Proof?
UK names Russia as source of NotPetya, USA follows suit
The United Kingdon's Foreign and Commonwealth Office has formally "attributed the NotPetya cyber-attack to the Russian Government", specifically the nation's military. "The decision to publicly attribute this incident underlines the fact that the UK and its allies will not tolerate malicious cyber activity," said a February- …
COMMENTS
-
-
Friday 16th February 2018 14:47 GMT Anonymous Coward
here's some Proof that I just made up!
http://www.dw.com/en/dutch-foreign-minister-resigns-after-lying-about-putin-meeting/a-42572952
A Dutch BoJo seems to have been discovered lying, but then actually resigned this week, according to German Media
amazingly, even the Beeb reported this anti-anti-russia story with straightness
http://www.bbc.com/news/world-europe-43043925
As for NotPetya coming from Russia, of course that is possible, and Vault-7/GrassHopper/Umbrage are only a 'cyber-defense'?
This includes malware which makes it look like it was planted by a foreign government or hacker. This includes Russia, essentially proving the CIA has the ability to plant evidence to make it look like Russian hackers were the culprits. This potentially disrupts and discredits the entire Russia hacking. . . Grasshopper uses bits from a toolkit taken from Russian organized crime. . .the UMBRAGE group is writing snippets of code that mimic the functionality of other hacking tools and placing it in a
smokey mirrors
-
Thursday 15th February 2018 08:54 GMT Pascal Monett
So it was Russia
That is not an excuse for hooking up work PCs and servers to the Internet without proper protection in the first place.
Nor is it a cop-out for not training personnel properly.
Finally, it is a wake-up call : organizations have no reason to allow the use of USB ports or CD players. In more and more companies where I consult, I find that the USB ports have been disabled and the desktops/towers do not even have a CD tray any more.
Couple that with the threat of firing the person who clicks on a bloody link/attachment without thinking, and we have the start of proper on-site protection.
-
Thursday 15th February 2018 09:32 GMT macjules
Re: So it was Russia
In huge organisations such as Maersk or WPP employee numbers run into hundreds of thousands. You can not possibly expect every single employee to rigidly follow in-house strictures on use of IT equipment as someone will always need to download a codec for a video they are working on, someone will always need to download a shareware image optimisation tool, and so on.
In the case of WPP it was one employee in Kiev who (accidentally, it is claimed) clicked through the Google warning not to go any further and initiated NotPetya onto their local systems. As a result all computers in every WPP company were deemed at risk and the network was shutdown until scans had been run.
Likewise with Maersk the company decided that they could not afford the risk of cleaning every single computer and they replaced every single unit - in a record 10 days.
-
Thursday 15th February 2018 09:48 GMT Voland's right hand
Re: So it was Russia
Finally, it is a wake-up call : organizations have no reason to allow the use of USB ports or CD players. In more and more companies where I consult, I find that the USB ports have been disabled and the desktops/towers do not even have a CD tray any more.
No. The conclusion is the same as with NHS ransomware, etc.
Flat networks cannot be defended against the current threat model. Firewall them all, god will recognize its own. Branch office? Firewall it, it has no business talking to every other PC in the organization. Single channel for documents and data up, single channel down. Department? Firewall it. Lab? Firewall it. Industrial equipment? DEFINITELY FIREWALL IT.
It does not matter how much is invested into blocking ports and filtering external browsing. Infections will happen. The aim is not to prevent them. The aim is to contain them and minimize the damage.
The best analogy is a ship. Close the doors, even flood compartments on purpose if needed, but do not allow it capsize.
-
Thursday 15th February 2018 14:42 GMT TonyJ
Re: So it was Russia
"...Couple that with the threat of firing the person who clicks on a bloody link/attachment without thinking, and we have the start of proper on-site protection...."
Don't be bloody stupid. The only thing that achieves is a culture of fear and blame where mistakes - often ones that begin as simple for the right people/person to correct without much ado - get buried out of fear until they become much bigger, much more difficult problems to handle.
-
-
-
Thursday 15th February 2018 17:26 GMT Voland's right hand
Re: Deduction
You forgot the joke tags so the humour was lost to the audience.
