back to article UK names Russia as source of NotPetya, USA follows suit

The United Kingdon's Foreign and Commonwealth Office has formally "attributed the NotPetya cyber-attack to the Russian Government", specifically the nation's military. "The decision to publicly attribute this incident underlines the fact that the UK and its allies will not tolerate malicious cyber activity," said a February- …

  1. Ronome
    1. seven of five

      Traitor!

      Proof by claim.

    2. Voland's right hand Silver badge

      Proof?

      More budget needed for toys. Proof unnecessary. Tantrum sufficient.

      1. Steve Davies 3 Silver badge
        Coat

        RE: More Budget needed

        For new 'Windows' because the toys that were thrown out of the pram did so much damage that new Windows (10 naturally) were needed throughout Whitehall.

        Coat, with a copy of 'Cubes' secure linux in the pocket

        1. Mark 85

          Re: RE: More Budget needed

          Ah... so the implication is that M$ was behind this to increase the Win10 penetration. Well done, sir.

    3. Anonymous Coward
      Anonymous Coward

      Meanwhile the real culprit is laughing all the way to the bank.

    4. Anonymous Coward
      Anonymous Coward

      here's some Proof that I just made up!

      http://www.dw.com/en/dutch-foreign-minister-resigns-after-lying-about-putin-meeting/a-42572952

      A Dutch BoJo seems to have been discovered lying, but then actually resigned this week, according to German Media

      amazingly, even the Beeb reported this anti-anti-russia story with straightness

      http://www.bbc.com/news/world-europe-43043925

      As for NotPetya coming from Russia, of course that is possible, and Vault-7/GrassHopper/Umbrage are only a 'cyber-defense'?

      This includes malware which makes it look like it was planted by a foreign government or hacker. This includes Russia, essentially proving the CIA has the ability to plant evidence to make it look like Russian hackers were the culprits. This potentially disrupts and discredits the entire Russia hacking. . . Grasshopper uses bits from a toolkit taken from Russian organized crime. . .the UMBRAGE group is writing snippets of code that mimic the functionality of other hacking tools and placing it in a

      smokey mirrors

  2. Pascal Monett Silver badge

    So it was Russia

    That is not an excuse for hooking up work PCs and servers to the Internet without proper protection in the first place.

    Nor is it a cop-out for not training personnel properly.

    Finally, it is a wake-up call : organizations have no reason to allow the use of USB ports or CD players. In more and more companies where I consult, I find that the USB ports have been disabled and the desktops/towers do not even have a CD tray any more.

    Couple that with the threat of firing the person who clicks on a bloody link/attachment without thinking, and we have the start of proper on-site protection.

    1. macjules

      Re: So it was Russia

      In huge organisations such as Maersk or WPP employee numbers run into hundreds of thousands. You can not possibly expect every single employee to rigidly follow in-house strictures on use of IT equipment as someone will always need to download a codec for a video they are working on, someone will always need to download a shareware image optimisation tool, and so on.

      In the case of WPP it was one employee in Kiev who (accidentally, it is claimed) clicked through the Google warning not to go any further and initiated NotPetya onto their local systems. As a result all computers in every WPP company were deemed at risk and the network was shutdown until scans had been run.

      Likewise with Maersk the company decided that they could not afford the risk of cleaning every single computer and they replaced every single unit - in a record 10 days.

    2. Voland's right hand Silver badge

      Re: So it was Russia

      Finally, it is a wake-up call : organizations have no reason to allow the use of USB ports or CD players. In more and more companies where I consult, I find that the USB ports have been disabled and the desktops/towers do not even have a CD tray any more.

      No. The conclusion is the same as with NHS ransomware, etc.

      Flat networks cannot be defended against the current threat model. Firewall them all, god will recognize its own. Branch office? Firewall it, it has no business talking to every other PC in the organization. Single channel for documents and data up, single channel down. Department? Firewall it. Lab? Firewall it. Industrial equipment? DEFINITELY FIREWALL IT.

      It does not matter how much is invested into blocking ports and filtering external browsing. Infections will happen. The aim is not to prevent them. The aim is to contain them and minimize the damage.

      The best analogy is a ship. Close the doors, even flood compartments on purpose if needed, but do not allow it capsize.

    3. TonyJ

      Re: So it was Russia

      "...Couple that with the threat of firing the person who clicks on a bloody link/attachment without thinking, and we have the start of proper on-site protection...."

      Don't be bloody stupid. The only thing that achieves is a culture of fear and blame where mistakes - often ones that begin as simple for the right people/person to correct without much ado - get buried out of fear until they become much bigger, much more difficult problems to handle.

