Published on November 26th, 2018 | by Guest0
A Brief Review of Malware Created by the U.S. Government
Normally, we aren’t ones to panic. Most trends in technology are somewhat expected, predicted by experts years in advance. For the most part, we knew what would be happening today in cyber security at the beginning of this decade, based on the trajectory of emerging technologies and the behaviors of consumers and criminals online.
Yet, few predicted that those in charge of our security — our own government — would do us so dirty. Of the worst malware released within the past few years, a significant chunk of it can be traced back to the NSA, the CIA and other defense bureaus reporting to the U.S. federal system. We knew that cyber war would be the next evolution in global conflict — we just didn’t know that regular citizens like you would still be caught in the crossfire.
If you don’t believe that the U.S. government is to blame for some of the most disastrous malware currently circulating the web, read on to learn more about the friendly fire soon to plague your devices.
A recent example of the U.S. government’s cyber efforts, EternalBlue is attributed to the National Security Agency (NSA) — and confirmed by former NSA employees — but leaked by Shadow Brokers, a hacker group known for committing high-profile leaks of sensitive information.
EternalBlue isn’t a typical malware, like Stuxnet or other programs you might be familiar with. Rather, EternalBlue is an exploit in Microsoft Windows, or a hole through which hackers or malware can travel to gain access to critical functionality on a device running Windows. Specifically, the vulnerability exists in the Microsoft Server Message Block, which is a network file sharing protocol that allows applications to request services and to read and write files.
The exploit itself isn’t threatening, but the widespread knowledge of it is. Already, malware built upon exploiting EternalBlue has plagued the web; one of them is WannaCry, the famous ransomware that toppled the U.K.’s National Health Service as well as dozens of other important organizations around Europe. Fortunately, Microsoft released a patch for EternalBlue — and its cousins, EternalRomance and EternalChampion — early this year, so if you have updated your operating system, you are probably safe.
Another NSA creation, DarkPulsar isn’t itself a fully fledged malware, but like EternalBlue, it is used within malware to make the program more potent. DarkPulsar was also released last year in the Shadow Brokers dump, but while most experts and the tech media at large were consumed with news of EternalBlue, DarkPulsar remained unnoticed until earlier this year. As a result, cybercriminals the world over have taken hold of DarkPulsar and used it for their own malicious deeds.
To keep it brief, DarkPulsar is an administrative module used in malware to initialize and control a backdoor in victims’ systems. Once the backdoor exists, hackers can use the module to waltz in and out of the system, taking any data, altering any settings, installing any additional programs or otherwise messing with a victim’s devices and network.
It’s likely that DarkPulsar was used alongside EternalBlue in the WannaCry attacks, and it continues to crop up in additional malware discovered to this day. Because it isn’t itself an attack, you have little to fear from this government-created cyber tool, but you should still be careful to have maximum security solutions installed on your devices.
Stuxnet isn’t new; it was first uncovered on the web in 2010, which means it was in development for years before then. However, Stuxnet remains among the most important malware in history because of what it can do.
Unlike other forms of malware, which get onto a device to steal data, download programs or otherwise wreak digital havoc, Stuxnet has ramifications in the physical world. Specifically, the worm targets programmable logic controllers (PLCs) which automate electromechanical processes, like those in factory assembly lines or amusement rides. Once the malware is on a computer with a PLC, it causes the connected machine to go haywire, spinning out of control and tearing themselves apart.
Though the true creators of Stuxnet remain unconfirmed, most experts strongly suspect the malware was a joint project by American and Israeli governments. This is because Stuxnet was initially launched as a weapon at five Iranian organizations concerned with uranium enrichment and nuclear development. Later, the malware disrupted operations around the world, in Indonesia, India, South America and even the United States.
To this day, Stuxnet remains a prime example of how “weapons-grade malware” can get out of control fast. You should have security across your network, including your devices, to protect you from threats like Stuxnet, which might take over your physical life.