Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label USA. Show all posts
USA
Cyber Attacks FBI phishing Road Toll SMS Phishing USA

Nationwide Scam Targets Road Toll Users via SMS Phishing Scheme

 



The Federal Bureau of Investigation (FBI) has alerted the public to a widespread SMS phishing scam sweeping across the United States. The scam, which began in early March 2024, specifically targets individuals with fraudulent messages regarding unpaid road toll fees.

What Does The Scam Entails?

Thousands of Americans have already fallen victim to this harrowing scam, with over 2,000 complaints flooding the FBI's Internet Crime Complaint Center (IC3) from at least three states. The deceptive messages typically claim that the recipient owes money for outstanding tolls, urging them to click on embedded hyperlinks.

The perpetrators behind these attacks employ sophisticated tactics to deceive their targets. By impersonating legitimate toll services and altering phone numbers to match those of the respective states, they create a false sense of authenticity. However, the links provided within the messages lead to fake websites designed to extract personal and financial information from unsuspecting victims.

Cautionary Advice

Authorities are urging individuals who receive such messages to exercise caution and take immediate action. The Pennsylvania Turnpike, one of the affected toll services, has advised recipients not to click on any suspicious links and to promptly delete the messages. Similarly, the Pennsylvania State Police have issued warnings about the scam, emphasising the dangers of providing personal information to fraudulent sources.

To safeguard against falling prey to this scam, the FBI recommends several preventive measures. Victims are encouraged to file complaints with the IC3, providing details such as the scammer's phone number and the fraudulent website. Additionally, individuals should verify their toll accounts using the legitimate websites of the respective toll services and contact customer service for further assistance. Any suspicious messages should be promptly deleted, and if personal information has been compromised, immediate steps should be taken to secure financial accounts and dispute any unauthorised charges.

What Is Smishing?

Smishing, a blend of "SMS" and "phishing," is a form of social engineering attack wherein fraudulent text messages are used to deceive individuals into divulging sensitive information or downloading malware. In this instance, the scam preys on individuals' concerns regarding unpaid toll fees, exploiting their trust in official communication channels.

As the SMS phishing scam continues to proliferate, it is imperative for individuals to remain vigilant and sceptical of unsolicited messages. By staying informed and taking proactive measures to protect personal information, users can mitigate the risks posed by such malicious activities. Authorities are actively investigating these incidents, but it is crucial for the public to be proactive in safeguarding their financial and personal information from exploitation.


Read more »
USA
Data Privacy Federal Agencies Privacy surveillance Technology Threats USA

Controversial Reverse Searches Spark Legal Debate


In a growing trend, U.S. police departments and federal agencies are employing controversial surveillance tactics known as reverse searches. These methods involve compelling big tech companies like Google to surrender extensive user data with the aim of identifying criminal suspects. 

How Reverse Searches Operate 

Under Reverse Searches Enforce Agencies order digital giant companies such as Google to give them vast reservoirs of user data. Under this law, these agencies have the power to demand information related to specific events or queries which include: 

  • Location Data: Requesting data on individuals present in a particular place at a specific time based on their phone's location. 
  • Keyword Searches: Seeking information about individuals who have searched for specific keywords or queries. 
  • YouTube Video Views: A recent court order disclosed that authorities could access identifiable information on individuals who watched particular YouTube videos. 

In the past, when law enforcement needed information for an investigation, they would usually target specific people they suspected were involved in a crime. But now, because big tech companies like Google have so much data about people's activities online, authorities are taking a different approach. Instead of just focusing on individuals, they are asking for massive amounts of data from these tech companies. This includes information on both people who might be relevant to the investigation and those who are not. They hope that by casting a wider net, they will find more clues to help solve cases. 

Following the news, critics argue that these court-approved orders are overly broad and potentially unconstitutional. They raise concerns that such orders could force companies to disclose information about innocent people unrelated to the alleged crime. There are fears that this could lead to prosecutions based on individuals' online activities or locations. 

Also, last year an application filed in a Kentucky federal court disclosed that federal agencies wanted Google to “provide records and information associated with Google accounts or IP addresses accessing YouTube videos for a one-week period, between January 1, 2023, and January 8, 2023.” 

However, it did not end here, the constitutionality of these orders remains uncertain, paving the way for a probable legal challenge before the U.S. Supreme Court. Despite the controversy, federal investigators continue to push the boundaries of this contentious practice.
Read more »
Vulnerabilities and Exploits
cyber attack Cyberattacks Ivanti system hacked USA VPN Vulnerabilities Vulnerabilities and Exploits

Ivanti US Faces Security Crisis, Threatening Worldwide Systems


In a recent development, a critical server-side request forgery (SSRF) vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being actively exploited by multiple attackers, raising concerns over the security of affected systems worldwide. 

Let's Understand SSRF and Its Impact 

SSRF vulnerabilities allow attackers to send crafted requests from the vulnerable server, potentially leading to unauthorized access to internal resources, sensitive data exposure, or even full system compromise. Imagine you have a key to open doors in a building. Now, imagine someone tricks you into using that key to open doors you are not supposed to. That is what happens in an SSRF attack. 

Normally, a website can only talk to the outside world through your web browser. But in an SSRF attack, the bad guys make the website talk to other places it is not supposed to, like secret internal parts of a company's network or even random outside websites. This can lead to big problems. 

For example, if the website connects to a secret part of a company's network, the bad guys might steal important information. Or if it connects to a random website, it might give away sensitive data, like your passwords or credit card numbers. 

Ivanti and the Vulnerabilities 

Ivanti raised the alarm about a critical flaw in the gateway's SAML components on January 31, 2024. This vulnerability, identified as CVE-2024-21893, was immediately classified as a zero-day exploit, indicating that hackers were already taking advantage of it. Initially, the impact seemed limited, affecting only a small number of customers. 

However, the exploitation of CVE-2024-21893 opened the door for attackers to sidestep authentication measures and gain unauthorized access to restricted resources on vulnerable devices, specifically those operating on versions 9.x and 22.x. 

Now, according to the threat monitoring service Shadowserver, the situation has escalated. They have detected numerous attackers capitalizing on the SSRF bug, with a staggering 170 unique IP addresses attempting to exploit the vulnerability. This widespread exploitation poses a significant threat to the security of affected systems and the data they hold. 

The disclosure of CVE-2024-21893 revealed a series of critical vulnerabilities affecting Ivanti Connect Secure and Policy Secure VPN appliances. Alongside CVE-2024-21893, two other zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, were also identified on January 10, 2024, prompting Ivanti to release temporary mitigations. 

