All posts in “hacking”

You know that Jayden K. Smith Facebook hack? It’s actually a hoax that doesn’t make any damn sense

Image: diego AZUBEL/EPA/REX/Shutterstock

Here’s a story you’ve probably heard before: A viral hoax is spreading on Facebook, that, when you stop and think about it, really doesn’t make any damn sense

Monday’s hoax involves a supposed hacker named Jayden K. Smith. 

As far as the hoax goes, users are warned about an incoming friend request from a user named “Jayden K. Smith,” who is reportedly a hacker. Then the user is encouraged to share the warning with all of their friends to protect one’s Facebook network from Jayden.

The warning looks a little something like this:

Please tell all the contacts in your Messenger list, not to accept Jayden K Smith friendship request. He is a hacker and has the system connected to your Facebook account. If one of your contacts accepts it, you will also be hacked, so make sure that all your friends know it. Thanks. Forwarded as received.

The thing is: the message itself is the hoax. Which we should have all realized if we just stopped and thought about it for a second.

First, “the system connected to your Facebook account.” Lol. Gonna need more info there. 

Second, it’s silly to think you’ll be hacked if any of your Facebook friends becomes friends with Jayden. Becoming friends with someone on Facebook doesn’t somehow provide a person access to, say, your email password. 

This viral message isn’t smart, but it seems to be designed to take advantage of a critical nexus of (the lack of) hacking knowledge: Many people don’t know how hacking works and many people are also understandably afraid of being hacked. 

Hey, at least we get the memes, I guess. 

We reached out to Facebook for comment, and we’ll update if we hear back.

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80316%2ff500b367 c74e 4fa7 97cd cde8f19f3003

Alleged hackers behind NotPetya cyberattack demand $260,000 bitcoin ransom

Image: CHRISTOPHER MINESES/MASHABLE

The ransom is on the move. 

The Bitcoin wallet controlled by the NotPetya attackers showed surprising signs of life over the Fourth of July holiday weekend, with approximately $10,000 in paid ransom disappearing from the account. Around the same time, a message purporting to be from the culprits behind the maybe-ransomware attack surfaced — demanding 100 bitcoin in exchange for a key they say can unlock encrypted files. 

At the time of writing, 100 bitcoin is worth approximately $260,000.

“Send me 100 Bitcoins and you will get my private key to decrypt any harddisk (except boot disks),” read the message posted to Pastebin. “See the attached file signed with the key.”

As NotPetya, which first surfaced in Ukraine on June 27, has been shown to damage an infected computer’s master boot record, the person behind the message is only claiming to be able to decrypt specific files — not entire systems. Still, that ability could be a godsend for companies struggling to restore lost data, assuming the ransomer is telling the truth.

The new demand was posted on July 4, the same day ransom payments made in the hopes of obtaining decryption keys were moved from the Bitcoin address listed in the initial NotPetya attack to another wallet.

The message displayed by NotPetya.

The message displayed by NotPetya.

Image: SYMANTEC

No new Bitcoin address was listed for payments should anyone decide to actually fork over the 100 bitcoin. However, a link was provided to a chatroom for the purpose of getting in touch with the hackers and presumably arranging payment. 

Motherboard exchanged messages with someone claiming to be one of the hackers, who told the publication the key for sale would “decrypt all computers.”

So, should organizations desperate for their data pay up? It’s a tough question. Security researchers have more or less reached a consensus that the intention behind NotPetya was to damage cyber-infrastructure, not to make money. As such, the calculus for victims is different than it would be with a more traditional form of ransomware. 

Either way, this latest series of developments — the transfer of funds between Bitcoin wallets and the new demand — serves to further muddy the waters behind the NotPetya attack. It also makes one thing clear: The story of the latest ransomware scourge to sweep the globe is not over yet. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80316%2ff500b367 c74e 4fa7 97cd cde8f19f3003

A new tool will check if you’re vulnerable to the hack that brought down computers across the globe

"Yup, still vulnerable."
“Yup, still vulnerable.”

Image: AMBAR DEL MORAL/MASHABLE

WannaCry paralyzed hospitals. NotPeya crashed banks. But how to know if you’re vulnerable to the stolen National Security Agency exploit that fueled two major cyber attacks and helped bring down computers across the globe?

Thankfully, a new tool has your back. 

After the Shadow Brokers hacking group dumped a cache of stolen NSA exploits in April, the cybersecurity community issued dire warnings that things were about to get really, really bad. But then Microsoft quickly chimed in to note that it had already patched the vulnerabilities in question. 

