Categories
computer security Computers and the Internet Cyberattacks and Hackers Cyberwarfare and Defense Espionage and Intelligence Services Microsoft Corp National Security Agency North Korea russia Shadow Brokers Software Uncategorized Windows (Operating System)

N.S.A. Takes Step Toward Protecting World’s Computers, Not Just Hacking Them

WASHINGTON — The National Security Agency has taken a significant step toward protecting the world’s computer systems, announcing Tuesday that it alerted Microsoft to a vulnerability in its Windows operating system rather than following the agency’s typical approach of keeping quiet and exploiting the flaw to develop cyberweapons.

The warning allowed Microsoft to develop a patch for the problem and gave the government an early start on fixing the vulnerability. In years past, the National Security Agency has collected all manner of computer vulnerabilities to gain access to digital networks to gather intelligence and generate hacking tools to use against American adversaries.

But that policy was heavily criticized in recent years when the agency lost control of some of those tools, which fell into the hands of cybercriminals and other malicious actors, including North Korean and Russian hackers.

By taking credit for spotting a critical vulnerability and leading the call to update computer systems, the National Security Agency appeared to adopt a shift in strategy and took on an unusually public role for one of the most secretive arms of the American government. The move shows the degree to which the agency was bruised by accusations that it caused hundreds of millions of dollars in preventable damage by allowing vulnerabilities to circulate.

“We wanted to take a new approach to sharing and also really work to build trust with the cybersecurity community,” Anne Neuberger, the agency’s cybersecurity director, told reporters.

The vulnerability exists in Windows 10, Microsoft’s flagship operating system, as well as some versions of its server software. It allows hackers to insert malicious code into a target computer and make it appear to be from a safe and trusted source. The vulnerability could also allow hackers to decrypt secret communications.

The vulnerability was serious, officials said. The National Security Agency warned government officials who oversee classified systems about the flaw and the coming Microsoft patch before discussing it publicly, Ms. Neuberger said.

The agency has in the past privately shared vulnerabilities it found with Microsoft and other technology companies. During the Obama administration, officials said, they shared about 90 percent of the flaws they discovered.

But the agency never allowed those firms to publicly identify the agency as the source of those discoveries, Ms. Neuberger said. The agency wanted the public acknowledgment of its role in finding the new defect to demonstrate the importance of patching the flaw, she said.

“Ensuring vulnerabilities can be mitigated is an absolute priority,” Ms. Neuberger said.

The National Security Agency’s action suggests the vulnerability for American government systems likely outweighed its usefulness as a tool for the agency to gather intelligence.

Experts and technology companies praised the agency. But some noted that even as one arm of the government was moving to protect the public’s ability to encrypt its communications, another was taking the opposite tack. A day earlier, the Justice Department called on Apple to break the encryption on its phones, and it has pushed for so-called back doors on Facebook’s encrypted message services.

The Washington Post earlier reported on the agency’s warning to Microsoft, which released a patch for the vulnerability on Tuesday.

Customers who automatically update their operating systems or applied Tuesday’s patch “are already protected,” said Jeff Jones, a senior director at Microsoft.

Microsoft said no evidence had emerged that malicious actors had exploited the vulnerability and said its security software could detect malware trying to do so.

The National Security Agency’s decision to reveal the flaw to Microsoft — and then to publicly announce its move — is in sharp contrast to how it handled another flaw that it discovered but told Microsoft about too late to prevent global damage.

In early 2017, agency officials told Microsoft’s president, Brad Smith, that it had found a flaw in its operating systems but lost it to a group called the Shadow Brokers, which somehow obtained hacking tools that the United States had used to spy on other countries. The agency had known about the flaw for some time but held on to it, believing that one day it might be useful for surveillance or the development of a cyberweapon.

But when the agency’s arsenal of flaws leaked out — presumably through insiders, though the National Security Agency has never said — among it was code nicknamed “Eternal Blue.” While Microsoft had raced to get people to patch the erroneous code, many systems remained unprotected.

Soon North Korean hackers used the code to develop “WannaCry,” software that crippled the British health care system, which used an outdated version of Microsoft Windows. And Russian hackers used it in the NotPetya attacks, among the most damaging cyberattacks in history, costing hundreds of million of dollars to companies including FedEx and Maersk, the shipping giant.

