News from the World of Computers

Post Reply New Topic

2020 will be remembered for the pandemic. What might 2021 be remembered for?

"GAO: Electrical Grid's Distribution Systems More Vulnerable"

"America’s Drinking Water Is Surprisingly Easy to Poison"

FBI: "FBI Statement on Incident Involving Fake Emails"

Seeing as how the press release says their computers have been hacked it is confusing to know whether or not we should believe the press release was written by the FBI...though, I suppose, the news release would seem to be correct no matter whether the FBI posted it or hackers who are using the FBI's computers.

The Hindu: "Hackers compromise FBI servers, send messages"

Until sometime this morning, the LEEP portal allowed anyone to apply for an account. Helpfully, step-by-step instructions for registering a new account on the LEEP portal also are available from the DOJ’s website. [It should be noted that “Step 1” in those instructions is to visit the site in Microsoft’s Internet Explorer, an outdated web browser that even Microsoft no longer encourages people to use for security reasons.]

Much of that process involves filling out forms with the applicant’s personal and contact information, and that of their organization. A critical step in that process says applicants will receive an email confirmation from [email protected] with a one-time passcode — ostensibly to validate that the applicant can receive email at the domain in question.

But according to Pompompurin, the FBI’s own website leaked that one-time passcode in the HTML code of the web page.

Until sometime this morning, the LEEP portal allowed anyone to apply for an account. Helpfully, step-by-step instructions for registering a new account on the LEEP portal also are available from the DOJ’s website. [It should be noted that “Step 1” in those instructions is to visit the site in Microsoft’s Internet Explorer, an outdated web browser that even Microsoft no longer encourages people to use for security reasons.]

Much of that process involves filling out forms with the applicant’s personal and contact information, and that of their organization. A critical step in that process says applicants will receive an email confirmation from [email protected] with a one-time passcode — ostensibly to validate that the applicant can receive email at the domain in question.

But according to Pompompurin, the FBI’s own website leaked that one-time passcode in the HTML code of the web page.

“Basically, when you requested the confirmation code [it] was generated client-side, then sent to you via a POST Request,” Pompompurin said. “This post request includes the parameters for the email subject and body content.”

Pompompurin said a simple script replaced those parameters with his own message subject and body, and automated the sending of the hoax message to thousands of email addresses.

Thousands of information technology workers contracting with U.S. companies have for years secretly sent millions of dollars of their wages to North Korea for use in its ballistic missile program, FBI and Department of Justice officials said.

The Justice Department said Wednesday that IT workers dispatched and contracted by North Korea to work remotely with companies in St. Louis and elsewhere in the U.S. have been using false identities to get the jobs. The money they earned was funneled to the North Korean weapons program, FBI leaders said at a news conference in St. Louis.

Court documents allege that North Korea’s government dispatched thousands of skilled IT workers to live primarily in China and Russia with the goal of deceiving businesses from the U.S. and elsewhere into hiring them as freelance remote employees. The workers used various techniques to make it look like they were working in the U.S., including paying Americans to use their home Wi-Fi connections, said Jay Greenberg, special agent in charge of the St. Louis FBI office.

The threat actors from the country are estimated to have stolen $3 billion worth of crypto assets over the past six years, with about $1.7 billion plundered in 2022 alone. A majority of these stolen assets are used to directly fund the hermit kingdom's weapons of mass destruction (WMD) and ballistic missile programs.

The federal government is investigating multiple hacks suspected to have been launched by an Iranian government-linked cyber group against U.S. water facilities that were using Israeli-made technology, according to two individuals familiar with the probes.

One of the breaches made headlines Saturday after the Tehran-linked Cyber Av3ngers group claimed responsibility for hitting a water authority in Pennsylvania. In total, the government is aware of and examining a “single digit” number of facilities that have been affected across the country, according to the two people who were granted anonymity to discuss details that had not yet been made public.

None of the hacks caused significant disruption, according to the individuals, while cyber experts familiar with the Pennsylvania incident say the activity appears designed to stoke fears about using Israeli devices.

Washington has been bracing for increased cyber breaches from Iran since the latest conflict broke out between Israel and the militant group Hamas, which Tehran has long supported. It also comes amid a spate of recent drone and rocket attacks on American troops in the Middle East, conducted by Iranian proxy groups.

Water facilities in general are a particularly vulnerable part of U.S. infrastructure, often due to a lack of funding and personnel for the issue at smaller utilities. The Biden administration has sought to address this problem, including through expanding partnerships with private organizations involved in the water sector.

A cyber-attack has shut down emergency rooms in at least three states, a hospital operator warned on Monday, forcing the organization to divert patients to other facilities.

