Tag Archives: hacking

Business

Joe Sullivan guilty in Uber hacking case

Leave a comment

SAN FRANCISCO — A former chief security officer for Uber was convicted Wednesday of federal charges stemming from payments he quietly authorized to hackers who breached the ride-hailing company in 2016.

Joe Sullivan was found guilty of obstructing justice for keeping the breach from the Federal Trade Commission, which had been probing Uber’s privacy protections at the time, and of actively hiding a felony.

The verdict ended a dramatic case that pitted Sullivan, a prominent security expert who was an early prosecutor of cybercrimes for the San Francisco U.S. attorney’s office, against his former government office. In between prosecuting hackers and being prosecuted, Sullivan served as the top security executive at Facebook, Uber and Cloudflare.

Judge William H. Orrick did not set a date for sentencing. Sullivan may appeal if post-trial motions fail to set the verdict aside.

“Mr. Sullivan’s sole focus — in this incident and throughout his distinguished career — has been ensuring the safety of people’s personal data on the internet,” Sullivan attorney David Angeli said after the 12-member jury rendered its unanimous verdict on the fourth day of deliberations.

Even without Sullivan’s job history, the trial would have been closely watched as the first major criminal case brought against a corporate executive over a breach by outsiders.

It also may be one of the last: In the five years since Sullivan was fired, payoffs to extortionists, including those who steal sensitive data, have become so routine that some security firms and insurance companies specialize in handling the transactions.

“Paying out the ransom I think is more common than we’re led to believe. There is an attitude that’s similar to a fender bender,” said Michael Hamilton, founder of security firm Critical Insight.

FBI leaders, while officially discouraging the practice, have said they will not pursue the people and companies that pay ransoms if they don’t violate sanctions prohibiting payments to named criminal groups especially close to the Russian government.

New hacking disclosure requirements could make cyberspace less opaque

“This case will certainly make executives, incident responders and anybody else connected with deciding whether to pay or disclose ransom payments think a little harder about their legal obligations. And that’s not a bad thing,” said Brett Callow, who researches ransomware at security firm Emsisoft. “As is, too much happens in shadows, and that lack of transparency can undermine cybersecurity efforts.”

Most security professionals had been anticipating Sullivan’s acquittal, noting that he had kept the CEO and others who were not charged informed of what was happening.

“Personal liability for corporate decisions with executive stakeholder input is a new territory that’s somewhat uncharted for security executives,” said Dave Shackleford, owner of Voodoo Security. “I fear it will lead to a lack of interest in our field, and increased skepticism about infosec overall.”

John Johnson, a “virtual” chief information security officer for multiple companies, agreed. “Your company leadership could make choices that can have very personal repercussions to you and your lifestyle,” he said. “Not saying everything Joe did was right or perfect, but we can’t bury our head and say it will never happen to us.”

Prosecutors argued in Sullivan’s case that his use of a nondisclosure agreement with the hackers was evidence that he participated in a coverup. They said the break-in was a hack that was followed by extortion as the hackers threatened to publish the data they took, and so it should not have qualified for Uber’s bug bounty program to reward friendly security researchers.

But the reality is that as the hacking of corporations has gotten worse, the way companies have dealt with it has moved far past the letter of the law when Sullivan was accused of breaking it.

Bug bounties usually require nondisclosure deals, some of which last forever.

“Bug bounty programs are being misused to hide vulnerability information. In the case of Uber, they were used to cover up a breach,” Katie Moussouris, who established a bug bounty program at Microsoft and now runs her own vulnerability resolution company, said in an interview.

The case against Sullivan started when a hacker emailed Uber anonymously and described a security lapse that allowed him and a partner to download data from one of the company’s Amazon repositories. It emerged that they had used a stray digital key Uber had left exposed to get into the Amazon account, where they found and extracted an unencrypted backup of data on more than 50 million Uber riders and 600,000 drivers.

Sullivan’s team steered them toward Uber’s bounty program and noted that the top payout under it was $10,000. The hackers said they would need six figures and threatened to release the data.

A protracted negotiation ensued that ended with a $100,000 payment and a promise from the hackers that they had destroyed the data and would not disclose what they had done. While that looks like a coverup, testimony showed that Sullivan’s staff used the process to get clues that would lead them to the real identities of the perpetrators, which they felt was necessary leverage to hold them to their word. The two were later arrested and pleaded guilty to hacking charges, and one testified for the prosecution in Sullivan’s trial.

The obstruction charge drew strength from the fact that Uber at the time was nearing the end of a Federal Trade Commission investigation following a major 2014 breach.

A charge of actively hiding a felony, or misprision, could also apply to many of the corporate chiefs who send bitcoin to overseas hackers without telling anyone else what happened. While the number of those hush-ups is impossible to get, it is clearly a large figure. Otherwise, federal officials would not have pressed for recent legislation that will require ransomware notifications from critical infrastructure victims to the Cybersecurity and Infrastructure Security Agency.

The Securities and Exchange Commission is also pushing for more disclosure. The conviction stunned corporate security and compliance leaders and will rivet their attention on the details of those rules.

What the SEC says about cybersecurity disclosure

The case against Sullivan was weaker in some respects than one might expect from a trial aimed at setting a precedent.

While he directed the response to the two hackers, many others at the company were in the loop, including a lawyer on Sullivan’s team, Craig Clark. Evidence showed that Sullivan told Uber’s then-chief executive, Travis Kalanick, within hours of learning about the threat himself, and that Kalanick approved Sullivan’s strategy. The company’s chief privacy lawyer, who was overseeing the response to the FTC, was informed, and the head of the company’s communications team had details as well.

Clark, the designated legal lead on breaches, was given immunity to testify against his former boss. On cross-examination, he acknowledged advising the team that the attack would not have to be disclosed if the hackers were identified, agreed to delete what they had taken and could convince the company that they had not spread the data further, all of which eventually came to pass.

Prosecutors were left to challenge “whether Joe Sullivan could have possibly believed that,” as one of them put it in closing arguments Friday.

Sullivan’s attorney Angeli said that the real world functioned differently from bug bounty ideals and the policies laid out in company manuals.

“At the end of the day, Mr. Sullivan led a team that worked tirelessly to protect Uber’s customers,” Angeli told the jury.

The Kalanick era was one of rapid expansion and scandal

After Kalanick was forced out of the company for unrelated scandals, his successor, Dara Khosrowshahi, came in and learned of the breach. Sullivan depicted it to him as a routine payoff, prosecutors said, editing from one email the amount of the payoff and the fact that the hackers had obtained unencrypted data, including phone numbers, on tens of millions of riders. After a later investigation turned up the full story, Khosrowshahi testified, he fired Sullivan for not telling him more, sooner.