  3. wolfetone Silver badge

    Malicious cyber?

    Is that when the other person doesn't tell you their A/S/L?

    1. TonyJ

      "...Malicious cyber?

      Is that when the other person doesn't tell you their A/S/L?..."

      Showing our your age there! ;-)

      1. Sir Runcible Spoon
        Joke

        Age/Sex/Leg Measurement??

        1. Anonymous Coward
          Anonymous Coward

          Re:ASL

          It's Agency/specialisation/location used for identifying where the 50+ year men you're chatting with might work to allow him to pretend to be a young girl...

  4. Anonymous Coward
    Anonymous Coward

    Deduction

    Petya is a Slavic name which can be Bulgarian and Russian according to the internet.

    Therefore this was called "Not Petya",

    So clearly it's not the Russians or they would have called it "is Petya"

    1. Voland's right hand Silver badge

      Re: Deduction

      You forgot the joke tags so the humour was lost to the audience.

      Subtle difference. Bulgarian Petya is a formal female name - something you will find on a passport. I think Serbian has it too, but do not take my word for it.

      Russian Petya is colloquial for Peter.

      On the balance of things it is more likely for a virus to be called using a male colloquial name, not a female formal one.

      1. theblackhand

        Re: Deduction

        So it was Peter!!!

        It all fits together now. Peter did it.

        And they said there was no evidence.

        1. Mark 85

          Re: Deduction

          Yes, and Peter is actually a Richard.

      2. Anonymous Coward
        Anonymous Coward

        Re: Deduction

        @Voland's right hand

        Alas as anonymous I just put it out and hope people understand. I know I can add the icon but I feel that is cheating. I also get confused how people could believe I'm really that stupid.

  5. Teiwaz

    So Russia at fault...

    The UK is just the limpy kid that runs around after the other 'big playground bully'.

    No mention of the leaky agency incompetently put the tools out there.

    Nahh, rather prefer to keep licking those cheezy feet and exclaiming they taste of vanilla.

  6. Blofeld's Cat
    Coat

    Hmm ...

    "... the UK and its allies will not tolerate malicious cyber activity ..."

    I presume they mean incoming malicious cyber activity by others, rather than their own carefully crafted spyware.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hmm ...

      It's not malicious when we do it. It's ... benelicious. Totally a word.

    2. Anonymous Coward
      Anonymous Coward

      Re: Hmm ...

      Which is promptly handed over to the Russians by employees taking copies home and storing on insecure computers.

  7. m0rt

    The cynics amongst us would think that certain areas of the establishment are angling for, if not an increase in budget, at least not having it cut.

    1. Anonymous Coward
      Anonymous Coward

      Cynical budgets

      Another cynical attempt to blame Russia for absolutely everything. Part of the psyops which is steadily softening up public opinion in NATO countries that will reach a point in a year or two where the masses will accept a direct conflict with those “nasty Russians”.

      For example Trump / Congress is already changing the rules concerning the use of nuclear weapons and the Pentagon looking at introducing lower yield, tactical-use, nuclear weapons and the rules of engagement...meanwhile our special (obedient) relationship with our US friends (masters) means that we just bark like poodles on a leash at the Russians, ocassionally nipping their ankles.

      Bottom line, this ain’t gonna end well.

      1. Jason Bloomberg Silver badge
        Thumb Down

        Re: Cynical budgets

        And we are apparently setting sail to rattle some sabres with China. It seems to me Williamson is just another playground bully spoiling for a fight. Which probably makes him the darling of NATO which has been angling for a conflict with Russia for a while now.

        1. Roland6 Silver badge

          Re: Cynical budgets

          >And we are apparently setting sail to rattle some sabres with China.

          That's so we can soften them up in preparation for those new trade deal negotiations Brexiteers keep going on and on about.

          The laugh is that China is also on Trump's hit list, so the UK is going to have to do some real good schmoozing to keep the Americans happy and talk hard to the Chinese, whilst at the same time sweet talk them to supply us with highly subsidised products (eg. solar panels) in exchange for Rolls Royces and Scotch Whisky.

      2. Anonymous Coward
        Anonymous Coward

        Re: Cynical budgets

        Pentagon looking at introducing lower yield, tactical-use, nuclear weapons and the rules of engagement...

        Verbatim repeat of the previous time USA had a tax cutting imbecile in charge. I am referring to the one that had dementia while in office, but it was a state secret that he had it and it was already diagnosed. It can be deduced if you look at the curve of NIH funding into dementia research. It goes through the roof roughly two years mid-second Ronny "Demented" Raygun term.

