Million Dollar Question: Michael Snyder speculates the possibility of what caused major telecommunication failure across the country

hacker-cyberwar

Important Takeaways:

  • Was America Just Attacked? We Have Now Been Put On Notice That Our Communication Infrastructure Is Extremely Vulnerable
  • [Daily Mail reported] Once the outage began, federal authorities moved very rapidly to determine whether it was a cyberattack or not…
    • Federal agencies are ‘urgently investigating’ whether the massive cellular outage that plagued Americans on Thursday was a cyberattack.
    • The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) are on the hunt to track down what disrupted service AT&T, Verizon, T-Mobile and a dozen other cellular providers.
    • While the agencies have not shared details, a security expert told DailyMail.com that the outage has hallmarks of a hack.
    • McKnight, associate professor at Syracuse University in New York, said the widespread nature appears to be ‘a massive Distributed Denial of Service (DDOS) attack on core Internet infrastructure.’
  • I have a feeling that they will assure the general public that it was not a cyberattack no matter what they discover.
  • In situations such as these, keeping everyone calm is often deemed more important than telling them the truth.
  • [The Express Reports] Interestingly, pharmacies all over the U.S. were also having major problems on Thursday due to a cyberattack against “one of the biggest healthcare technology companies in the nation”…
    • Pharmacies all over the country are experiencing delays in prescription orders due to a cyberattack on one of the biggest healthcare technology companies in the nation, Change Healthcare.
    • Change Healthcare first noticed the “cyber security issue” affecting its networks on Wednesday morning on the East Coast.
  • Today, there are a number of foreign powers that possess very robust cyberattack capabilities.
  • One of them is China, and the Washington Post is reporting on a trove of leaked documents that show that the Chinese “are attempting large-scale, systematic cyber intrusions against foreign governments, companies and infrastructure”…
    • A trove of leaked documents from a Chinese state-linked hacking group shows that Beijing’s intelligence and military groups are attempting large-scale, systematic cyber intrusions against foreign governments, companies and infrastructure — with hackers of one company claiming to be able to target users of Microsoft, Apple and Google.
    • The cache — containing more than 570 files, images and chat logs — offers an unprecedented look inside the operations of one of the firms that Chinese government agencies hire for on-demand, mass data-collecting operations.
    • Of course, I have no idea if China was involved in the incidents that we witnessed today.
    • But without a doubt the Chinese have some of the most advanced cyberattack capabilities in the entire world.
  • On Thursday, U.S. Senator Marco Rubio ominously warned about what China could do to us if a full-scale war breaks out…
    • ‘I don’t know the cause of the AT&T outage,’ said Sen. Marco Rubio, Fla., top Republican on the Intelligence Committee.
    • ‘But I do know it will be 100 times worse when #China launches a cyber attack on America on the eve of a #Taiwan invasion. And it won’t be just cell service they hit, it will be your power, your water and your bank,’ he went on.
  • He is right.
  • But the Russians have similar capabilities.
  • So do the North Koreans.
  • In all of human history, there has never been a “cyberwar”, and so we don’t know exactly what one would look like.
  • But it is clear that our communication infrastructure is extremely vulnerable, and what we just witnessed should definitely be a wakeup call for all of us

Read the original article by clicking here.

Iran-backed hackers targeting local water station in the US using Israeli made equipment

Hacker

Important Takeaways:

  • The Iranian group loaded the water station’s computer screens with messages saying “Down with Israel!” and “Every equipment ‘Made in Israel’ Is Cyber Av3ngers legal target.”
  • The station attacked by the Iranian hackers is part of the water pressure system for Raccoon and Potter Townships in Pennsylvania.
  • According to Municipal Water Authority of Aliquippa board chairman Matthew Mottes, alarms were triggered as soon as the system was compromised, and the water quality of the two townships was never in serious danger.
  • Mottes said the water booster station uses equipment made by Unitronics, an automation company headquartered in Israel. The compromised system was disabled for safety as soon as the hack was detected.

Read the original article by clicking here.

U.S. Infrastructure being targeted according to NSA memo

Revelations 6:3-4 “when he opened the second seal, I heard the second living creature say, “Come!” 4 And out came another horse, bright red. Its rider was permitted to take peace from the earth, so that people should slay one another, and he was given a great sword.