Eager to show that it was operating in a new era, the company helped the U.S. attorney’s office build a case against Sullivan. And the prosecutors in turn unsuccessfully pressed Sullivan to implicate Kalanick, who would have been a far bigger prize but was not damned by the surviving written evidence, according to people familiar with the process.

Bug bounties were never meant to offer as much money to hackers as criminals or governments would pay. Instead, they were designed to offer some cash to those already inclined to stay above board.

But the companies are the ones paying the bill even when the programs are run by outside vendors such as HackerOne and Bugcrowd. Disputes between the researchers reporting the security holes and the companies with the holes are now common.

The two sides differ over whether a bug was “in scope,” meaning inside the areas where the company said it wanted help. They differ over how much a bug is worth, or if it is worthless because others had already found it. And they differ over how, or even if, the researcher can disclose the work after the bug has been fixed or the company opts not to change anything.

The bounty platforms have arbitration procedures for those disputes, but since the companies are footing the bill, many hackers see bias. Too much protesting, and they get booted from the platform entirely.

“If you’re hacking on a bug bounty program for the love of hacking and making security better, that’s the wrong reason, because you have no control over whether a company decides to patch in a timely matter or not,” said John Jackson, a researcher who cut back on his bounty work and now sells vulnerability information when he can.

Casey Ellis, founder of Bugcrowd, acknowledged that some companies use bounty programs to hush up problems that should have been disclosed under state or federal rules.

“That’s definitely a thing that happens,” Ellis said.

Ransomware numbers appear to be falling, but that news might not be as good as it sounds

Ransomware attacks were rare when Sullivan was charged, growing dramatically in the years that followed to become a threat to U.S. national security.

The techniques in those attacks have also shifted.

At the beginning of 2020, most ransomware merely encrypted files and demanded money for the key to unlock them. By the end of that year, most ransom attacks included the outright theft of files, setting up a second ransom demand to prevent their public release, according to a 2021 report by the Ransomware Task Force, an industry-led group that includes representatives from the U.S. Cybersecurity and Infrastructure Security Agency, the FBI, and the Secret Service.

More recently, cryptocurrency exchanges have been robbed and then negotiated to give massive payments to get those funds back, a freewheeling practice bearing little resemblance to traditional bounties.

“Especially over the past six months in the crypto space, the model is ‘build it until we get hacked, and we’ll figure it out from there,’ ” said Ellis.

As average payouts zoomed past Sullivan’s, into the hundreds of thousands of dollars, more businesses turned to insurance companies for predictability.

But often, the insurance companies reasoned it was cheaper to pay than to cover the damage from lost files. Some paid regularly, ensuring steady earnings for the gangs.

Making payments illegal, as some have proposed, would not actually stop them, the FBI has said. It would instead give the extortionists yet another club to hold over their victims after payment is made.

At least so far, Congress has agreed, declining to ban the transactions. Which means that deals like Sullivan’s will continue to happen every week.

Will all of them be disclosed when required under state laws or federal consent decrees? Probably not.

But don’t expect those who hush things up to end up in handcuffs.

Read original article here

Technology

A Single Flaw Broke Every Layer of Security in MacOS

Leave a comment

Every time you shut down your Mac, a pop-up appears: “Are you sure you want to shut down your computer now?” Nestled under the prompt is another option most of us likely overlook: the choice to reopen the apps and windows you have open now when your machine is turned back on. Researchers have now found a way to exploit a vulnerability in this “saved state” feature—and it can be used to break the key layers of Apple’s security protections.

The vulnerability, which is susceptible to a process injection attack to break macOS security, could allow an attacker to read every file on a Mac or take control of the webcam, says Thijs Alkemade, a security researcher at Netherlands-based cybersecurity firm Computest who found the flaw. “It’s basically one vulnerability that could be applied to three different locations,” he says.

After deploying the initial attack against the saved state feature, Alkemade was able to move through other parts of the Apple ecosystem: first escaping the macOS sandbox, which is designed to limit successful hacks to one app, and then bypassing the System Integrity Protection (SIP), a key defense designed to stop authorized code from accessing sensitive files on a Mac.

Alkemade—who is presenting the work at the Black Hat conference in Las Vegas this week—first found the vulnerability in December 2020 and reported the issue to Apple through its bug bounty scheme. He was paid a “pretty nice” reward for the research, he says, although he refuses to detail how much. Since then Apple has issued two updates to fix the flaw, first in April 2021 and again in October 2021.

When asked about the flaw, Apple said it did not have any comment prior to Alkemade’s presentation. The company’s two public updates about the vulnerability are light on detail, but they say the issues could allow malicious apps to leak sensitive user information and escalate privileges for an attacker to move through a system.

Apple’s changes can also be seen in Xcode, the company’s development workspace for app creators, a blog post describing the attack from Alkemade says. The researcher says that while Apple fixed the issue for Macs running the Monterey operating system, which was released in October 2021, the previous versions of macOS are still vulnerable to the attack.

There are multiple steps to successfully launching the attack, but fundamentally they come back to the initial process injection vulnerability. Process injection attacks allow hackers to inject code into a device and run code in a way that’s different to what was originally intended.

The attacks are not uncommon. “It’s quite often possible to find the process injection vulnerability in a specific application,” Alkemade says. “But to have one that’s so universally applicable is a very rare find,” he says.

The vulnerability Alkemade found is in a “serialized” object in the saved state system, which saves the apps and windows you have open when you shut down a Mac. This saved state system can also run while a Mac is in use, in a process called App Nap.

Read original article here

Technology

Apple Announces New Lockdown Mode for iPhone to Fight Hacking

Leave a comment

What’s happening

Apple will be offering a new “Lockdown Mode” for its iPhones, iPads and Mac computers. It’s designed to fight hacking campaigns and targeted spyware like NSO Group’s Pegasus.

Why it matters

Though these attacks happen to a small group of people, the threat is growing. Pegasus was found to be used by repressive governments to spy on human rights activists, lawyers, politicians and journalists.

What’s next

Apple plans to release Lockdown Mode for free later this year and is making a public commitment to continue improving it. The company’s also expanded bug bounties and grant programs to encourage further research toward this issue.

Apple for years has marketed its iPhones, iPads and Macs as the most secure and privacy-focused devices on the market. On Wednesday, it bolstered that effort with a new feature coming this fall called Lockdown Mode, designed to fight targeted hacking attempts like the Pegasus malware, which oppressive governments reportedly used on human rights workers, lawyers, politicians and journalists. It also announced a $10 million grant and up to $2 million bug bounty to encourage further research into such threats.

