Cyberattacks and Hackers

Subterms

    Latest story

    138 Shares183 Views

    Georgia secretary of state fends off cyberattack targeting absentee ballot website.

    by

    Georgia’s secretary of state warded off a cybersecurity threat this month against what was most likely an attack by a foreign country targeting its website that voters can use to request absentee ballots.An unusual spike in users on the site appeared to be an attempt to shut it down. There were ultimately no disruptions to absentee ballot access. State and local election officials have faced increasing threats, both to their operations and physical safety, that have made the otherwise mundane, bureaucratic work of election management increasingly risky.The secretary of state’s office thwarted a sudden rise in users trying to access the site on Oct. 14, a tactic sometimes used by hackers to send a website offline by overwhelming it with requests, WSB-TV, a broadcaster in Atlanta, reported. A spokesman for the Georgia secretary of state confirmed this reporting.“We saw a spike of around 420,000 individual entities attempting to access the absentee ballot portal,” Gabe Sterling, an official in the secretary of state’s office, told WSB-TV. “We identified it and attempted to mitigate it immediately, and you see it start to drop back down.”Mr. Sterling also said that the attack may have come from a foreign country, although details were not clear.This is not the first cybersecurity threat Georgia election officials have faced. In 2022, a group of allies to former President Donald J. Trump tried to access voter data in Coffee County. The county also faced its own cybersecurity attack this year, according to CNN. Poll workers have faced threats of violence around the country. More

    More stories

    • 150 Shares179 Views

      in Elections

      Commuters See ‘Islamophobic’ Message in Cyber Attack on Public Wi-Fi, Authorities Say

      by

      The British authorities are investigating after commuters at 19 train stations saw an Islamophobic message when they tried to log on to a public Wi-Fi system.The British authorities are investigating a cyberattack on Wednesday that they said displayed an anti-Muslim message on a public Wi-Fi system serving more than a dozen train stations around the country.Commuters who connected to a Wi-Fi service at stations for Network Rail, Britain’s national rail operator, were met with “Islamophobic messaging,” according to the British Transport Police, who oversee law enforcement on British rail networks. The police said they had received reports of the cyberattack just after 5 p.m. local time, and that they were leading an investigation into the incident. The service was quickly taken down, Network Rail said, and would remain down until security checks were completed.The issue emerged at 19 stations across Britain, including major transportation hubs in London, Edinburgh, Glasgow, Bristol and other cities, a spokesman for Network Rail said in a statement.Commuters attempting to log onto Wi-Fi at the stations were met with a webpage that said “We love you, Europe,” along with information related to terror attacks in Europe, The Manchester Evening News reported.The Wi-Fi was a “click-and-connect” service that did not collect any personal data and was operated by a third-party company, Telent, Network Rail’s statement said.Telent, a technology and communications company, on Thursday pointed to Global Reach, a provider that ran the Wi-Fi service’s landing page. Telent said in a statement that it had found that an “unauthorized change was made to the Network Rail landing page from a legitimate Global Reach administrator account.”British Transport Police were investigating the matter as a criminal case, Telent said, and no personal data was affected by the incident. But, as a precaution, it said, it had temporarily suspended all use of Global Reach services to confirm that none of its other customers had been impacted.Global Reach did not immediately respond to requests for comment on Thursday.Britain’s crime and cybersecurity agencies were also helping with the investigation, the Transport Police said on Thursday.The disruption follows another “cybersecurity incident” on Sept. 1 that targeted Transport for London, the agency that runs the city’s public transit network, in which hackers accessed the contact details of the agency’s customers, and potentially could view bank account details for some commuters. The cyberattack also affected the broadcasting of live train schedules online and payment systems.A 17-year-old was arrested in Walsall, a town in the West Midlands county of England, as part of the investigation into that attack, cybercrime authorities said this month. More

    • 100 Shares119 Views

      in Elections

      After CrowdStrike Causes Outage, Are U.S. Networks Safe?