Important Takeaways:

  • Microsoft warns that China hackers attacked U.S. infrastructure
  • Chinese state-sponsored hackers have compromised “critical” cyber infrastructure in a variety of industries, including government and communications organizations, Microsoft said Wednesday.
  • The hacking group is code-named “Volt Typhoon,” and has been in operation since 2021.
  • Impacted parties have already been notified.
  • The National Security Agency put out a bulletin Wednesday, detailing how the hack works and how cybersecurity teams should respond.
  • The attack is apparently ongoing. In the advisory, Microsoft urged impacted customers to “close or change credentials for all compromised accounts.”
  • U.S. intelligence agencies became aware of the incursion in February, around the same time that a Chinese spy balloon was downed, The New York Times reported.

Read the original article by clicking here.

US airports targeted by Russian Hackers

Revelations 6:3-4 “when he opened the second seal, I heard the second living creature say, “Come!” 4 And out came another horse, bright red. Its rider was permitted to take peace from the earth, so that people should slay one another, and he was given a great sword.

Important Takeaways:

  • Russian-speaking hackers knock multiple US airport websites offline. No impact on operations reported
  • More than a dozen public-facing airport websites, including those for some of the nation’s largest airports, appeared inaccessible Monday morning, and Russian-speaking hackers claimed responsibility.
  • No immediate signs of impact to actual air travel were reported, suggesting the issue may be an inconvenience for people seeking travel information.
  • The 14 websites include the one for Atlanta’s Hartsfield-Jackson International Airport. An employee there told CNN there were no operational impacts.
  • The Los Angeles International Airport website was offline earlier but appeared to be restored shortly before 9 a.m. Eastern. A spokesman did not immediately return a request for comment.

Read the original article by clicking here.

‘Time for Hacktivism’ Hackers target prolife organizations and prolife government offices

Matthew 5:10 ““Blessed are those who are persecuted for righteousness’ sake, for theirs is the kingdom of heaven.”

Important Takeaways:

  • HACKERS DECLARE WAR ON ANTI-ABORTION STATES
  • The group, called SeigedSec,.. mostly work to cull user data from private companies.
  • The Supreme Court decision has led them to declare that it’s “time for some hacktivism”
  • As added pressure to the [US] government, we have leaked many internal documents and files retrieved from Kentucky’s and Arkansas’ government server.”
  • The group claims to have already stolen about 8 gigabytes of data, which they say includes government workers’ personal information.
  • “THE ATTACKS WILL CONTINUE!” The hackers promised in their Telegram post. “Our main targets are any pro-life entities, including government servers of the states with anti-abortion laws.”

Read the original article by clicking here.

U.S. and Russian officials will meet next week on ransomware – White House

By Raphael Satter and Andrea Shalal

WASHINGTON (Reuters) -Ransomware attacks on U.S. businesses, such as the latest one centered on Florida IT firm Kaseya, will be discussed at a meeting of senior U.S. and Russian officials next week, the White House said on Tuesday.

“We expect to have a meeting next week focused on ransomware attacks,” spokeswoman Jen Psaki told reporters.

The ransomware attack on Friday scrambled the data of hundreds of small businesses worldwide, including many in the United States. Kaseya said in a statement on Tuesday they were never a threat to critical U.S. infrastructure, however.

The cyberattack was the latest in a series of intrusions from hackers who have made a lucrative business out of holding organizations’ data hostage in return for digital currency payments.

Although cybercrimes have been going on for years, the attacks have escalated dramatically recently, and an intrusion at Colonial Pipeline in May snarled U.S. gasoline supplies up and down the East Coast.

Psaki said Biden would meet with officials from the Justice Department, State Department, the Department of Homeland Security and the intelligence community on Wednesday to discuss ransomware and U.S. efforts to counter it.

The hack that struck Kaseya’s clients – many of whom are back office IT shops commonly referred to as managed service providers – did not have the same kind of impact in the United States as the ransoming of Colonial Pipeline.

Disruption elsewhere was more severe.

In Sweden, many of the 800 grocery stores run by the Coop chain are still in the process of recovering from the attack, which knocked out most of its supermarkets, though a spokesman told Reuters “we have more open stores than closed ones now.”

In New Zealand, 11 schools and several kindergartens were affected.

Germany’s cybersecurity watchdog, BSI, said on Tuesday that it was aware of three IT service providers in Germany that have been affected, with a spokesperson estimating that several hundred companies were touched overall.

“In Germany there are no cases as prominent as the one in Sweden,” the spokesperson added.

