US infiltrates big ransomware gang: ‘We hacked the hackers’

US infiltrates big ransomware gang: ‘We hacked the hackers’
US Attorney General Merrick Garland, with FBI Director Christopher Wray (R) and Deputy Attorney General Lisa Monaco (L), announces the shutting down of the Hive ransomware operation on January 26, 2023. (AFP)
Short Url
Updated 27 January 2023

US infiltrates big ransomware gang: ‘We hacked the hackers’

US infiltrates big ransomware gang: ‘We hacked the hackers’
  • Gang identified as Hive among the world’s top five ransomware networks and has heavily targeted health care
  • Hive, working with German and other partners, was estimated to have victimized some 1,300 companies globally

WASHINGTON: The FBI and international partners have at least temporarily disrupted the network of a prolific ransomware gang they infiltrated last year, saving victims including hospitals and school districts a potential $130 million in ransom payments, Attorney General Merrick Garland and other US officials announced Thursday.
“Simply put, using lawful means we hacked the hackers,” Deputy Attorney General Lisa Monaco said at a news conference.
Officials said the targeted syndicate, known as Hive, is among the world’s top five ransomware networks and has heavily targeted health care. The FBI quietly accessed its control panel in July and was able to obtain software keys it used with German and other partners to decrypt networks of some 1,300 victims globally, said FBI Director Christopher Wray.
How the takedown will affect Hive’s long-term operations is unclear. Officials announced no arrests but said, to pursue prosecutions, they were building a map of the administrators who manage the software and the affiliates who infect targets and negotiate with victims.
“I think anyone involved with Hive should be concerned because this investigation is ongoing,” Wray said.
On Wednesday night, FBI agents seized computer servers in Los Angeles used to support the network. Two Hive dark web sites were seized: one used for leaking data of non-paying victims, the other for negotiating extortion payments.
“Cybercrime is a constantly evolving threat, but as I have said before, the Justice Department will spare no resource to bring to justice anyone anywhere that targets the United States with a ransomware attack,” Garland said.

 

He said the infiltration, led by the FBI’s Tampa office, allowed agents in one instance to disrupt a Hive attack against a Texas school district, stopping it from making a $5 million payment.
It’s a big win for the Justice Department. Ransomware is the world’s biggest cybercrime headache with everything from Britain’s postal service and Ireland’s national health network to Costa Rica’s government crippled by Russian-speaking syndicates that enjoy Kremlin protection.
The criminals lock up, or encrypt, victims’ networks, steal sensitive data and demand large sums. Their extortion has evolve to where data is pilfered before ransomware is activated, then effectively held hostage. Pay up in cryptocurrency or it is released publicly.
As an example of a Hive sting, Garland said it kept one Midwestern hospital in 2021 from accepting new patients at the height of the COVID-19 epidemic.
The online takedown notice, alternating in English and Russian, mentions Europol and German law enforcement partners. The German news agency dpa quoted prosecutors in Stuttgart as saying cyber specialists in the southwestern town of Esslingen were decisive in penetrating Hive’s criminal IT infrastructure after a local company was victimized.
In a statement, Europol said companies in more than 80 countries, including oil multinationals, have been compromised by Hive and that law enforcement from 13 countries was in on the infiltration.
A US government advisory last year said Hive ransomware actors victimized over 1,300 companies worldwide from June 2021 through November 2022, netting about $100 million in payments. Criminals using Hive’s ransomware-as-a-service tools targeted a wide range of businesses and critical infrastructure, including government, manufacturing and especially health care.
Though the FBI offered decryption keys to some 1,300 victims globally, Wray said only about 20 percent reported potential issues to law enforcement.
“Here, fortunately, we were still able to identify and help many victims who didn’t report. But that is not always the case,” Wray said. “When victims report attacks to us, we can help them and others, too.”
Victims sometimes quietly pay ransoms without notifying authorities — even if they’ve quickly restored networks — because the data stolen from them could be extremely damaging to them if leaked online. Identity theft is among the risks.
John Hultquist, the head of threat intelligence at the cybersecurity firm Mandiant, said the Hive disruption won’t cause a major drop in overall ransomware activity but is nonetheless “a blow to a dangerous group.”
“Unfortunately, the criminal marketplace at the heart of the ransomware problem ensures a Hive competitor will be standing by to offer a similar service in their absence, but they may think twice before allowing their ransomware to be used to target hospitals,” Hultquist said.
But analyst Brett Callow with the cybersecurity firm Emsisoft said the operation is apt to lessen ransomware crooks’ confidence in what has been a very high reward-low risk business. “The information collected may point to affiliates, launderers and others involved in the ransomware supply chain.”
Allan Liska, an analyst with Recorded Future, another cybersecurity outfit, predicted indictments, if not actual arrests, in the next few months.
There are few positive indicators in the global fight against ransomware, but here’s one: An analysis of cryptocurrency transactions by the firm Chainalysis found ransomware extortion payments were down last year. It tracked payments of at least $456.8 million, down from $765.6 million in 2021. While Chainalysis said the true totals are certainly much higher, payments were clearly down. That suggests more victims are refusing to pay.
The Biden administration got serious about ransomware at its highest levels two years ago after a series of high-profile attacks threatened critical infrastructure and global industry. In May 2021, for instance, hackers targeted the nation’s largest fuel pipeline, causing the operators to briefly shut it down and make a multimillion-dollar ransom payment, which the US government later largely recovered.
A global task force involving 37 nations began work this week. It is led by Australia, which has been particularly hard-hit by ransomware, including a major medical insurer and telecom. Conventional law enforcement measures such as arrests and prosecutions have done little to frustrate the criminals. Australia’s interior minister, Clare O’Neil, said in November that her government was going on the offense, using cyber-intelligence and police agents to ” find these people, hunt them down and debilitate them before they can attack our country.”
The FBI has obtained access to decryption keys before. It did so in the case of a major 2021 ransomware attack on Kaseya, a company whose software runs hundreds of websites. It took some heat, however, for waiting several weeks to help victims unlock afflicted networks.


