Cyberattacks and Hackers

Subterms

    Latest story

    88 Shares159 Views

    China’s Hacking Reached Deep Into U.S. Telecoms

    by

    The chairman of the Senate Intelligence Committee said hackers listened to phone calls and read texts by exploiting aging equipment and seams in the networks that connect systems.China’s recent breach of the innermost workings of the U.S. telecommunications system reached far deeper than the Biden administration has described, the chairman of the Senate Intelligence Committee said on Thursday, with hackers able to listen in on telephone conversations and read text messages.“The barn door is still wide open, or mostly open,” the Democratic chairman, Senator Mark Warner of Virginia, a former telecommunications executive, said in an interview on Thursday.Mr. Warner said he had been stunned by the scope and depth of the breach, which was engineered over the past year by a group linked to Chinese intelligence that has been named Salt Typhoon by Microsoft, whose cybersecurity team discovered the hack in the summer. Government officials have been struggling to understand what China obtained and how it might have been able to monitor conversations held by a number of well-connected Americans, including President-elect Donald J. Trump and Vice President-elect JD Vance.At first, the F.B.I. and other investigators believed that China’s hackers used stolen passwords to focus mostly on the system that taps telephone conversations and texts under court orders. It is administered by a number of the nation’s telecommunications firms, including the three largest — Verizon, AT&T and T-Mobile. But in recent days, investigators have discovered how deeply China’s hackers had moved throughout the country by exploiting aging equipment and seams in the networks connecting disparate systems.U.S. officials said that since the hack was exposed, the Chinese intruders had seemingly disappeared, suspending their intrusion so their full activity could not be discovered. But Mr. Warner said it would be wrong to conclude that the Chinese had been ousted from the nation’s telecommunications system, or that investigators even understood how deeply they were embedded.“We’ve not found everywhere they are,” Mr. Warner said.The committee has received briefings from the government on the hack, and Mr. Warner has had conversations with telecommunications executives.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    More stories

    • 138 Shares189 Views

      in Elections

      Georgia secretary of state fends off cyberattack targeting absentee ballot website.

      by

      Georgia’s secretary of state warded off a cybersecurity threat this month against what was most likely an attack by a foreign country targeting its website that voters can use to request absentee ballots.An unusual spike in users on the site appeared to be an attempt to shut it down. There were ultimately no disruptions to absentee ballot access. State and local election officials have faced increasing threats, both to their operations and physical safety, that have made the otherwise mundane, bureaucratic work of election management increasingly risky.The secretary of state’s office thwarted a sudden rise in users trying to access the site on Oct. 14, a tactic sometimes used by hackers to send a website offline by overwhelming it with requests, WSB-TV, a broadcaster in Atlanta, reported. A spokesman for the Georgia secretary of state confirmed this reporting.“We saw a spike of around 420,000 individual entities attempting to access the absentee ballot portal,” Gabe Sterling, an official in the secretary of state’s office, told WSB-TV. “We identified it and attempted to mitigate it immediately, and you see it start to drop back down.”Mr. Sterling also said that the attack may have come from a foreign country, although details were not clear.This is not the first cybersecurity threat Georgia election officials have faced. In 2022, a group of allies to former President Donald J. Trump tried to access voter data in Coffee County. The county also faced its own cybersecurity attack this year, according to CNN. Poll workers have faced threats of violence around the country. More

    • 150 Shares179 Views

      in Elections

      Commuters See ‘Islamophobic’ Message in Cyber Attack on Public Wi-Fi, Authorities Say