These vulnerabilities were exploited by the Chinese espionage threat group UTA0178/UNC5221, resulting in the installation of webshells and backdoors on compromised devices. Despite initial mitigations, attackers managed to bypass defenses, compromising even device configuration files. 

What Measures Company is Taking? 

Ivanti postponed firmware patches scheduled for January 22 due to the sophisticated nature of the threat. Given the active exploitation of multiple critical zero-days, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has mandated federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances. 

Only devices that have been factory reset and updated to the latest firmware should be reconnected. However, older versions without a patch remain vulnerable. While this directive is not compulsory for private organizations, they are strongly advised to assess the security status of their Ivanti deployments and overall environment, considering the potential risks posed by these vulnerabilities. 

About the Company 

Ivanti is a company based in Utah, USA, that makes different kinds of computer software for things like keeping your computer safe, managing IT services, tracking IT assets, managing all your devices from one place, controlling who has access to what, and managing the supply chain. It was created in 2017 when two companies, LANDESK and HEAT Software, joined together. Later, they also bought another company called Cherwell Software. Ivanti became more famous because of some big problems with the security of the VPN hardware they sell.
Read more »
USA
cyber attack Cyber Attacks Cyber Concerns Hospital Information System Ransom Threats to Hospitals USA

Cybersecurity Crisis on US Healthcare Sector Children Hospital in Alarms

 

In a recent and alarming development, Lurie Children's Hospital, a distinguished pediatric care facility in Chicago, has been forced to disconnect its network due to a pressing "cybersecurity matter." This precautionary step is a response to the escalating cyber threats targeting healthcare systems nationwide, causing concern among experts and regulatory bodies. 

The decision to take the network offline emphasizes the severity of the situation, highlighting the hospital's firm commitment to protecting patient data and maintaining operational integrity. Cybersecurity experts are issuing warnings, emphasizing the urgent need for heightened vigilance across the healthcare sector, as potential vulnerabilities pose a significant threat on a national scale. 

Lurie Children’s Hospital, utilizing Epic System’s electronic health record software, has affirmed its proactive response to the ongoing cybersecurity issue. The hospital is actively engaged in collaboration with experts and law enforcement to address the situation, underscoring the gravity of the threat. 

While the Illinois-based medical facility remains operational, it has proactively disabled phone lines, email services, and the electronic medical system. These necessary precautions have, unfortunately, led to disruptions, impacting scheduled surgeries and creating communication challenges for families attempting to reach doctors, CBSNews reported that these disruptions began on Wednesday. 

This incident further amplifies the growing concerns voiced by regulators and experts about the expanding landscape of cybersecurity threats in the healthcare sector. 

In response to a 2023 report warning of "dramatic increases" in cyber attacks impacting US hospitals, the Department of Health and Human Services has released voluntary cybersecurity objectives for the health sector. The report underscored the potential compromise of hospital operations and financial extortion, emphasizing the crucial need for heightened vigilance and proactive measures within the healthcare industry. Moreover, the health sector witnessed an unprecedented surge in data breaches last year, affecting a staggering 116 million patients, as reported by STAT

This significant increase is primarily attributed to the rise in hacking and IT incidents, more than doubling the impact compared to the preceding year, prompting a plea for strengthened cybersecurity measures to safeguard patient information. 

The concerning trend goes beyond data breaches, as evidenced by surpassing the record-breaking breaches of 2015 last year, impacting over 112 million individuals. The current year continues to witness a worrisome escalation, with numerous health organizations reporting breaches related to hacking or IT incidents. 

A recent incident at Chicago's Saint Anthony Hospital, involving an "unknown actor" copying patient data, further underscores the vulnerabilities in the healthcare sector. Ransomware attacks have surged, fueled by the widespread adoption of connected medical devices, cloud services, and remote work systems. 

John Riggi, the American Hospital Association's national cybersecurity and risk advisor, highlights the national security implications of these attacks, advocating for heightened cybersecurity measures. Riggi condemns attacks on children's hospitals, considering it a "new low" that directly impacts vulnerable patients. 

Nitin Natarajan from the federal Cybersecurity & Infrastructure Security Agency notes that health organizations are viewed as "target rich, cyber poor," making them attractive targets for adversaries. The broader spectrum of cybersecurity threats extends beyond healthcare, as FBI Director Christopher Wray alerts Congress to state-sponsored Chinese hackers targeting U.S. infrastructure. 

However, there is currently no indication that the Lurie incident is related to such a national security threat. The healthcare sector is now at a pivotal moment, necessitating immediate and robust responses to mitigate the growing risks posed by cyber threats.
Read more »
USA
Akira Ransomware Canada cyber attack Cyber Attacks Ransomware ransomware attacks USA

Akira Ransomware Unleashes Cyber Storm: Targets North American Companies

In the continually changing realm of cyber threats, organizations find themselves urgently needing to strengthen their cybersecurity measures to combat the increasing complexity of ransomware attacks. The focus is on Akira, a recently discovered ransomware family, highlighting a group of cyber adversaries armed with advanced tactics and led by highly skilled individuals. 

In a recent analysis of blockchain and source code data, the Akira ransomware has surged to prominence, rapidly establishing itself as one of the fastest-growing threats in the cyber landscape. This surge is attributed to its adept utilization of double extortion tactics, adoption of a ransomware-as-a-service (RaaS) distribution model, and the implementation of unique payment options. 

Who are the Targets? 

The Akira ransomware made its debut in March 2023, and its sights are set on companies in the United States and Canada. But what is really catching attention is its unique Tor leak site, which, as per Sophos' report, brings back vibes of "1980s green-screen consoles." Users need to type specific commands to navigate through this throwback-style interface. 

What is even more intriguing is that, despite sharing the same .akira file extension for encrypted files, the new Akira is nothing like its 2017 counterpart when it comes to the code under the hood. This twist highlights the ever-evolving nature of cyber threats, where old names come back with a new style and a fresh set of tricks. 

The Akira encryptor 

The Akira ransomware was found by MalwareHunterTeam, and they shared a part of it with BleepingComputer. When it starts working, Akira does something serious – it deletes Windows Shadow Volume Copies on the device. It uses a special command to do this: 

powershell.exe -Command "Get-WmiObject Win32_Shadowcopy | Remove-WmiObject" 
 
Furthermore, linkages between the Akira ransomware group and the now-defunct Conti ransomware gang have come to light, indicating a potential affiliation. Conti, renowned as one of the most notorious ransomware families in recent history, is believed to have evolved from the highly targeted Ryuk ransomware, marking a lineage of prolific cyber threats. The intricate connections between these ransomware entities underscore the evolving nature of cyber threats and the persistence of criminal organizations in adapting and expanding their malicious operations.
Read more »
USA
Cyber Security GSRA Security Law security measures USA

US Government Surveillance Reform Act (GSRA), What It Will Change?

