US infiltrates big ransomware gang: ‘We hacked the hackers’

US Attorney General Merrick Garland, with FBI Director Christopher Wray (R) and Deputy Attorney General Lisa Monaco (L), announces the shutting down of the Hive ransomware operation on January 26, 2023. (AFP)
Short Url
Updated 27 January 2023
Follow

US infiltrates big ransomware gang: ‘We hacked the hackers’

  • Gang identified as Hive among the world’s top five ransomware networks and has heavily targeted health care
  • Hive, working with German and other partners, was estimated to have victimized some 1,300 companies globally

WASHINGTON: The FBI and international partners have at least temporarily disrupted the network of a prolific ransomware gang they infiltrated last year, saving victims including hospitals and school districts a potential $130 million in ransom payments, Attorney General Merrick Garland and other US officials announced Thursday.
“Simply put, using lawful means we hacked the hackers,” Deputy Attorney General Lisa Monaco said at a news conference.
Officials said the targeted syndicate, known as Hive, is among the world’s top five ransomware networks and has heavily targeted health care. The FBI quietly accessed its control panel in July and was able to obtain software keys it used with German and other partners to decrypt networks of some 1,300 victims globally, said FBI Director Christopher Wray.
How the takedown will affect Hive’s long-term operations is unclear. Officials announced no arrests but said, to pursue prosecutions, they were building a map of the administrators who manage the software and the affiliates who infect targets and negotiate with victims.
“I think anyone involved with Hive should be concerned because this investigation is ongoing,” Wray said.
On Wednesday night, FBI agents seized computer servers in Los Angeles used to support the network. Two Hive dark web sites were seized: one used for leaking data of non-paying victims, the other for negotiating extortion payments.
“Cybercrime is a constantly evolving threat, but as I have said before, the Justice Department will spare no resource to bring to justice anyone anywhere that targets the United States with a ransomware attack,” Garland said.

 

He said the infiltration, led by the FBI’s Tampa office, allowed agents in one instance to disrupt a Hive attack against a Texas school district, stopping it from making a $5 million payment.
It’s a big win for the Justice Department. Ransomware is the world’s biggest cybercrime headache with everything from Britain’s postal service and Ireland’s national health network to Costa Rica’s government crippled by Russian-speaking syndicates that enjoy Kremlin protection.
The criminals lock up, or encrypt, victims’ networks, steal sensitive data and demand large sums. Their extortion has evolve to where data is pilfered before ransomware is activated, then effectively held hostage. Pay up in cryptocurrency or it is released publicly.
As an example of a Hive sting, Garland said it kept one Midwestern hospital in 2021 from accepting new patients at the height of the COVID-19 epidemic.
The online takedown notice, alternating in English and Russian, mentions Europol and German law enforcement partners. The German news agency dpa quoted prosecutors in Stuttgart as saying cyber specialists in the southwestern town of Esslingen were decisive in penetrating Hive’s criminal IT infrastructure after a local company was victimized.
In a statement, Europol said companies in more than 80 countries, including oil multinationals, have been compromised by Hive and that law enforcement from 13 countries was in on the infiltration.
A US government advisory last year said Hive ransomware actors victimized over 1,300 companies worldwide from June 2021 through November 2022, netting about $100 million in payments. Criminals using Hive’s ransomware-as-a-service tools targeted a wide range of businesses and critical infrastructure, including government, manufacturing and especially health care.
Though the FBI offered decryption keys to some 1,300 victims globally, Wray said only about 20 percent reported potential issues to law enforcement.
“Here, fortunately, we were still able to identify and help many victims who didn’t report. But that is not always the case,” Wray said. “When victims report attacks to us, we can help them and others, too.”
Victims sometimes quietly pay ransoms without notifying authorities — even if they’ve quickly restored networks — because the data stolen from them could be extremely damaging to them if leaked online. Identity theft is among the risks.
John Hultquist, the head of threat intelligence at the cybersecurity firm Mandiant, said the Hive disruption won’t cause a major drop in overall ransomware activity but is nonetheless “a blow to a dangerous group.”
“Unfortunately, the criminal marketplace at the heart of the ransomware problem ensures a Hive competitor will be standing by to offer a similar service in their absence, but they may think twice before allowing their ransomware to be used to target hospitals,” Hultquist said.
But analyst Brett Callow with the cybersecurity firm Emsisoft said the operation is apt to lessen ransomware crooks’ confidence in what has been a very high reward-low risk business. “The information collected may point to affiliates, launderers and others involved in the ransomware supply chain.”
Allan Liska, an analyst with Recorded Future, another cybersecurity outfit, predicted indictments, if not actual arrests, in the next few months.
There are few positive indicators in the global fight against ransomware, but here’s one: An analysis of cryptocurrency transactions by the firm Chainalysis found ransomware extortion payments were down last year. It tracked payments of at least $456.8 million, down from $765.6 million in 2021. While Chainalysis said the true totals are certainly much higher, payments were clearly down. That suggests more victims are refusing to pay.
The Biden administration got serious about ransomware at its highest levels two years ago after a series of high-profile attacks threatened critical infrastructure and global industry. In May 2021, for instance, hackers targeted the nation’s largest fuel pipeline, causing the operators to briefly shut it down and make a multimillion-dollar ransom payment, which the US government later largely recovered.
A global task force involving 37 nations began work this week. It is led by Australia, which has been particularly hard-hit by ransomware, including a major medical insurer and telecom. Conventional law enforcement measures such as arrests and prosecutions have done little to frustrate the criminals. Australia’s interior minister, Clare O’Neil, said in November that her government was going on the offense, using cyber-intelligence and police agents to ” find these people, hunt them down and debilitate them before they can attack our country.”
The FBI has obtained access to decryption keys before. It did so in the case of a major 2021 ransomware attack on Kaseya, a company whose software runs hundreds of websites. It took some heat, however, for waiting several weeks to help victims unlock afflicted networks.


