In case you can’t get enough Jurassic Park movies, you can look forward to plans a biotech company has to hybridize endangered Asian elephants with long-extinct wooly mammoths using gene splicing and other exotic techniques.
Expect a long movie, the team hopes to have calves after six years and we don’t think a theme park is in the making. The claim is that mammoth traits will help the elephants reclaim the tundra, but we can’t help but think it is just an excuse to reanimate an extinct animal. If you read popular press reports, there is some question if the ecological mission claimed by the company is realistic. However, we can’t deny it would be cool to bring an animal back from extinction — sort of.
We aren’t DNA wizards, so we only partially understand what’s being proposed. Apparently, skin cells from a modern elephant will serve as a base to accept extracted mammoth DNA. This might seem far-fetched but turns out the mammoth lived much more recently than we usually think. When they die in their natural deep-freeze environment, they are often well preserved.
Once the gene splicing is set up, a surrogate elephant will carry the embryo to term. The hope is that the improved breed would be able to further interbreed with natural species, although with the gestation and maturity times of elephants, this will be a very long time to bear fruit.
So how do you feel about it? Will we face a movie-level disaster? Will we get some lab curiosity creatures? Will it save the tundra? Let us know what you think in the comments.
DNA manipulation has gone from moon-shot-level tech to readily accessible in a very short amount of time. In particular, CRISPR, changes everything and is both exciting and scary on what it puts in the hands of nearly anyone.
BERLIN — The federal prosecutor’s office in Germany said Friday it was investigating who was responsible for a spate of hacking attempts aimed at lawmakers, amid growing concerns that Russia is trying to disrupt the Sept. 26 vote for a new government.
The move by the prosecutor’s office comes after Germany’s Foreign Ministry said this week that it had protested to Russia, complaining that several state lawmakers and members of the federal Parliament had been targeted by phishing emails and other attempts to obtain passwords and other personal information.
Those accusations prompted the federal prosecutor to open a preliminary investigation against what was described as a “foreign power.” The prosecutors did not identify the country, but they did cite the Foreign Ministry statement, leaving little doubt that their efforts were concentrated on Russia.
In their statement, the prosecutors said they had opened an investigation “in connection with the so-called Ghostwriter campaign,” a reference to a hacking campaign that German intelligence says can be attributed to the Russian state and specifically to the Russian military intelligence service known as the G.R.U.
Russia was found to have hacked into the German Parliament’s computer systems in 2015 and three years later, it breached the German government’s main data network. Chancellor Angela Merkel protested over both attacks, but her government struggled to find an appropriate response, and the matter of Russian hacking is now especially sensitive, coming in the weeks before Germans go to the polls to select a successor after her nearly 16 years in power.
“The German government regards this unacceptable action as a threat to the security of the Federal Republic of Germany and to the democratic decision-making process, and as a serious burden on bilateral relations,” Andrea Sasse, a spokeswoman for the Foreign Ministry, said on Wednesday. “The federal government strongly urges the Russian government to cease these unlawful cyber activities with immediate effect.”
Ms. Merkel is not running for re-election and will leave office after a new government is formed, meaning the election will be crucial in determining Germany’s future — and shaping its relationship with Russia.
Of the three candidates most likely to replace Ms. Merkel, Annalena Baerbock of the Greens, who has pledged to take the toughest stance against Moscow, has been the target of the most aggressive disinformation campaign.
The other two candidates — Armin Laschet of Ms. Merkel’s Christian Democratic Union, and Olaf Scholz of the Social Democrats, currently Ms. Merkel’s vice-chancellor and finance minister — have served in three of the four Merkel governments, and neither is expected to change Berlin’s relationship to Moscow.
Ms. Merkel enacted tough economic sanctions against Moscow after the 2014 invasion of Ukraine despite some pushback in other capitals and at home, but she has also worked hard to keep the lines of communication to Moscow open.
The two countries have significant economic links, not least in the energy market, where they most recently cooperated on construction of a direct natural gas pipeline, which the Russian energy company Gazprom announced had been completed on Friday.
U.S. intelligence agencies believe that “Ghostwriter,” a Russian program that received its nickname from a cybersecurity firm, was active in disseminating false information about the coronavirus before the 2020 U.S. presidential election, efforts that were considered to be a refinement of what Russia tried to do during the 2016 campaign.
But attempts to meddle in previous German election campaigns have been limited, partly because of respect for Ms. Merkel, but also because the far-right and populist parties that have emerged in France and Italy have failed to gain as much traction in Germany.