Subtle difference. Bulgarian Petya is a formal female name - something you will find on a passport. I think Serbian has it too, but do not take my word for it.
Russian Petya is colloquial for Peter.
On the balance of things it is more likely for a virus to be called using a male colloquial name, not a female formal one.
-
-
-
Thursday 15th February 2018 10:35 GMT Anonymous Coward
Cynical budgets
Another cynical attempt to blame Russia for absolutely everything. Part of the psyops which is steadily softening up public opinion in NATO countries that will reach a point in a year or two where the masses will accept a direct conflict with those “nasty Russians”.
For example Trump / Congress is already changing the rules concerning the use of nuclear weapons and the Pentagon looking at introducing lower yield, tactical-use, nuclear weapons and the rules of engagement...meanwhile our special (obedient) relationship with our US friends (masters) means that we just bark like poodles on a leash at the Russians, ocassionally nipping their ankles.
Bottom line, this ain’t gonna end well.
-
-
Thursday 15th February 2018 21:57 GMT Roland6
Re: Cynical budgets
>And we are apparently setting sail to rattle some sabres with China.
That's so we can soften them up in preparation for those new trade deal negotiations Brexiteers keep going on and on about.
The laugh is that China is also on Trump's hit list, so the UK is going to have to do some real good schmoozing to keep the Americans happy and talk hard to the Chinese, whilst at the same time sweet talk them to supply us with highly subsidised products (eg. solar panels) in exchange for Rolls Royces and Scotch Whisky.
-
-
Thursday 15th February 2018 17:31 GMT Anonymous Coward
Re: Cynical budgets
Pentagon looking at introducing lower yield, tactical-use, nuclear weapons and the rules of engagement...
Verbatim repeat of the previous time USA had a tax cutting imbecile in charge. I am referring to the one that had dementia while in office, but it was a state secret that he had it and it was already diagnosed. It can be deduced if you look at the curve of NIH funding into dementia research. It goes through the roof roughly two years mid-second Ronny "Demented" Raygun term.
The scariest part - the Americans like their presidents being rather on the "Your Village is Calling You" side - they reelected the previous one, they will reelect this one too.
Let's hope that there will be yet another "Old Faith" (Староверец) Russian Officer on nuclear watch this time same as 35 years ago to save the world from being bequeathed to the cockroaches. That is the direction we are going.
-
-
Thursday 15th February 2018 20:00 GMT Anonymous Coward
I have no problem with the assertion that NotPetya originated in Russia or from a person of Russian origin based on the company that was initially targeted and the expected effects. As someone who has worked with one of the affected companies in the past, it doesn't surprise me they were using non-standard accounting software in the offices, although how it managed to spread out of a relatively untrusted environment into major corporate offices that used to have decent (not perfect...) patching/security practices before IBM got rid of the capable staff and handed tasks to non-existent teams in India is unlikely to have been part of the original author/distributors plans.
To me, this smells like opportunism within the UK government to grab budget and it plays into a story that IBM and their affected clients would prefer to reality. It was a copy of Wannacry (that had the advantage of surprise) rather than something indicating a scary new capability and affected companies that were unable to understand Wannacry or why the patches should have been deployed in the proceeding six months...
There needs to be more evidence that this was a larger effort by Russian intelligence or military organisations to target the UK as my knowledge of the disruption for one company was that the UK was a casualty of poor practices and the inability to cope with a large scale incident rather than the victim of a state act regardless of the source state...
-
-
Thursday 15th February 2018 11:11 GMT Danny 2
WikiLeaks leak
In Leaked Chats, WikiLeaks Discusses Preference for GOP Over Clinton, Russia, Trolling, and Feminists They Don’t Like
https://theintercept.com/2018/02/14/julian-assange-wikileaks-election-clinton-trump/
Off topic but I thought this may interest some of you. Some of the commentators are interesting if you can guess the names. I don't want to comment there but I am out of popcorn.
-
Thursday 15th February 2018 12:00 GMT amanfromMars 1
Perfect Trojan Vehicle for Immaculate Root Accesses
"The decision to publicly attribute this incident underlines the fact that the UK and its allies will not tolerate malicious cyber activity," said a February-15th-dated statement from Foreign Office Minister for Cyber Security Lord (Tariq) Ahmad of Wimbledon.