      by

      With each cascade of digital disaster, new vulnerabilities emerge. The latest chaos wasn’t caused by an adversary, but it provided a road map of American vulnerabilities at a critical moment.In the worst-case scenarios that the Biden administration has quietly simulated over the past year or so, Russian hackers working on behalf of Vladimir V. Putin bring down hospital systems across the United States. In others, China’s military hackers trigger chaos, shutting down water systems and electric grids to distract Americans from an invasion of Taiwan.As it turned out, none of those grim situations caused Friday’s national digital meltdown. It was, by all appearances, purely human error — a few bad keystrokes that demonstrated the fragility of a vast set of interconnected networks in which one mistake can cause a cascade of unintended consequences. Since no one really understands what is connected to what, it is no surprise that such episodes keep happening, each incident just a few degrees different from the last.Among Washington’s cyberwarriors, the first reaction on Friday morning was relief that this wasn’t a nation-state attack. For two years now, the White House, the Pentagon and the nation’s cyberdefenders have been trying to come to terms with “Volt Typhoon,” a particularly elusive form of malware that China has put into American critical infrastructure. It is hard to find, even harder to evict from vital computer networks and designed to sow far greater fear and chaos than the country saw on Friday.Yet as the “blue screen of death” popped up from the operating rooms of Massachusetts General Hospital to the airline management systems that keep planes flying, America got another reminder of the halting progress of “cyber resilience.” It was a particularly bitter discovery then that a flawed update to a trusted tool in that effort — CrowdStrike’s software to find and neutralize cyberattacks — was the cause of the problem, not the savior.Only in recent years has the United States gotten serious about the problem. Government partnerships with private industry were put together to share lessons. The F.B.I. and the National Security Agency, along with the Cybersecurity and Infrastructure Security Agency at the Homeland Security Department, issue bulletins outlining vulnerabilities or blowing the whistle on hackers.President Biden even created a Cyber Safety Review Board that looks at major incidents. It is modeled on the National Transportation Safety Board, which reviews airplane and train accidents, among other disasters, and publishes “lessons learned.”We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 163 Shares129 Views

      in Elections

      Are You an AT&T Customer? Here’s What to Know About the Data Breach

      by

      Nearly all AT&T customers were affected by a recent cyberattack.Nearly all customers of the telecommunications company AT&T were affected by a cyberattack that exposed phone records of calls and texts from May 2022 through October 2022, and on Jan. 2, 2023, the company said Friday.Although the company said the breach did not expose the contents of calls or texts or information such as Social Security numbers, passwords or other personally identifiable information, the information that was exposed can still threaten customers’ security.If you are an AT&T customer, here is what you need to know about the breach.How do I know if my records were exposed?AT&T will contact you by text, email or U.S. mail if your account was affected by the cyberattack, the company said.But AT&T also said that “nearly all” customers had been affected by the breach. So if you were a customer from May 1, 2022, to Oct. 31, 2022, or on Jan. 2, 2023, your phone logs were most likely exposed.What was exposed?The phone numbers that you texted and called, as well as how frequently you interacted with them, were exposed by the breach, the company said.Customers’ personal details, such as Social Security numbers and dates of birth, were not exposed. Nor were the contents of the calls and texts. Although customers’ names were not exposed by the breach, “there are often ways to find a name associated with a phone number using publicly available online tools,” AT&T said.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 88 Shares159 Views

      in Elections

      Auto Sales Grew Slightly in Second Quarter

      by

      High interest rates, economic uncertainty and a cyberattack appear to have dampened sales in the three months between April and June.Most automakers on Tuesday, with the exception of Tesla, reported modest sales growth in the three months between April and June as high interest rates, persistently high vehicles prices, and uncertainty about the economy and the coming presidential election weighed on consumers.Sales in late June were also slowed by disruptions at car dealers stemming from a cyberattack on a company that supplies software and data services to dealerships.Cox Automotive, a market research firm, estimated that 4.1 million new cars and trucks were sold in the second quarter, up a little more from the same period in 2023. In the first six months of 2024, 7.9 million new vehicles were sold, an increase of 3 percent from the first half of last year, Cox said.Slow growth is likely to continue through the rest of the year, with consumers delaying big-ticket purchases until after the election, said Jonathan Smoke, Cox’s chief economist. “The market is roiled by uncertainty,” he said. “We probably can’t quite keep the pace of sales of the first half, but we aren’t expecting a collapse in sales, either.”Cox has forecast 15.9 million new cars and trucks will be sold this year. That would be an increase from the 15.5 million that were sold last year, but still well below the 17 million vehicles sold annually before the pandemic.General Motors said on Tuesday that it sold nearly 700,000 cars and light trucks in the United States in the second quarter, an increase of less than 1 percent from the same period last year. The company said it was its highest quarterly total since the fourth quarter of 2020.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 88 Shares179 Views

