line with what was leaked over the weekend.
For now, however, if the narrative around North Korea launching the worst malware cyberattack against the world is repeated often - and loud - enough, it will quickly become fact, even if no actual evidence is presented. If so, watch out for literal fireworks as all those whose who were impacted by the worm demand Kim's blood, either literally or figuratively.
As for reality, and North Korea's true level of technical sophistication, well...
Now Consider the following article from the LA Times:

'WannaCry' ransomware shares code with Sony hack, raising possibility of North Korea connection

                  The WannaCry computer virus has claimed 200,000 victims
                  in at least 150 countries and continues to spread. 

                  Chris O'Brien , Christina Boyle and Matt PearceContact Reporter

Cybersecurity researchers said Monday that the massive "WannaCry" virus that has infected computers around the globe was developed using some of the same code used in the 2014 hack of Sony Pictures, raising the possibility that the hackers may have a connection to North Korea.

Investigators said they had detected code similar to that used by a shadowy cybercrime network implicated in the Sony attack, the Lazarus Group, though they stressed that more investigation was necessary.

“We believe this might hold the key to solve some of the mysteries around this attack,” the Moscow-based cybersecurity firm Kaspersky Labs said in an analysis of a few lines of duplicated code found in an earlier version of the WannaCry virus, which was first noticed by a Google security researcher.

An international manhunt was underway as private-sector researchers and government investigators alike tried to stamp out new versions of WannaCry while scouring for clues pointing to the authors of the original virus, who are “potentially criminals or foreign nation-states,” said Tom Bossert, President Trump’s homeland security advisor.

Security officials around the world expressed relief as the spread of the virus seemed to slow its pace, though not before freezing files and demanding ransom from the operators of hundreds of thousands of computers in at least 150 countries, including the United States.

The virus, which used a Windows vulnerability developed by and stolen from the U.S. National Security Agency, seemed to be the work of relatively unsophisticated hackers, experts initially said. They pointed to how easy it was to stop and how little money it has collected so far — a little over $50,000, a relatively paltry amount for an attack so large.

But the revelations of similarities to previous attacks launched by the Lazarus Group prompted a new evaluation. Kaspersky researchers called the discovery “the most significant clue to date regarding the origins of WannaCry.”

Other investigators also were looking into the possibility of a Lazarus connection.

"While these findings do not indicate a definite link between Lazarus and WannaCry, we believe that there are sufficient connections to warrant further investigation," the Mountain View, Calif., security firm Symantec wrote in its analysis of the virus.

Symantec said it had identified "the presence of tools exclusively used by Lazarus on machines also infected with earlier versions of WannaCry."

The Lazarus Group has been connected to a series of aggressive cyberattacks that date back to at least 2009, primarily aimed at targets in South Korea and the U.S., but also including financial institutions in Poland and Bangladesh.

The group was linked to the massive hack of data from Sony, which included emails between employees, information about executive salaries at the company and copies of Sony films that had yet to be released.

Some of the data were published online, embarrassing executives just as the company was about to release a movie critical of North Korea.

"We believe that Lazarus Group is very large and works mainly on infiltration and espionage operations," Kaspersky analysts said after the Sony episode. "Clearly the group’s operations span across the whole world."

Ransom payments collected so far provide additional clues, but they only go so far.

Because of the way bitcoin, or electronic money, works, the payments are public, allowing officials and researchers to monitor the three digital accounts where the victims’ payments are being deposited, making it possible to calculate how much money has been paid out.

Figuring out who controls those accounts is much harder.

          Costin Raiu ✔ @craiu
          Shared code between an early, Feb 2017 Wannacry cryptor 
          and a Lazarus group backdoor from 2015 found by @neelmehta from Google.
          2:15 PM - 15 May 2017

New victims emerged as expected on Monday, and several security firms detected new variations of the virus, just as many had predicted. Thus far, none of these new versions had much of an effect, but security officials remained vigilant.

“Only one appears to have [gotten] some very limited traction,” said Costin Raiu, director of Kaspersky’s Global Research and Analysis team. “The other variants appear to have been manually patched by unknown entities and have not been created by the original WannaCry authors.”

In the United Kingdom, the National Health Service appeared to be largely back to business Monday. The NHS said that seven out of the nearly 50 NHS trusts affected are still facing serious problems. Others are reporting problems, but not as severe. The majority of patients are being advised to turn up for their usual appointments, unless told otherwise.