 

A cross-party group of U.S. legislators has put forth fresh legislation aimed at limiting the extensive surveillance authority wielded by the FBI. They argue that the bill addresses the gaps that currently enable officials to access Americans' data without obtaining a warrant. This move comes after over ten years of discussions surrounding the surveillance powers granted in the aftermath of September 11, 2001. 

These powers permit domestic law enforcement to conduct warrantless scans of the immense volumes of data collected by America's foreign surveillance systems. If the Surveillance Reform Act (GSRA), gets approved, would compel law enforcement agencies to secure a legitimate warrant prior to conducting searches under Section 702 of the Foreign Intelligence Surveillance Act (FISA)

Opponents argue that the present absence of a warrant prerequisite for accessing the 702 database represents an unconstitutional circumvention of Americans' Fourth Amendment safeguards. This proposed legislation arrives as the culmination of a year-long, intense struggle over the fate of profoundly contentious surveillance practices, scheduled to conclude on December 31. 

Section 702 was enacted in 2008, it was originally presented as a tool for foreign surveillance, primarily aimed at tracking terrorists. However, due to antiquated and inadequately defined language in the policy, intelligence agents and law enforcement have been provided with a covert means to amass extensive volumes of U.S. communications. 

Subsequently, these private exchanges are routinely subjected to surveillance without the need for a warrant, and in certain instances, are even utilized as evidence in criminal proceedings. This creates a significant policy gap, allowing law enforcement to gather personal communications of American citizens that would typically be safeguarded by the Fourth Amendment. 

The paramount objective of the 206-page GSRA bill's proposed reforms is to bring about a modernization and enhancement of U.S. surveillance capabilities. This aims to align privacy safeguards and basic rights with the rapid technological progress that has significantly streamlined data acquisition processes. 

"We're introducing a bill that protects both Americans' security and Americans' liberty," Senator Ron Wyden - a Democrat and a longtime critic of government surveillance reported at a press conference on Tuesday. 

Officials in the executive branch have consistently emphasized the importance of the expiring surveillance authority, asserting its critical role in combatting foreign espionage and terrorism. They have actively advocated for its reauthorization.
Read more »
USA
cyber attack Cyber Attacks Dallas Country Data Theft Ransomware USA

Dallas County Departments Hit by the Play Gang

 

On Monday, an official confirmed that Dallas County experienced a cybersecurity incident earlier this month, which impacted segments of its network. Dallas County Judge Clay Lewis Jenkins stated in a release to Recorded Future News that an active investigation is underway in response to assertions made by a ransomware group that surfaced over the weekend. 

"We are currently in the process of thoroughly reviewing the data in question to determine its authenticity and potential impact. Our investigation into the incident remains ongoing and we continue to work closely with law enforcement and our cybersecurity experts to address this situation,” Jenkins said. 

On Tuesday morning, the Play ransomware group, known for orchestrating high-profile attacks this year, publicly disclosed the information it purports to have exfiltrated. The group stated that it had released 5 gigabytes of data and hinted at the possibility of disclosing additional information if there is no response. However, they have not specified the total amount of data they managed to acquire. 

What departments have been affected? 

The attack specifically targeted the computer-assisted dispatch system (CAD) of the Dallas Police Department. This forced dispatch call takers to resort to manual note-taking for field officer instructions, limiting their communication to phones and radios. According to city spokesperson Catherine Cuellar, the systems were successfully brought back online on May 6, ensuring continuous operation of emergency dispatch services. 

The ransomware attack affected Dallas Water Utilities, preventing customers from making online payments and disrupting meter readings. The utility has since recovered from the attack and both systems are now operational. 

The court was closed for the majority of the month after the cyberattack. There were no hearings, trials, or jury duty during that time, and the city could not accept nearly any form of citation payment. 

Additionally, The library’s reservation system has not been brought back online yet. Staff are still manually tracking the availability of borrowed items. Residents can still check those items out but are being advised not to return them until the system is fully functional again. 

The cyberattack on Dallas County was initially detected on October 19. With a population of 2.6 million residents, Dallas County is the second-most populous county in Texas. Notably, it encompasses Dallas, the ninth-largest city in the United States, which has already grappled with a ransomware attack earlier in 2023.
Read more »
USA
American Airlines Cyber attack Threat Cyber Attacks Ransomware USA

American Airlines Pilot Union Hit with Ransomware


On Monday, the Allied Pilots Association (APA), the preeminent labour union representing 15,000 dedicated pilots of American Airlines, revealed that its systems fell victim to a ransomware attack. Established in 1963, the APA stands as the foremost independent trade union for pilots globally. 

With a membership exceeding 15,000 pilots within the airline, the union made an announcement on its official website, disclosing the initial detection of the cyberattack on October 30. Engaging an undisclosed cybersecurity firm for a thorough examination, it was confirmed that the union had indeed fallen prey to a ransomware assault. This investigation revealed that certain systems had been subjected to encryption. 

"As a result, the restoration of those systems has entailed a methodical and time-consuming process for our IT team and outside experts. As we work to recover from backups, we are also continuing to assess potential impacts to data, including member data. Investigations of this nature often take time to complete,” the experts said.  

Collaborating closely with external specialists, the organization's IT team is diligently engaged in the process of restoring their systems. Encouragingly, they reported that these efforts are steadily advancing, indicating that they are on track to reinstate certain services online in the near future. 

“Once the initial restoration is in place, we will continue to restore additional services over the coming hours and days, placing a priority on pilot-facing products and tools. We are working diligently to be fully operational as soon as possible while keeping the security of our systems front and center, the union explained," the company added.

Taking to social media channels, the union relayed that the cybersecurity incident was initiated in the early hours of October 30. While a portion of essential services has been reinstated over the course of the week, the organization has committed to keeping stakeholders informed with regular updates on their ongoing efforts. 

Over the past half-year, the aviation sector has been confronting a relentless wave of cyberattacks. Just this week, a major airport in Mexico, known for its high traffic volume, fell victim to a cyber intrusion. Additionally, Boeing, a prominent aircraft manufacturer, acknowledged its active response to a cyberattack affecting its parts and distribution operations, underscoring the persistent threat faced by the industry. 
Read more »
USA
Caesars Enterntain Cyberattack threats Data Breach Data Theft USA

Caesars Takes Action After Cyberattack on Loyalty Program Data

 

Caesars Entertainment, a leading resort chain with ownership of more than 50 hotels and casinos worldwide, officially disclosed a cyberattack on their systems. The U.S. Securities and Exchange Commission received notification on Thursday, indicating that the company has experienced a substantial loss of sensitive customer data due to the breach. In a recent development, Caesars Entertainment detected unusual activity within their IT network. 