The tech giant said that Lockdown Mode is designed to add extra protections to its phones, such as blocking attachments and link previews in messages, potentially hackable web browsing technologies, and incoming FaceTime calls from unknown numbers. Apple devices will also not accept accessory connections unless the device is unlocked, and people can’t install new remote management software on the devices while they’re in Lockdown Mode as well. The new feature will be made available for test software being used by developers this summer and released for free publicly in the fall.

“While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” said Ivan Krstić, Apple’s head of security engineering and architecture, in a statement. “Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks.”

Apple designed Lockdown Mode to be easy to turn on, through the settings app on its devices.


Apple

Along with the new Lockdown Mode, which Apple calls an “extreme” measure, the company announced a $10 million grant to the Dignity and Justice Fund, which was established by the Ford Foundation, to help support human rights and fight social repression.

The company’s efforts to enhance its device security comes at a time when the tech industry is increasingly confronting targeted cyberattacks from oppressive governments around the world. Unlike widespread ransomware or virus campaigns, which are often designed to indiscriminately spread furthest and quickest through homes and corporate networks, attacks like those using Pegasus are designed for quiet intelligence gathering.

People have to restart their devices before Lockdown Mode will turn on.


Apple

Last September, Apple sent out a free software update that addressed Pegasus, and then it sued NSO Group in an effort to stop the company from developing or selling any more hacking tools. It also began sending “Threat Notifications” to potential victims of these hacking tools, which Apple calls “mercenary spyware.” The company said that while the number of people targeted in these campaigns is very small, it’s notified people in about 150 countries since November.

Other tech companies have also expanded their approach to security in recent years. Google has an initiative called Advanced Account Protection, designed for “anyone who is at an elevated risk of targeted online attacks” by adding extra layers of safety to logins and downloads. Microsoft has been increasingly working to dump passwords.

Apple said it plans to expand Lockdown Mode over time, and announced a bug bounty of up to $2 million for people who find security holes in the new feature. For now, it’s designed primarily to disable computer features that may be helpful but that open people to potential attacks. That includes turning off some fonts,  link previews and incoming FaceTime calls from unknown accounts. 

Apple representatives said the company sought to find a balance between usability and extreme protections, adding that the company is publicly committing to strengthening and improving the feature. In the most recent iteration of Lockdown Mode, which is being sent to developers in an upcoming test software update, apps that display webpages will follow the same restrictions that Apple’s apps follow, though people can preapprove some websites to circumvent Lockdown Mode if needed. People in Lockdown Mode will also have to unlock their device before it’ll connect with accessories.

Encouraging more research

In addition, Apple said it hopes a planned $10 million grant to the Dignity and Justice Fund will help encourage more research on these issues and expand training and security audits for people who might be targeted.

“Every day we see these threats broadening and deepening,” said Lori McGlinchey, director of the Ford Foundation’s Technology and Society program, who is working with technical advisers including Apple’s Krstić to help direct the fund. “In recent years, state and non-state actors have used spyware to track and intimidate human rights defenders, environmental activists and political dissidents in virtually every region of the world.” 

Ron Deibert, a professor of political science and director of the Citizen Lab cybersecurity researchers at the Munk School of Global Affairs and Public Policy at the University of Toronto, said he expects Apple’s Lockdown Mode will be a “major blow” to spyware companies and the governments who rely on their products. “

“We’re doing all we can, alongside a number of investigative journalists working this beat, but that’s been it, and that’s a huge asymmetry,” he said, adding that Apple’s $10 million grant will help attract more work toward this issue. “You have an enormous industry that’s very lucrative and almost entirely unregulated, profiting from huge contracts from governments that have an appetite to engage in this type of espionage.”



Read original article here

Business

North Korea likely behind $100 million Horizon crypto hack: Experts

Leave a comment

A photo illustration showing the North Korean flag and a computer hacker.

Budrul Chukrut | Sopa Images | Lightrocket | Getty Images

North Korean state-sponsored hackers were likely the perpetrators of a hack that led to the theft of around $100 million in cryptocurrency, according to analysis from blockchain researchers.

The hackers targeted Horizon, a so-called blockchain bridge developed by U.S. crypto start-up Horizon. The tool is used by crypto traders to swap tokens between different networks.

There are “strong indications” that Lazarus Group, a hacking collective with strong ties to Pyongyang, orchestrated the attack, blockchain analytics firm Elliptic said in a blog post Wednesday.

Most of the funds were immediately converted to the cryptocurrency ether, Elliptic said. The firm added that hackers have started laundering the stolen assets through Tornado Cash, a so-called “mixing” service that seeks to obscure the trail of funds. So far, around $39 million worth of ether has been sent to Tornado Cash.

Elliptic says it used “demixing” tools to trace the stolen crypto sent through Tornado Cash to several new ether wallets. Chainalysis, another blockchain security firm that’s working with Harmony to investigate the hack, backed up the findings.

According to the companies, the way the attack was carried out and the subsequent laundering of funds bear a number of similarities with previous crypto thefts believed to be perpetrated by Lazarus, including:

  • Targeting of a “cross-chain” bridge — Lazarus was also accused of hacking another such service called Ronin
  • Compromising passwords to a “multisig” wallet that requires only a couple signatures to initiate transactions
  • “Programmatic” transfers of funds in increments every few minutes
  • The movement of funds stops during Asia-Pacific nighttime hours

Harmony said it is “working on various options” to reimburse users as it investigates the theft, but stressed that “additional time is needed.” The company also offered a $1 million bounty for the return of the stolen crypto and information on the hack.

North Korea has frequently been accused of carrying out cyberattacks and exploiting cryptocurrency to get around Western sanctions. Earlier this year, the U.S. Treasury Department attributed a $600 million heist on Ronin Network, a so-called “sidechain” for popular crypto game Axie Infinity, to Lazarus.

North Korea has denied involvement in state-sponsored cyberattacks in the past, including a 2014 data breach targeting Sony Pictures.

Read original article here

Business

Ex-Amazon Worker Convicted in Capital One Hacking

Leave a comment

A former Amazon engineer who was accused of stealing customers’ personal information from Capital One in one of the largest breaches in the United States was found guilty of wire fraud and hacking charges on Friday.

A Seattle jury found that Paige Thompson, 36, had violated an anti-hacking law known as the Computer Fraud and Abuse Act, which forbids access to a computer without authorization. The jury found her not guilty of identity theft and access device fraud.