      in Elections

      Ransomware Group Claims Responsibility for Christie’s Hack

      by

      The hacking group RansomHub is threatening to release “sensitive personal information” about the auction house’s clients.A hacker group called RansomHub said it was behind the cyberattack that hit the Christie’s website just days before its marquee spring sales began, forcing the auction house to resort to alternatives to online bidding.In a post on the dark web on Monday, the group claimed that it had gained access to sensitive information about the world’s wealthiest art collectors, posting only a few examples of names and birthdays. It was not immediately possible to verify RansomHub’s claims, but several cybersecurity experts said they were a known ransomware operation and that the claim was plausible. Nor was it clear if the hackers had gained access to more sensitive information, including financial data and client addresses. The group said it would release the data, posting a countdown timer that would reach zero by the end of May.At Christie’s, a spokesman said in a statement, “Our investigations determined there was unauthorized access by a third party to parts of Christie’s network.” The spokesman, Edward Lewine, said that the investigations “also determined that the group behind the incident took some limited amount of personal data relating to some of our clients.” He added, “There is no evidence that any financial or transactional records were compromised.”Hackers said that Christie’s failed to pay a ransom when one was demanded.“We attempted to come to a reasonable resolution with them but they ceased communication midway through,” the hackers wrote in their dark web post, which was reviewed by a New York Times reporter. “It is clear that if this information is posted they will incur heavy fines from GDPR as well as ruining their reputation with their clients.”GDPR, the General Data Protection Regulation, is an information privacy law in the European Union that requires companies to disclose when cyberattacks might have compromised the sensitive data of clients. Noncompliance with the law includes potential fines on companies that can rise to more than $20 million.Cybersecurity experts said that RansomHub has emerged in recent months as an especially powerful ransomware group with possible connections to ALPHV, a network of Russian-speaking extortionists blamed for a cyberattack on Change Healthcare earlier this year. Hackers in that case appeared to receive a $22 million payment from the company’s owner, UnitedHealth Group, though United never admitted to sending the money. In April, RansomHub listed Change Healthcare as one of its victims and claimed to be holding onto four terabytes of stolen data.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 138 Shares169 Views

      in Elections

      U.K. to Accuse China of Cyberattacks Targeting Voter Data and Lawmakers

      by

      The British government believes China has overseen two separate hacking campaigns, including one that yielded information from 40 million voters.The British government is expected to publicly link China to cyberattacks that compromised the voting records of tens of millions of people, another notable hardening of Britain’s stance toward China since its leaders heralded a “golden era” in British-Chinese relations nearly a decade ago.The deputy prime minister, Oliver Dowden, will make a statement about the matter in Parliament on Monday afternoon, and is expected to announce sanctions against state-affiliated individuals and entities implicated in the attacks.The government disclosed the attack on the Electoral Commission last year but did not identify those behind it. It is believed to have begun in 2021 and lasted several months, with the personal details of 40 million voters being hacked.The Electoral Commission, which oversees elections in the United Kingdom, said that the names and addresses of anyone registered to vote in Britain and Northern Ireland between 2014 and 2022 had been accessed, as well as those of overseas voters.The commission previously said that the data contained in the electoral registers was limited and noted that much of it was already in the public domain. However, it added that it was possible the data “could be combined with other data in the public domain, such as that which individuals choose to share themselves, to infer patterns of behavior or to identify and profile individuals.”In addition to the infiltration of the Electoral Commission, Mr. Dowden is expected to confirm that the Chinese targeted several members of Parliament with a record of hawkish statements about China. They include Iain Duncan-Smith, a former leader of the Conservative Party; Tim Loughton, a former Conservative education minister; and Stewart McDonald, a member of the Scottish National Party.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 138 Shares99 Views

