Computer crimes should be eligible for death penalty....AT&T paid $400K random!

The Bilingual Gringo

The Bilingual Gringo

Tucked in to the socks
Supporter
Joined
May 11, 2012
Messages
4,780
Reputation
910
Daps
9,296
GnauzBookOfRhymes

GnauzBookOfRhymes

Superstar
Joined
May 7, 2012
Messages
12,451
Reputation
2,832
Daps
47,781
Reppin
NULL
The Bilingual Gringo said:
Jesus...

The whole system is broken. Still feels like next to nobody takes this shyt seriously
Click to expand...

We never take shyt seriously until it’s too late and/or the elites are the ones being victimized. Right now their losses are easily socialized bc the targets are large corporations etc. But once it’s their children, husbands, wives etc they might start moving with more urgency.
 
Spidey Man

Spidey Man

Superstar
Joined
Jun 1, 2012
Messages
8,732
Reputation
840
Daps
25,145
Reppin
NULL
B

bnew

Veteran
Joined
Nov 1, 2015
Messages
52,329
Reputation
7,979
Daps
150,078
www.reuters.com

Alliance of 40 countries to vow not to pay ransom to cybercriminals, US says

Forty countries in a U.S.-led alliance plan to sign a pledge never to pay ransom to cybercriminals and to work toward eliminating the hackers' funding mechanism, a senior White House official said on Tuesday.
www.reuters.com www.reuters.com

Alliance of 40 countries to vow not to pay ransom to cybercriminals, US says​

By Zeba Siddiqui

October 31, 202310:36 AM EDTUpdated a day ago

White House Deputy National Security Advisor Neuberger addresses cyber security during the daily press briefing at the White House in Washington

White House Deputy National Security Advisor for Cyber and Emerging Technology, Anne Neuberger, addresses cyber security during the daily press briefing at the White House in Washington, U.S. September 2, 2021. REUTERS/Jonathan Ernst/File Photo Acquire Licensing Rights


SAN FRANCISCO, Oct 31 (Reuters) - Forty countries in a U.S.-led alliance plan to sign a pledge never to pay ransom to cybercriminals and to work toward eliminating the hackers' funding mechanism, a senior White House official said on Tuesday.


The International Counter Ransomware Initiative comes as the number of ransomware attacks grows worldwide. The United States is by far the worst hit, with 46% of such attacks, Anne Neuberger, U.S. deputy national security adviser in the Biden administration for cyber and emerging technologies, told reporters on a virtual briefing.

"As long as there is money flowing to ransomware criminals, this is a problem that will continue to grow," she said.


In ransomware attacks, hackers encrypt an organization's systems and demand ransom payments in exchange for unlocking them. Often they also steal sensitive data and use it to extort victims and leak it online if the payments are not made.


While hundreds of companies fall victim every year, high-profile U.S. attacks occurred in the last two months at casino operator MGM Resorts International (MGM.N) and cleaning products maker Clorox (CLX.N). Both companies have not yet fully recovered from the disruptions.

The new initiatives by the alliance aim to eliminate the criminals' funding through better information sharing about ransom payment accounts, Neuberger said. Two information-sharing platforms will be created, one by Lithuania and another jointly by Israel and the UAE.
Reuters reported details of this initiative on Monday.


Partner countries will share a "black list" through the U.S. Department of Treasury that will include information on digital wallets being used to move ransomware payments, Neuberger said.

She added that the effort will use artificial intelligence to analyze blockchain with a view to identifying illicit funds.


The volume of crypto payments to ransomware attackers is on track for its second-biggest annual total on record, blockchain analytics firm Chainalysis said in July.


Reporting by Zeba Siddiqui in San Francisco; Editing by Cynthia Osterman


Our Standards: The Thomson Reuters Trust Principles.
 
GnauzBookOfRhymes

GnauzBookOfRhymes

Superstar
Joined
May 7, 2012
Messages
12,451
Reputation
2,832
Daps
47,781
Reppin
NULL
That's a good first step I guess.

It's so crazy though when you think about it.