Ms. Thompson had worked as a software engineer and ran an online community for other workers in her industry. In 2019, she downloaded personal information belonging to more than 100 million Capital One customers. Her legal team argued that she had used the same tools and methods as ethical hackers who hunt for software vulnerabilities and report them to companies so they can be fixed.

But the Justice Department said that Ms. Thompson had never planned to alert Capital One to the problems that gave her access to customers’ data, and that she had bragged to her online friends about the vulnerabilities she uncovered and the information she downloaded. Ms. Thompson also used her access to Capital One’s servers to mine cryptocurrency, the Justice Department said.

“She wanted data, she wanted money, and she wanted to brag,” Andrew Friedman, an assistant U.S. attorney, said in closing arguments.

Ms. Thompson’s case attracted attention from the tech industry because of the charges under the Computer Fraud and Abuse Act. Critics of the law have argued that it is too broad and allows for the prosecution of so-called white hat hackers. Last month, the Justice Department told prosecutors that they should no longer use the law to pursue hackers who engaged in “good-faith security research.”

The jury deliberated for 10 hours before finding Ms. Thompson guilty of five counts of gaining unauthorized access to a protected computer and damaging a protected computer, in addition to the wire fraud charges. She is scheduled to be sentenced on Sept. 15.

A lawyer for Ms. Thompson declined to comment on the verdict.

Capital One discovered the breach in July 2019 after a woman who had spoken with Ms. Thompson about the data reported the problem to Capital One. Capital One passed the information to the Federal Bureau of Investigation, and Ms. Thompson was arrested soon after.

Regulators said Capital One lacked the security measures it needed to protect customers’ information. In 2020, the bank agreed to pay $80 million to settle those claims. In December, it also agreed to pay $190 million to people whose data had been exposed in the breach.

“Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency,” said Nicholas W. Brown, the U.S. attorney for the Western District of Washington, in a statement. “Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself.”

Read original article here

US

UK approves WikiLeaks founder Julian Assange’s extradition to U.S.

Leave a comment

WikiLeaks’ founder Julian Assange leaves Westminster Magistrates Court in London, Britain.

Henry Nicholls | Reuters

The U.K. has approved the extradition of WikiLeaks founder Julian Assange to the U.S., where he is wanted over the publication of hundreds of thousands of classified military documents and diplomatic cables.

The deportation was approved Friday by U.K. Home Secretary Priti Patel following a series of failed legal battles in the U.K. courts. However, a number of appeal routes remain open to Assange, who has 14 days to appeal the decision.

Assange is wanted by U.S. authorities on 18 counts, including a spying charge, relating to WikiLeaks’ release in 2010 and 2011 of vast troves of confidential U.S. military records and diplomatic cables, which they claim had put lives in danger.

“On 17 June, following consideration by both the Magistrates Court and High Court, the extradition of Mr Julian Assange to the US was ordered. Mr Assange retains the normal 14-day right to appeal,” a U.K. Home Office spokesperson said.

“In this case, the UK courts have not found that it would be oppressive, unjust or an abuse of process to extradite Mr Assange. Nor have they found that extradition would be incompatible with his human rights, including his right to a fair trial and to freedom of expression, and that whilst in the US he will be treated appropriately, including in relation to his health.”

Friday’s extradition approval is the latest development in a years-long saga for Australian-born Assange. He has spent much of the last decade in confinement either in prison or in the Ecuadorian embassy in London. He is currently being held at high-security Belmarsh prison in London.

Wikileaks said on Twitter that it would appeal the decision, adding that it was a “dark day for Press freedom and British democracy.”

Assange’s supporters have long claimed that he is an anti-establishment hero whose prosecution was politically motivated because he exposed U.S. wrongdoing in conflicts in Afghanistan and Iraq.

‘More interesting phase’ ahead

The 50-year-old can appeal the decision at London’s High Court, which must give its approval for a challenge to proceed.

His case could ultimately reach the U.K. Supreme Court. However, if it is refused, he must be extradited within 28 days.

Assange’s lawyers have previously claimed that he could face a possible penalty of up to 175 years in prison if convicted in the U.S. However, the U.S. government said the sentence was more likely to be four to six years.

Nick Vamos, head of business at London-based crime and commercial litigation law firm Peters & Peters, said Friday’s extradition approval was far from over, with the “more interesting phase of Mr Assange’s extradition battle is still to come.”

“This decision was inevitable given the very narrow grounds on which the Home Secretary can refuse extradition, but is unlikely to be the end of road,” Vamos said Friday.

Assange could appeal on all of the grounds on which he originally lost in the U.K. Supreme Court, said Vamos. Those grounds include political motivation, freedom of speech and whether he would receive a fair trial in the U.S.

“He may also try and introduce new evidence about CIA assassination plots and the fact that a key witness against him has publicly withdrawn his evidence,” Vamos added.

Read original article here

World

Russian Hacking Cartel Attacks Costa Rican Government Agencies

Leave a comment

WASHINGTON — A Russian hacking cartel carried out an extraordinary cyberattack against the government of Costa Rica, crippling tax collection and export systems for more than a month so far and forcing the country to declare a state of emergency.

The ransomware gang Conti, which is based in Russia, claimed credit for the attack, which began on April 12, and has threatened to leak the stolen information unless it is paid $20 million. Experts who track Conti’s movements said the group had recently begun to shift its focus from the United States and Europe to countries in Central and South America, perhaps to retaliate against nations that have supported Ukraine.

Some experts also believe Conti feared a crackdown by the United States and was seeking fresh targets, regardless of politics. The group is responsible for more than 1,000 ransomware attacks worldwide that have led to earnings of more than $150 million, according to estimates from the Federal Bureau of Investigation.

“The ransomware cartels figured out multinationals in the U.S. and Western Europe are less likely to blink if they need to pay some ungodly sum in order to get their business running,” said Juan Andres Guerrero-Saade, a principal threat researcher at SentinelOne. “But at some point, you are going to tap out that space.”

Whatever the reason for the shift, the hack showed that Conti was still acting aggressively despite speculation that the gang might disband after it was the target of a hacking operation in the early days of Russia’s war on Ukraine. The criminal group, which pledged its support to Russia after the invasion, routinely targets businesses and local government agencies by breaking into their systems, encrypting data and demanding a ransom to restore it.

Of the Costa Rica hacking, Brett Callow, a threat analyst at Emsisoft, said that “it’s possibly the most significant ransomware attack to date.”

“This is the first time I can recall a ransomware attack resulting in a national emergency being declared,” he said.

Costa Rica has said it refused to pay the ransom.

