Hacking

Subterms

    More stories

    • 125 Shares199 Views

      in US Politics

      New York Times says it received hacked Trump campaign documents

      by

      The New York Times has confirmed it received the same or similar trove of Donald Trump presidential campaign documents as other media outlets did, after Microsoft confirmed that a “high-ranking official” at a presidential campaign was a hacking target.For the third US election in a row, hacked campaign information by a foreign power is now likely to feature as potential disruption. The Trump campaign has said its email systems were breached by hackers working for Iran.Politico reported getting emails from someone who identified themselves only as “Robert” and sent internal campaign communications and a 271-page-long research dossier on Trump’s running mate, the Ohio senator JD Vance, that was part of his vetting process. The news organisation said the Vance profile was “based on publicly available information”.On Monday, two Democratic lawmakers with experience on intelligence and security committees called for information about the latest breach to be released publicly.The California Democratic congressman Eric Swalwell posted on social media that he was seeking a briefing on the breach, and that while he considered Trump “the most despicable person ever to seek office” – someone who had also called for hacking in the past – “that doesn’t mean America ever tolerates foreign interference.”Adam Schiff, the Democrat of California, urged Department of Homeland Security officials to declassify information on the foreign nature of the hack.Schiff said the US intelligence community “moved much too slow to properly identity the hacking and dumping scheme carried out by Russia” in 2016 and “should act quickly here”.He also said that in that year: “The Trump campaign welcomed Russian interference, took advantage of it and then sought to deny it, much to the detriment of the country.”The Trump campaign’s announcement that its systems had been breached came after news organizations asked questions about Vance when he was a candidate for vice-president that appeared to come from internal vetting documents.The Washington Post said it had received a 271-page document marked “privileged & confidential” from an anonymous AOL customer known as Robert. Politico later said it had been receiving documents from someone who called themselves Robert since 22 July.Trump has said that only publicly available information was taken from its systems. “They were only able to get publicly available information but, nevertheless, they shouldn’t be doing anything of this nature,” he posted on Saturday evening. “Iran and others will stop at nothing.”A Trump campaign spokesman, Steven Cheung, said: “Any media or news outlet reprinting documents or internal communications are doing the bidding of America’s enemies and doing exactly what they want.”While Microsoft has not confirmed that the Trump campaign was the target, it has said that an Iranian group run by the Iranian Revolutionary Guards was behind a June attack on a presidential campaign.But the hack of the Trump campaign will serve as a warning that the last three months of the 2024 election could be as bumpy as the previous two elections. In 2016 the Hillary Clinton campaign was hacked, allegedly by Russian agents, and hundreds of emails were published by WikiLeaks. Twelve Russian military intelligence officers were later indicted for their alleged roles in interfering in the US election.In 2020, the contents of a laptop later confirmed as belonging to Hunter Biden were released and became subject of a controversy, not only for its salacious leaked content but for a letter signed by former intelligence officials claiming that the leak had all the hallmarks of a Russian disinformation campaign.On Saturday, a spokesman for the national security council said Joe Biden’s administration “strongly condemns any foreign government or entity who attempts to interfere in our electoral process or seeks to undermine confidence in our democratic institutions”. The FBI has yet to comment. More

    • 75 Shares119 Views

      in US Politics

      Philadelphia Inquirer severely disrupted by cyber-attack

      by

      The Philadelphia Inquirer is scrambling to restore its systems and resume normal operations after it became the latest major media organization to be targeted in a cyber-attack.With no regular Sunday newspaper and online stories also facing some delays, the cyber-attack has triggered the worst disruption to the Inquirer in decades.The attack aimed at Philadelphia’s paper of record has been reported to the FBI.Disruption to the Inquirer, the most read daily in Pennsylvania and the third-longest continuously serving newspaper in the US, comes as the city prepares for a mayoral primary election on Tuesday. The Inquirer’s offices are closed through at least Tuesday, and the company is looking for co-working space to serve as a makeshift newsroom for election night.It is unclear when normal editorial services will be restored.News organisations are increasingly being targeted by sophisticated cyber-attacks – as have government agencies, hospitals, universities and the business sector.In December, the Guardian was hit by a ransomware attack in which the personal data of staff in the UK and US was accessed. The print edition continued uninterrupted but the incident, which was probably triggered by a “phishing” attempt in which the victim is tricked – often through email – into downloading malware, forced the Guardian to close its offices for several months.The Los Angeles Times in 2018 was affected by a major ransomware attack in which a kind of malicious software that essentially paralyses a system – holding it to ransom – and demands payment to free the system.Few details about the attack on the Inquirer have been released to staff members or readers. It is unclear whether any personal data has been exposed, exactly which systems had been breached, or who was behind the attack and what motivations they had.In an email, the Inquirer’s publisher, Lisa Hughes. said “we are currently unable to provide an exact timeline” on when operations will be fully restored. “We appreciate everyone’s patience and understanding as we work to fully restore systems and complete this investigation as soon as possible.”Monday’s newspapers were printed albeit without any classified ads.The incident is the greatest publication disruption to the state’s largest news organisation since a blizzard shut operations down for two days in January 1996, the company said. More