German intelligence officials nevertheless remain concerned that their country, Europe’s largest economy and a leader in the European Union, is not immune to outside forces seeking to disrupt its democratic norms.
Russia’s state-funded external broadcaster, RT, runs an online-only German-language service that for years has emphasized divisive social issues, including public health precautions aimed at stemming the spread of the coronavirus and migration.
During a visit to Moscow last month, Ms. Merkel denied accusations that her government had pressured neighboring Luxembourg to block a license request from the station, which would have allowed it to broadcast its programs to German viewers via satellite.
At least 60 Afghans and four U.S. Marines were killed in explosions at the Kabul airport, as two blasts ripped through crowds trying to enter the American-controlled facility on Thursday, disrupting the final push of the U.S.-led evacuation effort.
The U.S. envoy in Kabul told embassy staff there that four U.S. Marines were killed in the attack at the city’s airport and three wounded, a U.S. official with knowledge of the briefing said. A senior Afghan health official put the death toll among local civilians at 60, with many more fighting for their lives.
Those were the first U.S. military combat fatalities in Afghanistan since February 2020, when the Trump administration and the Taliban signed in Doha, Qatar, an agreement on withdrawing American troops.
The number of U.S. casualties is expected to rise.
At the time of the attack, approaches to the airport’s gates were packed by thousands of Afghans who feared persecution by the Taliban because they had assisted U.S.-led coalition efforts in the country over the past two decades. While no group claimed immediate responsibility, Western governments warned earlier Thursday of an imminent attack by Islamic State’s regional affiliate.
The breach of T-Mobile US Inc. allowed hackers to steal information about more than 54 million people and potentially sell the data to digital fraudsters and identity thieves.
Here is what we know about the hack, which data was stolen and what customers should do to protect themselves.
What was the T-Mobile data breach?
T-Mobile said it learned late last week that an individual in an online forum claimed to have breached its systems and was attempting to sell stolen customer data. The company confirmed on Aug. 16 that it was hacked, later adding that attackers made off with personal data from 54 million people. Those victims include 7.8 million current postpaid customers, T-Mobile said, and about 46 million former and prospective customers who applied for plans.
While U.S. officials have warned of an uptick in ransomware attacks in recent months, T-Mobile’s hackers didn’t lock up the company’s systems and demand payment. Instead, attackers broke into the company’s servers through an open access point, stole data and have since tried to sell different sets of the information online for between $80,000 and $270,000 worth of bitcoin.
The attack is the latest and most severe in a string of cybersecurity incidents at the company, said Allie Mellen, a cybersecurity analyst at research firm Forrester Inc.
A cryptocurrency platform that was hacked and had hundreds of millions of dollars stolen from it has now offered the thief a “reward” of $500,000 after the criminal returned almost all of the money.
A few days ago a hacker exploited a vulnerability in the blockchain technology of decentralized finance (DeFi) platform Poly Network, pilfering a whopping $611 million in various tokens—the crypto equivalent of a gargantuan bank robbery. It is thought to be the largest robbery of its kind in DeFi history.
The company subsequently posted an absurd open letter to the thief that began “Dear Hacker” and proceeded to beg for its money back while also insinuating that the criminal would ultimately be caught by police.
Amazingly, this tactic seemed to work—and the hacker (or hackers) began returning the crypto. As of Friday, almost the entirety of the massive haul had been returned to blockchain accounts controlled by the company, though a sizable $33 million in Tether coin still remains frozen in an account solely controlled by the thief.
After this, Poly weirdly started calling the hacker “Mr. White Hat”—essentially dubbing them a virtuous penetration tester rather than a disruptive criminal. Even more strange, on Friday Poly Network confirmed to Reuters that it had offered $500,000 to the cybercriminal, dubbing it a “bug bounty.”
G/O Media may get a commission
Bug bounties are programs wherein a company will pay cyber-pros to find holes in its IT defenses. However, such programs are typically commissioned by companies and addressed by well-known infosec professionals, not conducted unprompted and ad-hoc by rogue, anonymous hackers. Similarly, I’ve never heard of a penetration tester stealing hundreds of millions of dollars from a company as part of their test.
Nonetheless, Poly Network apparently told the hacker: “Since, we (Poly Network) believe your action is white hat behavior, we plan to offer you a $500,000 bug bounty after you complete the refund fully. Also we assure you that you will not be accountable for this incident.” We reached out to the company to try to independently confirm these reports.