The agency dismissed the idea that it was responsible for the malicious use of the code — arguing that the responsibility lay with North Korea and Russia, which mounted the attacks. But privately, many agency officials acknowledged that the tendency to hoard such flaws in hopes of developing weapons had come at a huge price and that the United States bore some responsibility for the damage caused by Eternal Blue and other tools.

Some experts believe Eternal Blue is continuing to cause problems, allowing hackers to disrupt computer systems.

The White House often decides whether to hold on to a flaw for future use or reveal it to the manufacturer. Obama administration officials set up a system to make the decision. Trump administration officials say a similar process still exists, but they have stopped publishing information about the percentage of vulnerabilities they make public.

The National Security Council reviewed the latest decision to share information about the new flaw with Microsoft, Ms. Neuberger said.

The vulnerability involves Windows’ digital signature system, according to one of the people familiar with the issue. Microsoft, and other companies, use digital signatures to identify software and updates as authentic.

The vulnerability unearthed by the National Security Agency could potentially allow a hacker to add a fake signature that could allow malware to be inserted onto a vulnerable computer. Because the vulnerability was not yet public, no known malware has taken advantage of it.

Criminal hackers or nation states typically take weeks to exploit a new vulnerability, so businesses, governments and individuals may have a little time to install the security patch developed by Microsoft. Experts urged them to move quickly nonetheless.

It was not clear how much of a strategic shift the agency’s announcement amounted to. The agency presumably is still hunting for vulnerabilities and flaws that could allow them to infiltrate Iranian computer systems, as well as those used by Russia, China and other adversarial countries.

But if the agency continues to follow the example set Tuesday, future vulnerabilities that affect not just one critical computer system but instead millions of users or more across the world, its experts could help fix the problem rather than exploit it.

Categories
Bezos, Jeffrey P Blue Origin Boeing Company china Comets European Space Agency India International Space Station Israel Japan Mars (Planet) Mars 2020 (Mars Rover) Moon National Aeronautics and Space Administration OneWeb Inc Private Spaceflight Rocket Science and Propulsion russia Satellites Space and Astronomy Space Exploration Technologies Corp Starlink Sun Uncategorized United Arab Emirates Virgin Galactic

Rocket Launches, Trips to Mars and More 2020 Space and Astronomy Events

If you follow space news and astronomy, the past year offered no shortage of highlights. Astronomers provided humanity’s first glimpse of a black hole. China landed on the moon’s far side. And the 50th anniversary of the Apollo 11 moon landing inspired us to look ahead to our future in space.

The year to come will be no less eventful:

  • No fewer than four missions to Mars could leave Earth this summer.

  • NASA may finally launch astronauts into orbit aboard capsules built by SpaceX and Boeing.

  • We expect to learn more secrets about the interstellar comet Borisov.

  • And private companies are working to demonstrate new abilities in space.

However much you love space and astronomy, it can be challenging to keep up with the latest news in orbit and beyond. That’s why we’ve put dates for some of these events on The Times’s Astronomy and Space Calendar, which has been updated for 2020. Subscribe on your personal digital calendar to be automatically synced with our updates all year long. (We promise not to collect any personal information from your private calendar when you sign up.)

[Sync your calendar with the solar system.]

Below are some of the launches, space science and other events to look forward to.

Roughly every two years, the orbits of Earth and Mars come closer than usual. Space agencies on Earth often send missions to the red planet during that window, and in 2020 four such launches are scheduled.

Three of the missions will carry rovers. The United States is launching the soon-to-be-renamed Mars 2020 rover, which also carries a small helicopter. It will try to land in Jezero Crater, which once contained a lake and could preserve evidence of life, if life ever existed there.

Neither China, Europe nor Russia has deployed a rover on the Martian surface. But they will try, in a pair of missions. China’s mission, its first on its own to the red planet, includes an orbiter in addition to a rover. The European Space Agency and Russia cooperated to build Rosalind Franklin, a rover named for the English chemist whose work was essential to finding the structure of DNA.

The rovers could be joined on Mars by Hope, an orbiter commissioned by the United Arab Emirates. It is being built in Colorado, and is to be launched on a Japanese rocket. If it succeeds, it could represent a new model for space programs, in which small, wealthy countries pay for off-the-shelf spacecraft to get themselves into orbit and beyond.