    • 163 Shares109 Views

      in US Politics

      Sensitive personal data of US House and Senate members hacked, offered for sale

      by

      Sensitive personal data of US House and Senate members hacked, offered for saleBreach in the systems of DC Health Link, a health insurance company, led to 170,000 records being compromisedMembers of the House and Senate were informed Wednesday that hackers may have gained access to their sensitive personal data in a breach of a Washington, DC, health insurance marketplace. Employees of the lawmakers and their families were also affected.DC Health Link confirmed that data on an unspecified number of customers was affected and said it was notifying them and working with law enforcement. It said it was offering identity theft service to those affected and extending credit monitoring to all customers.Lawmaker who gave tours of Capitol will lead inquiry of January 6 panelRead moreThe FBI said it was aware of the incident and was assisting the investigation.A broker on an online crime forum claimed to have records on 170,000 DC Health Link customers and was offering them for sale for an unspecified amount. The broker claimed they were stolen Monday. The broker did not immediately respond to questions posed by the Associated Press on an encrypted chat site.It was not possible to confirm the number claimed. Sample stolen data was posted on the site for a dozen apparent customers. It included Social Security numbers, addresses, names of employers, phone numbers, emails and addresses. The AP reached one of the dozen by dialing a listed number.“Oh, my God,” the man said when informed the information was public. All 12 people listed work for the same company or are family members.In an email to all Senate email account holders, the sergeant at arms said it was informed that the stolen data included full names of the insured and family members but “no other personally identifiable information”,It recommended that anyone registered on the health insurance exchange freeze their credit to prevent identity theft.In an emailed statement, congressman Joe Morelle said House leadership was informed by Capitol police that DC Health Link “suffered an extraordinarily large data breach of enrollee information” that posed a “great risk” to members, employees and their family members. “At this time the cause, size and scope of the data breach impacting the DC Health Link still needs to be determined by the FBI,” Morelle said.The hack follows several recent breaches affecting US agencies. Hackers broke into a US marshals service computer system and activated ransomware on 17 February after stealing personally identifiable data about agency employees and targets of investigations.An FBI computer system was breached at the bureau’s New York field office, CNN reported in mid-February. Asked about that intrusion, the FBI issued a statement calling it “an isolated incident that has been contained”. It declined further comment, including when it occurred and whether ransomware was involved.There was no indication the Health Link breach was ransomware related.TopicsUS newsWashington DCCybercrimeHouse of RepresentativesUS SenateHackingUS politicsnewsReuse this content More

    • 163 Shares159 Views

      in US Politics

      ‘Lives are at stake’: hacking of US hospitals highlights deadly risk of ransomware