The hacking campaign occurred after Costa Rica’s presidential elections and quickly became a political cudgel. The previous administration downplayed the attack in its first official news releases, portraying it as a technical problem and projecting an image of stability and calm. But the newly elected president, Rodrigo Chaves, began his term by declaring a national emergency.

“We are at war,” Mr. Chaves said during a news conference on Monday. He said 27 government institutions had been affected by the ransomware attack, nine of them significantly.

The attack began on April 12, according to Mr. Chaves’s administration, when hackers who said they were affiliated with Conti broke into Costa Rica’s Ministry of Finance, which oversees the country’s tax system. From there, the ransomware spread to other agencies that oversee technology and telecommunications, the government said this month.

Two former officials with the Ministry of Finance, who were not authorized to speak publicly, said the hackers were able to gain access to taxpayers’ information and interrupt Costa Rica’s tax collection process, forcing the agency to shut down some databases and resort to using a nearly 15-year-old system to store revenue from its largest taxpayers. Much of the nation’s tax revenue comes from a relatively small pool of about a thousand major taxpayers, making it possible for Costa Rica to continue tax collection.

The country also relies on exports, and the cyberattack forced customs agents to do their work solely on paper. While the investigation and recovery are underway, taxpayers in Costa Rica are forced to file their tax declarations in person at financial institutions rather than relying on online services.

Mr. Chaves is a former World Bank official and finance minister who has promised to shake up the political system. His government declared a state of emergency this month in response to the cyberattack, calling it “unprecedented in the country.”

“We are facing a situation of unavoidable disaster, of public calamity and internal and abnormal commotion that, without extraordinary measures, cannot be controlled by the government,” Mr. Chaves’s administration said in its emergency declaration.

The state of emergency allows agencies to move more quickly to remedy the breach, the government said. But cybersecurity researchers said that a partial recovery could take months, and that the government may not ever fully recover its data. The government may have backups of some of its taxpayer information, but it would take some time for those backups to come online, and the government would first need to ensure it had removed Conti’s access to its systems, researchers said.

Paying the ransom would not guarantee a recovery because Conti and other ransomware groups have been known to withhold data even after receiving a payment.

“Unless they pay the ransom, which they have stated they have no intention of doing, or have backups that are going to enable them to recover their data, they are potentially looking at total, permanent data loss,” Mr. Callow said.

When Costa Rica refused to pay the ransom, Conti began threatening to leak its data online, posting some files it claimed contained stolen information.

“It is impossible to look at the decisions of the administration of the president of Costa Rica without irony,” the group wrote on its website. “All this could have been avoided by paying.”

On Saturday, Conti raised the stakes, threatening to delete the keys to restore the data if it did not receive payment within a week.

“With governments, intelligence agencies and diplomatic circles, the debilitating part of the attack is really not the ransomware. It’s the data exfiltration,” said Mr. Guerrero-Saade of SentinelOne. “You’re in a position where presumably incredibly sensitive information is in the hands of a third party.”

The breach, among other attacks carried out by Conti, led the U.S. State Department to join with the Costa Rican government to offer a $10 million reward to anyone who provided information that led to the identification of key leaders of the hacking group.

“The group perpetrated a ransomware incident against the government of Costa Rica that severely impacted the country’s foreign trade by disrupting its customs and taxes platforms,” a State Department spokesman, Ned Price, said in a statement. “In offering this reward, the United States demonstrates its commitment to protecting potential ransomware victims around the world from exploitation by cybercriminals.”

Kate Conger reported from Washington, and David Bolaños from San José, Costa Rica.

Read original article here

World

Live updates | UK diplomat: Allies should send tanks, planes

Leave a comment

LONDON — Britain’s top diplomat says Western allies should send tanks, planes and other heavy weapons to Ukraine, saying “inaction would be the greatest provocation.”

NATO nations have supplied Ukraine with military supplies including missiles and armored vehicles. But so far they have been reluctant to send fighter planes for fear of escalating the conflict.

U.K. Foreign Secretary Liz Truss said “this is a time for courage, not caution.” Despite Truss’ call for jets, British Prime Minister Boris Johnson’s spokesman said there were “no plans” for the U.K. to send planes to Ukraine.

Truss also said Russia’s attack on Ukraine must be a wake-up call for international institutions. She called for a new focus on “military strength, economic security and deeper global alliances.”

___

KEY DEVELOPMENTS IN THE RUSSIA-UKRAINE WAR:

— Russia cuts natural gas to 2 NATO nations in escalation

— European nations accuse Russia of natural gas ‘blackmail’

— The AP Interview: UN nuclear chief wants Ukraine plant access

— EXPLAINER: What’s behind Russia’s natural gas cutoff?

Follow all AP stories on Russia’s war on Ukraine at https://apnews.com/hub/russia-ukraine

___

OTHER DEVELOPMENTS:

BOSTON — Cyberattacks by state-backed Russian hackers have destroyed data across dozens of organizations in Ukraine and produced “a chaotic information environment,” Microsoft says in a report released Wednesday.

Nearly half the destructive attacks were against critical infrastructure, many times simultaneous to physical attacks, the report notes.

A top Ukrainian cybersecurity official, Victor Zhora, told reporters in a news briefing on Wednesday that cyberattacks on telecommunications have sometimes coincided with artillery and other physical attacks.

Microsoft assessed that Russia-aligned threat groups were “pre-positioning for the conflict as early as March 2021,” hacking into networks to obtain footholds they could later use to collect “strategic and battlefield intelligence or to facilitate future destructive attacks.”

During the war, Russia’s cyberattacks “have at times not only degraded the functions of the targeted organizations but sought to disrupt citizens’ access to reliable information and critical life services, and to shake confidence in the country’s leadership,” the company’s Digital Security Unit says in the 20-page report.

Kremlin cyber operations “have had an impact in terms of technical disruption of services and causing a chaotic information environment, but Microsoft is not able to evaluate their broader strategic impact,” the report says.

___

ATLANTIC CITY, N.J. — U.S. Energy Secretary Jennifer Granholm said Wednesday that Russia’s war on Ukraine “screams” that the world needs to stop importing oil and gas from Russia and instead move toward other forms of energy.

At an international forum on offshore wind energy in Atlantic City, Granholm said the U.S. as well as its energy industries “are on a war footing,” and called for a rapid acceleration of renewable energy including offshore wind power.

Her comments were echoed by Kadri Simson, the European Commissioner for Energy, who noted that Europe recently committed itself to a large-scale move away from Russian fossil fuel imports, and considers wind energy an important part of that transition.