Albanian PM says UK has shown ‘regret’ over home secretary’s remarks

Albanian PM says UK has shown ‘regret’ over home secretary’s remarks
Updated 8 sec ago

Albanian PM says UK has shown ‘regret’ over home secretary’s remarks

Albanian PM says UK has shown ‘regret’ over home secretary’s remarks
  • Edi Rama praises government for ‘words, but also deeds’ in bid to reset relations
  • Rama in UK for talks about small boat Channel crossings, described by Suella Braverman as an ‘invasion’

LONDON: Edi Rama, the prime minister of Albania, said there were “important signs of regret and embarrassment” during talks with UK Prime Minister Rishi Sunak about the language used by a senior British minister to describe Albanian migrants.
UK Home Secretary Suella Braverman drew criticism last year when she described illegal small boat crossings in the English Channel as an “invasion,” adding that they were being fueled by “Albanian criminals” owing to many of those running the boat routes being Albanian, and the number of people from the Balkan country making the journey and claiming asylum in the UK.
Government figures suggest that up to a third of all people crossing the English Channel in small boats in 2022 were from Albania.
In December, Sunak announced a five-point plan to reduce the number of crossings, which included striking a deal with Albania to station UK Border Force personnel in the country’s capital, Tirana.
Following his meeting with Sunak on Thursday, Rama told Sky News: “British/Albanian relations touched the lowest point in history since we have come out of communism because of (Braverman’s) rhetoric that has put the Albanian community in Britain under very, very heavy pressure.
“I must say that, finally, on the side of Downing Street, we have been heard and there are not only words, but also deeds in putting in place a joint task force to crack down on the criminal networks, which is, of course, something Albania has always wanted.
“While we are (seeing) very important signs of regret and of embarrassment, that is, let’s say, enough at this point. I hope very much that this will not be repeated and that the Albanian community here will be really honored.”
Rama added that it is not unusual for people from former communist countries to seek new lives in the West, and that the UK is, despite the rhetoric, still a very appealing place for many.
“I’m not here to question the sovereignty and the mandate of the British government to have a policy on the borders … but this is what it is all about — economic reasons for coming, getting a job and building a future in a place that has always been the shining city on a hill,” he told Sky News.
He added that part of the solution to the small boat crossings would be an easier visa system for aspiring Albanian workers.
“They claim asylum because there is no other way. They are not part of the free labor market. So it’s all about dreaming and hoping to get what they imagine best for their life now and without waiting for many more years (for this to) happen in Albania.
“Never forget that the Albanians here are doing great and they are helping and contributing for Britain to be a better place,” he continued. “Albanians here are working for construction companies, Albanians are nursing elderly people, Albanians are doing your cooking — so improving the British kitchens, I must say — and they are even singing too, let alone the academics and the students. And it has been so unfair to them to put them under such pressure.”


