NSA Says It Foiled Plot To Destroy US Economy Through Malware 698
mrspoonsi writes "Business Insider Reports: The National Security Agency described for the first time a cataclysmic cyber threat it claims to have stopped On Sunday's '60 Minutes.' Called a BIOS attack, the exploit would have ruined, or 'bricked,' computers across the country, causing untold damage to the national and even global economy. Even more shocking, CBS goes as far as to point a finger directly at China for the plot — 'While the NSA would not name the country behind it, cyber security experts briefed on the operation told us it was China.' The NSA says it closed this vulnerability by working with computer manufacturers. Debora Plunkett, director of cyber defense for the NSA: One of our analysts actually saw that the nation state had the intention to develop and to deliver — to actually use this capability — to destroy computers."
We have all the evidence! (Score:4, Interesting)
But we cant show it to you, its a privet.
house of cards? (Score:5, Interesting)
Does this strike anyone else as being utterly ridiculous? "Cataclysmic"?? I mean, if a bunch of bricked computers could bring down our economy (and possibly the global economy) then isn't the whole thing in need of some serious attention? Maybe we've built an unreasonable amount of dependence on something that is entirely too frail to warrant such trust? - both the computer systems and our current economic system.
We've been there, done that; CIH virus (Score:5, Interesting)
http://en.wikipedia.org/wiki/CIH_(computer_virus) [wikipedia.org]
ps. It didn't destroy the US economy.
Which is really irrelevant to the debate (Score:5, Interesting)
Re:Guys seriously please dont hate us! (Score:5, Interesting)
Includes those that are set not to automatically upgrade BIOS, of course
Two words: BIOS backdoor!
More importantly, they need to show that the massive dragnet of surveillance of all Americans was essential to find out about this.
Another thing, ironic that the US worries about other people doing things that it has already done. For example, the US created Stuxnet and is worried someone else will follow our lead. The US dropped a nuclear bomb on civilians and we are worried someone else will follow our lead.
From the lab horse's mouth. (Score:2, Interesting)
> Called a BIOS attack, the exploit would have ruined, or 'bricked,' computers across the country, causing untold damage to the national and even global economy.
This is stupid. Malware writers learned a long-long time ago not to kill computers, because virus code cannot run on paper or thin air. They need living but ill computers, whose processing and communication capabilities can be exploited by the infection, to spread spam or mine Bitcoins, etc.
The black plague killed some 33-40% of medieval european population within weeks. It did that trick 3-4 times during history. Where is yersinia pestis nowadays? It is a Level-4 biohazard lab curiosity, displayed in vials. In contrast, common cold is still with us and successfully exploits your nose to produce green soya, year after year.
Furthermore, it is not possible to destroy computers by overwriting the BIOS. There is a unwritiable "brain stem" part of the BIOS, which knows only one thing: if the main BIOS mass fails to boot, read first file from floppy disk and overwrite BIOS with it. Even if the BIOS chip is soldered onto the motherboard (say laptop) and cannot be removed for re-writing in an external EEPROM programmer, this trick will save the computer.
Honestly, NSA is making a Rigoletto of itself, in public. Or maybe it's Yorick, with NSA threatrically proclaming "To be or not to be..."
Re:house of cards? (Score:5, Interesting)
If anything, bricking a few million old PC's might actually have a stimulating impact on the economy. When the users toss out their 5 year old system that is probably still running Windows XP, they will likely go out and buy a shiny new laptop from Dell or HP that comes with a copy of Windows 8.1 and Office 2012. It will probably come with a "free" trial subscription of McAfee or Symantec virus protection as well. Lots of profit to be had by all in the IT industry.
When you think about it that way, it makes you wonder who paid the Chinese programmers to write this malware.
Re:From the lab horse's mouth. (Score:4, Interesting)
There is a unwritiable "brain stem" part of the BIOS, which knows only one thing: if the main BIOS mass fails to boot, read first file from floppy disk and overwrite BIOS with it.
I'd like some thing tangible to back it up, since I think it's bullshit. There may have been some bioses like that, maybe even popular ones, but this is not the case anymore since at the minimum such a thing would need at least a minimal USB stack with it - it wouldn't be anywhere near "small" anymore.
Re:Not buying this (Score:5, Interesting)
Don't forget the other 3 or 4 trillion in US dollars they are holding as cash reserves. If China did something to bring down our economy their exposure would be far worse than the debt that they hold. It would impact their hard currency reserves and an unknown amount of additional US currency held by various Chinese companies and individuals.