Ardent Health, which oversees 30 hospitals in states across the US, including New Mexico, Texas and Oklahoma, said it had been targeted by a ransomware attack over the Thanksgiving holiday. The attack had shut down a significant number of its computerized services, the company said in a news release.

The attack comes after U.S. officials raised alarms last week about several incidents involving companies involved in water treatment and distribution.

The Cybersecurity and Infrastructure Security Agency (CISA) said it is responding to the active exploitation of Unitronics programmable logic controllers (PLCs) used by many organizations in the water sector.

CISA linked the advisory to a notice from the Water Information Sharing and Analysis Center (WaterISAC) about an attack on a water utility in Pennsylvania reported November 26.

Another water utility serving 2 million people in North Texas said Tuesday that it is also dealing with a cybersecurity incident that caused operational issues, but officials did not say if it was related to issues with Unitronics PLCs.

CNN reported late last week that CISA told Senate and House staffers on Thursday that “less than 10” water facilities in different parts of the US have faced cyberattacks in recent days.

FEMA administrator Deanne Criswell told Axios on the sidelines of COP28 on Monday that she is "very concerned" about the ability of U.S. adversaries to spread disinformation and sow distrust in the wake of natural disasters in the U.S.

Driving the news: She pointed to misinformation and disinformation spread by nation-state actors — namely, China and Russia — following this year's devastating fires in Maui and train derailment and chemical spill in East Palestine, Ohio.

Hackers affiliated with China’s military have reportedly tapped into dozens of critical U.S. systems over the past year to test its capacity to create chaos in American life, according to U.S. and security industry officials.

The hacks appeared to be made with an intention toward some future action rather than disrupting systems in the moment and suggest that the People’s Liberation Army of China is testing its and the United States’ capabilities in case hostilities break out over Taiwan, experts told The Washington Post.

One of the agencies responsible for monitoring and combating foreign cyber threats is the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security.

“It is very clear that Chinese attempts to compromise critical infrastructure are in part to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of a conflict, to either prevent the United States from being able to project power into Asia or to cause societal chaos inside the United States — to affect our decision-making around a crisis,” CISA executive director Brandon Wales told the Post. “That is a significant change from Chinese cyber activity from seven to 10 years ago that was focused primarily on political and economic espionage.”

One of the largest data breaches to date could compromise billions of accounts worldwide, prompting concerns of widespread cybercrime.

Dubbed the “Mother of All Breaches,” the massive leak revealed 26 billion records — including popular sites like LinkedIn, Snapchat, Venmo, Adobe and X, formerly Twitter — in what experts are calling the biggest leak in history.

The compromised data includes more than just login credentials, according to experts. Much of it is “sensitive,” making it “valuable for malicious actors,” per Cybernews, which first discovered the breach on an unsecured website.

“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” the researchers, comprised of cybersecurity expert Bob Dyachenko and the team at Cybernews, explained.

Cybernews’ head of security research Mantas Sasnauskas told the Daily Mail that “probably the majority of the population have been affected.”

Cybernews has compiled a searchable list online where users can look up potentially compromised sites.

Dubbed the “Mother of All Breaches,” the massive leak revealed 26 billion records — including popular sites like LinkedIn, Snapchat, Venmo, Adobe and X, formerly Twitter — in what experts are calling the biggest leak in history.

The Justice Department announced Wednesday it has successfully disrupted an effort by Chinese government-sponsored hackers to target U.S. critical infrastructure networks using a malware that had hijacked "hundreds" of home and small business routers.

Through a court-authorized operation launched last month, U.S. officials say they were able to dismantle the botnet by removing the malware inside the U.S.-based victim routers and also took further steps to prevent the routers from being reinfected.

A large children's hospital in Chicago remains hobbled by a cyberattack that began more than a week ago, cutting doctors and nurses off from digital patient records and limiting parents' ability to communicate with their kids' caregivers.

Officials at Lurie Children's Hospital said Thursday that they are still working with the FBI and other law enforcement but told reporters that a “known criminal threat actor” had accessed the hospital's network.

The hospital shut down its own systems for phone, email and medical records once the breach was discovered on Jan. 31, officials said.

“We take this matter very seriously and have been working closely around the clock with outside and internal experts and in collaboration with law enforcement, including the FBI,” said Dr. Marcelo Malakooti, Lurie's chief medical officer. “This is an active and ongoing investigation.”

The situation at Lurie Children’s Hospital had all the hallmarks of a ransomware attack, although hospital officials have not confirmed or denied the cause. Such extortion-style attacks are popular among ransomware gangs seeking financial gain by locking data, records or other critical information, and then demanding money to release it back to the owner.