Protesters greet Netanyahu as he meets UK leader in London

Protesters greet Netanyahu as he meets UK leader in London
Updated 46 min 46 sec ago

Protesters greet Netanyahu as he meets UK leader in London

Protesters greet Netanyahu as he meets UK leader in London
  • Sunak also raised Netanyahu's controversial judicial reforms
  • Some women protesting outside Downing Street wore red robes and white caps inspired by “The Handmaid's Tale,” a novel and TV series set in a dystopian future

LONDON: British Prime Minister Rishi Sunak held talks with Benjamin Netanyahu in London on Friday as protesters shouting “Shame!” In Hebrew demonstrated against the Israeli leader’s right-wing policies and his plans to overhaul the country’s judiciary.
Netanyahu had to pass by hundreds of protesters waving Israeli flags and waving signs calling for the defense of Israeli democracy as he arrived at 10 Downing St. for talks that focused on the war in Ukraine and concerns about Iran’s nuclear program.
Sunak also raised Netanyahu’s controversial judicial reforms, which have sparked mass protests in Israel and beyond. One placard in London read: “We are Israelis and Jews living in the UK demonstrating against Prime Minister Netanyahu, who is leading a judicial coup turning Israel into a dictatorship.”
Some women protesting outside Downing Street wore red robes and white caps inspired by “The Handmaid’s Tale,” a novel and TV series set in a dystopian future. Similarly clad demonstrators have become fixtures of the mass protests roiling Israel.
Sunak “stressed the importance of upholding the democratic values that underpin our relationship, including in the proposed judicial reforms in Israel,” the British leader’s office said in an official readout of the meeting.
Netanyahu’s proposals would give his government more control over judicial appointments, weaken the Supreme Court by limiting judicial review of legislation and allow Parliament to overturn court decisions with a simple majority vote.
He arrived in London as protesters in Israel blocked roads and clashed with police. The planned judicial system overhaul have ignited the biggest protests in the country’s history amid rare dissent from people throughout Israeli society, including military reservists, navy veterans, high-tech businesspeople and former officials.
Netanyahu’s right-wing government has also been criticized for its hard-line policy toward Palestinians, including recent comments by a government minister who denied the existence of the Palestinian people and their right to self-determination.
Sunak “reiterated our support for two-state solution,” and Britain’s view that Israel’s West Bank settlements are illegal and ”contrary to the cause of peace,” spokesman Jamie Davies said.
“Israel is a vital international partner for the United Kingdom, and the prime minister was visiting London, and this was an important opportunity to talk about issues that matter to both countries, whether that’s the threat of Iran, Russia, new trade and investment … as well as peace and stability in the Middle East,” Davies said.
Netanyahu’s office said the two leaders discussed the rapidly advancing nuclear program of Israel’s archenemy, Iran, as well as “deepening strategic cooperation in security, intelligence and economic fields.”
As thousands of people took to the streets across Israel on Thursday, Netanyahu, who is on trial for corruption, defiantly pledged to proceed with the judicial overhaul, hours after his coalition passed a law making it harder to remove him from office.
Rights groups and Palestinians say Israel’s democratic ideals have long been tarnished by the country’s 55-year, open-ended occupation of lands the Palestinians seek for an independent state and the treatment of Palestinian Israeli citizens, who face discrimination in many spheres.
Netanyahu pushed back his departure to Britain until 4 a.m. Friday to deal with the political crisis.