The hackers who claimed responsibility for the breach have demanded $70 million to restore all the affected businesses’ data, although they have indicated a willingness to temper their demands in private conversations with a cybersecurity expert and with Reuters.

(Reporting by Raphael Satter; Douglas Busvine in Frankfurt and Johan Ahlander in Stockholm also contributed reporting. Editing by Kirsten Donovan, Alistair Bell and Sonya Hepinstall)

Russian security chief says Moscow will work with U.S. to find hackers

MOSCOW (Reuters) -Russia will work with the United States to track down cyber criminals, the head of the FSB security service said on Wednesday, a week after U.S. President Joe Biden and Russian President Vladimir Putin agreed to increase cooperation in certain areas.

“We will work together (on locating hackers) and hope for reciprocity,” the RIA news agency quoted FSB chief Alexander Bortnikov as saying at a security conference in Moscow.

Deputy Foreign Minister Sergei Ryabkov told an investor conference that Russia had been “able to establish a very thorough and down-to-earth exchange with the U.S. side” on cyber security.

Another senior ministry official said Moscow was awaiting an answer from Washington on starting consultations, TASS news agency reported.

Biden told Putin at the summit that certain critical infrastructure should be “off-limits” to cyber-attacks after hackers seeking ransom money triggered the brief closure of a major U.S. oil pipeline network.

Washington has said those responsible for some cyber-attacks in the United States have been working either directly for the Russian government or from Russian territory. The Kremlin has denied any state involvement.

Putin and Biden also agreed to embark on negotiations to lay the groundwork for arms control agreements and risk-reduction measures.

Defense Minister Sergei Shoigu said on Wednesday that Moscow had requested greater transparency about the deployment of missiles in Europe.

He said Putin had proposed measures such as a moratorium on the deployment of intermediate- and short-range missiles in Europe to build mutual trust. The Kremlin has accused NATO of dismissing the proposals.

“The overall situation in Europe is explosive, which requires concrete steps to de-escalate it,” Shoigu said. “We are ready to work towards this.”

Russia’s relations with the West are at post-Cold War lows, strained by issues ranging from Moscow’s 2014 annexation of Crimea from Ukraine to allegations of Russian hacking of U.S. elections.

(Reporting by Maria Kiselyova and Tom Balmforth; Writing by Olzhas Auyezov/Gabrielle Tétrault-Farber; Editing by Kevin Liffey)

Colonial Pipeline paid hackers nearly $5 million in ransom – Bloomberg News

(Reuters) -Colonial Pipeline paid nearly $5 million to Eastern European hackers on Friday after a crippling cyberattack that shut the largest fuel pipeline network in the United States, Bloomberg News reported, citing two people familiar with the transaction.

The company paid the ransom in untraceable cryptocurrency within hours after the attack, according to the report.

Colonial Pipeline declined to comment.

Whether targets of such attacks should pay to regain control of their systems is a matter of fierce debate. Critics contend that paying ransom encourages attacks.

U.S. House of Representative Speaker Nancy Pelosi said on Thursday ransom should not be paid by companies that are the victims of cyber attacks.

The hackers provided Colonial Pipeline with a decrypting tool to restore its disabled computer network after they received the payment, but the company used its own backups to help restore the system since the tool was slow, Bloomberg News reported.

After a six-day outage, the top U.S. fuel pipeline, which carries 100 million gallons per day of gasoline, diesel and jet fuel, moved some of the first millions of gallons of motor fuels on Thursday.

The shutdown caused gasoline shortages and emergency declarations from Virginia to Florida, led two refineries to curb production and had airlines reshuffling some refueling operations.

The FBI earlier this week accused a shadowy criminal gang called DarkSide for the ransomware attack. The group has not directly taken credit, but on Wednesday it claimed to have breached systems at three other companies.

A terse news release posted to DarkSide’s website did not directly mention Colonial Pipeline but, under the heading “About the latest news,” it noted that “our goal is to make money, and not creating problems for society”.

The White House declined to weigh in on Monday whether companies that are hacked such as Colonial Pipeline should pay ransom to their attackers, but a national security official said it may offer some advice in the future.

(Reporting by Arathy S Nair in Bengaluru; Editing by Shounak Dasgupta)

Hackers targeting groups involved in COVID-19 vaccine distribution, IBM warns

By Raphael Satter

WASHINGTON (Reuters) – IBM is sounding the alarm over hackers targeting companies critical to the distribution of COVID-19 vaccines, a sign that digital spies are turning their attention to the complex logistical work involved in inoculating the world’s population against the novel coronavirus.