      in Elections

      U.S. Hits Back at Iran With Sanctions, Criminal Charges and Airstrikes

      by

      In the hours before the United States carried out strikes against Iran-backed militants on Friday, Washington hit Tehran with more familiar weapons: sanctions and criminal charges.The Biden administration imposed sanctions on officers and officials of the Islamic Revolutionary Guards Corps, Iran’s premier military force, for threatening the integrity of water utilities and for helping manufacture Iranian drones. And it unsealed charges against nine people for selling oil to finance the militant groups Hamas and Hezbollah.The timing seemed designed to pressure the Revolutionary Guards and its most elite unit, the Quds Force, at a moment of extraordinary tension in the Middle East. Although the sanctions have been brewing for some time and the charges were filed earlier under seal, the region has been in turmoil for months.The actions are part of a coordinated governmentwide effort to disrupt Iran’s efforts to use illicit oil sales to fund terrorism, and to push back on the country’s increasingly capable offensive cyberoperations. In the 15 years since the United States mounted a major cyberattack on Iran’s nuclear facilities, the country has trained a generation of hackers and struck back at Israel, Saudi Arabia and the United States, among others. Two American officials said the United States conducted cyberoperations against Iranian targets on Friday but declined to provide details.The effects of sanctions and indictments are hard to measure. Few Iranian officers or officials keep assets in Western banks or travel to the United States, meaning the sanctions may have little practical effect. While the indictments and sanctions have a psychological element, demonstrating to Iranians and their business associates around the world that Western intelligence agencies are often tracking their movements and their transactions, actual arrests and trials are infrequent.“The reason that we bring these cases is, we know that the money Iran obtains from the illicit sale of oil is used to fund its malign activities around the world,” Matthew G. Olsen, who heads the national security division of the Justice Department, said on Friday. “The threats posed by Iran and the destabilizing effects of its actions have only come into sharper relief since the attacks of Oct. 7,” the day of the Hamas attack on Israel that killed roughly 1,200 people.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 138 Shares169 Views