Several hurt after man drives into pedestrians at German airport garage

Several hurt after man drives into pedestrians at German airport garage
Updated 24 March 2023

Several hurt after man drives into pedestrians at German airport garage

Several hurt after man drives into pedestrians at German airport garage
  • Injuries were considered mostly minor

BERLIN: A motorist drove into several pedestrians Friday in a parking garage at Cologne-Bonn Airport in western Germany and injured some of them slightly, police said.
A man allegedly drove straight at people inside the garage, but most were able to avoid him, German news agency dpa reported.
No one’s life was in danger, police said, and the injuries were considered mostly minor. The man also drove into several cars, dpa said.
The 57-year-old driver was detained and taken to the hospital. Police said there were indications he had mental health issues.
Two police officers also received slight injuries when the suspect alleged resisted his detention.


Russia says use of depleted uranium shells in Ukraine would harm the population

Russia says use of depleted uranium shells in Ukraine would harm the population
Updated 24 March 2023

Russia says use of depleted uranium shells in Ukraine would harm the population

Russia says use of depleted uranium shells in Ukraine would harm the population
  • Russia reacted furiously to plans outlined by Britain earlier this week to send shells containing depleted uranium to Ukraine

MOSCOW: Russia’s defense ministry said on Friday that the use of depleted uranium shells in Ukraine would harm Ukrainian troops, the wider population and negatively affect the country’s agriculture sector for decades or even centuries.
Russia has reacted furiously to plans outlined by Britain earlier this week to send shells containing depleted uranium to Ukraine.
London says they are a conventional form of ammunition, but President Vladimir Putin said the move showed NATO members were sending weapons with a “nuclear component” to Kyiv.
“The West is well aware of the negative consequences of using depleted uranium ammunition,” Igor Kirillov, head of the Nuclear, Biological and Chemical Protection Forces of Russia’s defense ministry said in a statement on Friday.
He said data on the use of depleted uranium by the United States and is allies in the Balkans and Iraq showed serious and lasting negative impacts on local populations and the environment.
Ukraine’s agricultural industry could suffer “for decades, if not centuries, into the future,” he said.
Critics of the use of depleted uranium, such as the International Coalition to Ban Uranium Weapons, say the dust created by such weapons can be breathed in while munitions which miss their target can poison groundwater and soil.
Countries such as the United States and Britain say depleted uranium is a good tool for destroying a modern tank. Britain says in guidance that inhaling enough depleted uranium dust to cause injury would be difficult.
Russia’s defense ministry on Friday disputed those claims and said the use of depleted uranium shells, compared to Tungsten-based ammunition, “has no significant advantage” on the battlefield.
The Royal Society said in a report in 2002 that the risks to the kidney and other organs from the use of depleted uranium munitions are very low for most soldiers in the battlefield and for those living in the conflict area.
Russia is also known to produce uranium weapons along with around 20 other countries, according to the International Coalition to Ban Uranium Weapons.


Kremlin: Important to identify object found next to Nord Stream pipeline

Kremlin: Important to identify object found next to Nord Stream pipeline
Updated 24 March 2023

Kremlin: Important to identify object found next to Nord Stream pipeline

Kremlin: Important to identify object found next to Nord Stream pipeline
  • Spokesperson: Ongoing investigation into blasts that struck the pipelines last September must be conducted with full transparency

MOSCOW: The Kremlin on Friday said it was important to identify an object discovered next to one of the Nord Stream pipelines, and said the ongoing investigation into blasts that struck the pipelines last September must be conducted with full transparency.
Kremlin spokesman Dmitry Peskov also told reporters it was a positive sign that Denmark had invited the Russian-controlled operator of the Nord Stream 2 pipeline to help salvage an unidentified object found close to the Baltic Sea pipelines.
“It’s certainly positive news when the owner of the pipeline is invited to take part in very important phases of the investigation,” Peskov said.
Last week, Danish authorities said a tubular object, protruding around 40 cm (16 inches) from the seabed and 10 cm in diameter, had been found during an inspection of the last remaining intact Nord Stream pipeline by its operator, Nord Stream 2 AG.
“It is critically important to determine what kind of object it is, whether it is related to this terrorist act — apparently it is — and to continue this investigation. And this investigation must be transparent,” Peskov added.
Three of the four pipelines of the Nord Stream 1 and Nord Stream 2 gas links were hit in a still-unexplained explosion last September.
Russia has, without evidence, blamed Britain and the United States for the blasts, while European investigators have not said who they believe was responsible.