Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels

An anonymous reader quotes a report from Ars Technica: A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday. Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group's most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June. Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.

Re:Demoncrats lost their sense of humor

[pushing-robot]

176Mbps isn't implausible for an upload speed, either. Residential synchronous 1GBps+ fiber lines are not uncommon in cities; surely a ritzy hotel hosting VIPs would have a decent pipe. And as you said, the person on the other end would only need a halfway decent download speed.

176MBps is also not at all unreasonable for a cross-Atlantic connection, but hackers with any skill or resources would likely use a machine in the target country as a proxy for attacks, so it's not even relevant.

In other words, the speed doesn't say anything. It's certainly no proof of an 'inside job' like the alt-right brigading is trying to message.