US infiltrates big ransomware gang: ‘We hacked the hackers’

US infiltrates big ransomware gang: ‘We hacked the hackers’
US Attorney General Merrick Garland, with FBI Director Christopher Wray (R) and Deputy Attorney General Lisa Monaco (L), announces the shutting down of the Hive ransomware operation on January 26, 2023. (AFP)
Short Url
Updated 27 January 2023

US infiltrates big ransomware gang: ‘We hacked the hackers’

US infiltrates big ransomware gang: ‘We hacked the hackers’
  • Gang identified as Hive among the world’s top five ransomware networks and has heavily targeted health care
  • Hive, working with German and other partners, was estimated to have victimized some 1,300 companies globally

WASHINGTON: The FBI and international partners have at least temporarily disrupted the network of a prolific ransomware gang they infiltrated last year, saving victims including hospitals and school districts a potential $130 million in ransom payments, Attorney General Merrick Garland and other US officials announced Thursday.
“Simply put, using lawful means we hacked the hackers,” Deputy Attorney General Lisa Monaco said at a news conference.
Officials said the targeted syndicate, known as Hive, is among the world’s top five ransomware networks and has heavily targeted health care. The FBI quietly accessed its control panel in July and was able to obtain software keys it used with German and other partners to decrypt networks of some 1,300 victims globally, said FBI Director Christopher Wray.
How the takedown will affect Hive’s long-term operations is unclear. Officials announced no arrests but said, to pursue prosecutions, they were building a map of the administrators who manage the software and the affiliates who infect targets and negotiate with victims.
“I think anyone involved with Hive should be concerned because this investigation is ongoing,” Wray said.
On Wednesday night, FBI agents seized computer servers in Los Angeles used to support the network. Two Hive dark web sites were seized: one used for leaking data of non-paying victims, the other for negotiating extortion payments.
“Cybercrime is a constantly evolving threat, but as I have said before, the Justice Department will spare no resource to bring to justice anyone anywhere that targets the United States with a ransomware attack,” Garland said.

 

He said the infiltration, led by the FBI’s Tampa office, allowed agents in one instance to disrupt a Hive attack against a Texas school district, stopping it from making a $5 million payment.
It’s a big win for the Justice Department. Ransomware is the world’s biggest cybercrime headache with everything from Britain’s postal service and Ireland’s national health network to Costa Rica’s government crippled by Russian-speaking syndicates that enjoy Kremlin protection.
The criminals lock up, or encrypt, victims’ networks, steal sensitive data and demand large sums. Their extortion has evolve to where data is pilfered before ransomware is activated, then effectively held hostage. Pay up in cryptocurrency or it is released publicly.
As an example of a Hive sting, Garland said it kept one Midwestern hospital in 2021 from accepting new patients at the height of the COVID-19 epidemic.
The online takedown notice, alternating in English and Russian, mentions Europol and German law enforcement partners. The German news agency dpa quoted prosecutors in Stuttgart as saying cyber specialists in the southwestern town of Esslingen were decisive in penetrating Hive’s criminal IT infrastructure after a local company was victimized.
In a statement, Europol said companies in more than 80 countries, including oil multinationals, have been compromised by Hive and that law enforcement from 13 countries was in on the infiltration.
A US government advisory last year said Hive ransomware actors victimized over 1,300 companies worldwide from June 2021 through November 2022, netting about $100 million in payments. Criminals using Hive’s ransomware-as-a-service tools targeted a wide range of businesses and critical infrastructure, including government, manufacturing and especially health care.
Though the FBI offered decryption keys to some 1,300 victims globally, Wray said only about 20 percent reported potential issues to law enforcement.
“Here, fortunately, we were still able to identify and help many victims who didn’t report. But that is not always the case,” Wray said. “When victims report attacks to us, we can help them and others, too.”
Victims sometimes quietly pay ransoms without notifying authorities — even if they’ve quickly restored networks — because the data stolen from them could be extremely damaging to them if leaked online. Identity theft is among the risks.
John Hultquist, the head of threat intelligence at the cybersecurity firm Mandiant, said the Hive disruption won’t cause a major drop in overall ransomware activity but is nonetheless “a blow to a dangerous group.”
“Unfortunately, the criminal marketplace at the heart of the ransomware problem ensures a Hive competitor will be standing by to offer a similar service in their absence, but they may think twice before allowing their ransomware to be used to target hospitals,” Hultquist said.
But analyst Brett Callow with the cybersecurity firm Emsisoft said the operation is apt to lessen ransomware crooks’ confidence in what has been a very high reward-low risk business. “The information collected may point to affiliates, launderers and others involved in the ransomware supply chain.”
Allan Liska, an analyst with Recorded Future, another cybersecurity outfit, predicted indictments, if not actual arrests, in the next few months.
There are few positive indicators in the global fight against ransomware, but here’s one: An analysis of cryptocurrency transactions by the firm Chainalysis found ransomware extortion payments were down last year. It tracked payments of at least $456.8 million, down from $765.6 million in 2021. While Chainalysis said the true totals are certainly much higher, payments were clearly down. That suggests more victims are refusing to pay.
The Biden administration got serious about ransomware at its highest levels two years ago after a series of high-profile attacks threatened critical infrastructure and global industry. In May 2021, for instance, hackers targeted the nation’s largest fuel pipeline, causing the operators to briefly shut it down and make a multimillion-dollar ransom payment, which the US government later largely recovered.
A global task force involving 37 nations began work this week. It is led by Australia, which has been particularly hard-hit by ransomware, including a major medical insurer and telecom. Conventional law enforcement measures such as arrests and prosecutions have done little to frustrate the criminals. Australia’s interior minister, Clare O’Neil, said in November that her government was going on the offense, using cyber-intelligence and police agents to ” find these people, hunt them down and debilitate them before they can attack our country.”
The FBI has obtained access to decryption keys before. It did so in the case of a major 2021 ransomware attack on Kaseya, a company whose software runs hundreds of websites. It took some heat, however, for waiting several weeks to help victims unlock afflicted networks.