If a police officer shot and even killed someone who threatened to shut off the power to a hospital, would anyone be angry or blame him/her? I don't think so. Even if the hospital had backup generators etc, no one would care b/c at the end of the day that is something society should never tolerate :yeshrug:

One of the things a lot of ppl in the US don't realize is just how shytty most of our state/local/municipal governments are at anything IT/security related. Everything is contracted out to the lowest bidders (or the friends of the mayors etc) and the agencies have little to no inhouse/institutional knowledge. A number of municipalities have already paid ransoms, so we know their systems are full of holes. At some point there is going to be a serious attack on infrastructure. It won't be an NYC or other large city that has the resources and motivation to take it seriously, but it's going to either shut down power to or , affect systems that maintain water safety or maybe security related systems (emergency communications/police etc).

MFers better wake up. The malicious/malignant nerds are the people we need to fear nowadays. Locally it's not the gangbangers/hoodlums and even internationally it's not tinpot dictators etc. Especially with all of the advances in AI.

The nerds need to fear us regular people. The bad ones, not the good ones. Ya'll cool to me.
 
Spidey Man

Spidey Man

Superstar
Joined
Jun 1, 2012
Messages
8,732
Reputation
840
Daps
25,145
Reppin
NULL
GnauzBookOfRhymes said:
That's a good first step I guess.

It's so crazy though when you think about it.

If a police officer shot and even killed someone who threatened to shut off the power to a hospital, would anyone be angry or blame him/her? I don't think so. Even if the hospital had backup generators etc, no one would care b/c at the end of the day that is something society should never tolerate :yeshrug:

One of the things a lot of ppl in the US don't realize is just how shytty most of our state/local/municipal governments are at anything IT/security related. Everything is contracted out to the lowest bidders (or the friends of the mayors etc) and the agencies have little to no inhouse/institutional knowledge. A number of municipalities have already paid ransoms, so we know their systems are full of holes. At some point there is going to be a serious attack on infrastructure. It won't be an NYC or other large city that has the resources and motivation to take it seriously, but it's going to either shut down power to or , affect systems that maintain water safety or maybe security related systems (emergency communications/police etc).

MFers better wake up. The malicious/malignant nerds are the people we need to fear nowadays. Locally it's not the gangbangers/hoodlums and even internationally it's not tinpot dictators etc. Especially with all of the advances in AI.

The nerds need to fear us regular people. The bad ones, not the good ones. Ya'll cool to me.
Click to expand...

I'm most worried about China taking down the power grid. Any serious attack on the grid will kill a lot of people and be insanely expensive to repair. That's why I would love to see the government help create battery storage for houses and businesses as micro grids.
 
Hood Critic

Hood Critic

The Power Circle
Joined
May 2, 2012
Messages
23,644
Reputation
3,580
Daps
107,367
Reppin
דעת
Spidey Man said:
I'm most worried about China taking down the power grid. Any serious attack on the grid will kill a lot of people and be insanely expensive to repair. That's why I would love to see the government help create battery storage for houses and businesses as micro grids.
Click to expand...
Our critical infrastructure is definitely antiquated but most infrastructure worldwide is fallible. So it's essentially the new arms race, attack our power grid, watch your satellites start falling out of the sky or water treatment and pumping sites come to a halt.
 
B

bnew

Veteran
Joined
Nov 1, 2015
Messages
52,329
Reputation
7,979
Daps
150,078
www.theverge.com

Ransomware gang ‘unseizes’ its site and issues new threats after FBI takedown

Ransomware-as-a-service isn’t going away easily.
www.theverge.com www.theverge.com

Ransomware gang ‘unseizes’ its site and issues new threats after FBI takedown

The FBI, working with international authorities, says it has offered to help decrypt data for hundreds of victims of ALPHV / Blackcat gang.​


By Wes Davis, a weekend editor who covers the latest in tech and entertainment. He has written news, reviews, and more as a tech journalist since 2020.