Their comments came as Russia cut off natural gas to NATO members Poland and Bulgaria on Wednesday and threatened to do the same to other countries, dramatically escalating its standoff with the West over the war in Ukraine. European leaders decried the move as “blackmail.”

Germany and Italy are among Europe’s biggest consumers of Russian natural gas but have already been taking steps to reduce their dependence on Moscow.

“Russia is waging a war in Ukraine and the imperative to move away from Russian oil and gas, for the world to move away from Russian oil and gas screams that there is an imperative that we electrify,” said Granholm, the former Michigan governor. “Offshore wind is just a huge component in that.”

___

UNITED NATIONS — The U.N. says its humanitarian office is mobilizing an experienced team from around the world to coordinate the complex evacuation of civilians from the besieged steel plant in the battered Ukrainian city of Mariupol with the International Committee of the Red Cross.

U.N. Secretary-General António Guterres and Russian President Vladimir Putin agreed in principle to U.N. and ICRC participation in the evacuation from the plant during a nearly two-hour, one-on-one meeting Tuesday. The sprawling Azovstal complex, which has been almost completely destroyed by Russian attacks, is the last pocket of organized Ukrainian resistance in Mariupol. An estimated 2,000 troops and 1,000 civilians are said to be holed up in bunkers underneath the wrecked structure.

U.N. deputy spokesman Farhan Haq told reporters Wednesday that the U.N. is trying to translate the Guterres-Putin agreement in principle “into an agreement in detail and an agreement on the ground.”

“And ultimately what we want is to make sure that a cease-fire would be respected that would allow us to move people safely,” he said.

Haq said U.N. officials are having follow-on discussions Wednesday with authorities in Moscow and Kyiv “to develop the operational framework for the timely evacuation of civilians.”

He said the exact timing depends on the outcome of discussions between the U.N. humanitarian office and Russia’s Ministry of Defense in Moscow as well as between the U.N. crisis coordinator for Ukraine, Amin Awad, and the authorities in Kyiv, where Guterres will be meeting Ukraine’s President Volodymyr Zelenskyy on Thursday.

___

OTTAWA, Ontario — The Canadian government said Wednesday that it has imposed sanctions on more than 200 people who are loyal to Russian President Vladimir Putin in Ukraine’s eastern Donbas region.

Russian forces have been backing separatist rebels in the Donbas area for eight years following Russia’s annexation of the Crimean Peninsula in 2014.

The Canadian sanctions are focused on the renewed Russian attempt to annex areas of the Donbas by targeting people attempting to support the next phase of the two-month-old Russian war on Ukraine.

“Canada will not stand idly by and watch President Putin and his accomplices attempt to redraw the borders of Ukraine with impunity,” Foreign Affairs Minister Melanie Joly said in a statement. “International law must be respected.”

Global Affairs Canada, the governmental department that manages the country’s diplomatic relations, said the new measures target 11 senior officials and 192 other members of the People’s Councils of the self-proclaimed People’s Republics of Luhansk and Donetsk for supporting Putin’s attack on the area.

___

WASHINGTON — The White House says President Joe Biden will tour a Lockheed Martin facility that makes weapons systems, such as Javelin anti-tank missiles, that the administration is providing to Ukraine to defend itself against Russia’s 2-month-old invasion.

Biden plans to visit the facility in Alabama on May 3.

A Javelin is a long-range guided anti-tank missile that can be carried by one person. The United States says it has provided several thousand of the systems to Ukraine.

___

MADRID — Russia announced Wednesday it was withdrawing from the United Nations World Tourism Organization just hours before the body’s assembly voted to temporarily suspend the country’s membership over the invasion of Ukraine, officials said.

UNWTO Secretary General Zurab Pololikashvili made the announcement on his official Twitter account. He said it was the first U.N. body to address Russia’s membership.

The organization went ahead and approved the suspension at a special meeting in Madrid on Wednesday, where the organization has its headquarters.

“(Russian President Vladimir) Putin’s military offensive is an attack on the founding principles of the United Nations and on the values that tourism represents, such as peace, prosperity and universal respect and the observance of human rights,” Spanish Industry, Trade and Tourism Minister Reyes Maroto said in a statement following the decision.

The assembly resolution included a clause that said the suspension could be reversed if a change in the politics of the Russian Federation were noted.

Spain was one of 22 European nations that had promoted the motion.

___

COPENHAGEN, Denmark — Norway’s Energy Minister Terje Aasland said Wednesday that the Scandinavian country’s position “as a stable, predictable and long-term supplier of energy to the European market is only becoming more important.”

“It is underlined by what is now happening on the part of Gazprom,” Aasland told Norwegian news agency NTB.

The state-controlled Russian giant said it was shutting off natural gas to NATO members Poland and Bulgaria on Wednesday because they refused to pay in Russian rubles, as President Vladimir Putin had demanded.

Russia threatened to do the same to other countries, dramatically escalating its standoff with the West over the war in Ukraine. European leaders decried the move as “blackmail.”

Norway exports about 95% of its gas via an extensive subsea pipeline network linking it to terminals in Germany, Britain, France and Belgium. Last month, Denmark decided to resume the construction of the Danish part of Baltic Pipe, which will connect Poland to Norwegian gas fields.

___

MOSCOW — Russian President Vladimir Putin has vowed to Russia’s parliament that the goals of the country’s military operation in Ukraine will be achieved.

Putin said in an address on Wednesday to both houses of parliament: “I want to emphasize again that all the tasks of the special military operation we are conducting in the Donbas and Ukraine, launched on Feb. 24, will be unconditionally fulfilled.”

That, he said, will “guarantee the security of the residents” of separatist regions in eastern Ukraine that Russia recognized as independent shortly before launching its military action in Ukraine, as well as Crimea — which Russia annexed in 2014 — “and our entire country in the historical perspective.”

___

BERLIN — Germany’s economy minister says the government is considering “all scenarios” for a Russian-owned oil refinery that supplies much of the petroleum used in and around Berlin.

Robert Habeck told reporters Wednesday that the German government’s goal is to ensure the country becomes independent of Russian energy supplies, and companies established to procure fossil fuels from Russia are “not helpful in that regard.”

The refinery at Schwedt is controlled by Rosneft, a Russian state-controlled oil and gas company.

Asked whether Germany would go so far as to nationalize the refinery, an option foreseen in a regulatory change approved by Cabinet this week, Habeck said that “we are in a situation where the government must expect and prepare for all scenarios.”

“There are likely to be some we haven’t thought of,” he said. “But we are considering everything conceivable and making political preparations.”

Habeck said Russia’s decision to stop supplies of gas to Poland and Bulgaria was an example of “the reality where energy is used as a weapon.”