Over 1,400 migrants are rescued from overcrowded boats off Italy by coast guard

Over 1,400 migrants are rescued from overcrowded boats off Italy by coast guard
Updated 07 June 2023

Over 1,400 migrants are rescued from overcrowded boats off Italy by coast guard

Over 1,400 migrants are rescued from overcrowded boats off Italy by coast guard
  • There were 47 migrants, including two children in immediate need of medical care, aboard the sailboat in distress off the region of Calabria
  • The rescues began late Monday night and ended in the early hours of Wednesday in the Ionian Sea off Calabria's east coast

ROME: More than 1,400 migrants have been rescued from overcrowded vessels, including a sailboat, in four separate operations in the Mediterranean Sea off southern Italy, the Italian coast guard said Wednesday.
There were 47 migrants, including two children in immediate need of medical care, aboard the sailboat in distress off the region of Calabria, in the “toe” of the Italian peninsula, a coast guard statement said. They were rescued by a coast guard motorboat early Tuesday.
The statement said the rescues began late Monday night and ended in the early hours of Wednesday in the Ionian Sea off Calabria’s east coast. One coast guard vessel took on around 590 migrants from aboard a fishing boat, and then later brought on around 650 migrants from another fishing boat, the statement said.
A coast guard motorboat and an Italian border police ship came to the assistance of a fourth vessel, with 130 migrants aboard.
Authorities didn’t immediately give details on the nationalities of the passengers or routes taken by the migrant vessels. But generally, many boats with migrants sighted off the Ionian Sea set out from Turkiye’s coast, where smugglers launch crowded and unseaworthy boats.
Earlier this year, a migrant boat navigating on that route slammed into a sandbank just off a Calabrian beach town and broke apart. At least 94 migrants perished and 80 others survived.
That shipwreck is under criminal investigation, including the role of several members of Italy’s border police corps, which operates vessels off the country’s long coastline. Four suspected smugglers have been arrested.
In addition, prosecutors want to know if rescue efforts could have been launched hours earlier. Italian border police boats reportedly turned back to port because of rough seas, and by the time a coast guard vessel, better equipped to navigate in poor sea conditions, reached the area, bodies were already in the water. In that case, the migrant boat had been spotted hours earlier by a surveillance aircraft operated by Frontex, the European Union’s border monitoring force.
Wednesday’s statement by the coast guard said that crew on a Frontex surveillance plane had spotted a fishing boat with the 590 migrants aboard. A Frontex patrol boat and a Frontex support vessel were among the assets involved in the rescue operations for the two fishing boats, according to the coast guard.
Alarm Phone, a nongovernmental organization that frequently receives satellite calls from migrant vessels in distress and relays the information to maritime authorities in Italy and Malta, was among the organizations signaling the need for rescue for the 130 people aboard the fourth boat.


