Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels (arstechnica.com)

Posted by BeauHD on from the targets-of-interest dept.

An anonymous reader quotes a report from Ars Technica: A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday. Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group's most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June. Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.

9 of 197 comments (clear)

  1. Demoncrats lost their sense of humor by Anonymous Coward · · Score: 5, Insightful

    His name is Seth Rich. But you probably know him as Russia.

    All while the CNN fact-checks the president during Korean negotiations: "no, no, Trump lied, our nukes are actually old and weak, and not modernized as he claimed."

    1. Re:Demoncrats lost their sense of humor by Rockoon · · Score: 3, Informative

      This.

      it has been determined that the "hackers" downloaded the DNC emails at a rate of 22 MEGABYTES per second. This sort of connection isnt available across the atlantic, and isnt available from any ISP in the States.

      But such a connection IS available with a local area network, and further such a speed happens to coincide with the write speed of a large USB thumb drive.

      --
      "His name was James Damore."
    2. Re:Demoncrats lost their sense of humor by Anonymous Coward · · Score: 3, Insightful

      I'm supposed to believe that somewhere, there is a "time stamps in the metadata" entry listing the exact time of the start, and end, of the file transfer, allowing its speed to be calculated. A speed from which you're inferring it must have been an internal transfer because back in the dark ages of 2016 and 'delivery overheads', it could never have made it across the atlantic at 20 MB/sec?

      But that same log file entry doesn't contain anything useful like the destination IP address?

      I find this implausible. Though that might just be because the journalist doesn't really know what he's talking about.

      Cringy things in his copy, like "using a server speed not available in 2016" (what the hell does that mean?) and thinking that some bozo randomly sending a file across the internet on a consumer ISP, and getting a certain transfer rate, is proof that no faster rate is possible. Or thinking that the time zone of a metadata timestamp gives a clue to who initiated the transfer on the other end. What, was he expecting their local server to have recorded a timestamp in Moscow Local Time if the initiator was in Russia?

      "In theory the operation could have been conducted from Bangor or Miami or anywhere in between—but not Russia, Romania, or anywhere else outside the EDT zone."

      Yeah. Evidently he does. Clueless.

    3. Re:Demoncrats lost their sense of humor by pushing-robot · · Score: 3, Interesting

      176Mbps isn't implausible for an upload speed, either. Residential synchronous 1GBps+ fiber lines are not uncommon in cities; surely a ritzy hotel hosting VIPs would have a decent pipe. And as you said, the person on the other end would only need a halfway decent download speed.

      176MBps is also not at all unreasonable for a cross-Atlantic connection, but hackers with any skill or resources would likely use a machine in the target country as a proxy for attacks, so it's not even relevant.

      In other words, the speed doesn't say anything. It's certainly no proof of an 'inside job' like the alt-right brigading is trying to message.

      --
      How can I believe you when you tell me what I don't want to hear?
    4. Re:Demoncrats lost their sense of humor by AutodidactLabrat · · Score: 3, Insightful

      Lie
      Or are you claiming the CIA is full of liberals (are you actually stupid enough to repeat that lie?)

  2. Which is it??! by Anonymous Coward · · Score: 5, Insightful

    Headline: Russian Group that hacked the DNC...
    First Sentence: A Russian government-sponsored group accused of hacking the Democratic National Committee...

    Did they hack it, or are they accused of hacking it?

  3. Fix the shitty, deceptive headline, /. editors! by Anonymous Coward · · Score: 5, Insightful

    I'm not a Trump supporter, but this submission headline is really shitty and deceptive.

    Here's what it currently is, in case the editors do get off of their asses and fix it:

    Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels

    There's no "alleged" or "accused" or "thought to have" in there. It's stating that some vague, unnamed Russian group did engage in some sort of an attack. It's stating it as if it has been proven, when it hasn't been.

    But the first goddamn sentence of the summary contradicts that by at least indicating there's only an accusation so far [emphasis added]:

    A Russian government-sponsored group accused of hacking the Democratic National Committee last year has ...

    Fix this shit up, /. editors. It just gives fuel to the pro-Trump crowd when you make stupid and sloppy mistakes like this.

  4. When the NSA can't keep it in their pants... by burtosis · · Score: 4, Insightful

    Lack of oversight and a complete inability to keep their own exploits out of the hands of criminals and foreign powers is the exact reason we should be shuttering the doors on this nonsense. Its far better for everyone in the long run to patch exploits instead of hoarding them and turning them into a tool to undermine the very safety and security of the nation they were "meant" to protect. This exact same issue applies to back doors on encryption or secure systems of any kind. No one will probably care until the entire economy crashes after a back door exploit leaks out on financial transactions.

  5. Re:leak not hack by Bartles · · Score: 3, Funny

    Here is the analysis that that article is based on. Looks pretty legit.