“We’ve investigated and confirmed that the exploits disclosed by the Shadow Brokers have already been addressed by previous updates to our supported products,” a Microsoft spokesperson told Mashable at the time. “Customers with up-to-date software are already protected.” 

And yet. 

One of the hoarded NSA vulnerabilities, dubbed EternalBlue, allows for the worm-like spread of malware across computer systems. And despite Microsoft’s assurances, it turns out that many people and organizations did not in fact update their computers with the available patch. WannaCry and NotPetya, which made use of EternalBlue, were the result. 

That, in the face of clear warnings and readily available safeguards, people failed to protect themselves is a clear sign that many of those at risk don’t realize the precarious nature of their position. 

Eternal Blues, a vulnerability scanner developed by Elad Erez, aims to change that. 

“The majority of latest WannaCry, NoPetya (Petya, GoldenEye or whatever) victims, are not technical organizations and sometimes just small business who don’t have a security team, or even just an IT team to help them mitigate this,” writes Erez on his blog. “Running NMap, Metasploit [a penetration testing software] (not to mention more commercial products) is something they will never do. I aimed to create a simple ‘one-button’ tool that tells you one thing and one thing only – which systems are vulnerable in your network.”

The message displayed by the not-really ransomware NotPetya.

The message displayed by the not-really ransomware NotPetya.

Image: SYMANTEC

The free software simply checks networks to see if they are still susceptible to EternalBlue.

“[Eternal Blues] helps finding the blind spots in your network, these endpoints that are still vulnerable to EternalBlue,” continues Erez. “Just hit the SCAN button and you will immediately start to get which of your computers are vulnerable and which aren’t. That’s it.”

Importantly, Erez does collect anonymized data on the results of the scan, but he also details a way to disable this information-sharing feature for the extra security conscious. 

And if you do find that your computer is vulnerable? Make sure you install the Microsoft patch. And, as always, keep your operating system up to date. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80316%2ff500b367 c74e 4fa7 97cd cde8f19f3003

Ransomware has been around for almost 30 years, so why does it feel like it’s getting worse?

Ransomware is not new. The malware, which encrypts data and demands payment in exchange for decryption keys, has been with us for almost 30 years.

So why does it feel like it’s getting worse? Well, that’s because it is getting worse. 

In seemingly no time at all, ransomware has gone from an obscure threat faced by a select few to a plague crippling hospitals, banks, public transportation systems, and even video games. Frustratingly, the explosive growth of ransomware shows no signs of abating — leaving victims wondering why them, and why now? 

The answer to both of those questions involves cryptocurrency and the National Security Agency.

But first, a little history

The first known ransomware attack hit the healthcare industry way back in 1989. According to the cybersecurity blog Practically Unhackable, a biologist by the name of Joseph Popp sent close to 20,000 floppy disks to researchers claiming they contained a survey which would help scientists determine a patient’s risk for contracting HIV.   

What was left unmentioned in the promotional material was that the disks also encrypted file names on infected computers — rendering them practically unusable. Instead of their typical boot screens, victims were shown a message demanding a $189 payment in order to unlock the system. 

The message displayed by PC Cyborg.

The message displayed by PC Cyborg.

Image: Palo Alto Networks

Popp, who had a PhD from Harvard, was an evolutionary biologist and fell outside of what we think of today as a stereotypical hacker. According to The Atlantic, after he was arrested and charged with blackmail, Popp insisted that he intended to donate the proceeds from his scheme to HIV-related research. 

Regardless of his true motives, the success of Popp’s attack was limited by two key factors: The floppy disks were sent out via the mail system, and the encryption employed by what became known as PC Cyborg was reversible without his help. 

Twenty-eight years later, things have changed for the worse in the world of ransomware.

Cryptocurrency and the NSA

When we talk about the scale of modern ransomware attacks, it’s important to keep two criteria in mind: frequency and reach. 

A 2016 report from the U.S. Department of Justice noted 7,694 ransomware complaints since 2005, which it acknowledged is probably undercounting the number of actual attacks. The May WannaCry ransomware, for its part, hit over 150 countries. Two factors played a key role in those jaw-dropping figures: the rise of cryptocurrency and the availability of dumped hacking exploits hoarded by the NSA.

Cryptocurrency like Bitcoin allows attackers a real shot at actually receiving ransom payments. In a major step up from the payment mechanism implemented by Joseph Popp, hackers no longer need to set up a PO box and hope the physical cashier’s checks flow in. Instead, they can simply direct victims to make payments to specific Bitcoin addresses. 