Dec 19, 2023, 6:35 PM EST|15 Comments / 15 New
A cartoon illustration shows a shadowy figure carrying off a red directory folder, which has a surprised-looking face on its side.
VRG_Illo_STK001_B_Sala_Hacker.jpg

Illustration: Beatrice Sala

The US Justice Department (DOJ) says the FBI has created a decryption tool that helped it return the data of over 500 ransomware victims as part of a multinational law enforcement push. It also wrote that the bureau had seized “several websites” operated by the ALPHV / Blackcat ransomware gang.

However, Bleeping Computer reports that by this afternoon, ALPHV / Blackcat claimed to have regained control of its site and that the FBI only had decryption keys for 400 or so companies, leaving more than 3,000 victims whose data remains encrypted. The gang also reportedly said that it was no longer restricting affiliates using its ransomware software from attacking critical infrastructure, including hospitals and nuclear power plants.

According to the DOJ, “Over the past 18 months, ALPHV/Blackcat has emerged as the second most prolific ransomware-as-a-service variant in the world based on the hundreds of millions of dollars in ransoms paid by victims around the world.” In its model, the gang is responsible for creating and updating the ransomware, while affiliates find targets and launch the attacks, and then they split the profits.

Related


Over the summer, the gang also claimed credit for a Reddit hack, demanding $4.5 million to return the data, as well as for stealing data from games publisher Namco Bandai. Near the end of the summer, the gang claimed credit for shutting down several MGM Resorts casinos and hotels in Las Vegas, Nevada.
 
B

bnew

Veteran
Joined
Nov 1, 2015
Messages
52,329
Reputation
7,979
Daps
150,078

Hackers see wealth of information to steal in children’s school records​

PUBLISHED WED, DEC 27 202310:36 AM EST

Rachel Curry @WRITINGSOFRACH

KEY POINTS
  • Aside from threats to their physical safety, schools must now fight back against cyber attacks.
  • In the U.S., 1,981 schools across 45 districts fell victim to cybersecurity attacks in 2022, almost doubling the previous year’s incidents.
  • Hackers seeking ransom payouts or identity thieves can gain access to assessments, grades, health records, attendance history, discipline records, special education records, home communications and more.

Young male student preparing for the test listening online lessons on headphones

Young male student preparing for the test listening online lessons on headphones

Milan Kostic | Istock | Getty Images

The education community — students, teachers, parents, staff and those connected to all of them — are barraged with threats to their physical safety. Now, they’re also increasingly dealing with the kind of threats that don’t take lives but impact them nonetheless.

“Our school’s digital doors are rattled, pinged, probed and prodded thousands of times each day by well-resourced adversaries from all over the globe,” said Charlie Reisinger, chief information officer of Penn Manor School District in Lancaster County, Penn. and a professor in Millersville University of Pennsylvania’s IT program.

In the U.S., 1,981 schools across 45 districts fell victim to cybersecurity attacks in 2022, almost doubling the previous year’s incidents, according to an Emsisoft report based on aggregated publicly available data.

Schools are “definitely not funded enough to support cyber warfare,” said Josh Heller, supervisor of information security engineering at Digi International.

Penn Manor School District has 5,500 students who collectively generate more than two million individual data points in the core student management system alone.



Going after a student’s spotless credit​

Cybercriminals seeking ransom payouts or identity thieves going after a student’s spotless credit can gain access to identifying information, assessments, assignments, grades, homework, health records, attendance history, discipline records, special education records, home communications and more.

“Imagine being 18 and hearing that your credit was already ruined by a criminal who stole your personal information while you were in fourth grade,” Reisinger said in testimony to the U.S. Senate on behalf of the Pennsylvania School Boards Association regarding student data privacy and protection in October 2022. In addition to the obvious financial implications of an unbeknownst stolen identity at a young age, the socio-emotional impact of it all, as Heller calls it, cannot be ignored.

Meanwhile, the sheer volume of both people and devices in any standard modern educational setting generates more permutations for human failure.

Warren Young, vice president of education at Absolute Software, says these devices often find themselves in a state of loss, whether teachers or students lose them, take them when they leave, or remove essential security features from the devices. “You cannot secure what you cannot see,” Young said.