He acknowledged that Germany was and remains one of the biggest consumers of Russian fossil fuels worldwide, though it is making all efforts to diversify its supplies, reduce consumption and switch to renewable energy “so that we are not defenseless.”

___

KYIV, Ukraine — A Ukrainian presidential adviser has hinted that his country might be involved in a series of fires in border regions of Russia in recent days.

On Wednesday, the governor of the Belgorod region said an ammunition depot was burning after several explosions were heard. Earlier this week, there was a blaze at an oil storage facility in Bryansk.

Ukraine hasn’t officially taken responsibility for those and other incidents, and Russian officials haven’t publicly ascribed them to Ukrainian attacks.

But Ukrainian presidential adviser Mykhailo Podolyak said in a Telegram post Wednesday that “karma (is) a harsh thing.”

He said that Russian regions where the incidents happened “are now also actively studying the concept of ‘demilitarization.’”

Without directly admitting any Ukrainian involvement, he said that “sooner or later the debts will have to be repaid.”

___

ROME — Premier Mario Draghi’s office says the Italian leader will meet President Joe Biden in Washington on May 10.

Draghi’s office said in a statement on Wednesday that Ukraine will be at the center of discussions, including coordinated measures “to support the Ukrainian population and to counter Russia’s unjustified aggression.”

The leaders will also discuss energy security. Italy is among European countries that get a large proportion of their natural gas from Russia. Draghi and his ministers have been working to get alternative sources.

___

WARSAW, Poland — Security authorities in Poland say that a Russian and a Belarusian man have been arrested on allegations that they spied for Russian intelligence.

A spokesman for Poland’s state security bodies, Stanislaw Zaryn, said Wednesday that material gathered by Polish military intelligence led to their arrest.

He said that they were gathering sensitive military information, including about Polish troops in the area near Poland’s border with Belarus.

The men were arrested separately last week.

___

SOFIA, Bulgaria — The Bulgarian government says the prime minister and defense minister will go to Ukraine to meet with that country’s leaders.

The goverment press office said Prime Minister Kiril Petkov and Defense Minister Dragomir Zakov were being accompanied on Wednesday by members of Parliament.

In Kyiv, they will meet with Ukrainian President Volodymyr Zelenskyy and Prime Minister Denys Shmyhal, and with members of the 200,000-strong Bulgarian community in Ukraine.

They also will visit Borodyanka, Bucha and Irpin, in the Kyiv region, to see damage caused by the Russian invasion.

___

BRUSSELS — The head of the European Union’s executive Commission says energy companies in the 27-nation bloc that agree to Moscow’s demands to pay for gas deliveries in Russian rubles will be breaching the sanctions imposed over Russia’s invasion of Ukraine.

Ursula von der Leyen spoke after Polish and Bulgarian officials said Moscow was cutting off natural gas deliveries to their countries due to their refusal to pay in rubles, a demand made by President Vladimir Putin after sanctions were levied against his nation.

Von der Leyen said Wednesday that “our guidance here is very clear.”

She said that “to pay in rubles, if this is not foreseen in the contract, is a breach of our sanctions. We have round about 97% of all contracts that explicitly stipulate payments in euros or dollars, so it’s very clear. And the request from the Russian side to pay in rubles is a unilateral decision and not according to the contracts.”

Von der Leyen said Russia’s decision to cut off supplies to Poland and Bulgaria is another “provocation from the Kremlin” and an attempt to “blackmail” the EU.

She said that, following an urgent meeting of member states, both Poland and Bulgaria are now receiving gas from their EU neighbors.

___

COPENHAGEN, Denmark — Russia has expelled three Norwegian diplomats following the expulsion from Norway earlier this month of three Russian diplomats.

Norwegian Foreign Minister Anniken Huitfelt said Wednesday that the Norwegians being kicked out were doing “regular diplomatic work.” She vowed that Norway “will continue to stand with our close allies and partners against Russia’s aggression and in our support for Ukraine,”

Huitfeld told Norwegian broadcaster NRK that “like other European countries and allies, we have reduced contact with the Russian authorities to a minimum.”

On Tuesday, Russia expelled four Swedish diplomats. The Foreign Ministry in Stockholm said they too were “engaged in normal diplomatic activities.”

___

The Russian Foreign Ministry has announced sanctions against 287 British lawmakers in response to the U.K. sanctioning 368 members of Russia’s lower house of parliament.

The ministry on Wednesday released a list of both government and opposition lawmakers, and a few former lawmakers. They are now barred from entering Russia because they “took the most active part in the establishment of anti-Russian sanctions instruments in London (and) contribute to the groundless ramping-up of Russophobic hysteria in the U.K.”

The ministry’s statement said that “hostile rhetoric and far-fetched accusations coming from the mouths of British parliamentarians not only condone the hostile course of London aimed at demonizing our country and (at) its international isolation, but are also used by opponents of mutually respectful dialogue with Russia to undermine the foundation of bilateral cooperation.”

Responding to the announcement, British Prime Minister Boris Johnson said that “those 287 should regard it as a badge of honor.”

___

MOSCOW — The Kremlin has criticized a statement by a Ukrainian presidential adviser holding the door open to possible military action in the separatist Trans-Dniester region of Moldova.

Kremlin spokesman Dmitry Peskov on Wednesday described the statement by Ukrainian President Volodymyr Zelenskyy’s adviser Oleksiy Arestovych as “quite provocative.” Asked in a video stream if Ukraine could send its forces into Trans-Dniester, Arestovych said it could do that but only if Moldova asks for it.

Trans-Dniester, a sliver of land with about 470,000 people, has been under the control of separatist authorities since a 1992 war with Moldova. Russia bases about 1,500 troops in the breakaway region, nominally as peacekeepers. Tensions in the region have escalated in recent days with a series of explosions, for which no one claimed responsibility, raising fears of broader hostilities.

___

BERLIN — The German government has rejected criticism that it has been slow to provide Ukraine with weapons requested by Kyiv.

Following domestic and international pressure, Germany announced this week that it would allow the delivery of self-propelled armored anti-aircraft guns to Ukraine to help it fend off Russia’s military attack, backing off earlier reluctance provide heavy weapons to the country.

Chancellor Olaf Scholz’s spokesman, Steffen Hebestreit, said that “the federal government and chancellor have looked with great seriousness at the difficult situation Ukraine, Europe and the entire world are in, and taken a very balanced decision.”

He told reporters in Berlin: “I don’t see a change of position on the part of the government, but continuity.”

