US infiltrates big ransomware gang: ‘We hacked the hackers’

US infiltrates big ransomware gang: ‘We hacked the hackers’
US Attorney General Merrick Garland, with FBI Director Christopher Wray (R) and Deputy Attorney General Lisa Monaco (L), announces the shutting down of the Hive ransomware operation on January 26, 2023. (AFP)
Short Url
Updated 27 January 2023

US infiltrates big ransomware gang: ‘We hacked the hackers’

US infiltrates big ransomware gang: ‘We hacked the hackers’
  • Gang identified as Hive among the world’s top five ransomware networks and has heavily targeted health care
  • Hive, working with German and other partners, was estimated to have victimized some 1,300 companies globally

WASHINGTON: The FBI and international partners have at least temporarily disrupted the network of a prolific ransomware gang they infiltrated last year, saving victims including hospitals and school districts a potential $130 million in ransom payments, Attorney General Merrick Garland and other US officials announced Thursday.
“Simply put, using lawful means we hacked the hackers,” Deputy Attorney General Lisa Monaco said at a news conference.
Officials said the targeted syndicate, known as Hive, is among the world’s top five ransomware networks and has heavily targeted health care. The FBI quietly accessed its control panel in July and was able to obtain software keys it used with German and other partners to decrypt networks of some 1,300 victims globally, said FBI Director Christopher Wray.
How the takedown will affect Hive’s long-term operations is unclear. Officials announced no arrests but said, to pursue prosecutions, they were building a map of the administrators who manage the software and the affiliates who infect targets and negotiate with victims.
“I think anyone involved with Hive should be concerned because this investigation is ongoing,” Wray said.
On Wednesday night, FBI agents seized computer servers in Los Angeles used to support the network. Two Hive dark web sites were seized: one used for leaking data of non-paying victims, the other for negotiating extortion payments.
“Cybercrime is a constantly evolving threat, but as I have said before, the Justice Department will spare no resource to bring to justice anyone anywhere that targets the United States with a ransomware attack,” Garland said.

 

He said the infiltration, led by the FBI’s Tampa office, allowed agents in one instance to disrupt a Hive attack against a Texas school district, stopping it from making a $5 million payment.
It’s a big win for the Justice Department. Ransomware is the world’s biggest cybercrime headache with everything from Britain’s postal service and Ireland’s national health network to Costa Rica’s government crippled by Russian-speaking syndicates that enjoy Kremlin protection.
The criminals lock up, or encrypt, victims’ networks, steal sensitive data and demand large sums. Their extortion has evolve to where data is pilfered before ransomware is activated, then effectively held hostage. Pay up in cryptocurrency or it is released publicly.
As an example of a Hive sting, Garland said it kept one Midwestern hospital in 2021 from accepting new patients at the height of the COVID-19 epidemic.
The online takedown notice, alternating in English and Russian, mentions Europol and German law enforcement partners. The German news agency dpa quoted prosecutors in Stuttgart as saying cyber specialists in the southwestern town of Esslingen were decisive in penetrating Hive’s criminal IT infrastructure after a local company was victimized.
In a statement, Europol said companies in more than 80 countries, including oil multinationals, have been compromised by Hive and that law enforcement from 13 countries was in on the infiltration.
A US government advisory last year said Hive ransomware actors victimized over 1,300 companies worldwide from June 2021 through November 2022, netting about $100 million in payments. Criminals using Hive’s ransomware-as-a-service tools targeted a wide range of businesses and critical infrastructure, including government, manufacturing and especially health care.
Though the FBI offered decryption keys to some 1,300 victims globally, Wray said only about 20 percent reported potential issues to law enforcement.
“Here, fortunately, we were still able to identify and help many victims who didn’t report. But that is not always the case,” Wray said. “When victims report attacks to us, we can help them and others, too.”
Victims sometimes quietly pay ransoms without notifying authorities — even if they’ve quickly restored networks — because the data stolen from them could be extremely damaging to them if leaked online. Identity theft is among the risks.
John Hultquist, the head of threat intelligence at the cybersecurity firm Mandiant, said the Hive disruption won’t cause a major drop in overall ransomware activity but is nonetheless “a blow to a dangerous group.”
“Unfortunately, the criminal marketplace at the heart of the ransomware problem ensures a Hive competitor will be standing by to offer a similar service in their absence, but they may think twice before allowing their ransomware to be used to target hospitals,” Hultquist said.
But analyst Brett Callow with the cybersecurity firm Emsisoft said the operation is apt to lessen ransomware crooks’ confidence in what has been a very high reward-low risk business. “The information collected may point to affiliates, launderers and others involved in the ransomware supply chain.”
Allan Liska, an analyst with Recorded Future, another cybersecurity outfit, predicted indictments, if not actual arrests, in the next few months.
There are few positive indicators in the global fight against ransomware, but here’s one: An analysis of cryptocurrency transactions by the firm Chainalysis found ransomware extortion payments were down last year. It tracked payments of at least $456.8 million, down from $765.6 million in 2021. While Chainalysis said the true totals are certainly much higher, payments were clearly down. That suggests more victims are refusing to pay.
The Biden administration got serious about ransomware at its highest levels two years ago after a series of high-profile attacks threatened critical infrastructure and global industry. In May 2021, for instance, hackers targeted the nation’s largest fuel pipeline, causing the operators to briefly shut it down and make a multimillion-dollar ransom payment, which the US government later largely recovered.
A global task force involving 37 nations began work this week. It is led by Australia, which has been particularly hard-hit by ransomware, including a major medical insurer and telecom. Conventional law enforcement measures such as arrests and prosecutions have done little to frustrate the criminals. Australia’s interior minister, Clare O’Neil, said in November that her government was going on the offense, using cyber-intelligence and police agents to ” find these people, hunt them down and debilitate them before they can attack our country.”
The FBI has obtained access to decryption keys before. It did so in the case of a major 2021 ransomware attack on Kaseya, a company whose software runs hundreds of websites. It took some heat, however, for waiting several weeks to help victims unlock afflicted networks.


