A cyber gang with possible links to Russia is being blamed for the extraordinary worldwide computer security breach - possibly in retaliation for US airstrikes on Syria.
The mysterious organisation - called Shadow Brokers - claimed in April it had stolen a ‘cyber weapon’ from an American spying agency that gives unprecedented access to all computers using Microsoft Windows, the world’s most popular computer operating system.
The hacking tool had been developed by the National Security Agency (NSA), America’s powerful military intelligence unit. The NSA had developed its ‘Eternal Blue’ hacking weapon to gain access to computers used by terrorists and enemy states.
But in an astonishing twist, the NSA’s tool was stolen by Shadow Brokers.
The gang in turn ‘dumped’ the computer bug on an obscure website on April 14, just a week after President Donald Trump ordered the US bombing of Syria.
Some experts believe that timing is significant and indicates that Shadow Brokers has links to the Russian government.
In an internet posting, six days earlier on April 8 - and a day after the first airstrikes - Shadow Brokers appeared to issue a warning to President Trump.
In a statement, the group said in broken English: “Respectfully, what the f*** are you doing? The Shadow Brokers voted for you. The Shadow Brokers supports you. The Shadow Brokers is losing faith in you. Mr Trump helping the Shadow Brokers, helping you. Is appearing you are abandoning ‘your base’, ‘the movement’, and the peoples who getting you elected.”
It is believed ‘Eternal Blue’, having been dumped by Shadow Brokers, was then picked up by a separate crime gang which used it to gain remote access to computers, including systems that brought parts of the NHS to a standstill.
The gang, having gained access to computers, then deployed a second software programme - using ransomware called WanaCrypt or WannaCry - which hijacks a computing system and encrypts all the files contained on it.
The only way to unlock the files is to pay a ransom.
In this case, the gang is demanding $300 for each computer it unlocks - paid in ‘bitcoins’, a virtual currency used on the internet.
Edward Snowden, the NSA whistleblower now living in exile in Russia, claimed last year that Shadow Brokers was backed by the Kremlin following another leak. Snowden tweeted that “circumstantial evidence and conventional wisdom indicates Russian responsibility”.
Official advice from Spain’s emergency computer response service yesterday appeared to confirm that the ransomware attacks stemmed from the Eternal Blue tool, when it urged organisations to download a Microsoft update that protects against it.
Cyber security experts told The Telegraph the ransomware was being quickly spread by a wave of “phishing” emails carrying bogus attachments that infected computers when unsuspecting users clicked on them.
From The Telegraph
James Titcomb Cara McGoogan
No comments:
Post a Comment