Ransomware That Hit Europe's Computers Did Not Come From NSA Leak
Some media reports about the ransomware -- called WannaCry -- that rocked the UK health system, Spain's telecom industry, and other targets in Europe Friday say that hackers pulled it from a leaked NSA tool kit.
That's not really accurate.
Instead, computing experts say and a review of the computing code shows, the leaked NSA tool kit demonstrated to the hackers how they could attack these systems. The hackers didn't use NSA code, but they did copy something from the tool kit.
"WannaCry ransomware uses one of the exploits released recently by Shadowbrokers in the leaked NSA tools archive," said Andrew Komarov, chief intelligence officer for the cybersecurity firm InfoArmor. "This is pretty normal practice, where cybercriminals are using the latest vulnerabilities in order to increase the efficiency of their malware."
The name of the NSA tool that the hackers drew on to develop the new ransomware is called "Eternalblue".
The software fix for the vulnerability that the ransomware exploits came out in March, before the Shadowbrokers leak, so experts say there was theoretically time to patch systems in advance of an attack.
Komarov said there was no indication that WannaCry or Friday's attack had anything to do with the NSA "or any other state-sponsored cyber offensive activities."
CIA Adds Eight Stars to Memorial Wall For Fallen Officers
Each year, new stars are carved into the marble of the CIA’s Memorial Wall in the agency’s main lobby. Each represents an employee who died while carrying out his or her duties, often clandestine.
When it was first dedicated in 1974, there were 31 stars. After a ceremony held Monday, the number is 125. As is true almost every year, some of the new stars honor fallen officers whose names and operations remain classified.
Four of the eight new stars represent officers whose names if revealed might unveil classified operations.
A fifth was added to honor Mark S. Rausenberger, an 18-year agency officer who died while serving overseas. The circumstances of his death remain classified.
In the past, the agency has reviewed the history of clandestine operations to determine if a name can be declassified. The identity of the man honored with the first star, Douglas Mackiernan, wasn’t revealed until 2006, 56 years after his death.
The three other new stars pay tribute to David Bevan, Darrell Eubanks, and John Lewis. All died when their plane crashed while carrying out a mission for Air America, the CIA’s Vietnam-era "airline," in Laos in 1961.
In remarks to those assembled before the wall Monday, including families of the fallen, CIA Director Mike Pompeo said that each star represents "a life that is dear to us … We remain forever devoted to them, as they were to us. And we will strive to make them proud of us, as we are of them."
Got A News Tip? We Want To Know About It
Click here for instructions on different ways to reach us: email, mail, or the messaging apps Signal, Telegram or WhatsApp. Each tool has its own security measures.
That North Korean Missile Really Worked, Say U.S. Officials
Two U.S. defense officials confirm that North Korea's launch of a KN-17 missile last Sunday was successful and that the missile's re-entry vehicle did successfully re-enter the atmosphere.
The re-entry was controlled and the vehicle did not burn up, the officials said. It landed in the sea near Russia.
The KN-17 is a liquid fuel single-stage missile. In boasting of the successful launch, the North Koreans called it a "medium long-range" ballistic rocket that can carry a heavy nuclear warhead.
The U.S. officials characterized Sunday's launch as an advancement for the North Korean missile program.
North Korea also launched one in mid-April, but it exploded seconds later.
U.S. Announces New Iran Sanctions, But Keeps Waiving Sanctions
The Treasury Department announced new sanctions on Iran for its ballistic missile program Wednesday, but also said it will continue to waive sanctions as required by the Iran nuclear deal.
"The Treasury Department is imposing new sanctions on Iranian defense officials, an Iranian entity, and a China-based network that supplied missile-applicable items to a key Iranian defense entity,'" said a statement released by the Treasury Department. "The action reflects concern with Iran’s continued development of ballistic missiles, which is in inconsistent with United Nations Security Council Resolution 2231.
The statement also said the waiver of sanctions "does not diminish the United States' resolve to continue countering Iran's destabilizing activity in the region. ... [A]bove all, the United States will never allow the regime in Iran to acquire a nuclear weapon."