The hacker reportedly refused to take the crypto platform up on its offer, opting instead to post a series of public messages in one of the crypto wallets that was used to return funds that purport to explain why the heist took place. The self-interviews, dubbed “Q & A sessions,” were shared over social media by Tom Robinson, co-founder of crypto-tracking firm Elliptic. In one of them, the hacker explains:
Q: WHY HACKING? A: FOR FUN 🙂
Q: WHY POLY NETWORK? A: CROSS CHAIN HACKING IS HOT
Q: WHY TRANSFERRING TOKENS A: TO KEEP IT SAFE.
In another post, the hacker purportedly proclaimed, “I’m not interested in money!” and said, “I would like to give them tips on how to secure their networks, so that they can be eligible to manage the billion project in the future.”
So, yeah, what do we think here, folks? Is the hacker:
A) a good samaritan who stole the better part of a billion dollars to teach a crypto company a lesson?
B) a spineless weasel who realized they were in tremendous levels of shit and decided to engineer a way out of their criminal deed?
The answer is unclear at the moment, but gee, does it make for quality entertainment. Tune in next week for a new episode of Misadventures in De-Fi Cybersecurity. Thrilling stuff, no?
Earlier today, Joe Biden made some comments on Facebook and the spread of misinformation when it came to vaccinations. He had to clarify, saying that the company “isn’t killing people”, but misinformation and the spread of misinformation is.
CSPAN (@cspan)
President Biden clarifies his statement about Facebook: “My hope is, that Facebook instead of taking it personally, that somehow I’m saying ‘Facebook is killing people’, that they would do something about the misinformation.” pic.twitter.com/GXfZOHxWKl
July 19, 2021
At today’s briefing, White House press secretary Jen Psaki clarified a bit further, not quite letting Facebook off the hook but not making any blatant accusations.
“Our fight is not with one social media platform. It is with the virus,” Psaki said. “We have a role, everybody has a role, in combating misinformation. In terms of monitoring whether there have been steps that have been taken (to combat misinformation), there are all things you all can assess. There is no secret monitoring…do you have access from these companies on who is receiving misinformation? I don’t think that information has been released.”
13:40
White House press secretary Jen Psaki reiterated at today’s press briefing the Biden administration’s commitment to closing down Guantanamo Bay.
“Our goal is to close Guantanamo Bay,” Psaki said.
This comes as the administration transferred a detainee out of the controversial detention facility for the first time. Psaki noted that 39 individuals remain at Guantanamo: 10 eligible for transfer, 17 eligible for periodic review board, 10 involved in the military commissions process and two who have been convicted.
Updated
13:25
At today’s press briefing, White House press secretary Jen Psaki went a little more in depth on any differences between Russia and China when it comes to cyberattacks and economic sanctions imposed by the US because of cyberattacks. “We are not differentiating,” she said.
The elephant in the room though is that the US is much more economically dependant upon China than on Russia. The US received $163bn in exports in 2019 from China, as compared to the $10.9bn in exports from Russia. Imposing sanctions on China that are similar to the sanctions imposed on Russia could actually turn around and harm the US in the long run.
Psaki denied that this played a factor in the country’s response, pointing out that the US joins with an “unprecedented” group of allies in “exposing and criticizing” China, in addition to filing charges against four of the accused hackers.
“We take cyber actions against our country and against private sector entities quite seriously,” she said. “We are not holding back. We are not allowing any economic circumstance or consideration to prevent us from taking actions where warranted. We reserve the option to take additional actions where warranted as well. This is not the conclusion of our efforts as it relates to cyber activities with China or Russia.
12:47
DoJ won’t prosecute Ross for misleading Congress on Census
Martin Pengelly
A government investigation has found that Wilbur Ross, Donald Trump’s commerce secretary, misled Congress about why he wanted to add a question about citizenship to the 2020 Cencus.
Wilbur Ross. Photograph: Andrew Harnik/AP
It is a federal crime to make false statements before Congress, but Joe Biden’s Department of Justice will not prosecute Ross.
Critics said the Trump administration was trying to influence districting for elections by adding a question about citizenship to the Census, as undocumented people would therefore avoid the survey and cities with high populations of such people, which tend to vote Democratic, might consequently lose seats.
The AP explains:
According to critics, the citizenship question was inspired by Republican redistricting expert Tom Hofeller, who had previously written that using citizen voting-age population instead of the total population for the purpose of redrawing of congressional and legislative districts could be advantageous to Republicans and non-Hispanic whites.