If this was a governmental effort in China my guess is it would be more along the lines of something that would be held back in case there was a confrontation between the US and China. Rather than something that would just be randomly used. If it was some private individual or crime group who knows what their intentions would be. Unless they sell new computers how would they monetize this? Whole thing sounds kind of suspect to me.
see this for analysis of these claims (Score:4, Interesting)
I don't always agree with Techdirt, I think they exaggerate, omit and sometimes distort for effect. That being said, they do good stuff also. They have a pretty good take down of the whole 60 Minutes puff piece, including the interviewer (hint- when you've never seen that interviewer before, you might be interested to know more about him) and also claims about the whole BIOS attack thing.
http://www.techdirt.com/articles/20131216/12580425582/cbs-airs-nsa-propaganda-informercial-masquerading-as-hard-hitting-60-minutes-journalism-reporter-with-massive-conflict-interest.shtml [techdirt.com]
I am sure there's more out there that's even more damning. This is the problem with the people running this organization. They've somehow enabled themselves to lie lie lie and think they're doing everyone a favor so it's OK.
That's just not how a democracy is run. If you've given up on democracy, like say Peter Thiel apparently has
http://techcrunch.com/2013/11/22/geeks-for-monarchy/ [techcrunch.com]
then that's cool. But you don't need to be running the organs of that democracy in that case. Have a nice retirement. It's on us.
Re:NSA failed to halt subprime lending, though. (Score:5, Interesting)
It is entirely possible that they did, indeed, halt a plot, just as they said they did. It is also possible they did not. It's very difficult to tell at this point, because the one thing of which I am sure of, and I speculate most Americans are as well, is that they lie and they do it without hesitation. My confidence in anything they say is near enough to zero that the difference can be written off as rounding error.
As a consequence, it really does not matter what they say.
Re:NSA failed to halt subprime lending, though. (Score:4, Interesting)
It's a fucking propaganda piece. It's quite easy to see right through the bullshit.
If a BIOS exploiting malware was a real threat where's the CVE for it? Where's the advisory?? A BIOS crippling virus released into the wild has no need for secrecy unless the NSA themselves released it. It's quite convenient they mention they thwarted a "major cyber attack" without releasing the name of the virus nor when this supposedly happened.
What a fucking joke that entire interview was....
One, there's no CVE for malware. The "V" in "CVE" stands for "Vulnerability."
But I think you're right otherwise, and this is total propaganda. So, let me get this straight, 60 Minutes: our largest trading partner, who manufactures more of our goods than any other country, and on razor-thin profit margins while your own economy wobbles, would for no particular reason go out and mess up the economy of their largest customer.
I CALL UNBELIEVABLE FUCKING ASS-FUCK SHENANIGANS.
It makes absolutely no sense. Not only does China have nothing to gain by disrupting our economy that way, they have a lot to lose. It would also be considered an act of war, and one that would be sure to align pretty much the whole planet against them.
So, maybe it was someone else...I can think of very few countries that have any reason to do something so much like poking a sleeping lion with a stick, but they are out there. As you said...why not provide more details?
I'd be willing to bet that what they actually stopped was a very small targeted attack like Shamoon, and that attribution is classified. Unless they're completely making it up entirely, which is less likely in my opinion.
Re:NSA failed to halt subprime lending, though. (Score:4, Interesting)
Re: the media... yup - sad, but mostly true.
I find that I usually have to look up at least two different sources, plus at least one non-US source (my faves: RT, BBC, Deutsche Welle) and at least one alt-media source (*not* an ideologically-driven one) to get a semi-coherent picture of the truth behind a given story I find interesting.
There is one bit, though: I don't think the US media is doing it for a given propaganda track per se (though it is rapidly approaching that), but instead I think it's an organic result of the $media_corporation drive for eyeballs, thus advertising dollars. This is why a typical cable show's primetime slots are packed with crap that feeds off of the drama and controversy, instead of trying to get at the actual facts and heart of a given story. It's why you have the likes of, say, Nancy Grace on CNN making her paycheck off the corpses of dead kids, MSNBC sneering at anyone who dares to besmirch their idol in the White House, and FOX shouting full-throttle that that same White House occupant is a combination of Stalin and the Antichrist (albeit wearing a better suit). Each channel is shaping their chosen demographic, and stoking them up so they can jack up the rates for advertisers.
But then, I suspect it's part of the grand civilizational cycle - rise, peak, fall. We (the world, mind, since we're a lot more global than most folks realize) are somewhere near the peak IMHO, though I'll be damned if I can say for certain which side of that peak we're on.