Across the globe in China, cybersecurity firm Qihoo 360 said that 29,372 institutions, including government offices, bank machines and hospitals had been infected over the weekend. French digital security agency ANSII reported that only a handful of organizations had been infected.

Bossert, Trump’s homeland security advisor, told reporters in Washington that there were “a small number of affected parties in the U.S., including FedEx.” He said the number of hacked computers worldwide had risen to 300,000 on Monday.

The carmaker Renault said it had halted manufacturing at some of its factories in France and one in Slovenia because of the virus. In Germany, rail passengers posted pictures on Twitter of departure and arrival screens at Deutsche Bahn, the German train operator, showing the red WannaCry warning sign.

Still, in an interview with Agence France-Presse, Europol spokesman Jan Op Gen Oorth said the European Union law enforcement agency’s worst fears were not realized Monday.

"The number of victims appears not to have gone up and so far the situation seems stable in Europe, which is a success," he told AFP. "It seems that a lot of Internet security guys over the weekend did their homework and ran the security software updates."

A top Microsoft executive lashed out at the NSA on Sunday, saying the agency bore the blame for turning an obscure computer vulnerability into a weapon.

Russian President Vladimir Putin — whose Interior Ministry was reported to be a victim of the attacks — picked up on that theme Monday, blaming the U.S. for the creation of the ransomware virus.

"We are fully aware that the genies, in particular, those created by secret services, may harm their own authors and creators, should they be let out of the bottle," Putin said in Beijing, according to Russia's Tass news agency.

Putin said Russia had invited Obama administration officials last year "to look into cybersecurity matters" and develop an intergovernmental agreement. "Regrettably, our proposal was rejected. Then the previous administration said it was prepared to get back to our proposal, but nothing was done in practice."

Russia has been blamed for hacking attacks aimed at influencing the 2016 U.S. presidential election.

On Sunday, Europol described the WannaCry attack as “unprecedented.” However, it appears that a move by a security researcher to register an address on the Internet that fooled the virus has blunted its momentum.

'WannaCry' ransomware attack shows why Apple refused to hack terrorist's iPhone
The newer variants of the virus that emerged seemed to be ineffective because they were quickly made. Researchers are still on the watch for more sophisticated versions that can better exploit the remaining vulnerabilities.

Several governments, security agencies and research firms on Monday were calling on users not to pay the ransom for fear that it would inspire more such attacks. Still, it was not clear whether those who had paid had their access restored, or what other options exist for users who found their computers still encrypted.

Bossert, who spoke at a White House briefing, said the U.S. is “not aware of payments that have led to any data recovery,” implying that the hackers are simply absconding with the money. He added that it would be “very satisfying” to bring them to justice, and “the best and the brightest are working on that.”

Microsoft called over the weekend for its customers to be more aggressive about installing the security patch it had issued several weeks earlier. But the reality remains that millions of machines are likely running on older versions of its Windows operating system, or lack the resources and organizational sophistication to install the patch across their tangled web of IT systems.

“The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect,” wrote Brad Smith, Microsoft’s president and chief legal officer in a blog post on Sunday. “As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past.”

On Monday, the process of reexamining the policies and politics of cybersecurity in Europe was underway in the wake of the attack.

In the U.K., there were reports that Health Secretary Jeremy Hunt was warned last summer that National Health Service organizations were at risk of cyberattacks. An assessment of 60 hospitals was carried out by experts who warned that a cyberattack was becoming a "bigger consideration" as the NHS moved increasingly away from paper records to digital files.

A July report presented to Hunt said that “computer hardware and software that can no longer be supported should be replaced as a matter of urgency.” And as long ago as 2014, the government told NHS trusts that they needed to update their systems and avoid using Windows XP as quickly as possible.

It appears many of those alarms were not heeded.

The British government announced that it was holding an emergency meeting late Monday to discuss the cyberattack.

A spokesman for Europol, Alex Niculae, said in an email to The Times that the agency’s Joint Cybercrime Taskforce was working with investigators from the various countries affected by the virus. He said that investigators from both the public and private sectors have “joined forces and are doing their best to get to the bottom of this.”
Let's be clear about one thing:  Lazarus Group is a US/Israeli Intelligence Outfit.

No comments:

Post a Comment