In congressional testimony, Ross said the Department of Justice requested adding the citizenship question to the census form in late 2017 for the purpose of enforcing federal voting rights law. The inspector general said that “misrepresented the full rationale”.
The supreme court blocked adding the question ahead of the 2020 Census.
Ross, now 83, is a longtime Trump associate who features in many of the rash of recent books about the Trump administration – often for falling asleep during meetings and speeches.
Here’s Sam Levine on what ultimately happened regarding districting after the Cencus was done:
Updated
12:26
When asked about the Microsoft hack, Joe Biden said one reason the US has not imposed sanctions against China over the cyberattacks – but did so against Russia in connection to the SolarWinds hack – was that the investigation is still ongoing.
When asked on the difference between the two governments’ involvement, Biden responded: “My understanding is that the Chinese government, not unlike the Russian government, is not doing this themselves, but are protecting those who are doing it and maybe even accommodating them being able to do it,” he said. “That may be the difference.”
12:14
Joe Biden touted his administration’s efforts to get Americans vaccinated and pass a rescue plan. He talked up the child tax credit under the American Rescue Plan: for the first time this month, working families with children under the age of 6 will receive $300 for each child and working families with children between the ages of 6 and 17 will receive $250 for each child.
“That money is a game changer. For some it’s a life changer,” Biden said. “That’s just one example of how we’re building an economy: from the bottom up and the middle out.”
He addressed issues with price increases, and concerns that the the recent increases may be asign of persistent inflation.
“Our experts believe and the data shows that most of the price increases we’ve seen were expected and are expected to be temporary,” he said. “The reality is you can’t flip the global economic light back on and not expect this to happen. As demand returns, there are going too be global supply chain challenges.”
12:07
Joe Biden used this moment to ask Americans to not get complacent with the pandemic. “Our economic recovery hinges on getting the pandemic under control,” he said. “We can’t let up, especially with the Delta variant.”
“The data couldn’t be clearer: If you’re unvaccinated, you are not protected,” Biden said. “Please, please get vaccinated. Get vaccinated now. It’s safe. It’s free. It’s convenient. This virus doesn’t have to hold you back any longer. It doesn’t have to hold our economy back any longer. The only way we put it behind us is if more Americans get vaccinated.”
11:55
Biden: Capitalism is alive and ‘very well’
Joe Biden has taken the podium to laugh off all the predictions of “doom and gloom” that electing him to office would bring about depression and the death to capitalism.
The US went from a low of creating 60,000 jobs per per month to 60,000 jobs every three days – in total, more than 600,000 jobs per month, or “more than 3 million jobs all told.”
“That is the fastest growth, I’m told, in any administration’s history,” Biden said.
“Six months into my administration, the US economy has experienced the highest economic growth rate in almost 40 years,” Biden said. “And now the forecasters have doubled their projections for growth in the economy to 7% or higher. In fact, the US is the only developed country in the world where growth projections today are stronger than they were before the pandemic hit.”
Updated
11:22
The Senate rules committee is holding its first field hearing in two decades today, discussing voting rights in Atlanta after Senate Republicans blocked the sweeping For the People Actlast month.
Amy Klobuchar (@amyklobuchar)
For the first time in two decades, the Senate Rules Committee is on the road to shine a light on what is actually happening in Georgia.
Georgians, like every American, deserve the right to vote. pic.twitter.com/6PfZX9f2uy
July 19, 2021
Senate minority leader Mitch McConnell categorized the hearing as the Democrats “bringing their own partisan circus to town”.
Craig Caplan (@CraigCaplan)
McConnell on Senate Rules Cmte field hearing today in Georgia on voting rights: “Democrats’ fake outrage may have driven jobs & opportunities out of the state of Georgia,but I’m sure Georgians will appreciate that Democrats are bringing their own partisan circus to town instead.”
July 19, 2021
11:00
Joe Biden is set to speak on the economy and the bipartisan infrastructure plan at 11.30 local time. CNN is reporting that the president will use this speech to counter concerns that his economic plan will accelerate inflation.
The speech comes with the bipartisan group working on the bipartisan infrastructure plan at odds over spending, and as Democrats hope to pass a $3.5tn human infrastructure bill alongside it – a bill Republicans are already balking at because of its size.
Biden will likely spend time during his remarks touting the more than 3 million new jobs created since he took office and unprecedented projected growth. But the speech comes
10:46
5 Texas Dems in Washington test positive for Covid
Texas Democrats made headlines when they fled the state for Washington to prevent quorum on a restrictive voting bill dubbed “Jim Crow 2.0” by the left.