      in Elections

      Your Thursday Briefing: Biden Vows Not to ‘Waver’ After NATO Summit

      by

      Also, Chinese hackers hit the State Department, ocean temperatures rise and Milan Kundera dies.President Volodymyr Zelensky and President Biden met yesterday.Doug Mills/The New York Times‘We will not waver,’ Biden says after the NATO summitPresident Biden concluded the meeting of NATO allies by comparing the battle to expel Russia from Ukraine with the Cold War struggle for freedom in Europe. “We will not waver,” he promised in a speech.Biden seemed to be preparing Americans and the allies for a confrontation that could go on for years. He cast the war, which has been going on for almost a year and a half, as a test of wills with President Vladimir Putin of Russia, who is intent on fighting. Biden insisted that NATO’s unity would hold.“Putin still wrongly believes he can outlast Ukraine,” Biden said, describing the Russian leader as a man who made a huge strategic mistake in invading a neighboring country. “After all this time, Putin still doubts our staying power. He is making a bad bet.”Ukraine: The alliance has formed a new council intended to give Ukraine an equal voice on issues related to its security alongside member states. China: Beijing criticized a NATO statement that accused it of a military expansion that threatens the West, saying that the alliance was still stuck in a Cold War mentality.Uncertainty in Russia’s top ranks: Gen. Sergei Surovikin, once a Wagner ally, hasn’t been seen publicly since the mutiny last month. A top lawmaker said he was “taking a rest.”Another top commander was killed in an airstrike in Ukraine. And a third former commander was gunned down while out on a jog.Microsoft said the hack was discovered last month.Gonzalo Fuentes/ReutersChinese hackers targeted the U.S. State DepartmentChinese hackers targeted specific State Department email accounts in the weeks before Secretary of State Antony Blinken traveled to China last month, U.S. officials said.The hack, which went undetected for a month, comes at a time of heightened diplomatic tensions between the countries. “The Biden administration is trying to reset relations with Beijing,” Julian Barnes, who covers national security for The Times, told me. “The U.S. does not want that dialogue to end. So there is an interest in downplaying this.”No classified email or cloud systems were said to have been breached, and the hack did not initially appear to be directly related to Blinken’s trip. Still, the attack was sophisticated.The hackers targeted specific accounts, instead of carrying out a broad-brush intrusion, which Chinese hackers are suspected of having done before. U.S. officials did not identify which accounts were targeted. The breach revealed a significant security gap in Microsoft’s cloud, where the U.S. government has been transferring data from internal servers.“We’ve had all these promises that the cloud is not only going to be just as secure, but that it will be more secure,” Julian said. “But here’s an example where basic security was breached and the information was stolen. That has opened us up to a new avenue of attack: Here is the first big cloud attack on the U.S. government email.”Tech: The Biden administration thinks it can slow China’s economic growth and its A.I. industry by cutting it off from semiconductor chips. The plan could handicap China for a generation, but if it backfires it could hasten the very future the U.S. wants to avoid.Elena ShaoAn ocean heat wave threatens marine lifeThe water surrounding Florida is much hotter than most swimming pools in the U.S. are right now. This could pose a severe risk to coral and marine life in the Gulf of Mexico and the Atlantic. But the real worry is that it’s only July: Corals usually experience the most heat stress in August and September.The maritime heat wave has pushed water temperatures into the 90s Fahrenheit, or above 32 Celsius. Surface temperatures in these waters are the hottest on record; some beachgoers in Florida even compared the ocean to bath water.The science: When the sea gets too hot, corals bleach, expelling the algae they eat. If waters don’t cool quickly enough, or if bleaching events happen in close succession, the corals die. That can lead to ripple effects across the ecosystem.THE LATEST NEWSAround the WorldPresident Mahmoud Abbas’s visit was widely reported as his first to Jenin in more than a decade.Nasser Nasser/Associated PressPresident Mahmoud Abbas of the Palestinian Authority visited Jenin, the West Bank city targeted by Israeli raids last week, in a show of authority.U.S. inflation cooled in June, offering good news for consumers and the Federal Reserve.Black women in Latin America are more likely to die during pregnancy or childbirth because of systemic medical racism and sexism, a U.N. report said.“Succession” got the most nominations for the Emmy Awards.Other Big StoriesA former Mozambican official accused in the $2 billion “tuna” scandal, a scheme that defrauded U.S. investors, was extradited to New York.The BBC staff member suspended on allegations of sexual misconduct was identified by his wife as Huw Edwards, an anchor on the network’s flagship nightly news program.International demand for drugs has unleashed a wave of violence in Ecuador that is unlike anything in the country’s recent history.Snow fell in Johannesburg for the first time in more than a decade.A Morning ReadBhuchung Sonam’s publishing ventures have printed dozens of books.Poras Chaudhary for The New York TimesBuchung Sonam fled Tibet in the 1980s. Later, he co-founded a publishing house for Tibetan writing, hoping literature could be a salve for other exiles.As Beijing tightens its crackdown on Tibet, detaining writers and intellectuals, many say Sonam’s press is helping Tibet’s literature become a proxy for the nation-state.“It’s not like I can live my life on Tibetan land,” said Tenzin Dickie, a writer and editor, “but I can live it in Tibetan literature.”ARTS AND IDEASMilan Kundera in 1984.Francois Lochon/Gamma-Rapho, via Getty ImagesMilan Kundera dies at 94“It’s hard to overstate how central Milan Kundera was, in the mid-1980s, to literary culture in America and elsewhere,” my colleague Dwight Garner writes in an appraisal of Kundera’s life.Kundera, who died in Paris this week at 94, wrote mordant, sexually charged novels that captured the suffocating absurdity of life. “The Unbearable Lightness of Being,” which was adapted into a film, is his most famous book.“He was the best-known Czech writer since Kafka,” Dwight continued, “and his fiction brought news of sophisticated Eastern European societies trembling under the threat of Soviet repression.”PLAY, WATCH, EATWhat to CookDavid Malosh for The New York Times. Food Stylist: Simon Andrews.Mix this Thai-style vegetable salad.What to WatchIn “Amanda,” a dark Italian comedy, a delusional graduate befriends an agoraphobic misanthrope.FashionMore men are baring their midriffs in crop tops.Tech TipHow does Meta’s Threads stack up against Twitter? Read our review.Now Time to PlayFill in the Mini Crossword, and a clue: Broke ground in a garden (four letters).Here are the Wordle and the Spelling Bee. You can find all our puzzles here.That’s it for today’s briefing. See you tomorrow! — AmeliaP.S. Alice Callahan will be our new nutrition reporter.“The Daily” is on the U.S. labor market.We’d love to hear from you. Write: briefing@nytimes.com. More