___

KYIV, Ukraine — The International Atomic Energy Agency’s director-general says the level of safety at Europe’s largest nuclear plant, currently under Russian occupation in Ukraine, is like a “red light blinking” as his organization tries in vain to get access for work including repairs.

In an interview with The Associated Press, Rafael Grossi said that the IAEA needs access to the Zaporizhzhia plant in southern Ukraine so its inspectors can, among other things, reestablish connections with the Vienna-based headquarters of the U.N. agency. And for that, both Russia and Ukraine need to help.

The plant requires repairs, “and all of this is not happening. So the situation as I have described it, and I would repeat it today, is not sustainable as it is,” Grossi said. “So this is a pending issue. This is a red light blinking.”

He spoke in an interview Wednesday, a day after meeting with Ukrainian President Volodymyr Zelenskyy about the issue.

Read original article here

Technology

What a future without passwords would look like, when it might happen

Leave a comment

Managing your online passwords can be a chore.

Creating the sort of long, complicated passwords that best deter cyber-thieves — especially for dozens of different online accounts — can be tedious. But it’s necessary, considering the record number of data breaches in the U.S. last year.

That’s why it’s so enticing to dream about a future where nobody has to constantly update and change online passwords to stay ahead of hackers and keep data secure. Here’s the good news: Some of the biggest names in tech are already saying that the dream of a password-less internet is close to becoming a reality. Apple, Google and Microsoft are among those trying to pave the way.

In that hopeful future, you’d still have to prove your identity to access your accounts and information. But at least you wouldn’t have to remember endless strings of unique eight-character (or longer) passwords, right?

Well, maybe not quite. The answer is still a little complicated.

What password-less options already exist?

In theory, removing passwords from your cybersecurity equation nixes what former Secretary of Homeland Security Michael Chertoff has called “by far the weakest link in cybersecurity.” More than 80% of data breaches are a result of weak or compromised passwords, according to Verizon.

In September, Microsoft announced that its users could go fully password-less to access services like Windows, Xbox, and Microsoft 365. Microsoft users can instead use options like the Windows Hello or Microsoft Authenticator apps, which use fingerprints or facial recognition tools to help you log in securely.

Microsoft also allows users to log in using a verification code sent to your phone or email, or with physical a security key — resembling a USB drive — that plugs into your computer and features an encryption unique to you and your device.

Joy Chik, Microsoft’s vice president of identity, wrote in a September company blog post that tools like two-factor authentication have helped improve users’ account security in recent years — but hackers can still find ways around those extra measures. “As long as passwords are still part of the equation, they’re vulnerable,” she wrote.

Similarly, Google sells physical security keys, and its Smart Lock app allows you to tap a button on your Android or iOS device to log into your Google account on the web. In May 2021, the company said these tools were part of Google’s work toward “creating a future where one day you won’t need a password at all.”

Apple’s devices have used Touch ID and Face ID features for several years. The company is also developing its Passkeys feature to allow you to use those same fingerprint or facial recognition tools to create password-less logins for apps and accounts on your iOS devices.

So, in a sense, a password-less future is already here: Microsoft says “nearly 100%” of the company’s employees use password-less options to log into their corporate accounts. But getting every company to offer password-less options to employees and customers will surely take some time – and it might be a while before everyone feels secure enough to dump passwords in favor of something new.

That’s not the only problem, either.

How secure are they?

Doing away with passwords altogether is not without risks.

First, verification codes sent via email or text message can be intercepted by hackers. Even scarier: Hackers have shown the ability to trick fingerprint and facial recognition systems, sometimes by stealing your biometric data. As annoying as changing your password might be, it’s much harder to change your face or fingerprints.

Second, some of today’s password-less options still ask you to create a PIN or security questions to back up your account. That’s not much different from having a password. In other words, tech companies haven’t yet perfected the technology.

And third, there’s an issue of widespread adoption. As Wired pointed out last year, most password-less features require you to own a smartphone or some other type of fairly new device. And while the vast majority of Americans do own a smartphone, those devices range dramatically in terms of age and internal hardware.

Plus, tech companies still need to make online accounts accessible across multiple platforms, not just on smartphones — and also to the people who don’t own smartphones at all, roughly 15% of the U.S.

In other words, it will likely still be some time before passwords are completely extinct. Enjoy typing your long, complex strings of characters into login boxes while you can.

Sign up now: Get smarter about your money and career with our weekly newsletter

Don’t miss:

If your passwords are less than 8 characters long, change them immediately, a new study says

These are the 20 most common passwords leaked on the dark web — make sure none of them are yours

Read original article here

US

“Preparation, not panic’: Top US cyber official asks Americans to look out for Russian hacking efforts

Leave a comment

“All businesses, all critical infrastructure owners and operators need to assume that disruptive cyber activity is something that the Russians are thinking about, that are preparing for, that are exploring options, as the President said,” Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency (CISA), said in an exclusive interview with CNN’s Pamela Brown.

“That’s why we are so focused on making sure that everybody understands the potential for this disruptive cyber activity,” Easterly said. “And it’s not about panic. It’s about preparation.”

Easterly pointed to the example of a cybercriminal attack on Colonial Pipeline last year, which shut down delivery of fuel to the East Coast for days and led to Americans hoarding gasoline.

The Biden administration has for months warned that Moscow could respond to US sanctions over Russia’s invasion of Ukraine with cyberattacks on US infrastructure — or that ransomware gangs like the one that hit Colonial Pipeline could lash out.

“The magnitude of Russia’s cyber capacity is fairly consequential and it’s coming,” President Joe Biden told business leaders March 21.

Easterly called Biden’s statement, which said Russia was conducting “preparatory activity” for a potential cyberattack, “pretty unprecedented.”

“I think what makes the moment different is just seeing what the Russians have done with this unprovoked invasion of Ukraine and then understanding there can be some very real consequences of that in cyberspace,” Easterly told CNN.

Easterly’s agency, established in 2018, is charged with advising the owners and operators of power plants, manufacturing facilities and other critical infrastructure on how to defend against such threats.

Agencies like CISA and the departments of Treasury and Energy have in recent months held cyberthreat briefings on Russian hacking capabilities for America’s biggest banks and electric utilities.

Many of those critical infrastructure operators have spent years investing in network defense and studying high-profile Russian cyberattacks like one that cut power in Ukraine for a quarter million people.

A month into the war in Ukraine, the Russian military has stumbled and still failed to take the capital of Kyiv.

“I would imagine that there is a lot of pressure, a lot of stress on not just the Russian military but against the Russian intelligence officers,” said Easterly, a former US Army intelligence officer.

Read original article here

The Ultimate News Site