Now, however, five of them have since tested positive for Covid-19. All the lawmakers have been vaccinated. “When my Texas House Democratic colleagues and I broke quorum to stop anti-voter legislation, we knew that tactic would come with real personal sacrifice,” said Texas state representative Trey Martinez Fischer in a statement.
However, he noted that he is experiencing “extremely mild symptoms” and is quarantining until he tests negative.
“Just as these new variants sweeping the country are more aggressive than ever, the wave of anti-voter legislation in this country is worse than we’ve seen in generations,” the lawmaker said. “That’s why, I will continue the fight for voting rights with every single fiber of my being.”
“That is the beauty of being vaccinated,” said Democratic Texas state representative Gene Wu. “Every single person who has tested positive so far have little to no symptoms, which is the point of the vaccine. If nothing else, we want this to be a reminder to all Americans: get your stupid shot now.”
Gene Wu (@GeneforTexas)
“All of our #txlege colleagues who tested positive are having little to no symptoms. Which is the point, get your vaccines!”
Thanks @MSNBC for having me on to talk about #VotingRightsAct & #covid19. pic.twitter.com/k9pF0rfIH3
July 18, 2021
10:30
Biden and Democrats push for infrastructure
This week marks six months that Democrats have held the majority in the Senate, and it kicks off with a lot of legislating on the joint pieces of infrastructure legislation that Joe Biden hopes to pass.
To recap: We have the $1.2tn bipartisan infrastructure deal focused on improving roads, bridges and public transit that Democrats worked out with Republicans. Then we have the $3.5tn human infrastructure bill focused on improving social services and environmental measures.
Republicans were upset over the bundling of the two bills after the lengthy negotiating over the bipartisan deal. In particular, they balked at the size of the human infrastructure bill. In an interview on Fox News’s Sunday Morning Futures, Republican senator Lindsey Graham said he would advise his fellow Republicans to “learn something from our Democratic friends in Texas when it comes to avoiding a $3.5tn tax and spend package: Leave town.” Graham, of course, is referencing how Texas Democrats thwarted a restricting voting bill by fleeing the state and preventing quorum.
But first: the bipartisan deal. The Senate majority leader, Chuck Schumer, is expected to file cloture today on the bipartisan infrastructure bill, in an attempt to speed things up so that Democrats can then turn their focus on passing the human infrastructure bill.
Cloture is basically the procedure for ending debate and taking a vote. Yet senators in the bipartisan group that came up with the plan spent the weekend trying to solve a $100bn hole that arose after Republicans took issue with plans to beef up IRS enforcement, Politico is reporting.
“How can I vote for cloture when the bill isn’t written?” the Republican senator Bill Cassidy said on Fox News Sunday.
10:13
Secretary of state Antony Blinken has issued a statement on the People’s Republic of China and its “destabilizing and irresponsible behavior in cyberspace.”
This is in regards to the Microsoft hack that resulted in the Department of Justice filing charges against the four Chinese nationals working for the Ministry of State Security.
“Responsible states do not indiscriminately compromise global network security nor knowingly harbor cyber criminals – let alone sponsor or collaborate with them,” Blinken said. “These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the (Ministry of State Security) had them on its payroll.”
Stephanie Myers (@_StephanieMyers)
NEW: Secretary of State Antony Blinken releases statement regarding China’s destabilizing and irresponsible behavior in cyberspace pic.twitter.com/Q7tJnApROj
July 19, 2021
10:13
DoJ charges four Chinese nationals in Microsoft hack
Howdy, liveblog readers. Happy Monday.
The Biden administration has joined with allies – including the EU, the UK and Nato – in accusing Chinese state-based hacking groups of being behind the exploitation of an estimated 250,000 Microsoft Exchange servers worldwide earlier this year.
The US Department of Justice charged four Chinese nationals working with the ministry of state security of the People’s Republic of China with global computer intrusion campaign targeting intellectual property and confidential business information.
Raphael Satter (@razhael)
There are several ways to read this, but one is pretty chilling.
DOJ says Chinese hackers were targeting research on highly infectious diseases including Ebola, MERS, and HIV.https://t.co/IERd6doOBf pic.twitter.com/PTGX8KDCdi
July 19, 2021
The White House said China’s “pattern of irresponsible behavior in cyberspace” was “inconsistent with its stated objective of being seen as a responsible leader in the world”.