Erdogan ally floats Turkiye constitutional amendment to let him extend his tenure

Updated 05 November 2024
Follow

Erdogan ally floats Turkiye constitutional amendment to let him extend his tenure

ANKARA: The main political ally of longstanding Turkish leader Tayyip Erdogan said on Tuesday that a constitutional amendment should be considered to allow the president to run again in elections set for 2028.
After his re-election last year, Erdogan is serving his last term as president unless parliament calls an early election, according to the constitution. He has ruled Turkiye for more than 21 years, first as prime minister and then as president.
“Wouldn’t it be a natural and right choice to have our president elected once again if terror is eradicated, and if a heavy blow is dealt to inflation and Turkiye secures political and economic stability,” said Devlet Bahceli, leader of the Nationalist Movement Party (MHP), which is allied with Erdogan’s ruling AK Party (AKP).
A constitutional amendment to secure Erdogan’s ability to re-run in the presidential elections should be considered, he said in a parliamentary speech to MHP lawmakers.
Bahceli, a staunch nationalist, rattled Turkish politics last month by suggesting that the jailed leader of the outlawed Kurdistan Workers’ Party (PKK) could be allowed to speak in parliament if he announces an end to the group’s insurgency.
Some analysts said the shock suggestion might be motivated by an AKP-MHP desire to win the support of the pro-Kurdish DEM Party, parliament’s third-biggest, for a constitutional change that could boost Erdogan’s prospects in 2028 elections.
A constitutional change can be put to a referendum if 360 lawmakers in the 600-seat parliament back it. An early election also needs the support of 360 MPs.
AKP and its allies have 321 seats while DEM has 57.


A tiny village in India where Kamala Harris has ancestral roots is praying for her victory

Updated 05 November 2024
Follow

A tiny village in India where Kamala Harris has ancestral roots is praying for her victory

THULASENDRAPURAM: The temple reverberated with rhythmic Sanskrit and Tamil hymns, as a Hindu priest held a flame before the god. As this tiny South Indian village gathered to pray for Kamala Harris, a gaggle of reporters jostled for space and camera angles.
There's little to distinguish the village of Thulasendrapuram from any other rural community in Tamil Nadu, except its connection to a woman who could become America's first leader with South Asian roots.
As millions of Americans vote, Harris has people rooting for her from thousands of miles away in a village surrounded by rice paddies and coconut trees, where her mother's family has ancestral ties. They talk about her at the local tea shop. Banners and billboards bearing her face are seen throughout the community.
“Our deity is a very powerful God. If we pray well to him, he will make her victorious,” said M. Natarajan, the temple priest that led the prayers in front of the image of Hindu deity Ayyanar, a form of Lord Shiva.
Harris’ maternal grandfather was born in the village, about 350 kilometers (215 miles) from the southern coastal city of Chennai, more than 100 years ago. As an adult, he moved to Chennai, where he worked as a high-ranking government official until his retirement.
Harris has never visited Thulasendrapuram and she has no living relatives in the village, but people here still venerate the family that made it big in the U.S.
“Our village ancestors' granddaughter is running as a U.S. presidential candidate. Her victory will be happy news for every one of us,” Natarajan said.
The village's sudden fame has helped bring money into the village. Recently, construction began on a water storage tank with funds donated by a local bank. Village residents say it will carry a plaque with Harris’ name.
Harris’ late mother, Shyamala Gopalan, was born in India. After moving to the U.S. to study, she married a Jamaican man, and they named their daughter Kamala, a Sanskrit word for “lotus flower.”
Other than trips during her childhood, Harris hasn’t visited India much — particularly not since becoming vice president — but she has often spoken emotionally about her ties to her late mother’s country of birth. On Tuesday, she released a campaign video highlighting her mother, who arrived in the U.S. at age 19 and became a cancer researcher.
Titled “Mother,” the video ends with a narrator saying: “This daughter of Shyamala, this daughter of the American story, is ready to lead us forward.”
Harris has often talked about how she was guided by the values of her Indian-born grandfather and mother. She has also spoken of her love of south Indian food, especially a type of steamed rice cake called idli.
Harris’ name is engraved in a list of donors — her aunt Sarala Gopalan gave money to the temple in her name — along with that of her grandfather. Outside, a large banner wishes “the daughter of the land” success in the election.
On Tuesday, the village temple also received rare international visitors: two American tourists and one from the U.K., all wearing black t-shirts that said “Kamala Freakin Harris.”
Manikandan Ganesan, a villager who runs a small store near the temple, said Harris’ bid for the presidency has made the village famous. He hopes Harris will eventually visit them.
“Even if she mentioned that she would visit our village, it would make us very happy,” Ganesan said. “Her victory itself will be a big source of happiness for us.”
Village residents also prayed for Harris’ victory in 2020, and set off firecrackers when she became the U.S. Vice President.
For women of the village, the candidate's journey is a source of inspiration.
Local politician Arulmozhi Sudhakar said Harris embodies a significant step toward female empowerment in places like Thulasendrapuram, where a majority of women continue to face discrimination and gender inequality.
“From the time when women were not even allowed to step out of their house, to now a woman from our village contesting in the U.S. presidential election — this brings happiness for us,” Sudhakar said. “The coming generations will see her as a role model to succeed in life.”