Erdogan proposes destroyed dam probe in Zelensky call

Erdogan proposes destroyed dam probe in Zelensky call
Updated 07 June 2023

Erdogan proposes destroyed dam probe in Zelensky call

Erdogan proposes destroyed dam probe in Zelensky call
  • Moscow and Kyiv have traded blame for the destruction of Kakhovka hydroelectric dam
  • President Erdogan said that a commission could be established with the participation of experts from the warring parties, the United Nations and the international community

ISTANBUL: President Recep Tayyip Erdogan on Wednesday proposed, in a call with his Ukrainian counterpart, creating an international commission to probe the destruction of a major dam in southern Ukraine, his office reported.
Moscow and Kyiv have traded blame for the destruction of Kakhovka hydroelectric dam, which was ripped open early Tuesday after a reported blast.
“President Erdogan said that a commission could be established with the participation of experts from the warring parties, the United Nations and the international community, including Turkiye, for a detailed investigation into the explosion at Kakhovka dam,” his office said after the call with Ukrainian President Volodymyr Zelensky.
The Kakhovka dam sits on the Dnipro River, which feeds a reservoir providing cooling water for the Russian-occupied Zaporizhzhia nuclear power station, Europe’s largest, some 150 kilometers (90 miles) upstream.
The destruction of the dam caused torrents of water to pour into the Dnipro, pushing thousands of civilians to flee the flooded areas while raising fears of an ecological disaster.
NATO member Turkiye, which has good ties with Moscow and Kyiv.


Marcos to strengthen ties with countries hosting Filipino workers

Marcos to strengthen ties with countries hosting Filipino workers
Updated 07 June 2023

Marcos to strengthen ties with countries hosting Filipino workers

Marcos to strengthen ties with countries hosting Filipino workers
  • Philippines celebrates Migrant Workers’ Day every June 7
  • Overseas ‘heroes’ are key drivers of the Philippine economy

MANILA: Philippine President Ferdinand Marcos Jr. announced on Wednesday his administration would foster stronger ties with countries that host overseas Filipinos to ensure their safety and welfare.

Nearly 2 million migrant workers are key drivers of the Philippine economy and a main source of the country’s foreign reserves.

Often referred to as “modern-day heroes,” Marcos said overseas Filipinos “fuel the engine of progress” in the Philippines. They sent around $36 billion in personal remittances last year, making up about 8.9 percent of the country’s gross domestic product, according to central bank data.

“We understand the challenges that you faced being far from your loved ones, adjusting to new cultures and overcoming barrier(s),” Marcos said in a video message broadcast to mark Migrant Workers’ Day in the Philippines.

“That’s why this administration will continue to foster stronger ties with countries that host our migrant workers, ensuring safety, welfare and well-being.”

Nearly a quarter of overseas Filipinos, or OFWs, work and live in Saudi Arabia, followed by the UAE, Hong Kong, Kuwait, Singapore and Qatar.

“In every corner of the globe, you have left an indelible mark that uplifted both your host countries and our nation in the process,” Marcos said, adding that their sacrifices had “nurtured dreams, elevated livelihoods, and fueled the engine of progress” in the Philippines.

The Philippines celebrates Migrant Workers’ Day every June 7 in commemoration of enacting the 1995 Migrant Workers’ Act, which introduces standards for the protection and welfare of those working abroad, their families and overseas Filipinos in distress.

In 2021, former president Rodrigo Duterte signed a law establishing the Department of Migrant Workers, which is tasked with overseeing policies protecting OFWs.

The DMW’s Secretary Susan Ople announced on Wednesday training and mentorship programs for OFWs with the Department of Trade and Industry to help Filipino migrant workers start their own businesses once they return to home.

“Our OFWs contribute to our economy through their dollar remittances but at some point in their lives, they would also need to come home and create sustainable sources of income through entrepreneurship, sound investments or by landing a better job here at home,” Ople said.

