MSNBC: huge hacking attack spreading across Europe and Asia

[Nava]

Well, the legal drugs can, under circumstances not declared otherwise illegal, be traded freely between individuals. I don’t think there has ever been a government that has prosecuted someone for giving another person a small dose of an OTC analgesic, for example. What’s that got to do with bitcoins?

[IvoryTowerDenizen]

Folks- let’s drop this hijack on legality/morality of bitcoin and selling/buying of drugs (both legal and illegal). Bitcoin as it pertains to ransomware is fine, but other topics are best suited to another thread.

BobLibDem:

Why is bitcoin allowed to exist? I think any acceptance or use of this currency should be grounds for prosecution.

jtur88:

Something to do with the self-evident right to trade anything of perceived value for anything of perceived value, without the government having control over it and manipulating the exchange values of a mandated medium.

Bricker:

I think we should not prosecute anyone for possession or use of bitcoin.

Evan_Drake:

And how’s that ‘right’ working out with regard to both legal and illegal drugs ?

Nava:

Well, the legal drugs can, under circumstances not declared otherwise illegal, be traded freely between individuals. I don’t think there has ever been a government that has prosecuted someone for giving another person a small dose of an OTC analgesic, for example. What’s that got to do with bitcoins?

[Inner_Stickler]

Okrahoma:

If that’s true, then by registering the domain, the researcher has screwed up all those sandbox environments (well, they will have to change their code to a new intentionally-unregistered domain). But by publicizing this sandboxing method, the researcher screwed the whole method up I guess because the malware makers are now all aware of it and will just register any domain that sandboxers would use as the marker.

No, it’s a little different than that. Sandboxes are often set up to reply to any and all domain requests with something, rather than returning an error. People who want to analyse viruses often do so inside a sandbox to keep their machine clean. The virusmakers know this and so they purposefully coded their virus to query an invalid domain so that if they got a real response, they’d know that the code was operating inside a sandbox and it would shut down rather than let the white hats see what it was doing. But they screwed up and used a static invalid domain which allowed this guy to discover it, register it and make the virus think every machine it was infecting was in a sandbox.

[davidm]

Inner_Stickler:

The researcher now thinks the unregistered domain was a poor attempt at anti-analysis.
How to Accidentally Stop a Global Cyber Attacks

Very interesting article. That makes more sense than an intentional global kill switch. Thanks!

[AskNott]

An NPR story on this said the virus writers made some mistakes. For example, instead of giving each victim a different place to send the Bitcoin, as some other ransom-ware does, everybody was given the same, one of three, ransom place. Police are tracking down those places.

[Jophiel]

As a followup to this, the NSA believes that the virus was created and spread by North Korea to raise money for the regime.

The National Security Agency has linked the North Korean government to the creation of the WannaCry computer worm that affected more than 300,000 people in some 150 countries last month, according to U.S. intelligence officials.

The assessment, which was issued internally last week and has not been made public, is based on an analysis of tactics, techniques and targets that point with “moderate confidence” to North Korea’s spy agency, the Reconnaissance General Bureau, according to an individual familiar with the report.
[…]
WannaCry was apparently an attempt to raise revenue for the regime, but analysts said the effort was flawed. Though the hackers raised $140,000 in bitcoin, a form of digital currency, so far they have not cashed it in, the analysts said. That is likely because an operational error has made the transactions easy to track, including by law enforcement.

[davidm]

Any other time, a connection between WannaCry and NK would be front page news with all of the news networks covering it.

The fact that it’s not drawing much notice just highlights the importance of the stories everyone is following.

But it’s all really part of the same bigger story, isn’t it? Cyber warfare; the weaponization of computer code and the Internet.