Excuse me, Foreign Office Minister for Cyber Security Lord (Tariq) Ahmad of Wimbledon, you will tolerate anything and everything, malicious or otherwise, coming your way whenever you are unable to defend yourselves against .... well, IT is a Virtual Activity with no tangible Infrastructure of its own to either own or close down.
To believe otherwise identifies one as being seriously and serially delusional.
-
Thursday 15th February 2018 12:00 GMT Anonymous Coward
Of couse, your ministerialness
I think you'll find it's the fault of the NSA for discovering flaws in Windows and not letting the company that codes the bag of shite know there there were a few more turds there that needed fixing pronto.
What happens after keeping schtum lies at their feet.
Who was suceptable to the collateral damage is another matter and those entities have been laid bare and should take the blame for their inaction.
However, as we are always told when people die in collateral damage caused when non white people are killed in far off lands, we do our best to avoid, sympethise with, but we can't rule out unintended casualties.
-
Thursday 15th February 2018 15:34 GMT Sir Runcible Spoon
Re: Of couse, your ministerialness
I think you'll find it's the fault of the NSA for discovering flaws in Windows and not letting the company that codes the bag of shite know
I think you'll find it was more to do with them crafting an exploit around such knowledge which they then let slip out into the wild.
-
-
Thursday 15th February 2018 15:52 GMT Anonymous Coward
Almost certain this is neocon BS
"the Russian military was almost certainly responsible for the destructive NotPetya cyber-attack of June 2017."
Do you have to repeat this US neocon waffle on this technology forum. What evidence is there for this. Do you seriously think the Russian military are not capable of disguising the source of the attack. After all, they don't out source their projects to the private sector.
-
Thursday 15th February 2018 16:01 GMT Anonymous Coward
several things...
Not Petya's source was an update for a Ukrainian accounts package. Their update server had been compromised and an infected versions of the real code placed for distribution.
That dropped the worm into every network where the accounts system was used.
The accounts system in question was the only way to submit online tax data to the Ukrainian government. Hence anyone needing to do that business was likely impacted, including the likes of FedEx and Maersk.
After that the worm whacked any and everything it could reach.
Clearly a Ukrainian government target and whilst I don't like to blame Russia, you have to ask who else would want them f'ed over...
Always hard to determine though whether it was actual state action or some "patriots", particularly in Russia where they have both the skills and the patriotic fervor to do such things.
The writeup for the hack is out there, quite interesting. Go have a read. Definitely not the first time an application has been targeted at the software vendor...
-
-
This post has been deleted by its author
-
-
This post has been deleted by its author
-
-
Friday 16th February 2018 10:48 GMT Anonymous Coward
several things... part #2
BTW the most significant thing here is also that someone burnt a highly valuable cyber war resource to deliver this lame crap.
The accounting software distribution node that was compromised was a valuable asset. The vendor didn't know it was deeply compromised and only discovered after Not Petya.
Using this resource in conjunction with other action could give you a valuable advantage, instead it was burnt for no particular reason.
Its like using up your best highest placed agent in a foreign government to execute an April fools joke.
Not a clever use of intelligence assets...
-
Friday 16th February 2018 14:42 GMT Anonymous Coward
Re: several things... part #2
Umm...
I think your comment was meant for WannaCry or the initial information release of the vulnerability and subsequent MS patches.
By the time WannaCry was out we had patched our Dev/test estate and we're beginning the rollout to production. By the time NotPetya was out, we'd patched our estate and disabled SMBv1 on 90% of the estate in the 6 months since MS released the patches and WannaCry had confirmed the seriousness of the vulnerability.
NotPetya's value should have been approaching zero by the time it was released...
-
Saturday 17th February 2018 14:41 GMT Anonymous Coward
Re: several things... part #2
No, I wasn't talking about ETERNAL BLUE being the high value asset, the high value asset was the ownage of the Ukrainian accounts system's update distribution servers....
A blow to the Ukrainian tax system (and its business users) would be a strategic move in the grey phase of the approach to actual war.
-
-