ずくなしの冷や水

2017年05月14日

英国の病院に続いて世界中のITシステムに身代金ウィルスによる攻撃

RT2017/5/12
Hospitals across England targeted in large-scale cyberattack – reports
Hospitals across England have reportedly been hit by a large-scale cyberattack. Some are having to divert emergency patients, with doctors reporting messages demanding money.

The Guardian says National Health Service (NHS) hospitals across the country appear to have been simultaneously hit by a bug in their IT systems. Doctors have been posting on Twitter about what has been happening.

A screengrab of an instant message conversation circulated by one doctor says: “So our hospital is down … We got a message saying your computers are now under their control and pay a certain amount of money. And now everything is gone.”

A second doctor tweeted: “Massive NHS hack cyber attack today. Hospital in shut down. Thanks for delaying emergency patient care & endangering lives. Assholes.”

RT2017/5/13
The virus, which has affected approximately 130,000 PCs around the world, hit the UK’s health service particularly hard on Friday, affecting at least 39 hospitals along with GP and dental services around England and Scotland.

The ransomware has also reportedly hit factories, universities, major corporations, and the Russian Interior Ministry.

In the UK, some ambulances were forced to divert to other hospitals and doctors were forced to cancel operations as the attack seized computers and made patient records unavailable. Non-emergency patients are being asked to use the service frugally.

RT2017/5/13
Microsoft releases urgent OS patch in wake of #WannaCry ransomware blitz

RT2017/5/13
Russian banks, railway giant among targets of WannaCry ransomware allegedly linked to NSA

FARSNEWS2017/5/14
It's Not over: 'Accidental Hero' Halts Ransomware Attack and Warns
TEHRAN (FNA)- Expert who stopped spread of attack by activating software’s ‘kill switch’ says criminals will ‘change the code and start again’.

The “accidental hero” who halted the global spread of an unprecedented ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted.

The ransomware used in Friday’s attack wreaked havoc on organizations including FedEx and Telefónica, as well as the UK’s National Health Service (NHS), where operations were cancelled, X-rays, test results and patient records became unavailable and phones did not work.

But the spread of the attack was brought to a sudden halt when one UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a “kill switch” in the malicious software.

The researcher, who identified himself only as MalwareTech, is a 22-year-old from south-west England who works for Kryptos logic, an LA-based threat intelligence company.

“I was out having lunch with a friend and got back about 3pm and saw an influx of news articles about the NHS and various UK organizations being hit,” he told the Guardian. “I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.”

The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and was immediately registering thousands of connections every second.

MalwareTech explained that he bought the domain because his company tracks botnets, and by registering these domains they can get an insight into how the botnet is spreading. “The intent was to just monitor the spread and see if we could do anything about it later on. But we actually stopped the spread just by registering the domain,” he said. But the following hours were an “emotional rollercoaster”.

“Initially someone had reported the wrong way round that we had caused the infection by registering the domain, so I had a mini freakout until I realized it was actually the other way around and we had stopped it,” he said.

MalwareTech said he preferred to stay anonymous “because it just doesn’t make sense to give out my personal information, obviously we’re working against bad guys and they’re not going to be happy about this.”

He also said he planned to hold onto the URL, and he and colleagues were collecting the IPs and sending them off to law enforcement agencies so they can notify the infected victims, not all of whom are aware that they have been affected.

He warned people to patch their systems, adding: “This is not over. The attackers will realise how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot.”

He said he got his first job out of school without any real qualifications, having skipped university to start up a tech blog and write software.

“It’s always been a hobby to me, I’m self-taught. I ended up getting a job out of my first botnet tracker, which the company I now work for saw and contacted me about, asking if I wanted a job. I’ve been working there a year and two months now.”

But the dark knight of the dark web still lives at home with his parents, which he joked was “so stereotypical”. His mum, he said, was aware of what had happened and was excited, but his dad hadn’t been home yet. “I’m sure my mother will inform him,” he said.

“It’s not going to be a lifestyle change, it’s just a five-minutes of fame sort of thing. It is quite crazy, I’ve not been able to check into my Twitter feed all day because it’s just been going too fast to read. Every time I refresh it it’s another 99 notifications.”

Proofpoint’s Ryan Kalember said the British researcher gets “the accidental hero award of the day”. “They didn’t realize how much it probably slowed down the spread of this ransomware”.

The time that @malwaretechblog registered the domain was too late to help Europe and Asia, where many organizations were affected. But it gave people in the US more time to develop immunity to the attack by patching their systems before they were infected, said Kalember.