Ukraine’s military says it shot down 48 drones and two missiles overnight

Updated 05 November 2024
Follow

Ukraine’s military says it shot down 48 drones and two missiles overnight

KYIV: The Ukrainian military said on Tuesday it shot down 48 out of 79 drones and two missiles launched by Russia overnight.
The air force said the location of 30 other drones had been lost, while another had returned to Russia.


India foreign minister says vandalism of Hindu temples deeply concerning

Updated 05 November 2024
Follow

India foreign minister says vandalism of Hindu temples deeply concerning

  • Vandalism incident happened weeks after Ottawa expelled six Indian diplomats, linking them to killing of Sikh separatist leader in 2023 
  • Canada has accused India of conducting a broad campaign against South Asian dissidents in Canada, which New Delhi denies 

SYDNEY: India foreign minister Subrahmanyam Jaishankar said on Tuesday the vandalism of a Hindu temple in Canada on Monday was deeply concerning.
“What happened yesterday at the Hindu temple in Canada was obviously deeply concerning,” he told reporters in the Australian capital Canberra while on an official visit.
The incident happened weeks after Ottawa expelled six Indian diplomats, linking them to the killing of a Sikh separatist leader in 2023 in Canada. Canada has accused the Indian government of conducting a broad campaign against South Asian dissidents in Canada, which New Delhi denies.
The incident has increased tensions between Canada and India, and between Sikh separatists and Indian diplomats.
Two Hindu temples were also vandalized in Canberra last month, which Australian Foreign Minister Penny Wong said was upsetting for members of the Indian community.
“People across Australia have a right to be safe and respected, people also have a right to peaceful protest, people have a right to express their views peacefully,” she told reporters.
“We draw a line between that and violence, incitement of hatred or vandalism,” she added.
Wong said Australia had expressed its views to India about Canada’s allegations over the targeting of Sikh separatists, and Canberra respected Canada’s judicial process. Jaishankar said it was unacceptable that Indian diplomats had been placed under surveillance by Canada.
“Canada has developed a pattern of making allegations without providing specifics,” he said.


India foreign minister says vandalism of Hindu temples deeply concerning

Updated 05 November 2024
Follow

India foreign minister says vandalism of Hindu temples deeply concerning

  • Canada has accused the Indian government of conducting a broad campaign against South Asian dissidents in Canada, which New Delhi denies

SYDNEY: India foreign minister Subrahmanyam Jaishankar said on Tuesday the vandalism of a Hindu temple in Canada on Monday was deeply concerning.
“What happened yesterday at the Hindu temple in Canada was obviously deeply concerning,” he told reporters in the Australian capital Canberra while on an official visit.
The incident happened weeks after Ottawa expelled six Indian diplomats, linking them to the killing of a Sikh separatist leader in 2023 in Canada. Canada has accused the Indian government of conducting a broad campaign against South Asian dissidents in Canada, which New Delhi denies.
The incident has increased tensions between Canada and India, and between Sikh separatists and Indian diplomats.
Two Hindu temples were also vandalized in Canberra last month, which Australian Foreign Minister Penny Wong said was upsetting for members of the Indian community.
“People across Australia have a right to be safe and respected, people also have a right to peaceful protest, people have a right to express their views peacefully,” she told reporters.
“We draw a line between that and violence, incitement of hatred or vandalism,” she added.
Wong said Australia had expressed its views to India about Canada’s allegations over the targeting of Sikh separatists, and Canberra respected Canada’s judicial process. Jaishankar said it was unacceptable that Indian diplomats had been placed under surveillance by Canada.
“Canada has developed a pattern of making allegations without providing specifics,” he said.