According to the filed Form 8-K, this incident stemmed from a social engineering attack targeting an external IT vendor employed by the prominent hotel chain. After conducting an extensive internal inquiry, it was revealed that on September 7th, the database housing sensitive information of members in the Caesars Entertainment loyalty program, including details such as social security numbers and driver's license numbers, had been compromised. 

The company stated in its notice that they are currently in the process of probing the full scope of any supplementary personal or otherwise sensitive data obtained by the unauthorized party. At present, there is no indication to suggest that any personal banking or payment details were also accessed. The cyberattack has not affected the operations of physical properties, online platforms, or mobile gaming. 

These aspects continue to function seamlessly without any disruption. Caesars Entertainment has refrained from specifying the exact count of affected loyalty members, only indicating a "significant amount." As per Caesars' Informational website, the company maintains constant vigilance over the web, yet has found no trace of the compromised data being disseminated, disclosed, or put to any illicit use. 

While Caesars Entertainment has taken measures to initiate the erasure of the pilfered data, they are unable to provide an absolute assurance that it has been completely expunged, as stated in the notice. Concurrently, the company remains vigilant in its web monitoring efforts to ascertain whether the compromised data has been divulged or subjected to illicit utilization. 

As an extra precautionary measure, all members of the loyalty program will be extended credit monitoring and identity theft protection services. Caesars Entertainment intends to personally inform those affected in the ensuing weeks.
Read more »
USA
Abortion Data Leak Data Privacy Laws Healthcare Data Privacy Sensitive Data Leak USA

Growing Surveillance Threat for Abortions and Gender-Affirming Care

Experts have expressed alarm about a worrying trend in the surveillance of people seeking abortions and gender-affirming medical care in a recent paper that has received a lot of attention. The research, released by eminent healthcare groups and publicized by numerous news sites, focuses light on the possible risks and privacy violations faced by vulnerable individuals when they make these critical healthcare decisions.

The report, titled "Surveillance of Abortion and Gender-Affirming Care: A Growing Threat," brings to the forefront the alarming implications of surveillance on patient confidentiality and personal autonomy. It emphasizes the importance of safeguarding patient privacy and confidentiality in all healthcare settings, particularly in the context of sensitive reproductive and gender-affirming services.

According to the report, surveillance can take various forms, including electronic monitoring, data tracking, and unauthorized access to medical records. This surveillance can occur at different levels, ranging from individual hackers to more sophisticated state-sponsored efforts. Patients seeking abortions and gender-affirming care are at heightened risk due to the politically sensitive nature of these medical procedures.

The report highlights that such surveillance not only compromises patient privacy but can also have serious real-world consequences. Unwanted disclosure of sensitive medical information can lead to stigmatization, discrimination, and even physical harm to the affected individuals. This growing threat has significant implications for the accessibility and inclusivity of reproductive and gender-affirming healthcare services.

The authors of the report stress that this surveillance threat is not limited to any specific region but is a global concern. Healthcare providers and policymakers must address this issue urgently to protect patient rights and uphold the principles of patient-centered care.

Dr. Emily Roberts, a leading researcher and co-author of the report, expressed her concern about the findings: "As healthcare professionals, we have a duty to ensure the privacy and safety of our patients. The increasing surveillance of those seeking abortions or gender-affirming care poses a grave threat to patient autonomy and trust in healthcare systems. It is crucial for us to implement robust security measures and advocate for policies that protect patient privacy."

The research makes a number of suggestions for legislators, advocacy groups, and healthcare professionals to address the growing issue of monitoring. To ensure the secure management of patient information, it urges higher funding for secure healthcare information systems, stricter data security regulations, and better training for healthcare staff.

In reaction to the findings, a number of healthcare organizations and patient advocacy groups have banded together to spread the word about the problem and call on lawmakers to take appropriate action. They stress the significance of creating a healthcare system that respects patient autonomy and privacy, irrespective of the medical treatments they require.

As this important research gets more attention, it acts as a catalyst for group effort to defend patient rights and preserve the privacy of those seeking abortions and gender-affirming care. Healthcare stakeholders may cooperate to establish a more egalitarian, secure, and compassionate healthcare environment for all patients by tackling the growing surveillance threat.

Read more »
USA
Cyber Security FBI Hive Ransomware security measures Technology Threats USA

How the FBI Hacked Hive and Saved Victims

Earlier this year, the FBI achieved a significant milestone by dismantling Hive, a notorious cybercrime group, employing an unconventional approach. Instead of apprehending individuals, the agency focused on outsmarting and disrupting the hackers remotely. This marks a notable shift in the FBI's strategy to combat cybercrime, recognizing the challenges posed by international borders where many cybercriminals operate beyond the jurisdiction of U.S. law enforcement. 

In the past, Hive gained infamy as a highly active criminal syndicate, renowned for its acts of disrupting American schools, businesses, and healthcare institutions by disabling their networks and subsequently demanding ransoms for restoration. However, FBI field agents based in Florida successfully dismantled the group using their cyber expertise. 

They initially gained unauthorized access to Hive's network in July 2022 and subsequently countered the syndicate's extortion activities by aiding the targeted organizations in independently regaining access to their systems. 

According to Adam Hickey, a former Deputy Assistant Attorney General in the Justice Department's national security division during the Hive operation, the FBI's method proved effective and saved victims worldwide approximately $130 million. After conducting thorough investigations, the FBI discovered that Hive had rented its primary attack servers from a Los Angeles data center. 

Acting swiftly, the FBI seized the servers within two weeks and subsequently announced the takedown. This rapid action was motivated by the agency's recognition of an opportunity to halt Hive's activities, which had previously been difficult to preempt. However, while the announcement marked a significant milestone, Special Agent Smith and Director Crenshaw emphasized that the case is far from over. 

Hickey, who is now a partner at Mayer Brown law firm, stated that relying solely on arrests to combat cyber threats would be an oversimplified approach. He emphasized the need for a broader perspective and alternative strategies to address the evolving cyber threat landscape. 

The FBI initially became aware of Hive in July 2021 when the group, which was still relatively unknown at the time, targeted and encrypted the computer network of an undisclosed organization in Florida. This occurred during a period when prominent ransomware groups were carrying out severe attacks on gas pipelines and meat processors in the United States. 

