Tag: officials | SpinSafe

Chinese hacking firm buys officials’ favor with alcohol, women

March 9, 2024/in Computer Security

By Dake Kang and Zen Soo / AP, BEIJING

China’s hackers for hire take government officials out for lavish banquets, binge drinking and late-night karaoke with young women to win favor and business, as revealed last month in a highly unusual leak of internal documents from a private contractor linked to Chinese police.

China’s hacking industry is vast in size and scope, but also has shady business practices, disgruntlement over pay and work quality, and poor security protocols, the documents showed.

Private hacking contractors are companies that steal data from other countries to sell to Chinese authorities. Over the past two decades, Chinese state security’s demand for overseas intelligence has soared, giving rise to a vast network of private hackers for hire companies that have infiltrated hundreds of systems outside China.

Photo: AP

Although the existence of these hacking contractors is an open secret in China, little was known about how they operate.

However, the leaked documents from a firm called I-Soon (安洵信息) have pulled back the curtain, revealing a seedy, sprawling industry where corners are cut, and rules are murky and poorly enforced in the quest to make money.

Leaked chat records showed that I-Soon executives are colluding with competitors to rig bidding for government contracts. They pay thousands of dollars in “introduction fees” to contacts who bring them lucrative projects.

I-Soon has not commented on the documents.

Mei Danowski, a cybersecurity analyst who wrote about I-Soon on her blog, Natto Thoughts, said the documents showed that China’s hackers for hire work much like any other industry in China.

“It is profit driven,” Danowski said. “It is subject to China’s business culture — who you know, who you dine and wine with, and who you are friends with.”

Although I-Soon boasted about its hacking prowess in…

Source…

Fulton countyâs systems were hacked. Already weary officials are tight-lipped | Georgia

February 21, 2024/in Computer Security

As a Fulton county, Georgia, board of registration and elections meeting began in earnest on Thursday afternoon, the elections director, Nadine Williams, unfurled a prepared statement about a recent hack of county government computers.

âThere is no indication that this event is related to the election process,â Williams said. âIn an abundance of caution, Fulton county and the secretary of stateâs respective technology systems were isolated from one another as part of the response efforts. We are working with our team to securely reconnect these systems as preparations for upcoming elections continue.â

Any time the Fulton county elections board meets, a cantankerous crowd greets them to pepper appointees with challenges to voter registrations or demands for paper ballots or generally unsympathetic noise. The rancor of the 2020 election and its unfounded charges of vote tampering still ripple through the democratic process. Elections officials in Fulton county take care about what they say, knowing that a platoon of critics lie waiting to pounce on a misplaced word.

Even by that standard, county officials have been holding uncharacteristically tightly to a prepared script â or saying nothing at all â in the days since a computer breach debilitated everything from the tax and water billing department to court records to phones.

âBecause itâs under investigation, theyâre telling me to stick to a list of talking points,â said the Fulton county commissioner Bridget Thorne. âThe county attorney drafted them.â

She did say that the county had come under a ransomware attack â and that the county had not paid off the attacker. âWeâre insured very well,â she said.

Systems began to fail on the weekend of 27 January. Ten days later, the phones for most departments returned a busy signal error when callers rang them up.

County officials either cannot or will not directly and completely answer important questions about the cyber-attackâs scope. The Fulton county chair Robb Pitts made a brief statement on 29 January about the hack without taking questions.

Source…

U.S. officials warn of dire Chinese cyber threats in wake of FBI operation to disrupt botnet

January 31, 2024/in Internet Security

The FBI and U.S. Department of Justice used court-endorsed legal authorities to disrupt a botnet operated as part of Chinese-directed hacking operations that leveraged insecure home and office routers to target U.S. critical infrastructure, the DOJ said Wednesday.

A Chinese government hacking campaign, tracked publicly as “Volt Typhoon,” used privately owned Cisco and NetGear routers infected with “KV Botnet” malware in an attempt to conceal the activity, the agency said in a statement. The DOJ and FBI operation, the agency added, “deleted the KV Botnet malware from the routers and took additional steps to sever their connection to the botnet, such as blocking communications with other devices used to control the botnet.”

An unidentified FBI agent described the operation in court records released Monday, writing that the bureau issued a command to infected routers that would delete the KV Botnet malware from the devices without affecting any legitimate files or information on the routers.

A December 2023 analysis by Lumen, a telecommunications company, showed that the KV Botnet had been active since “at least February 2022,” and targeted edge devices, including routers, “a segment that has emerged as a soft spot in the defensive array of many enterprises, compounded by the shift to remote work in recent years.”

Lumen observed an “uptick in exploitation of new bots” in August 2023, and then a “remodel” of the botnet infrastructure in mid-November 2023.

The disruption operation, first disclosed by Reuters on Monday, is the latest U.S. government action focused on Volt Typhoon, which first came to light in a May 2023 Microsoft advisory. That advisory was followed quickly by a joint advisory issued by the FBI, NSA, and the Cybersecurity and Infrastructure Security Agency that warned of Chinese hacking operations targeting U.S. critical infrastructure and other sensitive targets.

In the wake of the May 2023 disclosure, U.S. national security officials warned repeatedly that the Chinese operation was not an intelligence collection mission. Instead, officials said, it was a preparatory activity that the Chinese government could…

Source…

London library officials confirm hackers behind system shutdown

December 20, 2023/in Computer Security

London Public Library officials have confirmed it was a “cyberattack” that has shut down branches and hampered services, damage they’re working to undo with the help of an outside security firm.

Until Wednesday afternoon, they’d only referred to the Dec. 13 shutdown as a “cyber incident” – declining to be more specific amid questions over whether this was akin to the attack by hackers that hit the Toronto Public Library this fall. But a fuller picture of what occurred is now coming clear.

Article content

“The investigation has confirmed that the outage that occurred on Dec. 13 was the result of a cyberattack,” library spokesperson Ellen Hobin said. “At this time, the investigation has not determined whether personal information may be implicated.

“The library has also been communicating with the London Police Service in connection with the attack. It’s anticipated that the investigation and restoration to full operations will take more time.”

The attack shut down three of the 16 library branches and has limited its services. Those three branches – Carson, Lambeth and Glanworth – were closed in the immediate fallout of the incident and will remain closed until Jan. 2.

The statement comes seven days after the incident. It remains unclear whether any data was compromised or lost.

The attack shut down library phone lines, its website, staff emails, its digital catalogue and the public WiFi used by many Londoners who have no other option for internet access.

Tag Archive for: officials

Article content