Heller says phishing attacks and the exploitation of known vulnerabilities for purposes such as ransom are of primary concern. Ransomware’s costs are multifold, including lost productivity from downtime, recovery efforts and paid ransoms. “Really, the largest cost,” said Young, “is that your students aren’t learning.”

Ransomware gangs are now reporting to the SEC, says CrowdStrike CEO


WATCH NOW

VIDEO03:54

Ransomware gangs are now reporting to the SEC, says CrowdStrike CEO

Even when networks aren’t down, every extra phishing simulation, multi-factor authentication (MFA) step and password requirement, while necessary, comes at the cost of that learning time.

Cybersecurity attackers may have the motive, speed and velocity to retain an upper hand, but the myriad influences in the education sector do not sit idly by.

Federal funding and regulations for school cybersecurity are the most potent weapons against cyber attacks. “All eyes are really on the government for this one,” said Heller. Opportunities include expanding funding through avenues like the Department of Homeland Security’s State and Local Cybersecurity Grant Program and regulating through means like California’s Age-Appropriate Design Code Act and cybersecurity awareness initiatives.



Bridging the cyber talent gap with partnerships​

Reisinger says schools can also address the cyber talent gap (which largely results from wages that can’t compete with big tech) by instating cyber partnerships between public schools and local university programs. “This could take the form of internships, job knowledge exchanges, apprenticeships and other practical, skills-focused initiatives to create a pipeline of talent for both schools and businesses,” Reisinger said.

Young says it’s crucial to audit the data that exists on devices and ensure it’s in an encrypted state. He added, “Should something happen with that device, can you remove that data off of that machine to make sure none of it can be accessed?”

Additionally, Heller says responsible vendor disclosure through the U.S. Cyber & Infrastructure Security Agency can help put government funding to use. “We shouldn’t allow vendors to leave customers vulnerable,” he said. The government also has the NIST National Vulnerability database that helps keep information teams up to date so they can protect against the latest attacks. However, bad actors can access this information for nefarious purposes, so keeping that information stealth for those who need it would be more beneficial.

For school districts, it’s imperative to understand indicators of compromise. According to the IBM Data Breach Action Guide 2022, it takes businesses an average of 207 days to identify a breach and another 70 days to contain it. Knowing when a disaster has occurred sooner can help schools resolve the issue with less pain.

From there, having an incident response team to immediately launch a disaster recovery plan will help protect critical assets and the community those assets impact.

On a seemingly simpler side, Heller said, “If you don’t have multi-factor authentication, you’re toast.”

He advises moving away from methods like SMS confirmation, which can be intercepted through Bluetooth, and says that physical hardware security tokens would be safer. Of course, as Young said, “Some of the time we’re talking about kids as young as five and six years old with technology in their hands.” In these cases, lost technology is a real threat, and the most secure solution is not necessarily the one that makes the most sense. This paradox is yet another mountain that school information security teams must climb.

Whatever the risks and solutions, cybersecurity in schools is imperative because cyber attacks are inevitable. “There’s a desire to be disruptive, so we have to understand, how do we mitigate?” Heller said.

Fortunately, the industry is a largely non-competitive field, Young says, and a blend of communal ideation, layered security and cyber hygiene could make a difference for the schools that shape our world.
 
GnauzBookOfRhymes

GnauzBookOfRhymes

Superstar
Joined
May 7, 2012
Messages
12,451
Reputation
2,832
Daps
47,781
Reppin
NULL
The part that is most frightening is the extent to which we are depending on local governments that can't even properly manage the development of a 311 app that doesn't crash every other minute to protect these assets SMH.

Few cities even have in house IT anymore. They outsource everything to private sector. Now that might be a good idea if you're contracting with large corporations that have the technical know how and incentive to prevent embarrassing intrusions. But in some states/cities, some mayor's brother's cousin's next door neighbor whose company's "IT services" is really just sending your shyt to Geek Squad will get that contract 🤣
 
You must log in or register to reply here.
Top