      by

      The British authorities are investigating after commuters at 19 train stations saw an Islamophobic message when they tried to log on to a public Wi-Fi system.The British authorities are investigating a cyberattack on Wednesday that they said displayed an anti-Muslim message on a public Wi-Fi system serving more than a dozen train stations around the country.Commuters who connected to a Wi-Fi service at stations for Network Rail, Britain’s national rail operator, were met with “Islamophobic messaging,” according to the British Transport Police, who oversee law enforcement on British rail networks. The police said they had received reports of the cyberattack just after 5 p.m. local time, and that they were leading an investigation into the incident. The service was quickly taken down, Network Rail said, and would remain down until security checks were completed.The issue emerged at 19 stations across Britain, including major transportation hubs in London, Edinburgh, Glasgow, Bristol and other cities, a spokesman for Network Rail said in a statement.Commuters attempting to log onto Wi-Fi at the stations were met with a webpage that said “We love you, Europe,” along with information related to terror attacks in Europe, The Manchester Evening News reported.The Wi-Fi was a “click-and-connect” service that did not collect any personal data and was operated by a third-party company, Telent, Network Rail’s statement said.Telent, a technology and communications company, on Thursday pointed to Global Reach, a provider that ran the Wi-Fi service’s landing page. Telent said in a statement that it had found that an “unauthorized change was made to the Network Rail landing page from a legitimate Global Reach administrator account.”British Transport Police were investigating the matter as a criminal case, Telent said, and no personal data was affected by the incident. But, as a precaution, it said, it had temporarily suspended all use of Global Reach services to confirm that none of its other customers had been impacted.Global Reach did not immediately respond to requests for comment on Thursday.Britain’s crime and cybersecurity agencies were also helping with the investigation, the Transport Police said on Thursday.The disruption follows another “cybersecurity incident” on Sept. 1 that targeted Transport for London, the agency that runs the city’s public transit network, in which hackers accessed the contact details of the agency’s customers, and potentially could view bank account details for some commuters. The cyberattack also affected the broadcasting of live train schedules online and payment systems.A 17-year-old was arrested in Walsall, a town in the West Midlands county of England, as part of the investigation into that attack, cybercrime authorities said this month. More

    • 100 Shares119 Views

      in Elections

      After CrowdStrike Causes Outage, Are U.S. Networks Safe?

      by

      With each cascade of digital disaster, new vulnerabilities emerge. The latest chaos wasn’t caused by an adversary, but it provided a road map of American vulnerabilities at a critical moment.In the worst-case scenarios that the Biden administration has quietly simulated over the past year or so, Russian hackers working on behalf of Vladimir V. Putin bring down hospital systems across the United States. In others, China’s military hackers trigger chaos, shutting down water systems and electric grids to distract Americans from an invasion of Taiwan.As it turned out, none of those grim situations caused Friday’s national digital meltdown. It was, by all appearances, purely human error — a few bad keystrokes that demonstrated the fragility of a vast set of interconnected networks in which one mistake can cause a cascade of unintended consequences. Since no one really understands what is connected to what, it is no surprise that such episodes keep happening, each incident just a few degrees different from the last.Among Washington’s cyberwarriors, the first reaction on Friday morning was relief that this wasn’t a nation-state attack. For two years now, the White House, the Pentagon and the nation’s cyberdefenders have been trying to come to terms with “Volt Typhoon,” a particularly elusive form of malware that China has put into American critical infrastructure. It is hard to find, even harder to evict from vital computer networks and designed to sow far greater fear and chaos than the country saw on Friday.Yet as the “blue screen of death” popped up from the operating rooms of Massachusetts General Hospital to the airline management systems that keep planes flying, America got another reminder of the halting progress of “cyber resilience.” It was a particularly bitter discovery then that a flawed update to a trusted tool in that effort — CrowdStrike’s software to find and neutralize cyberattacks — was the cause of the problem, not the savior.Only in recent years has the United States gotten serious about the problem. Government partnerships with private industry were put together to share lessons. The F.B.I. and the National Security Agency, along with the Cybersecurity and Infrastructure Security Agency at the Homeland Security Department, issue bulletins outlining vulnerabilities or blowing the whistle on hackers.President Biden even created a Cyber Safety Review Board that looks at major incidents. It is modeled on the National Transportation Safety Board, which reviews airplane and train accidents, among other disasters, and publishes “lessons learned.”We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 163 Shares129 Views