In the following 18 months, Hive conducted more than 1,500 attacks worldwide, resulting in the collection of approximately $100 million in cryptocurrency from the victims, as estimated by U.S. law enforcement. The group's rapid expansion can be attributed, in part, to its strategic utilization of ruthlessness as a catalyst for growth. 

They targeted organizations, including hospitals and healthcare providers, that other cybercriminals had refrained from attacking. Data gathered by researcher Allan Liska, reveals that despite the FBI's covert presence within Hive, the group continued to carry out attacks at a consistent rate. 

On a hidden website where Hive disclosed the identities and sensitive details of victims who refused to pay, they listed seven victims in August, eight in September, seven in October, nine in November, and 14 in December. These numbers remained similar to the group's attack patterns before the FBI's infiltration. 

Hive members are still at large, and the seized servers could potentially aid in exposing the network of affiliates who collaborated with Hive during the 18-month period. As a result, the takedown has the potential to lead to additional arrests in the future.
Read more »
USA
Clop Ransomware Gang malware MOVEit Transfer USA

Massive Data Breach: Clop Ransomware Gang Targets MOVEit Transfer, Millions of Driver's Licenses at Risk

 

A significant data breach that took place last month has raised concerns about the potential vulnerability of individuals from Louisiana and Oregon, particularly in relation to identity theft and various cyberattacks. Americans residing in these states may face an increased risk of becoming victims to these malicious activities as a result of the breach. 

Recently discovered zero-day vulnerability (CVE-2023-34362) in the widely-used file transfer software MOVEit Transfer has caught the attention of the notorious Clop ransomware gang. They have wasted no time in exploiting this vulnerability. 

Considering the extensive adoption of MOVEit Transfer by major corporations spanning diverse industries such as finance, education, energy, IT, healthcare, and government organizations, the global repercussions of this data breach are already being experienced. 

In light of recent cyberattacks targeting MOVEit Transfer, a file transfer software used by significant entities such as the Louisiana Office of Motor Vehicles (OMV) and the Oregon Driver & Motor Vehicles Services, concerning revelations have emerged. 

Authorities in Louisiana and Oregon have issued warnings, indicating that the Clop ransomware gang managed to acquire a substantial volume of driver's licenses and other state-issued documents through these attacks. 

The breach's scale is estimated to affect millions of individuals in both states. At present, there is no evidence to indicate that the hackers responsible for the breach have made any use of, sold, shared, or released stolen data. 

Surprisingly, the Clop ransomware gang has publicly stated that they have deleted the pilfered government data in a post-breach announcement. However, the certainty of whether or not the group will fulfill its promise to delete the stolen government data remains unknown. 

To safeguard your personal data in the aftermath of the MOVEit data breach, here are important precautions to consider, particularly if you reside in Louisiana or Oregon: 

• Proceed with the assumption of data compromise: Operate under the assumption that your data may have been stolen by the Clop ransomware gang. 

• Stay vigilant with financial monitoring: Regularly review your bank statements, credit card transactions, and credit reports for any signs of a suspicious activity or potential identity theft. 

• Remain cautious of phishing attacks: Be alert to targeted phishing attempts that may leverage the stolen data to deceive you or extract personal information. Exercise caution when interacting with emails, links, and attachments, especially if they seem suspicious. 

• Evaluate identity theft protection services: If you were a subscriber to reputable identity theft protection services before the MOVEit breach, they may offer assistance in recovering your identity and mitigating financial losses resulting from fraud. 

• Enhance security measures: Update passwords for your online accounts regularly, using strong and unique combinations. Whenever possible, enable two-factor authentication to provide an additional layer of security. 

• Exercise discretion with personal information: Be mindful of sharing personal information online and limit it to trusted and secure platforms or organizations. Use discretion when providing sensitive details. 

• Educate yourself about identity theft prevention: Familiarize yourself with best practices for preventing identity theft, such as avoiding the sharing of personal information over unsecured networks, being cautious with social media sharing, and protecting physical documents containing sensitive data. 

• Stay informed through reliable sources: Keep yourself updated on any announcements or updates from relevant authorities or organizations regarding the breach. Rely on trusted sources of information to stay informed about the situation and recommended actions to take. 

Remember, these recommendations provide general guidance, and seeking advice from professionals or relevant authorities based on your specific circumstances is advisable. 

Additionally, it is advisable to read the following articles to gain a better understanding of the Clop ransomware gang and the impact of the attack on MOVEit Transfer software.





Read more »
USA
Cyber Security Data Theft Hacker group Kimsuky international hacking NK SK USA

U.S. and South Korea Issue Warning on North Korean Hacker Group Linked to Satellite Launch

On Friday, the United States and South Korea released a joint cybersecurity advisory, addressing a North Korean hacker group allegedly responsible for stealing technology utilized in North Korea's recent unsuccessful satellite. South Korea's Foreign Ministry announced unilateral sanctions against the hacker organization, identified as Kimsuky. 

In their joint statement, the United States and South Korea revealed that the Kimsuky group specializes in gathering intelligence related to national security and foreign policy matters concerning the Korean Peninsula. They further alleged that the group shares this intelligence with North Korea while assisting the isolated nation in its purported development of "satellites," which the allies suspect are actually disguised missile tests. 

The statement emphasized that Kimsuky engages in the theft of space and weapons technologies, providing vital support to the regime's ongoing defiance of international sanctions imposed on its nuclear and missile initiatives. In addition to this, the group is also recognized as Velvet Chollima and Black Banshee. The U.S. Cybersecurity and Infrastructure Security Agency has predicted that Kimsuky has likely been operating since 2012. 

Its primary objective is conducting espionage by targeting various entities including South Korean think tanks, industries, nuclear power operators, and the Ministry of Unification. In recent times, Kimsuky has broadened its scope and extended its operations to include nations such as Russia, the United States, and several European countries. 

The group has been "directly or indirectly involved in the development of North Korea's so-called 'satellites' by stealing advanced technologies related to weapons development and satellites and space from all over the world," the statement reads. 

On Wednesday, North Korea launched the Malligyong-1 military reconnaissance satellite, as per their claims. However, during the separation of its first stage, the rocket experienced a loss of thrust and ultimately plunged into the Yellow Sea. 

However, both Seoul and Washington assert that the launch was actually aimed at enhancing the country's ballistic missile capabilities. This action by Pyongyang violates United Nations Security Council resolutions, which prohibit the use of such technology. Despite the unsuccessful outcome of Wednesday's attempt, North Korea is reportedly preparing for a second launch shortly.