The kill switch won’t help anyone whose computer is already infected with the ransomware, and it’s possible that there are other variants of the malware with different kill switches that will continue to spread.

The malware was made available online on 14 April through a dump by a group called Shadow Brokers, which claimed last year to have stolen a cache of “cyber weapons” from the National Security Agency (NSA).

Ransomware is a type of malware that encrypts a user’s data, then demands payment in exchange for unlocking the data. This attack used a piece of malicious software called “WanaCrypt0r 2.0” or WannaCry, that exploits a vulnerability in Windows. Microsoft released a patch (a software update that fixes the problem) for the flaw in March, but computers that have not installed the security update remain vulnerable.

The ransomware demands users pay $300 worth of cryptocurrency Bitcoin to retrieve their files, though it warns that the “payment will be raised” after a certain amount of time. Translations of the ransom message in 28 languages are included. The malware spreads through email.

“This was eminently predictable in lots of ways,” said Kalember. “As soon as the Shadow Brokers dump came out everyone [in the security industry] realized that a lot of people wouldn’t be able to install a patch, especially if they used an operating system like Windows XP [which many NHS computers still use], for which there is no patch.”

Security researchers with Kaspersky Lab have recorded more than 45,000 attacks in 74 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt. In Spain, major companies including telecommunications firm Telefónica were infected.

By Friday evening, the ransomware had spread to the United States and South America, though Europe and Russia remained the hardest hit, according to security researchers Malware Hunter Team. The Russian interior ministry says about 1,000 computers have been affected.
posted by ZUKUNASHI at 22:40| Comment(0) | 国際・政治

トルコ 米国、イスラエル ノルウェー ホワイトヘルメット 2017/5/14

FARSNEWS2017/5/14
Iraqi MP: US, Turkey Rocking Boat in Liberation of Tal Afar
TEHRAN (FNA)- A senior Iraqi legislator blasted the US and Turkey for their antagonistic behavior towards efforts to liberate Tal Afar city in Nineveh province.
Iskandar Watout, a member of the Iraqi parliament's Security and Defense Committee, told reporters in a press conference that the process to take back Tal Afar is facing resistance and pressures by Turkey and the US.
He called on the Iraqi government not to become influenced by Turkey and the US or Iraqi Kurdistan President Masoud Barzani and try to expel the Turkish forces from Iraq's soil.
Watout described Tal Afar as a vital and important city hosting tens of ISIL bases, and said, "Operations against the terrorist groups in Iraq should continue unstopped until full victory."

FARSNEWS2017/5/14
Norway’s Largest Trade Union Votes for Total Boycott of Israel

TEHRAN (FNA)- Norway’s biggest trade union approved an international economic, cultural and academic boycott against Israel, as the regime continues oppression of Palestinians and occupying their lands.
The Norwegian Confederation of Trade Unions (LO), which represents over 900,000 unionized workers in the country, voted 197 to 117 in favor of the total boycott of Israel, media reports said.
“Since dialogue and resolutions have had little effect, there must henceforth come an effort to achieve an international economic, cultural and academic boycott of Israel in order to achieve those objectives,” the resolution read.
In recent years, LO has called to boycott various Israeli institutions, including the Histadrut labor union, and businesses “that profit from the occupation of Palestinian land,” as the organization stated in a 2013 resolution.
Virtually all major players in Israel's industrial and economic sector have dealings with or offices in occupied Palestinian lands, a fact that has contributed to such calls by LO being interpreted as a call for a blanket boycott on the apartheid regime's economy.
The Boycott, Divestment, Sanctions (BDS) movement, which campaigns for Palestinian rights, hailed the LO’s move as a necessary means to secure fundamental Palestinian rights.