According to the cybersecurity company Palo Alto Networks, the first ransomware to demand payment in Bitcoin was the 2013 Cryptowall. It was by no means the last, however. The relative ease of cryptocurrency payments combined with the growing popularity of Bitcoin surely contributed to what a 2016 IBM report found was a 300 percent increase in ransomware incidents over the preceding year.

Ransomware in action.

Ransomware in action.

Image: B. TONGO/EPA/REX/SHUTTERSTOCK

As for the growing reach of such attacks? While there are many factors at play, one obvious inflection point can be found in the April Shadow Brokers dump where the hacking group notoriously released a host of exploits originating from the National Security Agency. Among that list was one vulnerability by the name EternalBlue, which, when paired with ransomware, allowed for the worm-like propagation of the WannaCry attack. 

The same exploit reportedly played a key (but not exclusive) role in the spread of NotPetya — ransomware that has hit at least 65 countries and whose likely primary goal is to cause destruction. 

And while Microsoft had already released a patch for EternalBlue by the time is swept the globe, the wildfire spread of WannaCry and NotPetya serve as a stark reminder that not everyone stays up to date with security patches.  

So where does that leave us?

The unprecedented scale of these two attacks, powered by stolen NSA exploits and facilitated by cryptocurrency, suggests we have entered a new age of virulent ransomware. To make matters worse, attacks like WannaCry are likely to become more common, not less, as evidenced by a 2017 report from cybersecurity firm Symantec which found “a 36 percent increase in ransomware attacks worldwide.”

Interestingly, however, ransomware may end up becoming a victim of its own success. The sheer number of infected computers, combined with the practically nonfunctional payment mechanisms of both NotPetya and WannaCry, mean that even if people did elect to pay the ransom, they weren’t going to get their decryption keys. 

Why pay up if you know you’re not getting your files back either way?

And the word has gotten out. At the time of this writing, the Bitcoin address associated with NotPetya has received only 46 payments totaling approximately $10,317.

All of this suggests that while the form of digital extortion first developed by Joseph Popp shows no signs of slowing down, the money may no longer be in it. And that, in the end, may be the only hope we have of an end to the growing ransomware scourge. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80316%2ff500b367 c74e 4fa7 97cd cde8f19f3003

The NotPetya ransomware may not actually be ransomware at all — it could be something worse

This is not good.
This is not good.

Image: Christopher Mineses/Mashable

Is ransomware still ransomware if its goal is purely to destroy?

This is less if-a-tree-falls hypothetical and more sobering reality for the untold number of people across the globe whose computer systems have been infected with the NotPetya ransomware. That’s because the latest digital scourge to cripple computer networks in 65 countries (and counting) doesn’t fit the typical ransomware mold.

Instead of just encrypting users’ files and holding those files ransom, NotPetya appears to do permanent damage to computer systems. 

Security researcher Matt Suiche lays out the bad news in a blog post for cybersecurity firm Comae Technologies. He notes that while an earlier version of Petya, from which NotPetya gets its name, technically allowed for the decryption of files, NotPetya doesn’t. 

“2016 Petya modifies the disk in a way where it can actually revert its changes,” writes Suiche. “Whereas, 2017 Petya does permanent and irreversible damages to the disk.”

Code of NotPetya on the left reportedly includes wiper code lacking in the 2016 Petya code on the right.

Code of NotPetya on the left reportedly includes wiper code lacking in the 2016 Petya code on the right.

Image: Comae Technologies

Suiche goes on to call NotPetya a “wiper,” and explains the difference between a wiper and ransomware. 

“The goal of a wiper is to destroy and damage,” notes Suiche. “The goal of a ransomware is to make money. Different intent. Different motive. Different narrative. A ransomware has the ability to restore its modification such as [restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays]—  a wiper would simply destroy and exclude possibilities of restoration.”

So, if the motive for the malicious code is not profit via a Bitcoin ransom, what could it be? While at this point it’s pure speculation, the growing consensus among a host of security experts is that the attack was not launched by cybercriminals in the traditional sense. 

However, not everyone agrees with Suiche’s findings. The (now famous) security researcher who discovered the WannaCry kill switch, Marcus Hutchins, takes issue with Suiche’s claim that “the current version of Petya clearly got rewritten to be a wiper and not a[n] actual ransomware.”

But even if the intent hadn’t been to destroy, there’s almost zero chance those affected by NotPetya could get their data back by paying the $300-worth-of-Bitcoin ransom for a decryption key. That’s because the email used to coordinate ransom payments was disabled by the email service provider

In other words, Suiche’s findings reveal a bad situation to be even worse. And, if his discovery portends a new type of ransomware-disguised wipers, the news just went from worse to downright awful. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f80316%2ff500b367 c74e 4fa7 97cd cde8f19f3003