Disappointing failure of school district ransomware breach


Ransomware gangs have it Long sought after pain points with their high utility for looting. Now, an investigation from NBC News has revealed what that ruthless business model looks like when it targets children: A ransomware group has uncovered sensitive files from the Minneapolis school system, complete with behavioral and psychological profiles of thousands of children. Highly sensitive documentation of individual students and cases of alleged abuse by faculty and staff.

We’ll get there. But first, WIRED contributor Kim Zetter broke the news this week that Russian hackers who carried out the infamous SolarWinds spying operation were found inside the US Justice Department’s network six months earlier than previously reported — but the DOJ didn’t realize the full extent. The hacking campaign that will be revealed later.

Meanwhile, WIRED’s Lily Haye Newman was at the RSA Cyber ​​Security Conference in San Francisco, where she brought us stories about how security researchers disrupted the networks of victims of the Gootloader malware that operators sell to ransomware groups and other cybercriminals, and how Google Cloud has partnered with Intel to hunt down and fix critical security vulnerabilities underlying critical cloud servers. She also caught a warning from NSA Cyber ​​Security Director Rob Joyce, who called for the cybersecurity industry to “decentralize” and prepare for big changes coming from AI tools like ChatGPIT. .

On the same looming issue of AI, we’ve looked at how deep pseudo-politics enabled by tools like ChatGPT, Midjourney, DALL-E, and StableDiffusion can have political consequences. We investigated a new US law that bans children under the age of 13 from joining social media. We tested a new feature in the Google Authenticator app that lets you save your two-step codes to your Google Account if you lose your 2FA device. And we’ve ranked—well,—the cyber security industry’s proliferation of silly names for hacker groups.

But that’s not all. Every week we round up news that we haven’t covered in depth ourselves. Click on headlines to read full stories. And stay safe out there.

What happens when a school system is targeted by a ransomware group, refuses to pay, and the stolen data is dumped en masse into the dark web? NBC’s Kevin Collier says it’s worse than it seems when the Minneapolis public school system was hit by hackers digging into the 200,000 files that went online earlier this week.

Leaked files include detailed documents linking children by name, date of birth, and address to a laundry list of highly personal information: their special needs, psychological profiles and behavior analyses, their medications, spy results, and which children’s parents are divorced, among many other mysteries. In some cases, the files also indicate which children were victims of abuse by school teachers or staff. The hackers took special pains to publicize the child poisoning, posting links and videos on social media showing the files and instructing viewers on how to download them.

A Minneapolis school is offering free credit monitoring to parents and children affected by data breaches. But if the personal information leaked by hackers is radioactive in nature, identity fraud may be the least of victims’ worries.

In an unusually candid statement at a panel at this week’s RSA conference, Gen. William Hartman said US Cyber ​​Command had disrupted an Iranian hacking operation targeting local election websites ahead of the 2020 election. Hartman, who heads Cyber ​​Command’s National Task Force, said the hack could not have affected actual vote counts or voting machines, but they could have been used to post false results if Cyber ​​Command’s hackers hadn’t challenged the operation. Misinformation efforts.

Hartmann named the Iranian hackers as a group known as Pioneer Kitten, also sometimes known as UNC757 or Parisite, but did not name the specific election website they targeted. Hartmann added that the hacking operation was part of Cyber ​​Command’s Hunt Forward operations, which intercept foreign networks to proactively locate and disrupt adversaries targeting the US.

After two years of investigation, The guard This week, Facebook and Instagram published a shocking exposé of child predators acting as prey, many of whom use the two social media services to exploit children for financial gain. Although the services’ parent company, Meta, says it is closely monitoring child sexual abuse material or sex trafficking, of Guard It was discovered that their accounts had been hacked by traffickers who were promoting child victims of sexual abuse.

A prosecutor who spoke The guard From 2019 to 2022, he said, he has seen child trafficking crimes on social media increase by about 30 percent each year. Many of the victims are 11 or 12 years old, and most are Black, Latinx, or LGBTQ+.

A group of hackers took over AT&T email accounts—the telecom provider operates email domains including att.net,sbcglobal.net,bellsouth.net—in order to hack their cryptocurrency wallet, TechCrunch reported.

One tip: Hackers told TechCrunch that they can access a part of AT&T’s internal network that allows them to generate “message keys” that can be used to access email inboxes in email applications such as Thunderbird or Outlook. Hackers then used that access to reset victims’ passwords on cryptocurrency wallet services like Gemini and Coinbase, and according to a TechCrunch source, between $10 million and $15 million in crypto has already been stolen, though TechCrunch can’t confirm those numbers.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

eight + 4 =