Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels (arstechnica.com)

Posted by BeauHD on from the targets-of-interest dept.

An anonymous reader quotes a report from Ars Technica: A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday. Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group's most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June. Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.

10 of 197 comments (clear)

  1. Demoncrats lost their sense of humor by Anonymous Coward · · Score: 5, Insightful

    His name is Seth Rich. But you probably know him as Russia.

    All while the CNN fact-checks the president during Korean negotiations: "no, no, Trump lied, our nukes are actually old and weak, and not modernized as he claimed."

    1. Re:Demoncrats lost their sense of humor by Anonymous Coward · · Score: 3, Insightful

      I'm supposed to believe that somewhere, there is a "time stamps in the metadata" entry listing the exact time of the start, and end, of the file transfer, allowing its speed to be calculated. A speed from which you're inferring it must have been an internal transfer because back in the dark ages of 2016 and 'delivery overheads', it could never have made it across the atlantic at 20 MB/sec?

      But that same log file entry doesn't contain anything useful like the destination IP address?

      I find this implausible. Though that might just be because the journalist doesn't really know what he's talking about.

      Cringy things in his copy, like "using a server speed not available in 2016" (what the hell does that mean?) and thinking that some bozo randomly sending a file across the internet on a consumer ISP, and getting a certain transfer rate, is proof that no faster rate is possible. Or thinking that the time zone of a metadata timestamp gives a clue to who initiated the transfer on the other end. What, was he expecting their local server to have recorded a timestamp in Moscow Local Time if the initiator was in Russia?

      "In theory the operation could have been conducted from Bangor or Miami or anywhere in between—but not Russia, Romania, or anywhere else outside the EDT zone."

      Yeah. Evidently he does. Clueless.

    2. Re:Demoncrats lost their sense of humor by AutodidactLabrat · · Score: 3, Insightful

      Lie
      Or are you claiming the CIA is full of liberals (are you actually stupid enough to repeat that lie?)

  2. Which is it??! by Anonymous Coward · · Score: 5, Insightful

    Headline: Russian Group that hacked the DNC...
    First Sentence: A Russian government-sponsored group accused of hacking the Democratic National Committee...

    Did they hack it, or are they accused of hacking it?

    1. Re:Which is it??! by Bartles · · Score: 1, Insightful

      They did not hack it and yes they are accused of doing it. It's pretty conclusively an inside leak and a (inept) coverup blaming it on the Russians.

  3. Fix the shitty, deceptive headline, /. editors! by Anonymous Coward · · Score: 5, Insightful

    I'm not a Trump supporter, but this submission headline is really shitty and deceptive.

    Here's what it currently is, in case the editors do get off of their asses and fix it:

    Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels

    There's no "alleged" or "accused" or "thought to have" in there. It's stating that some vague, unnamed Russian group did engage in some sort of an attack. It's stating it as if it has been proven, when it hasn't been.

    But the first goddamn sentence of the summary contradicts that by at least indicating there's only an accusation so far [emphasis added]:

    A Russian government-sponsored group accused of hacking the Democratic National Committee last year has ...

    Fix this shit up, /. editors. It just gives fuel to the pro-Trump crowd when you make stupid and sloppy mistakes like this.

  4. When the NSA can't keep it in their pants... by burtosis · · Score: 4, Insightful

    Lack of oversight and a complete inability to keep their own exploits out of the hands of criminals and foreign powers is the exact reason we should be shuttering the doors on this nonsense. Its far better for everyone in the long run to patch exploits instead of hoarding them and turning them into a tool to undermine the very safety and security of the nation they were "meant" to protect. This exact same issue applies to back doors on encryption or secure systems of any kind. No one will probably care until the entire economy crashes after a back door exploit leaks out on financial transactions.

  5. Re: Fix the shitty, deceptive headline, /. editors by guruevi · · Score: 1, Insightful

    Because the US media made the accusation in the first place while all evidence points in the other direction. There is no evidence the Russians were even involved much less that they run this particular hacker collective.

    The claim that an NSA exploit was used but the NSA exploit wasn't even released until earlier this year. So either the NSA aided and abetted the "Russians" or the story is just spin.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  6. Re:FTFY by Bartles · · Score: 1, Insightful

    Your points are well taken. The fundamental facts of the whole Russia hacked the DNC narrative have never been questioned or put under scrutiny. There are many reasons for this, the primary one being that most of the media is a mouthpiece for the Democratic party. One can laugh at that, but this is the sort of shit that happens when a democracy does not have a free and fair press.

  7. Propaganda Basics by s.petry · · Score: 2, Insightful

    Your points are well taken. The fundamental facts of the whole Russia hacked the DNC narrative have never been questioned or put under scrutiny. There are many reasons for this, the primary one being that most of the media is a mouthpiece for the Democratic party. One can laugh at that, but this is the sort of shit that happens when a democracy does not have a free and fair press.

    Actually the narrative is questioned, which is why you see the allegation come out and vanish almost as quickly. The narrative will be repeated and repeated until people get tired of pushing back and we end up with white washed history.

    Repeat a lie long enough and loud enough and eventually the people will believe it. Not an exact quote of Goebbels, Mussolini, Stalin, Lenin, Pot, Mao, etc.. but the basic premise of their propaganda machines.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.