Kremlin tells officials to stop using iPhones – Kommersant newspaper

Kremlin tells officials to stop using iPhones – Kommersant newspaper
Updated 14 sec ago

Kremlin tells officials to stop using iPhones – Kommersant newspaper

Kremlin tells officials to stop using iPhones – Kommersant newspaper
  • ‘It’s all over for the iPhone: either throw it away or give it to the children’
  • The Kremlin may provide other devices with different operating systems to replace the iPhones
MOSCOW: Russia’s presidential administration has told officials to stop using Apple iPhones because of concerns the devices are vulnerable to Western intelligence agencies, the Kommersant newspaper reported on Monday.
At a Kremlin-organized seminar for officials involved in domestic politics, Sergei Kiriyenko, first deputy head of the presidential administration, told officials to change their phones by April 1, Kommersant said, citing unidentified sources.
“It’s all over for the iPhone: either throw it away or give it to the children,” Kommersant quoted one of the participants of the meeting as saying. “Everyone will have to do it in March.”
The Kremlin may provide other devices with different operating systems to replace the iPhones, Kommersant said.
Kremlin spokesman Dmitry Peskov said he could not confirm the report, but that smartphones could not be used for official purposes anyway.
Apple did not immediately respond to a request for comment.
President Vladimir Putin has always said he has no smartphone, though Peskov has said Putin does use the Internet from time to time.
Shortly after Russia sent its troops into Ukraine last year, US and British spies claimed a scoop by uncovering — and going public with — intelligence that Putin was planning to invade. It is unclear how the spies obtained such intelligence.

Thailand dissolves parliament for election

Thailand dissolves parliament for election
Updated 33 min 13 sec ago

Thailand dissolves parliament for election

Thailand dissolves parliament for election
  • An election must be held 45 to 60 days after the house dissolution, which takes effect immediately