Following the incident, Seoul and Washington jointly unveiled new sanctions targeting North Korean information technology workers and organizations suspected of financing the regime's nuclear and missile initiatives. South Korea specifically identified seven North Korean individuals and three entities involved in overseeing the earnings and money laundering activities of these workers. 

The sanctions aim to disrupt the financial networks supporting North Korea's illicit programs. According to the Kimsuky attacks records, in March 2015, South Korea accused Kimsuky of stealing data from Korea Hydro & Nuclear Power. In August 2019, it was revealed that Kimsuky had launched an unprecedented attack targeting retired South Korean diplomats, government officials, and military personnel. 

In September 2020, reports surfaced suggesting that Kimsuky had made an attempted hack on 11 officials associated with the United Nations Security Council, and in May 2021, a lawmaker from the People Power Party disclosed that Kimsuky had been discovered within the internal networks of the Korea Atomic Energy Research Institute.
Read more »
USA
Cyber Security Cyber Threats Index for cybersecurity Technology USA

Absolute's 2023 Resilience Index: America's Cybersecurity

Recently, the White House has come up with a new national cybersecurity strategy called ‘Absolute's 2023 Resilience Index’, it will hold software companies responsible for products’ security. The document unveiled by the government includes regulations for vulnerable critical infrastructure firms and software liability for exploitable vulnerabilities. 

Following this, the administration said that it is collaborating with Congress to create a new law that can combat cybersecurity matters effectively. This index has been proposed after hacking incidents that threatened major public services during the first year of the Biden administration. 

In addition to this, the federal government is also planning to use its regulatory and purchasing power to encourage software manufacturing companies that are crucial to the economy and national security to improve their cybersecurity measures. 

Jen Easterly, director of CISA, has urged technology companies to take responsibility for the cybersecurity of their products, which are crucial to society. Further, she questioned why the blame for security breaches falls on companies for not patching vulnerabilities, rather than on the manufacturers who created the technology requiring multiple patches. 

“We often blame a company today that has a security breach because they didn’t patch a known vulnerability. What about the manufacturer that produced the technology that required too many patches in the first place?” Easterly added. 

The administration is considering ways to make the tech sector accountable for the digital safety of critical US industries, with a forthcoming cybersecurity strategy expected to demand increased security investments from industries supporting sectors like energy, water, and healthcare. 

In recent years, the White House has already released important guidelines for improving cybersecurity, such as the Executive Order on Improving the Nation’s Cybersecurity, which was issued in May 2021 and mandated zero trust as a best practice for modern cybersecurity programs across sectors. Additionally, in a memo issued in January 2022, the U.S. Office of Management and Budget identified zero trust as a critical element of a modern cybersecurity strategy. 

However, the main obstacles to achieving cybersecurity success today are the same as they were 12 months ago. Bad actors are continuously evolving, developing new variants and methods. Consequently, a narrowly scoped or static approach to cybersecurity is unlikely to be effective in protecting critical infrastructure.
Read more »
World Critical Infrastructure
CISA Critical Infrastructure threats Cyber Security Data protection USA World Critical Infrastructure

Challenges in Securing Critical Infrastructure: Modern Solutions Required

Critical infrastructure refers to physical and digital assets that are crucial for national security, economy, public health, or safety. It can be government or privately owned and includes not only power plants or electricity but also monetary systems. 

Cyber attacks on critical infrastructure have become a preferred target due to their significant impact, with examples including attacks on Ukraine's power grid (2015), Kansas's nuclear plant (2018), the SWIFT network, and Colonial Pipeline. 

These attacks may be motivated by various factors such as testing capabilities, financial gains, data theft, remote access, or service disruption. Perpetrators could be nation-states, cybercriminals, or hacktivists. 

Securing critical infrastructure, which includes industrial control systems (ICS) like SCADA, is crucial due to the potential for wide-scale compromise in vital systems such as transportation, oil and gas, electricity, water, and wastewater. 

Interdependencies between infrastructure sectors mean that a single failure can have a negative impact on multiple sectors. The financial implications of cyberattacks on ICS are significant, with potential costs of downtime ranging from $5,000 to $10,000 per minute. 

Cybercriminals and nation-states can extract substantial ransoms and demonstrate their cyberwarfare capabilities. For example, the Colonial Pipeline and JBS USA Holdings Inc. attacks resulted in $15 million in paid ransom. Attackers are increasingly targeting critical infrastructure and investing in improving their capabilities to compromise these organizations. 

Several types of attacks are commonly used against critical infrastructure, including distributed denial-of-service (DDoS) attacks, ransomware attacks through spear phishing, vulnerability exploitation, and supply chain attacks. 

Etay Maor noted that some of these techniques are particularly challenging to prevent as they target humans rather than technologies. To protect critical infrastructure, it's important to use effective and streamlined cybersecurity measures, rather than relying solely on numerous security products which can create friction and inefficiencies. 

The Cybersecurity and Infrastructure Security Agency (CISA) plays a crucial role in the US by providing support and assistance to critical infrastructure sectors. They coordinate cyber incident information, secure important domains, assist in protecting critical infrastructure, and offer cybersecurity education and training through programs like the Cybersecurity Advisor Program. This includes evaluating risks, promoting best practices, raising awareness, and providing incident support and lessons learned.
Read more »
USA
Cyber Attacks Cyber Defence GoDaddy USA

GoDaddy, a Web Hosting Provider Hit Multiple Times by the Same Group

 

This month, GoDaddy, a leading web hosting provider, revealed that it had experienced a major security breach over several years, resulting in the theft of company source code, customer and employee login credentials, and the introduction of malware onto customer websites. 

It means that the hackers were able to access and modify certain websites hosted by GoDaddy, in a way that allowed them to install malicious software (malware) onto these websites. This malware could then potentially harm visitors to these sites by stealing their personal information, infecting their devices, or performing other malicious actions. 

While much of the media attention has focused on the fact that GoDaddy was targeted by the same group of hackers in three separate attacks. The threat actors typically employ social engineering tactics such as calling employees and luring them to a phishing website. 

While reporting the matter to the U.S. Securities and Exchange Commission (SEC) the company said that the same group of hackers was responsible for three separate security breaches, including: 

In March 2020, a phishing attack on an employee resulted in compromised login credentials for around 28,000 GoDaddy customers and a few employees. 

In November 2021, attackers stole source code and information related to 1.2 million customers by using a compromised GoDaddy password, including website administrator passwords, sFTP credentials, and private SSL keys. 

