Tag Archive for: considered

Cyberattacks on hospitals ‘should be considered a regional disaster,’ researchers find : NPR

/in


Cyberattacks on hospitals “should be considered a regional disaster,” a study finds.

Busà Photography/Getty Images


hide caption

toggle caption

Busà Photography/Getty Images

Cyberattacks on hospitals “should be considered a regional disaster,” a study finds.

Busà Photography/Getty Images

It was early May in 2021 when patients flooded the emergency room at the University of California San Diego Health Center.

“We were bringing in backup staff, our wait times had gone haywire, the whole system was overloaded,” said Dr. Christopher Longhurst, UC San Diego’s chief medical officer and digital officer. “We felt it.”

But the crunch wasn’t the result of a massive accident or the latest wave of patients infected by a new coronavirus variant. The influx was the direct result of a ransomware attack, a costly and unfortunately now common form of cybercrime in which hackers lock down their victims’ files and demand a ransom, often millions of dollars, to unlock them.

In reality, UC San Diego wasn’t the target. Their systems were intact. Instead, hackers had breached the hospital down the street, Scripps Health. The culprits not only took over the hospital’s digital records system and its entire computer network, but stole millions of patients’ confidential data. Scripps struggled for weeks to get back online, and is still dealing with the aftermath, having paid $3.5 million in a legal settlement earlier this year with patients whose data was exposed.

Cyberattacks on hospitals ‘should be considered a regional disaster,’ a study finds

Previously, there’s been very little concrete data or analysis breaking down the direct impacts of a cyberattack on a hospital, let alone an entire region of healthcare providers. Most evidence of harm, including deaths, remains anecdotal and has been the subject of lawsuits, including one…

Source…

FBI Considered Buying NSO’s Phantom Spyware That Can Hack US Phones: Report

/in


Image for article titled The FBI Reportedly Considered Buying Spyware That Could Hack Any Phone in the U.S.

Photo: Amir Levy (Getty Images)

The Federal Bureau of Investigation spent two years considering whether it should procure a clandestine commercial spyware tool that could reportedly hack any phone within the United States, according to an investigation by New York Times Magazine.

That spyware system, dubbed “Phantom,” was offered secretly to U.S. government agencies by the NSO Group, Israel’s notorious cyberweapons distributor, over a multi-year period between 2019 and last summer. According to the Times, the potential business relationship was negotiated even as NSO increasingly became the subject of controversy, with critics accusing it of aiding human rights abuses in nations around the world.

The American government was reportedly interested in Phantom because NSO’s primary spyware, Pegasus, does not work on U.S. telephone numbers and therefore couldn’t be wielded in law enforcement investigations. The paper reports:

During a presentation to officials in Washington, the company demonstrated a new system, called Phantom, that could hack any number in the United States that the F.B.I. decided to target. Israel had granted a special license to NSO, one that permitted its Phantom system to attack U.S. numbers. The license allowed for only one type of client: U.S. government agencies.

Also interested in the company’s services were numerous other federal agencies, including the Central Intelligence Agency, the Drug Enforcement Agency, the U.S. Secret Service, and the U.S. military’s Africa Command, the newspaper reports. The FBI also purchased Pegasus from the NSO Group, the Times reports.

The bureau reportedly pursued negotiations with the company for at least two years. During that period, FBI and Justice Department lawyers continually sought to clarify whether deploying the product would violate domestic wiretapping laws. The agency only backed out last summer—around the time that a series of journalistic exposés caused global amounts of trouble for NSO by exposing the scale and scope of its malware’s penetration. Since that time, things have only gotten worse for the Israeli company, as the U.S. turned its back on any partnerships—even going so far as to

Source…

Julian Assange assasination & ‘options’ considered by CIA under Trump: Report to UK Court

/in


In a dramatic development in WikiLeaks founder Julian Assange’s extradition case, a report submitted before a UK court stated that the United States’ premier intelligence agency, the CIA, under the Trump administration was pondering and discussing ‘options’ to abduct and even assassinate the Australian activist. suggest that the US was hell-bent and outrightly desperate to end the asylum of Assange in the Ecuadorian embassy. 

According to the report, the US intelligence considered the killing of Assange in 2017 when the WikiLeaks founder was entering the fifth year sheltering at the Ecuador embassy in London. The CIA officials along with the then director, Mike Pompeo, tabled their intentions after being infuriated by WikiLeaks’ publication of ‘Vault 7’, a breach which is considered as the biggest data loss in history. ‘Vault 7’ is a series of documents detailing the activities and capabilities of the US intelligence agency CIA in relation to cyber warfare. In fact, in March 2017, then US President Donald Trump had said, “the CIA was hacked, and a lot of things taken.”

US considered killing Julian Assange: Report

While the CIA has declined to comment on the grave allegations, the report suggested that the plan of action to assassinate Julian Assange had been laid out and the Trump administration went as far as requesting for his ‘sketches’ or ‘options’ with ‘no boundaries’ for killing Assange. The latest on the purported plot to assassinate Assange adds to incidents that surfaced in this regard in 2020 as well. In September 2020, the internet witnessed global outrage after an employee of a Spanish security company, UC Global, had come to the fore and highlighted details of an alleged attempt to spy on Assange.

Purportedly, microphones were concealed to monitor Assange’s meetings with his lawyers, and his fingerprints were obtained from a glass. The aforesaid information was read out in the Old Bailey in London on September 30, 2020, by one of Assange’s lawyers, who is fighting his extradition to the US on charges relating to leaks of classified documents that exposed the alleged US war crimes and abuses. 

‘If reports are true, I am horrified’: Dutch MP

The counsel…

Source…

Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC

/in


The Office of the Australian Information Commissioner (OAIC) has labelled the powers given to two law enforcement bodies within three new computer warrants as “wide-ranging and coercive in nature”.

The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020, if passed, would hand the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) the new warrants for dealing with online crime.

The first of the warrants is a data disruption one, which according to the Bill’s explanatory memorandum, is intended to be used to prevent “continuation of criminal activity by participants, and be the safest and most expedient option where those participants are in unknown locations or acting under anonymous or false identities”.

The second is a network activity warrant that would allow the AFP and ACIC to collect intelligence from devices that are used, or likely to be used, by those subject to the warrant.

The last warrant is an account takeover warrant that would allow the agencies to take control of an account for the purposes of locking a person out of the account.

See also: Intelligence review recommends new electronic surveillance Act for Australia

“The OAIC acknowledges the importance of law enforcement agencies being authorised to respond to cyber-enabled and serious crime. However, the Bill’s proposed powers are wide-ranging and coercive in nature,” it wrote [PDF].

It said, for example, data disruption and network activity warrants may authorise entering specified premises, removing computers or data, and intercepting communications. Network activity warrants, OAIC said, can authorise the use of surveillance devices, and both data disruption and network activity warrants may authorise the concealment of certain activities done under these warrants.

“These powers may adversely impact the privacy of a large number of individuals, including individuals not suspected of involvement in criminal activity, and must therefore be subject to a careful and critical assessment of their necessity, reasonableness, and proportionality,” its submission to the Parliamentary Joint Committee on…

Source…