      by

      ‘Lives are at stake’: hacking of US hospitals highlights deadly risk of ransomwareThe number of ransomware attacks on US healthcare organizations increased 94% from 2021 to 2022, according to one report Last week, the US government warned that hospitals across the US have been targeted by an aggressive ransomware campaign originating from North Korea since 2021. Ransomware hacks, in which attackers encrypt computer networks and demand payment to make them functional again, have been a growing concern for both the private and public sector since the 90s. But they can be particularly devastating in the healthcare industry, where even minutes of down time can have deadly consequences, and have become ominously frequent.The number of ransomware attacks on healthcare organizations increased 94% from 2021 to 2022, according to a report from the cybersecurity firm Sophos. More than two-thirds of healthcare organizations in the US said they had experienced a ransomware attack in 2021, the study said, up from 34% in 2020.Ransomware attacks on healthcare are particularly common in the US, with 41% of such attacks globally having been carried out against US-based firms in 2021.“The current outlook is terrible,” said Israel Barak, CISO of Cybereason. “We are seeing the industry experience an extremely sharp increase in both the quantity and level of sophistication of these attacks.”Ransomware hacks have caused major healthcare disruptions, including delayed chemotherapy treatments and ambulances being diverted from a San Diego emergency room after computer systems were frozen. In 2021, a lawsuit filed by the mother of a baby who died in Alabama alleged the first “death by ransomware”, blaming a 2019 hack of a hospital for fatal brain damage of the newborn after heart rate monitors failed.‘We are not ready’: a cyber expert on US vulnerability to a Russian attackRead moreThe possibly devastating consequences for medical facilities may be one of the reasons hackers have identified them as a high-profile target. “The North Korean state-sponsored cyber actors likely assume healthcare organizations are willing to pay ransoms because these organizations provide services that are critical to human life and health,” said the advisory from the Cybersecurity and Infrastructure Security Agency (CISA).CISA and others advise hospitals against paying ransoms, but providers often feel they have no choice, said Barak. In 2021, 61% of healthcare organizations that suffered a ransomware attack paid the ransom – the highest percentage of any industry sector.“When lives are at stake, it makes the decision very easy,” Barak said. “These attackers have identified medical organizations as very, very good targets because they are more likely to pay.”Attacks are typically carried out by private groups of criminals, experts say: in the third quarter of 2021, 30% of ransomware attacks on healthcare entities were carried out by Conti, a crime syndicate thought to be based in Russia, according to an industry report from cybersecurity firm BreachQuest.But the North Korea incident revealed last week is just the latest state actor to orchestrate ransomware attacks on health care organizations after the FBI revealed in June it had thwarted an attack from Iran on a Boston Children’s hospital.Underfunded hospitals hit by Covid squeezeThe healthcare industry has been hit by a perfect storm of factors that have escalated the ransomware problem, experts say: patient information is increasingly being digitized as hospitals struggle with small internet security budgets.In 2009, the Obama administration passed a bill requiring all public and private healthcare providers to adopt electronic medical records by 2014, resulting in a massive migration of paper patient records to online systems. But today, just 4-7% of the average healthcare provider’s annual IT budget is focused on cybersecurity, the BreachQuest study said.“Healthcare providers have gone through massive digital transformation in a very short amount of time,” said Hank Schless, senior security expert at the cybersecurity firm Lookout.The move was accelerated by the pandemic, he added, as more providers shifted to telehealth to connect with patients during lockdown and hospital staff were stretched thin by the influx of sick and dying patients.CISA has advised a “3-2-1 backup approach” for healthcare entities, including saving three copies of each type of data in two different formats, including one offline. But the agency’s advisory to hospitals is “somewhat unhelpful”, said Vincent Berk, chief security officer at the cybersecurity firm Quantum Xchange, offering generic recommendations about securing data with little clear path to doing so.“The issue with this attack, and any other ransomware attack, is that the cure doesn’t really exist,” he said. “In other words, if it happens, it is already too late.”Legislators are attempting to fill in those gaps. In May, Senator Patty Murray of Washington led a hearing on strengthening cybersecurity in the healthcare and education sectors, saying that the US “needs to address cybersecurity attacks and ensure they are treated like the national security threat they are”.“These kinds of challenges don’t just cause major headaches, lawsuits, and expenses for hospitals,” she said. “They put patients in danger. They undermine our national security. And in some cases they even cost lives.”In March 2022 the Senate introduced a bipartisan bill called the Healthcare Cybersecurity Act, which would direct CISA and the Department of Health and Human Services (HHS) to collaborate on a plan to bolster cybersecurity measures among healthcare and public health organizations.Those measures would include cybersecurity training to employees of health organizations and authorize studies from CISA to identify risks in the industry. It is unclear when the bill is set for a vote, but experts say such legislation is more urgent than ever.“There’s zero deterrence right now,” Barak said. “Until we find a more effective way to tackle this issue, I am afraid the outlook is not looking good.”TopicsHackingHealthcare industryData and computer securityCybercrimeUS politicsUS healthcarenewsReuse this content More

    • 138 Shares109 Views

      in US Politics

      White House contacts Russia after hack of world’s largest meatpacking company

      by

      A ransomware attack against the world’s largest meatpacking company that has disrupted meat production in North America and Australia originated from a criminal organization probably based in Russia, the White House was informed on Tuesday.The attack on Brazil’s JBS caused its Australian operations to shut down on Monday and has stopped livestock slaughter at its plants in several US states.The ransomware attack follows one last month on Colonial Pipeline, the largest fuel pipeline in the United States, that crippled fuel delivery for several days in the US south-east.The White House spokeswoman Karine Jean-Pierre said JBS had given details of the hack to the White House, that the United States had contacted Russia’s government about the matter and that the FBI was investigating.“The White House has offered assistance to JBS and our team at the Department of Agriculture have spoken to their leadership several times in the last day,” Jean-Pierre said.“JBS notified the administration that the ransom demand came from a criminal organization likely based in Russia. The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals,” Jean-Pierre added.If the outages continue, US consumers could see higher meat prices during summer grilling season and meat exports could be disrupted at a time of strong demand from China.JBS said it suspended all affected systems and notified authorities. It said its backup servers were not affected.“On Sunday, May 30, JBS USA determined that it was the target of an organised cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems,” the company said in a Monday statement.“Resolution of the incident will take time, which may delay certain transactions with customers and suppliers,” the company’s statement said.The company, which has its North American operations headquartered in Greeley, Colorado, controls about 20% of the slaughtering capacity for US cattle and hogs, according to industry estimates.Two kill and fabrication shifts were canceled at JBS’s beef plant in Greeley due to the cyber-attack, representatives of the United Food and Commercial Workers International Union Local 7 said in an email. JBS Beef in Cactus, Texas, also said on Facebook it would not run on Tuesday – updating an earlier post that had said the plant would run as normal.JBS Canada said in a Facebook post that shifts had been canceled at its plant in Brooks, Alberta, on Monday and one shift so far had been canceled on Tuesday.A representative in São Paulo said the company’s Brazilian operations were not affected. More