In December 2022, hackers accessed GoDaddy's cPanel hosting servers and installed malware that redirected some customer websites to malicious sites intermittently. 

We don't have much information about the cause of the November 2021 incident, except that GoDaddy has said it involved a compromised password and took two months to discover. For the December 2022 malware breach, GoDaddy has not disclosed how it occurred. 

However, we do know that the March 2020 attack was initiated through a spear-phishing attack on a GoDaddy employee. While GoDaddy had initially described the incident as a social engineering attack, one of their affected customers actually spoke directly to one of the hackers involved. 

GoDaddy is a company with around 7,000 employees and an additional 3,000 workers through outsourcing firms in India, the Philippines, and Colombia. 

When employees log in to company resources online, many companies require them to use a one-time password along with their regular username and password. This password can be sent via SMS or generated by an app. But this type of security measure can be easily bypassed by phishing attacks that ask for a one-time password along with the regular password. 

However, using physical security keys is a multi-factor option that is resistant to advanced phishing scams. These keys are inexpensive USB devices that implement Universal 2nd Factor (U2F) multi-factor authentication. 

Physical security keys are small devices that can help protect your online accounts from being hacked. When you log in to your account, you have to insert the key and press a button on it to complete the login process. This makes it hard for hackers to steal your password or trick you into giving it away. Even if you accidentally go to a fake website, the security key won't work and your account will stay safe.
Read more »
USA
Cyber Security Data Theft Medical Medical Sector Medical Security telehealth USA

Telehealth Companies Monetizing and Sharing Health Data

These reports come despite company promises to prospective patients that their user data, including information about mental health and addiction treatment, will remain confidential. 

Senators Amy Klobuchar, Susan Collins, Maria Cantwell, and Cynthia Lummis expressed their concern over the protection of patients' sensitive health information by well-known telehealth companies. 

They referenced an investigation by STAT and The Markup that uncovered the deliberate sharing of patient data by telehealth companies with tech giants such as Meta, Facebook, Google, TikTok, Microsoft and Twitter, and other advertising platforms. 

It has been reported that these digital health companies are monitoring and distributing the personally identifiable health information of their clients, including their contact information, financial details, and more. 

“Telehealth…has become a popular and effective way for many Americans to receive care.  One-fifth of the U.S. population resides in rural or medically-underserved communities where access to virtual care is vital. This access should not come at the cost of exposing personal and identifiable information to the world’s largest advertising ecosystems,” the senators added. 

Senators Amy Klobuchar (D-Minn.), Susan Collins (R-Maine), Maria Cantwell (D-Wash.), and Cynthia Lummis (R-Wyo.) recently sent letters to telehealth companies Monument, Workit Health, and Cerebral, inquiring about their data sharing practices. 

“Recent reports highlight how your company shares users’ contact information and health care data that should be confidential. This information is reportedly sent to advertising platforms, along with the information needed to identify users. This data is extremely personal, and it can be used to target advertisements for services that may be unnecessary or potentially harmful physically, psychologically, or emotionally,” the letter reads.

Telehealth involves the provision of healthcare services and information through the use of electronic communication and information technologies. It enables remote patient-provider communication to provide services including consultation, education, monitoring, intervention, and even admission for treatment, overcoming the barriers of distance.
Read more »
USA
Cyber Security Data Safety. Security Online Data US USA

Protect Your Online Data Now, Rather than Waiting for the Government

 

The old joke goes, "The opposite of pro is con, so the opposite of progress is Congress." Getting laws proposed and passed can be difficult even in a more relaxed political climate, but the present state of the US Congress makes most new legislation, regardless of content, a difficult sell. That is one of the challenges that government advisers from the cybersecurity industry face when urging politicians to suggest and pass federal data privacy laws. Other obstacles include inconsistent data privacy laws in some US states.

It's long past time for the United States to adopt the EU's General Data Protection Regulation (GDPR). GDPR is a set of stringent rules that govern how EU residents' data is handled, sold, and stored. GDPR protects consumers' privacy and security rights by imposing fines on companies that fail to comply.

In conversation with Wade Barisoff of the cybersecurity firm Fortra (Opens in a new window) last week about the current state of data privacy protections in the United States. Barisoff emphasized the importance of federal data privacy regulations, citing the European Union's GDPR as an effective example.

"GDPR was significant, not only because it was a unifying act that enshrined the rights of people and their digital identities to govern how their data could be handled,” Barisoff said, “but also because it was the first legislation with real teeth.”

Consumers in the United States would benefit from federal data privacy regulations that enforce severe penalties on companies that fail to comply. If you live in the United States, you may not have much control over what companies can do with your data once they have it, so lock down your accounts with multi-factor authentication and evaluate the privacy policies of your apps today.

Analyzing Data Breach Statistics

There is little recourse for victims of identity theft in the United States whose data was stolen because a company in the United States failed to report a breach. In the Identity Theft Resource Center's (ITRC) 2022 Data Breach Report(Opens in a new window), CEO Eva Velasquez noted a significant disparity between the average number of breach notices issued each business day in the US (seven) and the 356 breach notices issued daily in the EU in 2021.

"Common sense tells us that data breaches are underreported in the United States," Velasquez explained in the report. "The result is individuals are largely unable to protect themselves from the harmful effects of data compromises which are fueling an epidemic—a scamdemic—of identity fraud committed with stolen or compromised information."

Based on the Data Breach Report, since most state governments do not require companies to include factual data surrounding data breach incidents, the majority of US-based companies do not publish this information at all. According to the ITRC, businesses may choose not to include the details surrounding these incidents in order to avoid future lawsuits for failing to protect consumer data. LastPass, the embattled password management company, was singled out in the report for failing to explain the details of a 2022 attack in which cybercriminals gained access to its customers' information.

The Legal Status of Data Privacy in the United States

According to Barisoff, data privacy regulation in the United States has a long history in certain industries. In the United States, for example, the Health Insurance Portability and Accountability Act, or HIPAA, was signed into law nearly 30 years ago. It is still used to develop data privacy policies for healthcare organizations. Barisoff told me that going beyond decades-old industry guidelines is difficult because capitalism is such a powerful drug.

"We've never really climbed this mountain yet because data is worth money," Barisoff said. "Google has built its entire empire just on data and understanding what people are doing and selling that. There's more of a focus on capitalism, and there's a lot of powerful players here in the US that basically made their entire company off of private data."
 
Some state legislators are attempting to retaliate against tech companies by proposing and passing statewide data privacy legislation. According to Barisoff, these laws are a beginning, but imposing them may be difficult. "The only consistency will be that each new law is different," he noted.