BANGKOK: Thailand’s King Maha Vajiralongkorn has endorsed a decree to dissolve parliament, according to an announcement in the Royal Gazette on Monday, paving the way for elections in May.
An election must be held 45 to 60 days after the house dissolution, which takes effect immediately.
“This is a return of political decision-making power to the people swiftly to continue democratic government with the King as head of state,” said the decree published on Monday.
An election date has yet to be announced but deputy prime minister Wissanu Krea-ngam earlier in the day said it would likely be held on May 14, if the house were dissolved on Monday.
Thailand’s election is expected to showcase a long-running political battle between the billionaire Shinawatra family and the country’s conservative pro-military establishment.
Paetongtarn Shinawatra, the daughter and niece respectively of ousted former premiers Thaksin and Yingluck Shinawatra, is the frontrunner to be prime minister in opinion surveys, with her support jumping 10 points to 38.2 percent in a poll released at the weekend.
The poll by the National Institute of Development Administration put Prime Minister Prayuth Chan-ocha, who has been in power since a 2014 coup against the Pheu Thai government, in third place with 15.65 percent.
Paetongtarn on Friday said she was confident of winning the election by a landslide, with the aim of averting any political maneuvering against her party, which has previously been removed from office by judicial rulings and military coups.


China says ICC should avoid ‘double standards’ after Putin warrant

China says ICC should avoid ‘double standards’ after Putin warrant
Updated 38 min 8 sec ago

China says ICC should avoid ‘double standards’ after Putin warrant

China says ICC should avoid ‘double standards’ after Putin warrant
  • China is not a signatory to the Rome Statute, the UN treaty which governs the court
  • Moscow has dismissed the International Criminal Court orders as ‘void’

BEIJING: China on Monday called on the International Criminal Court to avoid what it called “double standards” and respect immunity for heads of state, after the tribunal issued an arrest warrant for Russian leader Vladimir Putin on war crimes charges.
The court should “uphold an objective and impartial stance” and “respect the immunity of heads of state from jurisdiction under international law,” foreign ministry spokesperson Wang Wenbin told a regular briefing.
Wang also urged the court to “avoid politicization and double standards,” stressing the solution to the Ukraine conflict remained “dialogue and negotiation.”
China is not a signatory to the Rome Statute, the UN treaty which governs the court.
The International Criminal Court on Friday announced an arrest warrant for Putin on the accusation of unlawfully deporting Ukrainian children.
Moscow has dismissed the orders as “void,” and with Russia not a party to the ICC it is unclear if or how Putin could ever be extradited to face charge.
The warrant came just days before a visit to Russia by Chinese leader Xi Jinping, a trip he described as a “journey of friendship, cooperation and peace.”
Xi is due to land in Moscow on Monday, holding talks with Putin and signing an accord before heading back to Beijing on Wednesday.
“The two sides will practice genuine multilateralism, promote democracy in international relations, build a multipolar world, improve global governance and contribute to world development and progress,” Wang told the Monday briefing.


US, Philippines to announce new sites for American military as soon as possible

US, Philippines to announce new sites for American military as soon as possible
Updated 20 March 2023

US, Philippines to announce new sites for American military as soon as possible

US, Philippines to announce new sites for American military as soon as possible
  • Philippine President Ferdinand Marcos Jr. last month granted the United States access to four additional military bases

BASA AIR BASE, Philippines: The United States and Philippines will announce new sites as soon as possible for an expanded Enhanced Defense Cooperation Agreement (EDCA), which gives the Western power access to military bases in the Southeast Asian country.
Philippine President Ferdinand Marcos Jr last month granted the United States access to four military bases, on top of five existing locations under the 2014 EDCA, which comes amid China’s increasing assertiveness toward the South China Sea and self-ruled Taiwan.
Speaking at the Basa Air Base in Manila, one of the existing EDCA sites, visiting US Air Force Secretary Frank Kendall said the defense agreements between the two countries were “not focused on any particular issue.”
EDCA allows US access to Philippine bases for joint training, pre-positioning of equipment and building of facilities such as runways, fuel storage and military housing, but it is not a permanent presence.
While the Philippines has yet to formally identify the sites, a former military chief has publicly said the United States had asked for access to bases in Isabela, Zambales and Cagayan, all on the island of Luzon, facing north toward Taiwan, and on Palawan in the southwest, near the disputed Spratly Islands in the South China Sea.
Leaders of local governments at the potential EDCA sites have backed the government’s decision to allow the United States greater access to the bases, Philippines’ defense chief, Carlito Galvez, said in a joint news conference with Kendall.
Galvez and Kendall were leading a groundbreaking ceremony for the rehabilitation of the Basa Air Base’s runway.
“Today’s event is a physical manifestation of our Enhanced Defense Cooperation Agreement, a key pillar of the US-Philippine alliance,” Kendall said in a speech, adding it built on a seven-decade-old Mutual Defense Treaty that applied anywhere in the South China Sea.
“We are at an inflection point in history and our cooperation will help ensure we stay on the path to peace and stability,” he added.
The runway rehabilitation is part of $82 million the United States has allocated for infrastructure investments at the existing five EDCA sites.
“Moving forward we hope the USwill consider more EDCA projects,” Galvez said.