Ex-NSA Official Confirms Ransomware Based on Flaw Swiped from NSA
A former senior National Security Agency official who consults with the agency told NBC News that it's true, as cybersecurity researchers report, that the WannaCry ransomware epidemic is the result of a software vulnerability identified and stockpiled by the NSA. And it became public when it leaked as part of the Shadow Brokers disclosures.
The NSA releases 90 to 95 percent of the software vulnerabilities it discovers, he said, but it sits on the rest for use in hacking and spying activities. In other words, it doesn't tell Americans about software holes that make them vulnerable -- so it can exploit those weaknesses to spy on foreigners.
In this case, after the leak, the NSA warned Microsoft and other companies, the official said. Microsoft released a patch in March.
But not everybody patches, and those running outdated systems may not even be able to.
The former official said some people would like the NSA to alert industry to every software hole it finds. But then, he said, the NSA would lose intelligence collection. And hackers would still find holes to exploit, because such holes are inevitable.
That said, he praised a new system in the UK, where spies sit with private researchers and share vulnerabilities in real time. That doesn't mean the Brits don't keep some secret, he added.
He sees a Russian hand in the Shadow Brokers disclosures, which would be ironic if true. Russia has suffered heavily from the ransomware attack because it uses pirated and outdated software.
CIA Creates New Korean Mission Center, Won't Say Who Runs It
The Agency announced late Tuesday that it has established a "Korea Mission Center" to "harness the full resources, capabilities, and authorities of the Agency in addressing the nuclear and ballistic missile threat posed by North Korea." The CIA also announced that Director Mike Pompeo has named a "veteran intelligence officer" to run the center — but declined to name the officer for security reasons.
Both publicly and privately, the agency has said North Korea has been one of, if not the most, difficult of intelligence targets.
"Creating the Korea Mission Center allows us to more purposefully integrate and direct CIA efforts against the serious threats to the United States and its allies emanating from North Korea," said Pompeo. "It also reflects the dynamism and agility that CIA brings to evolving national security challenges."
Wyden Vows To Block Trump Nominee Till Senate Investigators Get Documents
Oregon Democrat Ron Wyden says he will block the nomination of Donald Trump’s pick to be the top Treasury intelligence official until Treasury’s anti-money-laundering agency produces documents requested by the Senate Intelligence Committee related to Trump.
Sen. Wyden says he will maintain a hold on the nomination of Sigal Mandelker to be under secretary of the Treasury for terrorism and financial intelligence until the documents are produced.
This week, Intelligence Committee Ranking Member Sen. Mark Warner, D-Virginia, announced that the committee had asked the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) for records relating to President Trump and his associates.
"I have stated repeatedly that we have to follow the money if we are going to get to the bottom of how Russia has attacked our democracy," Wyden said. "That means thoroughly review any information that relates to financial connections between Russia and President Trump and his associates, whether direct or laundered through hidden or illicit transactions. The office which Ms. Mandelker has been nominated to head is responsible for much of this information."
Top Senate Intel Dem Doesn't Expect Mike Flynn to Provide Requested Documents
Sen. Mark Warner of Virginia told NBC News the Senate Intelligence Committee is meeting today to review material about Russia's meddling in the U.S. election — and that today is also the deadline for former Trump aides Mike Flynn and Carter Page to provide documents requested by the committee.
"The first round of information requests we made to General Flynn and some of the others were due today and we're going to be discussing first steps," said Warner, the committee's ranking Democrat.
"We've gotten word that we're getting some [documents]. Obviously some of the others, like Flynn, I'm not holding my breath on."
Iran Test Fires High-Speed Torpedo Sunday
Three senior defense officials report that Iran test-fired a high-speed torpedo near the Strait of Hormuz on Sunday.
The Hoot torpedo is still in the testing phase, the officials report, but once it is fully operational it should be able to travel about 12,000 yards (approximately six nautical miles) at a speed of about 200 knots per hour (approximately 250 miles per hour). None of the officials could say whether the test was successful or not.
The USS George HW Bush strike group is in the Gulf right now but all three officials said the test did not pose a threat to U.S. ships or assets in the region.
Two of the officials said that the Iranian military last tested this torpedo in February 2015.