More to come on this and more from Washington today.
WASHINGTON—The Biden administration Monday publicly blamed hackers affiliated with China’s main intelligence service for a far-reaching cyberattack on Microsoft Corp. email software this year, part of a global effort to condemn Beijing’s malicious cyber activities.
In addition, four Chinese nationals, including three intelligence officers, were indicted over separate hacking activity.
The U.S. government has “high confidence” that hackers tied to the Ministry of State Security, or MSS, carried out the unusually indiscriminate hack of Microsoft Exchange Server software that emerged in March, senior officials said.
“The United States and countries around the world are holding the People’s Republic of China (PRC) accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security,” Secretary of State
Antony Blinken
said. The MSS, he added, had “fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain.”
The U.K. and European Union joined in the attribution of the Microsoft email hack, which rendered an estimated hundreds of thousands of mostly small businesses and organizations vulnerable to cyber intrusion. But the public shaming did not include punitive measures, such as sanctions or diplomatic expulsions, a contrast with how the administration recently punished Russia for a range of alleged malicious cyber activity.
The U.S.-led announcement is the most significant action from the Biden administration to date concerning China’s yearslong campaign of cyberattacks against the U.S. government and American companies, often involving routine nation-state espionage and the theft of valuable intellectual property such as naval technology and coronavirus-vaccine data.
The Microsoft hack made an estimated hundreds of thousands of mostly small businesses and organizations vulnerable to cyber intrusion.
Photo:
Steven Senne/Associated Press
The Justice Department made public Monday a grand jury indictment from May that charged four Chinese nationals and residents working with the Ministry of State Security of being engaged in a hacking campaign from 2011 to 2018 intended to benefit China’s companies and commercial sectors by stealing intellectual property and business information. The indictment didn’t appear directly related to the Microsoft Exchange Server breach, but accused the hackers of stealing information from companies and universities about Ebola virus research and other topics to benefit the Chinese government and Chinese companies.
Attributing the Microsoft hack to China was part of a broader global censure Monday of Beijing’s cyberattacks by the U.S., the European Union, the U.K., Canada, Australia, New Zealand, Japan and the North Atlantic Treaty Organization, or NATO. While statements varied, the international cohort generally called out China for engaging in harmful cyber activity, including intellectual property theft. Some accused the MSS of using criminal contractors to conduct unsanctioned cyber operations globally, including for their own personal profit.
U.S. authorities have accused China of widespread hacking targeting American businesses and government agencies for years. China has historically denied the allegations. A spokesman for the Chinese Embassy in Washington didn’t immediately respond to a request for comment.
The Exchange Server hack was disclosed by Microsoft in March alongside a software patch to fix the bugs being exploited in the attack. Microsoft at the time identified the culprits as a Chinese cyber-espionage group with state ties that it refers to as Hafnium, an assessment that was supported by other cybersecurity researchers. The Biden administration hadn’t offered attribution until now, and is essentially agreeing with the conclusions of the private sector and providing a more detailed identification.
The attack on the Exchange Server systems began slowly and stealthily in early January by hackers who in the past had targeted infectious-disease researchers, law firms and universities, according to cybersecurity officials and analysts. But the operational tempo appeared to intensify as other China-linked hacking groups became involved, infecting thousands of servers as Microsoft worked to send its customers a software patch in early March.
Also on Monday, the National Security Agency, Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency jointly published technical details of more than 50 tactics and techniques favored by hackers linked to the Chinese government, the official said. The release of such lists is common when the U.S. exposes or highlights malicious hacking campaigns and is intended to help businesses and critical infrastructure operators better protect their computer systems.
“
‘Failure to sanction any PRC-affiliated actors has been one of the most prolific and baffling failures of our China policy that has transcended administrations.’ ”
— Dmitri Alperovitch, Silverado Policy Accelerator
Cybersecurity experts have been pressing the Biden administration for months to respond to China’s alleged involvement in the Microsoft email hack. Cybersecurity expert
Dmitri Alperovitch,
with the Silverado Policy Accelerator think tank, said the coordinated global condemnation of China was a welcome and overdue development.
“The Microsoft Exchange hacks by MSS contractors is the most reckless cyber operation we have yet seen from the Chinese actors—much more dangerous than the Russian
SolarWinds
hacks,” said Mr. Alperovitch, referring to the widespread cyber-espionage campaign detected last December that, along with other alleged activities, prompted a suite of punitive measures against Moscow.