Since the space shuttle’s last flight, in 2011, NASA has relied on Russia’s Soyuz spacecraft for trips to and from the International Space Station. In 2019, NASA hoped to begin flying astronauts aboard capsules built by two private companies, SpaceX and Boeing, but persistent delays knocked back the timeline another year.

NASA’s commercial crew program could finally achieve its goal in 2020. SpaceX’s Crew Dragon is scheduled to conduct an uncrewed test of its in-flight abort system on Jan. 11. If the test succeeds, the capsule could carry astronauts to the space station not long after.

Boeing’s Starliner experienced problems during its first uncrewed test flight in December and was unable to dock with the space station. An upcoming review of that test will determine whether Starliner might still be able to fly into orbit with astronauts in the first half of this year.

Virgin Galactic, the space-plane company run by Richard Branson, conducted two successful test flights with crew aboard in the past 13 months. In the year to come, the company could carry its first passengers to the edge of space. Blue Origin, the company founded by Jeff Bezos of Amazon, may follow suit; it has conducted 12 crewless tests of its capsule for short tourist jumps to suborbital space. For now, only the very wealthy will be able to afford such jaunts.

Other private companies are looking to Earth orbit for the future of internet service. SpaceX launched 120 Starlink satellites in 2019 and could launch many more in 2020. A competitor, OneWeb, could send more of its satellites to orbit in the coming year, too. These companies are blazing the trail for orbital internet — a business that Amazon and Apple are also pursuing — and upsetting astronomers, who fear that large constellations of internet satellites will imperil scientific study of the solar system and stars.

In September, a comet called Borisov 2I was spotted in our solar system, only the second ever confirmed interstellar object. Unlike Oumuamua, which was spotted in 2017 only as it was leaving the solar system, astronomers caught sight of Borisov and its 100,000-mile-long tail as it flew toward the sun, before it turned and began its exit.

In 2020, scientists will continue to point ground and orbiting telescopes at Borisov as it speeds back toward the stars beyond — unless, as some astronomers hope, it explodes into fragments after being heated by the sun. Whatever happens, other interstellar visitors are sure to follow, and professional sky gazers hope to find them with powerful new telescopes in the years ahead.

Before the end of 2020, the moon could see one more visitor from Earth. Chang’e-5, a robotic probe built by China, aims to collect moon rock and soil samples and send them back to Earth. The last set of lunar samples was gathered in 1976 by a Soviet spacecraft.

The year to come may also bring greater clarity about American designs for returning to the moon. NASA is aiming to put the first woman and the next man on the moon by 2024, with a program called Artemis. A wide range of political, budgetary and technological hurdles stand in the way of meeting that ambitious timeline.

Categories
Biz & IT hacking russia Security

New clues show how Russia’s grid hackers aimed for physical destruction

Transmission lines.

Enlarge (credit: Joshua Lott/Bloomberg via Getty Images)

For nearly three years, the December 2016 cyberattack on the Ukrainian power grid has presented a menacing puzzle. Two days before Christmas that year, Russian hackers planted a unique specimen of malware in the network of Ukraine’s national grid operator, Ukrenergo. Just before midnight, they used it to open every circuit breaker in a transmission station north of Kyiv. The result was one of the most dramatic attacks in Russia’s years-long cyberwar against its western neighbor, an unprecedented, automated blackout across a broad swath of Ukraine’s capital.

But an hour later, Ukrenergo’s operators were able to simply switch the power back on again. Which raised the question: Why would Russia’s hackers build a sophisticated cyberweapon and plant it in the heart of a nation’s power grid only to trigger a one-hour blackout?

A new theory offers a potential answer. Researchers at the industrial-control system cybersecurity firm Dragos have reconstructed a timeline of the 2016 blackout attack [PDF] based on a reexamination of the malware’s code and network logs pulled from Ukrenergo’s systems. They say that hackers intended not merely to cause a short-lived disruption of the Ukrainian grid but to inflict lasting damage that could have led to power outages for weeks or even months. That distinction would make the blackout malware one of only three pieces of code ever spotted in the wild aimed at not just disrupting physical equipment but destroying it, as Stuxnet did in Iran in 2009 and 2010 and as the malware Triton was designed to do in a Saudi Arabian oil refinery in 2017.

Read 12 remaining paragraphs | Comments