The information technology company said in a blog post published on Thursday that it had uncovered “a global phishing campaign” focused on organizations associated with the COVID-19 vaccine “cold chain” – the process needed to keep vaccine doses at extremely cold temperatures as they travel from manufacturers to people’s arms.

The U.S. Cybersecurity and Infrastructure Security Agency reposted the report, warning members of Operation Warp Speed – the U.S. government’s national vaccine mission – to be on the lookout.

Understanding how to build a secure cold chain is fundamental to distributing vaccines developed by the likes of Pfizer Inc and BioNTech because the shots need to be stored at minus 70 degrees Celsius (-94 F) or below to avoid spoiling.

IBM’s cybersecurity unit said it had detected an advanced group of hackers working to gather information about different aspects of the cold chain, using meticulously crafted booby-trapped emails sent in the name of an executive with Haier Biomedical, a Chinese cold chain provider that specializes in vaccine transport and biological sample storage.

The hackers went through “an exceptional amount of effort,” said IBM analyst Claire Zaboeva, who helped draft the report. Hackers researched the correct make, model, and pricing of various Haier refrigeration units, Zaboeva said.

“Whoever put together this campaign was intimately aware of whatever products were involved in the supply chain to deliver a vaccine for a global pandemic,” she said.

Messages sent to the email addresses used by the hackers were not returned.

IBM said the bogus Haier emails were sent to around 10 different organizations but only identified one target by name: the European Commission’s Directorate-General for Taxation and Customs Union, which handles tax and customs issues across the EU and has helped set rules on the import of vaccines.

In a statement, the European Commission said it was aware that it had been targeted by a hacking campaign.

“We have taken the necessary steps to mitigate the attack and are closely following and analyzing the situation,” the statement said.

IBM said other targets included companies involved in the manufacture of solar panels, which are used to power vaccine refrigerators in warm countries, and petrochemical products that could be used to derive dry ice.

Who is behind the vaccine supply chain espionage campaign is not clear.

Reuters has previously documented how hackers linked to Iran, Vietnam, North Korea, South Korea, China, and Russia have on separate occasions been accused by cybersecurity experts or government officials of trying to steal information about the virus and its potential treatments.

IBM’s Zaboeva said there was no shortage of potential suspects. Figuring out how to swiftly distribute an economy-saving vaccine “should be topping the lists of nation states across the world,” she said.

(Reporting by Raphael Satter; editing by Grant McCool and Rosalba O’Brien)

North Korean, Russian hackers target COVID-19 researchers: Microsoft

By Raphael Satter

WASHINGTON (Reuters) – Hackers working for the Russian and North Korean governments have targeted more than half a dozen organizations involved in COVID-19 treatment and vaccine research around the globe, Microsoft said on Friday.

The software company said a Russian hacking group commonly nicknamed “Fancy Bear” – along with a pair of North Korean actors dubbed “Zinc” and “Cerium” by Microsoft – were implicated in recent attempts to break into the networks of seven pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea, and the United States.

Microsoft said the majority of the targets were organizations that were in the process of testing COVID-19 vaccines. Most of the break-in attempts failed but an unspecified number succeeded, it added.

Few other details were provided by Microsoft. It declined to name the targeted organizations, say which ones had been hit by which actor, or provide a precise timeline or description of the attempted intrusions.

The Russian embassy in Washington – which has repeatedly disputed allegations of Russian involvement in digital espionage – said in an email that there was “nothing that we can add” to their previous denials.

North Korea’s representative to the United Nations did not immediately respond to messages seeking comment. Pyongyang has previously denied carrying out hacking abroad.

The allegations of cyber espionage come as world powers are jockeying behind the scenes in the race to produce a vaccine for the virus.

They also highlight how Microsoft is pressing its case for a new set of global rules barring digital intrusions aimed at healthcare providers.

Microsoft executive Tom Burt said in a statement his company was timing its announcement with Microsoft President Brad Smith’s appearance at the virtual Paris Peace Forum, where he would call on world leaders “to affirm that international law protects health care facilities and to take action to enforce the law.”

(Reporting by Raphael Satter Additional reporting by Christopher Bing in Washington, Jack Stubbs in London, and Michelle Nichols in New York; Editing by Tom Brown and Grant McCool)