This effect is already being felt. Texas sued Google last year, claiming that the company's Photos and Assistant apps violated state biometric privacy laws. In 2016, residents in Illinois filed and won a similar lawsuit against Google. According to Barisoff, the creation, and enforcement of state-by-state data privacy laws makes it more difficult for businesses to comply with regulations.

"As each state seeks to highlight how much they value their citizens’ rights over the next, we’ll see an element of 'What’s good for California isn’t good enough for Kansas' creep in,” warned Barisoff. 

"This developing complexity will have a significant impact on organizations operating across the country," he concluded.
Read more »
USA
attacks Cyber Attacks Ransomware Safety Security United States US USA

Where Do the Most Ransomware Attacks Take Place in the United States?

 

Ransomware can be as disruptive to your day as a flood, earthquake, fire, or another natural disaster. It has the potential to devastate businesses, close hospitals, and close schools. And if you're unlucky enough to be affected, it can completely devastate your finances. 

However, as with natural apocalyptic events, there are patterns in misfortune, and it is possible to draw patterns and identify high-risk areas. You can avoid disaster entirely with some forethought. 

What is Ransomware? 

Criminals are after your money, and draining your bank account is problematic. By encrypting vital files on compromised computers, criminals persuade victims to hand over their money voluntarily. Companies that are unable to perform business and are losing money every day, they are not functioning and will frequently pay criminals to decrypt their machines and enable them to continue trading. Criminals typically gain access to devices through either lax security processes or social engineering attacks.

Engaging in any criminal enterprise is a risky business, and cybercriminals prefer to target targets that will net them the most money while exposing them to the least amount of risk. It makes more sense to hit fewer large targets rather than many small ones. And it's understandable that they'd rather target businesses that are more likely to pay than call law enforcement.

Between 2018 and January 2023, there were 2,122 ransomware attacks in the United States, as per Comparitech research. That's a lot, and even more is likely to have gone unreported. Even if this figure is taken at face value, it equates to more than one ransomware attack per day. Each ransom was worth an astounding $2.3 million on average.

Naturally, because businesses have more money than private individuals, schools, or government agencies, they are regarded as the biggest jackpot for hackers. And because they're constantly making money, every pause costs them more. The largest ransom known to have been paid during this time period was a whopping $60 million paid in 2022 by Intrado, a communications company with interests in cloud collaboration, 911 operations, enterprise communications, and digital media, among other things.

In fact, nine of the top ten ransoms were paid by corporations, including Kia Motors, Garmin, and EDP Renewables. The education sector is prominent, with Broward County Public Schools paying the second-largest ransom of $40 million in 2021. The notorious Conti group, which has been linked to hundreds of other attacks, carried out the attack.

Hospitals and other medical care facilities are prime targets for ransomware attacks because when hospital computers go down, patients don't get the care they require, and people die. Ransoms from the healthcare sector tend to be lower, with an average payout of around $700,000, possibly because the criminals have some conscience about people dying as a direct result of their actions.

Government facilities are also frequently targeted, with state and regional facilities particularly vulnerable. Local government agencies have limited IT security resources and frequently use outdated software due to their stricter budgets, making them easier targets. However, this also means that they pay significantly less than businesses with a median revenue of half a million dollars.

Where do most attacks take place?

Ransomware attacks occur wherever criminals believe they can make a quick buck, and attacks are concentrated in areas with a high concentration of wealth and businesses with a high turnover.

In the United States, this includes the east coast, which includes Washington, DC, Maryland, Delaware, and New York; the north-west coast, which includes California and Seattle; and major regional hubs like Chicago, Illinois. The majority of these attacks target businesses, but that doesn't mean the rest of the country is safe. Attacks on healthcare and government are far more common in poorer states. Again, this is most likely due to reduced IT budgets.

Between 2018 and January 2023, no US state was immune to ransomware attacks, though some were either less appealing or more resilient to criminals. Wyoming had the fewest reported attacks, with one ransomware incident at Carbon Power and Light and two healthcare facility attacks.

Ransomware is frightening, but just like designing flood defences or forest fires, there are steps you can take to avoid becoming a victim. Here are some of the best recommendations:
  • Take regular backups and store them securely
  • Employ a good antivirus
  • Train your staff
  • Keep your systems updated
Ransomware is terrible, but at least you know that if you pay the ransom, your system will be restored to normal working order and you can resume business as usual... right? This isn't always true. What appears to be ransomware is sometimes fake ransomware: your files have been encrypted, but the criminals who have encrypted them will never decrypt them.
Read more »
USA
Cyber Crime cyber espionage Cyber Fraud Cyberespionage DOJ FBI United States Cyber Security USA

Ex-NSA Employee Charged with Espionage Case

A former U.S. National Security Agency (NSA) employee from Colorado has been arrested on account of attempting to sell classified data to a foreign spy in an attempt to fulfill his personal problems facing because of debts. 

According to the court documents released on Thursday, the accused Jareh Sebastian Dalke, 30, was an undercover agent who was working for the Federal Bureau of Investigation (FBI). 

Jareh Sebastian said that he was in contact with the representative of a particular nation "with many interests that are adverse to the United States," he was actually talking to an undercover FBI agent, according to his arrest affidavit. 

Dalke was arrested on Wednesday after he allegedly agreed to transmit classified data. "On or about August 26, 2022, Dalke requested $85,000 in return for additional information in his possession. Dalke agreed to transmit additional information using a secure connection set up by the FBI at a public location in Denver,"  eventually it led to his arrest,  the DoJ said. 

Earlier he was employed at the NSA from June 6, 2022, to July 1, 2022, as part of a temporary assignment in Washington D.C as an Information Systems Security Designer. Dalke is also accused of transferring additional National Defense Information (NDI) to the undercover FBI agent at an undisclosed location in the U.S. state of Colorado. 

Following the investigation, he was arrested on September 28 by the law enforcement agency. As per the USA court law, Dalke was charged with three violations of the Espionage Act. However, the arrest affidavit did not identify the country to which Dalke allegedly provided information. 

The affidavit has been filed by the FBI and mentioned that Dalke also served in the U.S. Army from about 2015 to 2018 and held a Secret security clearance, which he received in 2016. The defendant further held a Top Secret security clearance during his tenure at the NSA. 

"Between August and September 2022, Dalke used an encrypted email account to transmit excerpts of three classified documents he had obtained during his employment to an individual Dalke believed to be working for a foreign government," the Justice Department (DoJ) said in a press release.
Read more »
Subscribe to: Posts (Atom)