“the company was likely breached through a leaked password to an old account that had access to the virtual private network (VPN) used to remotely access the company’s servers. The account reportedly didn’t have multifactor authentication, so the hackers only needed to know the username and the password to gain access to the largest petroleum pipeline in the country.”
“Reports varied on whether Colonial paid the ransom or not until May 19, when Colonial acknowledged that it did indeed pay $4.4 million worth of bitcoin (which may not be worth $4.4 million anymore). CEO Joseph Blount told the Wall Street Journal that it was a difficult decision, but one that he felt was “the right thing to do for our country.”
Blount added that it will cost Colonial far more — tens of millions of dollars — to completely restore its systems over the next several months.”
“Russia, China and others knowingly exploit two fundamental gaps in our cybersecurity architecture. They acquire or co-opt domestic computers and cloud services as a platform to launch malicious cyber operations. They appreciate that our intelligence services are focused on cyber activities beyond our borders, and that these services are generally not allowed to track foreign mischief once it moves onshore. Moreover, the private sector — very much a component of our national security — is largely left to fend for itself against foreign cyberattacks, yielding a situation inconsistent with the federal government’s role of providing our “common defense” under the Constitution.
Addressing these gaps raises enormously complex legal and policy questions about the scope of government in protecting us from foreign cyber malevolence. Yet our understandable hesitancy in confronting these questions allows adversaries to continue to exploit the situation. We must start that discussion and consider how our foreign intelligence services could work with the FBI and CISA — in a manner fully consistent with our values and the Constitution — to pursue foreign cyber maliciousness when it involves using domestic parts of the internet.
To have prevented this hack, we would have had to piece together information from the intelligence community about Russian intentions and activity, link it to hints (from affected agencies or DHS) that some government systems had suspicious domestic internet connections, and then monitor those internet connections. Media reports indicate that the Russians used a domestic internet domain leased from Go Daddy, a reputable and popular host for web domains, to control the malware that was inserted in government networks. Normally a search warrant or other legal process, often taking days, is required before the FBI can fully review the traffic connecting with a suspected malicious internet site. None of the foregoing steps could, at least under current structures, have been taken in sufficient time to detect the attack in the first place; at a very minimum, we could be better structured to stop such attacks from spreading.
There is no single structural or legal solution to the problem of foreign cyberattacks. More robust sanctions against foreign adversaries and better international efforts to stop the export of cyber mischief and bring cyber criminals to justice will also help. Working with other like-minded nations, we need to raise the risks and costs of cyber espionage and cyber damage.
But steps like those outlined above are also needed to bolster our federal government’s defenses and to give us more robust tools to use against foreign cyber wrongdoers. That, along with more vigorous sharing with private businesses of otherwise classified information about the techniques of those wrongdoers, would go a long way to addressing the vulnerabilities of the private sector, and thus help fulfill government’s responsibilities in that regard. As if we needed an illustration of the private sector’s vulnerability, the recent sophisticated attack was undetected even by cybersecurity incident response firm FireEye, apparently itself a victim, with some of its cybertools used to test customer network security audaciously stolen by the intruders.”
“Dutch media reported that in October, a hacker got into Trump’s Twitter account by guessing his password. And, I kid you not, the password was “maga2020!” — because of course it was.
Despite insistence from the White House and Twitter that there was no evidence of a hack, public prosecutors in the Netherlands confirmed details of an intrusion..The hacker, 44-year-old Victor Gevers, was facing potential jail time for accessing the president’s infamous social media account. But prosecutors said Gevers had acted in an “ethical” way by immediately disclosing what he had done to Dutch authorities.”
“The U.S. Treasury and Commerce departments, along with untold numbers of government and corporate computer networks, have been breached in what may be an espionage attempt by the Russian government. (The Russians are, of course, denying responsibility.)
The avenue was reportedly a malicious software update pushed through SolarWinds Inc., an Austin-based network management company that counts both the federal government and hundreds of major U.S. companies among its clients. Essentially, the hackers slipped some malicious code into a software update; if you were on the infected networks that installed the update, this gave the hackers backdoor access to your data.”
“It’s worthwhile to consider these developments in the light of law enforcement’s efforts to weaken encryption protections. When officials insist that individuals should not have access to strong encryption unless the government can bypass those protections and access our data, they don’t acknowledge that police won’t be the only ones exploiting those back doors. Others with malicious intent, be they criminals or foreign governments (or both), will figure out how to get through too. It has happened before to our own very own government, as another country, possibly China, figured out how to access a cybersecurity bypass that had been installed for the National Security Agency.”
“Hackers from a foreign nation-state have breached multiple federal agencies, including the Treasury Department and the Commerce Department’s National Telecommunications and Information Administration, in a months-long campaign that has stirred concerns of the highest levels of the federal government.
While the full scope and significance of the breaches remain unclear, their discovery prompted an emergency meeting Saturday of the White House’s National Security Council, according to a U.S. official who requested anonymity to discuss an ongoing incident. A second U.S. official said the attack is believed to be the work of the Russian government, a link also made in multiple news reports Sunday night.”
““The Russian government engaged in an aggressive, multi-faceted effort to influence, or attempt to influence, the outcome of the 2016 presidential election,” the report, which was co-signed by both Democrats and Republicans on the Senate committee, says. “Russian President Vladimir Putin ordered the Russian effort to hack computer networks and accounts affiliated with the Democratic Party and leak information damaging to Hillary Clinton and her campaign for president” to WikiLeaks.
Paul Manafort, the former Trump campaign chair, comes under heavy criticism in the report for his “willingness to share information with individuals closely affiliated with the Russian intelligence services” — this “represented a grave counterintelligence threat.”
However, the report goes further than special counsel Robert Mueller did — it claims some information suggests Manafort and a longtime associate of his, Konstantin Kilimnik, were “connected” to the Russian government’s effort to hack and leak Democrats’ emails. These details are redacted, though.
The report also retells the story of how Roger Stone tried to get inside information on WikiLeaks’ plans at the behest of the Trump campaign. “Stone obtained information indicating that John Podesta would be a target of an upcoming release,” the report says. It also describes Jerome Corsi’s claims that Stone tried to get WikiLeaks to time the release of Podesta’s emails to distract from the Access Hollywood tape.
There are many other topics addressed in the report, including some criticism for how the FBI handled the “Steele dossier” allegations about Trump. There are also matters that remain murky — most notably, the purpose and extent of Manafort’s communications with Kilimnik, and the exact nature of the information Stone got regarding WikiLeaks.”
“Officials said the massive hack by the members of China’s People’s Liberation Army underscored Beijing’s aggressive pattern of stealing private data to improve its intelligence operations and boost the performance of its domestic companies.”
“Chinese spies have ramped up espionage-focused hacking in recent years. Their targets — including the Office of Personnel Management and the health insurance titan Anthem — reflect Beijing’s desire to amass dossiers on Americans, especially those with security clearances, in the hope of compromising them.
The Justice Department charged two Chinese hackers with the Anthem breach, and U.S. officials have privately blamed China for the devastating OPM intrusion. Intelligence officials have also linked Beijing to other major cyberattacks, including the Marriott hack that exposed the personal data of roughly 500 million people.
“At the FBI we’ve been saying for years that China will do anything it can to replace the United States as the world’s leading superpower,” Bowdich said. “This indictment is about more than targeting just an American business. It’s about the brazen theft of sensitive personal information of nearly 150 million Americans.””