UN migration agency can not meddle in domestic debates, says boss

UN migration agency can not meddle in domestic debates, says boss
Updated 20 March 2023

UN migration agency can not meddle in domestic debates, says boss

UN migration agency can not meddle in domestic debates, says boss
  • Antonio Vitorino is standing for re-election as director general of the United Nations’ International Organization for Migration

GENEVA: The UN’s migration agency should not get itself dragged into domestic policy debates, its chief Antonio Vitorino said, as he seeks a second term leading the organization.
“Migration has become a highly politicized area, and even a highly polarized area,” the 66-year-old former Portuguese deputy prime minister said.
“Some people would like us to be more vocal in some moments of the internal migration debate, but we do not take sides,” he said, noting how the topic is being fiercely debated in countries like Britain, France and the United States.
Vitorino is standing for re-election as director general of the United Nations’ International Organization for Migration.
The vote takes place in mid-May and Vitorino is in the unusual position of being challenged for the job by his American deputy Amy Pope.
The IOM was founded in 1951 to deal with the displacements in Europe following World War II.
But it was only in 2016 that it joined the United Nations fold, and its boss, unlike the chiefs of other UN agencies, does not single out countries for criticism.
Vitorino acknowledged that the organization could communicate better about what it is and what it does.
But he says the IOM must have a balanced approach toward migration and is not set up to praise or criticize countries since it is not there to verify the implementation of an international treaty or agreement, like the better-known UN refugee agency UNHCR or the UN Human Rights office.
Still, he insisted that the IOM knew how to raise its concerns.
“For instance, considering the European Union, we have been claiming for quite some time that there is a need to address the search and rescue needs in the Mediterranean,” he said.
“And we are very pleased with the fact that recently the European Commission has published a document with a strategy for the central Mediterranean that is exactly taking on board our claim.”
A politician and a lawyer, Vitorino was Portugal’s defense minister and deputy PM from 1995 to 1997 in the government of Antonio Guterres, who is now the UN secretary-general.
He was then the European commissioner for justice and home affairs from 1999 to 2004.
Vitorino was elected to the IOM leadership by member states in 2018, becoming only the second non-American to lead the agency in seven decades.
The agency has 175 member states, with the United States followed by the European Union bloc as its main financial contributors.
“All my predecessors for 70 years made two mandates, and I don’t see any reason for a successful first mandate not to be followed by a second mandate,” Vitorino said.
He said he was counting on “very strong support from the European countries” and “strong encouragement” from other nations in other regions.
He declined to comment on being challenged by his deputy, beyond saying: “It is the first time that it happens in IOM.”
As for claims that he has not traveled much in his job, he said: “If I recall correctly, I have been 15 times to Africa until the end of 2022.”
“And I would like the critics to take into consideration that for two years, we were locked down – if they have already forgotten the pandemic.”
“I’m pretty confident that my work deserves to be supported and continuous,” he said, pointing out the key role the IOM is playing in Ukraine and Haiti, two of the world’s major crises.
He wants to continue reforms to improve the IOM’s efficiency and to make the organization more financially stable, as currently 95 percent of its budget depends on voluntary contributions from its member states, who pick which projects they fund.
The IOM must also adapt to new challenges, Vitorino said, such as the growing numbers of children migrating alone, migration flows linked to climate change, and even “digital nomads” – people working remotely from other countries.
And time is pressing because nowadays, “there are more people on the move because of climate change than because of conflicts,” he said.