Mr. Alperovitch criticized the lack of any sanctions being levied against China and said it raised questions about why Beijing appeared to be evading harsher penalties, especially compared with those slapped on Russia.
“Failure to sanction any PRC-affiliated actors has been one of the most prolific and baffling failures of our China policy that has transcended administrations,” Mr. Alperovitch said, referring to the People’s Republic of China. Monday’s public shaming without further punishment “looks like a double standard compared with actions against Russian actors. We treat China with kid gloves.”
The senior administration official said the Biden administration was aware that no single action was capable of changing the Chinese government’s malicious cyber behavior, and that the focus was on bringing countries together in a unified stance against Beijing. The list of nations condemning China on Monday was “unprecedented,” the official said, noting it was the first time NATO itself had specifically done so.
Newsletter Sign-up
Capital Journal
Scoops, analysis and insights driving Washington from the WSJ’s D.C. bureau.
“We’ve made clear that we’ll continue to take actions to protect the American people from malicious cyber activity, no matter who’s responsible,” the official said. “And we’re not ruling out further actions to hold the PRC accountable.”
The new indictment said that members of a provincial branch of China’s intelligence service in the southern Hainan Province created a front company that described itself as an information security company and directed its employees to hack dozens of victims in the U.S., Austria, Cambodia and several other countries.
The defendants, three of whom are described as intelligence officers, aren’t in U.S. custody. Some cybersecurity experts have said indictments against foreign state-backed hackers often have little impact, because the accused are rarely brought before an American courtroom. U.S. officials have defended the practice, saying it helps convince allied governments, the private sector and others about the scope of the problem.
The group is accused of hacking into dozens of schools, companies, and government agencies around the world, ranging from a research facility in California and Florida focused on virus treatments and vaccines, to a Swiss chemicals company that produces maritime paints, to a Pennsylvania university with a robotics engineering program and the National Institutes of Health, to two Saudi Arabian government ministries. The companies and universities aren’t named in the indictment.
The hackers allegedly used fake spear-phishing emails and stored stolen data on GitHub, the indictment said. They coordinated with professors at a Chinese university, including to identify and recruit hackers for their campaign, it said. The alleged NIH breach dates to August 2013, the indictment said.
The Microsoft Hack
More WSJ coverage of Exchange Server cyberattack, selected by the editors.
Write to Dustin Volz at dustin.volz@wsj.com and Aruna Viswanatha at Aruna.Viswanatha@wsj.com
With ransomware attacks on the rise—and compromised passwords to blame for some of the hackings—there’s no better time to review your personal security practices.
It all starts with how you create and store passwords.
You may have read a thing or two about password managers, perhaps in my previous column on the subject.
This software can create strong randomized passwords, then remember them for you, and they can auto-fill credentials, simplifying the login process. Having unique passwords is critical to your online security: Around 25% of security breaches in 2020 involved the use of stolen usernames and passwords, according to a Verizon report published in May.
Businesses across the US rushed on Saturday to contain a ransomware attack that paralyzed computer networks around the world, a situation complicated in the US by offices being lightly staffed at the start of the Fourth of July weekend.
In Sweden, most of the grocery chain Coop’s 800 stores were unable to open because cash registers weren’t working, according to the public broadcaster. State railways and a major pharmacy chain were also affected.
Cybersecurity experts said the REvil gang, a major Russian-speaking ransomware syndicate, appeared to be behind the attack that targeted a software supplier called Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers.
The privately held Kaseya is based in Dublin with a US headquarters in Miami.
The US federal Cybersecurity and Infrastructure Security Agency (Cisa) said it was closely monitoring the situation and working with the FBI. Cisa urged anyone who might be affected to “follow Kaseya’s guidance to shut down virtual system administrator servers immediately”.
The FBI linked REvil to an attack on JBS SA, a major global meat processor, over the Memorial Day holiday weekend in May. Active since April 2019, the group provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms.
The Brazil-based meat company said it paid the equivalent of a $11m ransom to the hackers, escalating calls by US law enforcement to bring such groups to justice.
Kaseya’s chief executive, Fred Voccola, said the company believed it had identified the source of the vulnerability and would “release that patch as quickly as possible to get our customers back up and running”.
John Hammond of the security firm Huntress Labs said he was aware of a number of managed-services providers – companies that host IT infrastructure – being hit by the ransomware, which encrypts networks until the victims pay off attackers.
