The real mystery here is why the Shadow Brokers released this data. Ordinarily, a hostile intelligence service wouldn’t tip their hand by showing that they had obtained this information but there are some clear strategic benefits to that kind of signalling. Releasing the vulnerabilities themselves goes a step further. It ensures not only that the NSA is unable to use the Windows 0-days against targets, but that you aren’t either. It is a matter of short time before these tools are patched, and thus unavailable to anyone. These are tremendously valuable tools to just burn that way, so it does make one wonder (and worry): what exactly is the intended payoff here?
Today we have our answer.
Employees and patients across multiple UK National Health Service facilities were displaced on Friday thanks to a large-scale cyberattack on network computers across Eurasia, including Great Britain, Portugal, Spain, Russia, Turkey, Vietnam, the Philippines, and Japan.
Doctors and hospital staff were locked out of patient files and forced to relocate emergency patients, the Guardian reported. The attack made use of ransomware, a type of malware that restricts file and system access by encrypting data. The hackers then demand payment in exchange for decrypting the data and restoring access. Patient records, emails, schedules, and phone lines were all ensnared in the attack.
British health officials said its systems were not the target of the attack. But security experts believe the vulnerability exploited during the attack was discovered by the NSA, and was included among the many cyber tools previously stolen from the American intelligence community earlier this year, the New York Times reported. The ransomware was distributed via email.
Hospitals and telecom companies in western Europe, Russia, and Asia were also affected, the MalwareHunterTeam told the New York Times.
The hackers demanded each user pay $300 in bitcoin to a specific bitcoin account in the next three days, potentially totaling thousands of dollars worth of bitcoin. The ransom doubles if payments aren’t made in that time, according to the hacker’s message obtained by the Guardian, and files will be kept restricted “forever” if payment isn’t received in seven days.
Meanwhile, you'd be crazy not to suspect that somebody just gained access to thousands of medical files in the UK and that's just a drop in the bucket. Maybe this was the work of the Shadow Brokers, maybe it was somebody else, but my money continues to be on Vladimir and his friends, who sure could use a massive global distraction from the Comey firing and Trump/Russia investigations making worldwide headlines right now, particularly a destructive move that affects our closest ally in Britain.
Suddenly the Brits are all tied up dealing with this cyberattack rather than looking into any Trump connections and backing up US investigators. Nice plan if you can execute it, and like clockwork:
In light of today's attack, Congress needs to be asking @NSAgov if it knows of any other vulnerabilities in software used in our hospitals.— Edward Snowden (@Snowden) May 12, 2017
Funny, the timing on this. Just when the US intel community gears up to go to war with Trump over Comey's firing, this happens.
You do the math.