FARSNEWS2017/5/14
TEHRAN (FNA)- Former White Helmets associate Walid Hindi admitted his involvement in fabricating photo and video material, prepared in cooperation with the Turkish Television, during the time when he was working with the notorious group in Eastern Aleppo.The group prepared fake videos of alleged atrocities of the Syrian army, during the liberation process of Eastern Aleppo.
In his confession, broadcasted on Syrian National Television on Saturday evening, Hindi admitted to have worked with White Helmets for three years and received rather huge sums of money, a major portion of which was provided by the Persian Gulf states. 
He also described how filming of “atrocities” would take place. 
When, for instance, they wanted to stage an airstrike scene, the filming crew would fire sirens and the actors would then immediately rush to the scene. Right after that, live streaming of events would begin, accusing the Syrian Army of carrying out yet another airstrike, targeting civilians. Hindi said he participated in fabricating videos more than just once.
According to Hindi, the main person responsible for “directing” these staged videos was Ibrahim Al Hajj, with Mohammad Al Sayed being the main cameraman. 
Also, another former associate named Imad Abdul Jawad admitted to have witnessed possession of chemicals by terrorists in Aleppo, saying “During my work shift as a guard I was once asked to transfer a bunch of barrels, containing something that my supervisors called “detergent and washing powder”.
"I was supposed to transfer the materials from the district of Al Sukkariyeh to the district of Amariya,” he added.
He then explained that his task was basically to unload the wares at the entrance of the building, pointing out that on one occasion, after finishing unloading the content, he saw people wearing uniforms, silver masks and protective boots and were carrying the goods he just transported to the cellars.
On one occasion, Jawad managed to get closer and he saw people opening the barrels and pouring their content out into something that looked like gas cylinders, adding that contents looked nothing like washing powder or detergent. He described the liquid, which was being poured out of the barrels, to have a rather foul smell. When his boss noticed he is watching the procedure, he was dismissed immediately.
A diplomatic source and the Russian Reconciliation Center for Syria disclosed earlier this month secrets proving the video clip that accused the Syrian Army troops of carrying out attacks on civilians in Eastern Idlib has been fake.
A diplomatic source who requested anonymity told Sputnik that the latest footage of a chemical weapons attack against civilians in Syria had been filmed recently and appeared to be ordered from a European country.
Meantime, the Russian Reconciliation Center said, "According to information from a number of sources among local residents and opposition formations … special ‘video brigades’ carried out staged filming in the past week of alleged consequences of shelling and airstrikes, including with the use of ‘poisonous substances’."
The center added that some of the "consultants" of the brigades were recognized by the locals as cameramen shooting news in the region for the Al Jazeera channel.
It is not the first time such reports emerge. On May 2, al-Mayadeen broadcaster reported, citing local sources and eyewitnesses that a group of the White Helmets’ activists accompanied by one of the Arab satellite channels arrived in the area near Idlib in Syria to shoot staged videos allegedly depicting consequences of a chemical attack.

posted by ZUKUNASHI at 22:28| Comment(0) | 国際・政治

木々と知り合う カンボク

初めて見ました。ガマズミの仲間のようです。
周りの花びらの大きいのは、装飾花というそうです。



樹木検索サイト 木には名前がある
http://www.tree-watching.info/
便利です。
posted by ZUKUNASHI at 20:45| Comment(0) | 木々と知り合う

原因は十万山の山火事かそれともF1ダイレクト?





※ 2017/5/13午後北海道への空路を利用した方からのホットな情報。機内で測定。


※ 2017/5/13は夜になっても空間線量率高め推移です。次のパターンは大変珍しい。 F1の北と南で同じように降雨があります。それでも北だけが線量率が大きく上がっている。F1からの放射性物質が放出されているということにほかなりません。


※ 南相馬市の多くのMPで線量率上昇、F1で何か起きている可能性があります。
















風が変わったようです。


南にどこまで広がるか。


F1近傍の雨は止みそうです。


2017/5/14、浜通りはまた雨ですが、線量率は大きくは上がっていません。
posted by ZUKUNASHI at 09:23| Comment(0) | 福島原発事故

モースル陥落近し バクダーディは所在不明

FARSNEWS2017/5/13
Iraq's Anti-Terrorism Body: ISIL Members Deserted by Al-Baghdadi
TEHRAN (FNA)- A senior commander of Iraq's counter-terrorism service said that ISIL ringleader Abu Bakr al-Baghdadi has fled to an unknown place and deserted the terrorist group.

Ma'an al-Sa'di told al-Arabiya news channel that the ISIL has been extensively annihilated in Iraq and its self-proclaimed capital, Mosul, is collapsing as now only a few number of districts in Mosul have remained to be liberated.

"The ISIL is now thinking of escaping from Iraq and Abu Bakr al-Baghdadi has left the members of the terrorist group on their own and fled to an unknown place," he added.

The countdown has started for accomplishing the recapture of the Western part of the strategic city of Mosul from the ISIL as Iraq's joint military forces have laid full siege on the terrorists in the few districts that are still under the group's control.

A map released by the Iraqi military media on Thursday suggested that government troops are in control over 90 percent of Western Mosul.

The map, posted by the Defense Ministry’s War Media Cell, showed that only 10 percent remains under ISIL militants’ control as the forces opened a new front of operations last week targeting the ISIL-held Old City from the Northwestern direction.

Military officials had said earlier this month that they control over 70 percent of the region.


posted by ZUKUNASHI at 00:44| Comment(0) | 国際・政治