“It’s reasonable to think this could potentially be impacting thousands of small businesses,” said Hammond.
Voccola said fewer than 40 Kaseya customers were known to be affected, but the ransomware could still be affecting hundreds more companies that rely on Kaseya clients that provide broader IT services.
Voccola said the problem was only affecting “on-premise” customers, organizations running their own data centers. It was not affecting cloud-based services running software for customers, though Kaseya shut down those servers as a precaution, he said.
The company said “customers who experienced ransomware and receive a communication from the attackers should not click on any links – they may be weaponised”.
A Gartner analyst, Katell Thielemann, said it was clear Kaseya “reacted with an abundance of caution. But the reality of this event is it was architected for maximum impact, combining a supply chain attack with a ransomware attack.”
Supply chain attacks infiltrate widely used software and spread malware as it updates automatically. Complicating the response this time is that the Kaseya attack happened at the start of a major holiday weekend in the US, when most corporate IT teams are not fully staffed.
That could leave organizations unable to address other security vulnerabilities, such as a dangerous Microsoft bug affecting software for print jobs, said James Shank, a threat intelligence analyst.
“Customers of Kaseya are in the worst possible situation,” he said. “They’re racing against time to get the updates out on other critical bugs.”
Shank said “it’s reasonable to think that the timing was planned” for the holiday.
It was probably inevitable that the two dominant cybersecurity threats of the day— supply chain attacks and ransomware—would combine to wreak havoc. That’s precisely what happened Friday afternoon, as the notorious REvil criminal group successfully encrypted the files of hundreds of businesses in one swoop, apparently thanks to compromised IT management software. And that’s only the very beginning.
The situation is still developing and certain details—most important, how the attackers infiltrated the software in the first place—remain unknown. But the impact has already been severe and will only get worse given the nature of the targets. The software in question, Kaseya VSA, is popular among so-called managed service providers, which provide IT infrastructure for companies that would rather outsource that sort of thing than run it themselves. Which means that if you successfully hack an MSP, you suddenly have access to its customers. It’s the difference between cracking safe-deposit boxes one at a time and stealing the bank manager’s skeleton key.
So far, according to security company Huntress, REvil has hacked eight MSPs. The three that Huntress works with directly account for 200 businesses that found their data encrypted Friday. It doesn’t take much extrapolation to see how much worse it gets from there, especially given Kaseya’s ubiquity.
“Kaseya is the Coca-Cola of remote management,” says Jake Williams, chief technology officer of the incident response firm BreachQuest. “Because we’re going into a holiday weekend, we won’t even know how many victims are out there until Tuesday or Wednesday of next week. But it’s monumental.”
Worst of Both Worlds
MSPs have long been a popular target, particularly of nation-state hackers. Hitting them is a terrifically efficient way to spy, if you can manage it. As a Justice Department indictment showed in 2018, China’s elite APT10 spies used MSP compromises to steal hundreds of gigabytes of data from dozens of companies. REvil has targeted MSPs before, too, using its foothold into a third-party IT company to hijack 22 Texas municipalities at once in 2019.
Supply chain attacks have become increasingly common as well, most notably in the devastating SolarWinds campaign last year that gave Russia access to multiple US agencies and countless other victims. Like MSP attacks, supply chain hacks also have a multiplicative effect; tainting one software update can yield hundreds of victims.
You can start to see, then, why a supply chain attack that targets MSPs has potentially exponential consequences. Throw system-crippling ransomware into the mix, and the situation becomes even more untenable. It brings to mind the devastating NotPetya attack, which also used a supply chain compromise to spread what at first seemed like ransomware but was really a nation-state attack perpetrated by Russia. A more recent Russian campaign comes to mind as well.
“This is SolarWinds, but with ransomware,” says Brett Callow, a threat analyst at antivirus company Emsisoft. “When a single MSP is compromised, it can impact hundreds of end users. And in this case it seems that multiple MSPs have been compromised, so …”
BreachQuest’s Williams says that REvil appears to be asking victim companies for the equivalent of roughly $45,000 in the cryptocurrency Monero. If they fail to pay within a week, the demand doubles. Security news site BleepingComputer reports that REvil has asked some victims for $5 million for a decryption key that unlocks “all PCs of your encrypted network,” which may be targeted to MSPs specifically rather than their clients.
“We often talk about MSPs being the mother ship for many small-to-medium business and organizations,” says John Hammond, senior security researcher at Huntress. “But if Kaseya is what is hit, bad actors just compromised all of their mother ships.”