    • 138 Shares169 Views

      in US Politics

      Biden to unveil Russia sanctions over SolarWinds hack and election meddling

      by

      The US is set to announce new sanctions against Russia as soon as Thursday in retaliation for Moscow’s elections interference, alleged bounties on US soldiers in Afghanistan, and cyber-espionage campaigns such as the SolarWinds hack, according to reports in US and international media.Ten Russian diplomatic officials are to be expelled from the US and up to 30 entities will be blacklisted, officials said, in the largest sanctions action against Russia of Joe Biden’s presidency.Additionally, the White House may issue an executive order barring US financial institutions from purchasing rouble bonds issued by Russia’s government, targeting the country’s sovereign debt and its broader economy. That could begin as soon as June, according to some reports.Q&AWhat was the SolarWinds hack?ShowIn early 2020, malicious code was sneaked into updates to a popular piece of software called Orion, made in the US by the company SolarWinds, which monitors the computer networks of businesses and governments for outages.That malware gave hackers remote access to an organisation’s networks so they could steal information. Among the most high-profile users of the software were US government departments including the Centers for Disease Control and Prevention, the state department, and the justice department.Described by the Microsoft president, Brad Smith, as “the largest and most sophisticated attack the world has ever seen”, US intelligence agencies have accused Russia of launching the attack.SolarWinds, of Austin, Texas, provides network monitoring and other technical services to hundreds of thousands of organisations around the world, including most Fortune 500 companies and government agencies in North America, Europe, Asia and the Middle East.Its compromised product, Orion, is a centralised monitoring tool that looks for problems in an organisation’s computer network, which means that breaking in gave the attackers a “God view” of those networks.Neither SolarWinds nor US cybersecurity authorities have publicly identified which organisations were breached. Just because a company or agency uses SolarWinds as a vendor does not necessarily mean it was vulnerable to the hack.Kari Paul and Martin BelamUnnamed officials told the New York Times the new sanctions were meant to cut deeper than previous attempts to punish Moscow for its attacks on US institutions and allies. Some Russian officials have laughed off being added to the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctions lists, comparing it to being elevated to an elite club. The threat of the ban on purchasing Russian debt has already depressed prices on the rouble and rouble-denominated OFZ treasury bonds.The sanctions will add tension to an already strained relationship between Russia and the US. Since last month, Moscow has been engaged in the largest troop buildup on its border with Ukraine since the 2014 annexation of Crimea, provoking fears of an invasion. Biden called Vladimir Putin on Tuesday to urge him to de-escalate tensions with Ukraine and proposed a summit in a third country. The Kremlin gave a frosty account of the telephone call, and did not say whether Putin had agreed to the meeting.Earlier this year, Biden had agreed with a reporter when asked if Putin was “a killer”. Those remarks were replayed widely on Russian television. Putin responded by wryly wishing Biden “good health”, which was seen as a nod to Biden’s age.The US president’s tough approach differs considerably from that of the Trump administration, which largely sought to avoid confronting Russia over a CIA assessment that Moscow had offered and paid bounties for foreign fighters to kill US troops in Afghanistan. Trump said he doubted the evidence behind the reports.He similarly sided with Putin over an FBI assessment that Russia had interfered in the 2016 elections during a summit in Helsinki two years later.The planned sanctions were said to be retaliation for Russian interference in the 2020 elections, during which US intelligence agencies concluded that the Kremlin had backed Trump over Biden.Sign up for the Guardian’s First Thing newsletterThe sanctions would also be a response to a massive and sophisticated cybersecurity breach against SolarWinds Corp that affected software used by US government agencies. The US has blamed Russia for the attack.Peskov this week said that “the hostility and unpredictability of America’s actions force us in general to be prepared for the worst scenarios”. More