      in Elections

      Are You an AT&T Customer? Here’s What to Know About the Data Breach

      by

      Nearly all AT&T customers were affected by a recent cyberattack.Nearly all customers of the telecommunications company AT&T were affected by a cyberattack that exposed phone records of calls and texts from May 2022 through October 2022, and on Jan. 2, 2023, the company said Friday.Although the company said the breach did not expose the contents of calls or texts or information such as Social Security numbers, passwords or other personally identifiable information, the information that was exposed can still threaten customers’ security.If you are an AT&T customer, here is what you need to know about the breach.How do I know if my records were exposed?AT&T will contact you by text, email or U.S. mail if your account was affected by the cyberattack, the company said.But AT&T also said that “nearly all” customers had been affected by the breach. So if you were a customer from May 1, 2022, to Oct. 31, 2022, or on Jan. 2, 2023, your phone logs were most likely exposed.What was exposed?The phone numbers that you texted and called, as well as how frequently you interacted with them, were exposed by the breach, the company said.Customers’ personal details, such as Social Security numbers and dates of birth, were not exposed. Nor were the contents of the calls and texts. Although customers’ names were not exposed by the breach, “there are often ways to find a name associated with a phone number using publicly available online tools,” AT&T said.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 88 Shares159 Views

      in Elections

      Auto Sales Grew Slightly in Second Quarter

      by

      High interest rates, economic uncertainty and a cyberattack appear to have dampened sales in the three months between April and June.Most automakers on Tuesday, with the exception of Tesla, reported modest sales growth in the three months between April and June as high interest rates, persistently high vehicles prices, and uncertainty about the economy and the coming presidential election weighed on consumers.Sales in late June were also slowed by disruptions at car dealers stemming from a cyberattack on a company that supplies software and data services to dealerships.Cox Automotive, a market research firm, estimated that 4.1 million new cars and trucks were sold in the second quarter, up a little more from the same period in 2023. In the first six months of 2024, 7.9 million new vehicles were sold, an increase of 3 percent from the first half of last year, Cox said.Slow growth is likely to continue through the rest of the year, with consumers delaying big-ticket purchases until after the election, said Jonathan Smoke, Cox’s chief economist. “The market is roiled by uncertainty,” he said. “We probably can’t quite keep the pace of sales of the first half, but we aren’t expecting a collapse in sales, either.”Cox has forecast 15.9 million new cars and trucks will be sold this year. That would be an increase from the 15.5 million that were sold last year, but still well below the 17 million vehicles sold annually before the pandemic.General Motors said on Tuesday that it sold nearly 700,000 cars and light trucks in the United States in the second quarter, an increase of less than 1 percent from the same period last year. The company said it was its highest quarterly total since the fourth quarter of 2020.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 88 Shares179 Views

      in Elections

      Ransomware Group Claims Responsibility for Christie’s Hack

      by

      The hacking group RansomHub is threatening to release “sensitive personal information” about the auction house’s clients.A hacker group called RansomHub said it was behind the cyberattack that hit the Christie’s website just days before its marquee spring sales began, forcing the auction house to resort to alternatives to online bidding.In a post on the dark web on Monday, the group claimed that it had gained access to sensitive information about the world’s wealthiest art collectors, posting only a few examples of names and birthdays. It was not immediately possible to verify RansomHub’s claims, but several cybersecurity experts said they were a known ransomware operation and that the claim was plausible. Nor was it clear if the hackers had gained access to more sensitive information, including financial data and client addresses. The group said it would release the data, posting a countdown timer that would reach zero by the end of May.At Christie’s, a spokesman said in a statement, “Our investigations determined there was unauthorized access by a third party to parts of Christie’s network.” The spokesman, Edward Lewine, said that the investigations “also determined that the group behind the incident took some limited amount of personal data relating to some of our clients.” He added, “There is no evidence that any financial or transactional records were compromised.”Hackers said that Christie’s failed to pay a ransom when one was demanded.“We attempted to come to a reasonable resolution with them but they ceased communication midway through,” the hackers wrote in their dark web post, which was reviewed by a New York Times reporter. “It is clear that if this information is posted they will incur heavy fines from GDPR as well as ruining their reputation with their clients.”GDPR, the General Data Protection Regulation, is an information privacy law in the European Union that requires companies to disclose when cyberattacks might have compromised the sensitive data of clients. Noncompliance with the law includes potential fines on companies that can rise to more than $20 million.Cybersecurity experts said that RansomHub has emerged in recent months as an especially powerful ransomware group with possible connections to ALPHV, a network of Russian-speaking extortionists blamed for a cyberattack on Change Healthcare earlier this year. Hackers in that case appeared to receive a $22 million payment from the company’s owner, UnitedHealth Group, though United never admitted to sending the money. In April, RansomHub listed Change Healthcare as one of its victims and claimed to be holding onto four terabytes of stolen data.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 138 Shares169 Views