        The scariest part - the Americans like their presidents being rather on the "Your Village is Calling You" side - they reelected the previous one, they will reelect this one too.

        Let's hope that there will be yet another "Old Faith" (Староверец) Russian Officer on nuclear watch this time same as 35 years ago to save the world from being bequeathed to the cockroaches. That is the direction we are going.

    2. Anonymous Coward
      Anonymous Coward

      I have no problem with the assertion that NotPetya originated in Russia or from a person of Russian origin based on the company that was initially targeted and the expected effects. As someone who has worked with one of the affected companies in the past, it doesn't surprise me they were using non-standard accounting software in the offices, although how it managed to spread out of a relatively untrusted environment into major corporate offices that used to have decent (not perfect...) patching/security practices before IBM got rid of the capable staff and handed tasks to non-existent teams in India is unlikely to have been part of the original author/distributors plans.

      To me, this smells like opportunism within the UK government to grab budget and it plays into a story that IBM and their affected clients would prefer to reality. It was a copy of Wannacry (that had the advantage of surprise) rather than something indicating a scary new capability and affected companies that were unable to understand Wannacry or why the patches should have been deployed in the proceeding six months...

      There needs to be more evidence that this was a larger effort by Russian intelligence or military organisations to target the UK as my knowledge of the disruption for one company was that the UK was a casualty of poor practices and the inability to cope with a large scale incident rather than the victim of a state act regardless of the source state...

  8. Danny 2

    WikiLeaks leak

    In Leaked Chats, WikiLeaks Discusses Preference for GOP Over Clinton, Russia, Trolling, and Feminists They Don’t Like

    https://theintercept.com/2018/02/14/julian-assange-wikileaks-election-clinton-trump/

    Off topic but I thought this may interest some of you. Some of the commentators are interesting if you can guess the names. I don't want to comment there but I am out of popcorn.

    1. Anonymous Coward
      Anonymous Coward

      Re: WikiLeaks leak

      Ha! That's nothing...

      You should see all the anti-Clinton texts an emails sent from MY device(s).

  9. Anonymous Coward
    Anonymous Coward

    Russia denies accusation

    Well, by the time you read this they will have.

    >Click!<

    "Nice denial, Boris."

    "Da. Was it actually true?"

    "Oh, Boris, you are so young, you need to ask!"

  10. amanfromMars 1 Silver badge

    Perfect Trojan Vehicle for Immaculate Root Accesses

    "The decision to publicly attribute this incident underlines the fact that the UK and its allies will not tolerate malicious cyber activity," said a February-15th-dated statement from Foreign Office Minister for Cyber Security Lord (Tariq) Ahmad of Wimbledon.

    Excuse me, Foreign Office Minister for Cyber Security Lord (Tariq) Ahmad of Wimbledon, you will tolerate anything and everything, malicious or otherwise, coming your way whenever you are unable to defend yourselves against .... well, IT is a Virtual Activity with no tangible Infrastructure of its own to either own or close down.

    To believe otherwise identifies one as being seriously and serially delusional.

  11. Anonymous Coward
    Anonymous Coward

    Of couse, your ministerialness

    I think you'll find it's the fault of the NSA for discovering flaws in Windows and not letting the company that codes the bag of shite know there there were a few more turds there that needed fixing pronto.

    What happens after keeping schtum lies at their feet.

    Who was suceptable to the collateral damage is another matter and those entities have been laid bare and should take the blame for their inaction.

    However, as we are always told when people die in collateral damage caused when non white people are killed in far off lands, we do our best to avoid, sympethise with, but we can't rule out unintended casualties.

    1. Sir Runcible Spoon

      Re: Of couse, your ministerialness

      I think you'll find it's the fault of the NSA for discovering flaws in Windows and not letting the company that codes the bag of shite know

      I think you'll find it was more to do with them crafting an exploit around such knowledge which they then let slip out into the wild.

  12. Anonymous Coward
    Anonymous Coward

    Please Mr Trump can you give us some money

    in return we will send one of our old ships over near N Korea and repeat your Russia bad spiel.

    "Near" in this case because we already spent all the fuel money on duck islands

  13. Anonymous Coward
    Big Brother

    Almost certain this is neocon BS

    "the Russian military was almost certainly responsible for the destructive NotPetya cyber-attack of June 2017."

    Do you have to repeat this US neocon waffle on this technology forum. What evidence is there for this. Do you seriously think the Russian military are not capable of disguising the source of the attack. After all, they don't out source their projects to the private sector.