“We want them to come back with excitement in their hearts on what the future holds for them and their families, through meaningful partnerships across the government bureaucracy and with NGOs and private companies serving as their mentors and cheerleaders.”


Poll suggests most Asian, Black people in UK face regular discrimination

Protesters with banners and placards march from Toxteth into central Liverpool in support of the Black Lives Matter movement.
Protesters with banners and placards march from Toxteth into central Liverpool in support of the Black Lives Matter movement.
Updated 07 June 2023

Poll suggests most Asian, Black people in UK face regular discrimination

Protesters with banners and placards march from Toxteth into central Liverpool in support of the Black Lives Matter movement.
  • Majority of respondents say Britain needs to make more progress on racial issues over next 25 years

LONDON: A new report has revealed that more than two-thirds of Black and Asian people in the UK face racial discrimination in their daily lives, the Metro reported.

The study by British Future, a think tank, explored British public attitudes on race, identity, and bias, using polling data covering almost 2,500 people, including 1,000 from an ethnic minority background.

The polling was conducted by Focaldata in March and April.

Though 80 percent of ethnic minority participants said that the UK was a better place to live for minorities than the US, Germany, and France, 67 percent said that they still faced discrimination in Britain on a daily basis.

When White British participants were asked if the UK was a better place to live for minorities compared to other major Western countries, 73 percent reckoned the statement was true while 27 percent did not.

But when asked if it was easier to “get on” in Britain if you were white, 48 percent of white British respondents and 60 percent of ethnic minority participants said that they believed it was.

And more than half of all respondents said that Britain’s political and media culture had become more divisive and polarized, including on racial issues, which two-thirds of people said should involve a less-heated debate.

On Britain’s progress on racial issues over the last 25 years, 68 percent of ethnic minority participants and 71 percent of white respondents said that the country had made “significant” changes.

However, a majority of all respondents — 64 percent of white Britons and 80 percent of minority groups — agreed with the statement that Britain “needs to make much more progress on race in the next 25 years.”


Attacks by suspected militants in Burkina Faso kill 21

Attacks by suspected militants in Burkina Faso kill 21
Updated 07 June 2023

Attacks by suspected militants in Burkina Faso kill 21

Attacks by suspected militants in Burkina Faso kill 21
  • Burkina Faso struggling with a militant insurgency that swept in from neighboring Mali in 2015
  • Nearly a third of the country lies outside the government’s control, according to official estimates

OUAGADOUGOU: Twenty-one people, most of them members of the security forces, have been killed in Burkina Faso in attacks by suspected militants, security sources said on Wednesday.
Fourteen members of the VDP volunteer militia and four soldiers died on Monday in Sawenga in central-eastern Burkina, while five were wounded, a source said.
Another security source confirmed the toll, saying that the clash occurred during an operation to secure the area, and that “more than 50 terrorists were neutralized” in an airborne counter-attack.
Separately, a police source said a policeman and two civilians were killed on Monday night in an attack on a police border post at Yendere, on the southwestern frontier with Ivory Coast.
A trucker in the area confirmed the attack, adding that many local people had already fled into Ivory Coast because of militant incursions.
Ivory Coast hosts around 18,000 Burkinabe refugees, more than double the tally for 2022, according to the UN’s refugee agency.
One of the poorest and most troubled countries in the world, Burkina is struggling with a militant insurgency that swept in from neighboring Mali in 2015.
Nearly a third of the country lies outside the government’s control, according to official estimates.
More than 10,000 civilians, troops and police have died, according to an NGO count, while at least two million people have been displaced.
Anger within the military at failures to roll back the insurgency sparked two coups last year, culminating in the ascent of a young army captain, Ibrahim Traore.
The junta has ruled out any negotiations with the militants.
It is staking much of its anti-militant strategy on the VDP — the Volunteers for the Defense of the Fatherland militia.
The force comprises civilian volunteers who are given two weeks’ military training and then work alongside the army, typically carrying out surveillance, information-gathering or escort duties.
Since its inception in December 2019, the VDP has suffered hundreds of casualties, especially in ambushes or roadside bombings.
Despite the losses, the authorities launched a successful recruitment drive last year, encouraging 90,000 people to sign up, far exceeding the target of 50,000.