      in Elections

      U.K. to Accuse China of Cyberattacks Targeting Voter Data and Lawmakers

      by

      The British government believes China has overseen two separate hacking campaigns, including one that yielded information from 40 million voters.The British government is expected to publicly link China to cyberattacks that compromised the voting records of tens of millions of people, another notable hardening of Britain’s stance toward China since its leaders heralded a “golden era” in British-Chinese relations nearly a decade ago.The deputy prime minister, Oliver Dowden, will make a statement about the matter in Parliament on Monday afternoon, and is expected to announce sanctions against state-affiliated individuals and entities implicated in the attacks.The government disclosed the attack on the Electoral Commission last year but did not identify those behind it. It is believed to have begun in 2021 and lasted several months, with the personal details of 40 million voters being hacked.The Electoral Commission, which oversees elections in the United Kingdom, said that the names and addresses of anyone registered to vote in Britain and Northern Ireland between 2014 and 2022 had been accessed, as well as those of overseas voters.The commission previously said that the data contained in the electoral registers was limited and noted that much of it was already in the public domain. However, it added that it was possible the data “could be combined with other data in the public domain, such as that which individuals choose to share themselves, to infer patterns of behavior or to identify and profile individuals.”In addition to the infiltration of the Electoral Commission, Mr. Dowden is expected to confirm that the Chinese targeted several members of Parliament with a record of hawkish statements about China. They include Iain Duncan-Smith, a former leader of the Conservative Party; Tim Loughton, a former Conservative education minister; and Stewart McDonald, a member of the Scottish National Party.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More

    • 138 Shares99 Views

      in Elections

      U.S. Hits Back at Iran With Sanctions, Criminal Charges and Airstrikes

      by

      In the hours before the United States carried out strikes against Iran-backed militants on Friday, Washington hit Tehran with more familiar weapons: sanctions and criminal charges.The Biden administration imposed sanctions on officers and officials of the Islamic Revolutionary Guards Corps, Iran’s premier military force, for threatening the integrity of water utilities and for helping manufacture Iranian drones. And it unsealed charges against nine people for selling oil to finance the militant groups Hamas and Hezbollah.The timing seemed designed to pressure the Revolutionary Guards and its most elite unit, the Quds Force, at a moment of extraordinary tension in the Middle East. Although the sanctions have been brewing for some time and the charges were filed earlier under seal, the region has been in turmoil for months.The actions are part of a coordinated governmentwide effort to disrupt Iran’s efforts to use illicit oil sales to fund terrorism, and to push back on the country’s increasingly capable offensive cyberoperations. In the 15 years since the United States mounted a major cyberattack on Iran’s nuclear facilities, the country has trained a generation of hackers and struck back at Israel, Saudi Arabia and the United States, among others. Two American officials said the United States conducted cyberoperations against Iranian targets on Friday but declined to provide details.The effects of sanctions and indictments are hard to measure. Few Iranian officers or officials keep assets in Western banks or travel to the United States, meaning the sanctions may have little practical effect. While the indictments and sanctions have a psychological element, demonstrating to Iranians and their business associates around the world that Western intelligence agencies are often tracking their movements and their transactions, actual arrests and trials are infrequent.“The reason that we bring these cases is, we know that the money Iran obtains from the illicit sale of oil is used to fund its malign activities around the world,” Matthew G. Olsen, who heads the national security division of the Justice Department, said on Friday. “The threats posed by Iran and the destabilizing effects of its actions have only come into sharper relief since the attacks of Oct. 7,” the day of the Hamas attack on Israel that killed roughly 1,200 people.We are having trouble retrieving the article content.Please enable JavaScript in your browser settings.Thank you for your patience while we verify access. If you are in Reader mode please exit and log into your Times account, or subscribe for all of The Times.Thank you for your patience while we verify access.Already a subscriber? Log in.Want all of The Times? Subscribe. More