  14. Anonymous Coward
    Anonymous Coward

    several things...

    Not Petya's source was an update for a Ukrainian accounts package. Their update server had been compromised and an infected versions of the real code placed for distribution.

    That dropped the worm into every network where the accounts system was used.

    The accounts system in question was the only way to submit online tax data to the Ukrainian government. Hence anyone needing to do that business was likely impacted, including the likes of FedEx and Maersk.

    After that the worm whacked any and everything it could reach.

    Clearly a Ukrainian government target and whilst I don't like to blame Russia, you have to ask who else would want them f'ed over...

    Always hard to determine though whether it was actual state action or some "patriots", particularly in Russia where they have both the skills and the patriotic fervor to do such things.

    The writeup for the hack is out there, quite interesting. Go have a read. Definitely not the first time an application has been targeted at the software vendor...

  15. Andy 97

    The commentard farms in Moscow are set to "11" today.

    Well hello guys, I hope they're paying you in USD and not bitcoins.

    1. amanfromMars 1 Silver badge

      Re: The commentard farms in Moscow are set to "11" today.

      Hello, Fort Meade, is that you in a terrible guise, Andy 97?

      1. Anonymous Coward
        Devil

        Re: The commentard farms in Moscow are set to "11" today.

        > Hello, Fort Meade, is that you in a terrible guise, Andy 97?

        No, my name is Buck and I know where you surf all the Intertubes.

    2. Anonymous Coward
      Angel

      Re: The commentard farms in Moscow are set to "11" today.

      > I hope they're paying you in USD and not bitcoins

      Hopefully they get paid in NotRubles.

    3. This post has been deleted by its author

  16. Alistair
    Windows

    Russian was buying yellowcake!

    I see that NotPetya will be the WMD of this round of military action.

    This *might* not be a wise course of action.........

    1. Anonymous Coward
      Anonymous Coward

      Re: Russian was buying yellowcake!

      If the UK and Russia get into a cyber war, the outcome will be as one sided as a nuclear exchange.

  17. Will Godfrey Silver badge
    Unhappy

    Wizard?

    Pay no attention to that man behind the curtain.

  18. Anonymous Coward
    Anonymous Coward

    SMB

    Why aren't they going after the REAL criminals...Samba Share

    I was mulling over all the massive amount of evidence, source code, linked IP addresses that was posted that ties the malware back to the Kremlin and it is STAGGERING!

    /sarcasm

  19. Anonymous Coward
    Anonymous Coward

    Destablising countries

    like senior NATO officials joining in anti-government protests?

    1. This post has been deleted by its author

  20. Anonymous Coward
    Anonymous Coward

    What I find odd...

    Is that not ALL languages are covered in the Marble Framework.

    Maybe I missed it but I don't see Spanish or French, no Irish Gaelic..

    https://wikileaks.org/ciav7p1/cms/page_14588467.html#efmCOoCS7

  21. Anonymous Coward
    Anonymous Coward

    several things... part #2

    BTW the most significant thing here is also that someone burnt a highly valuable cyber war resource to deliver this lame crap.

    The accounting software distribution node that was compromised was a valuable asset. The vendor didn't know it was deeply compromised and only discovered after Not Petya.

    Using this resource in conjunction with other action could give you a valuable advantage, instead it was burnt for no particular reason.

    Its like using up your best highest placed agent in a foreign government to execute an April fools joke.

    Not a clever use of intelligence assets...

    1. Anonymous Coward
      Anonymous Coward

      Re: several things... part #2

      Umm...

      I think your comment was meant for WannaCry or the initial information release of the vulnerability and subsequent MS patches.

      By the time WannaCry was out we had patched our Dev/test estate and we're beginning the rollout to production. By the time NotPetya was out, we'd patched our estate and disabled SMBv1 on 90% of the estate in the 6 months since MS released the patches and WannaCry had confirmed the seriousness of the vulnerability.

      NotPetya's value should have been approaching zero by the time it was released...

      1. Anonymous Coward
        Anonymous Coward

        Re: several things... part #2

        No, I wasn't talking about ETERNAL BLUE being the high value asset, the high value asset was the ownage of the Ukrainian accounts system's update distribution servers....

        A blow to the Ukrainian tax system (and its business users) would be a strategic move in the grey phase of the approach to actual war.

  22. Chairman of the Bored

    So even if the attribution is correct...

    ...and I said "if", mind,...

    What purpose do these verbal "blasts" serve? From my perspective they're as effective as wet toilet paper... Useful as boobs on a bicycle... You get the picture.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like