Attackers had full access – a nightmare security scenario that would be any nation-state hacker’s dream. Instead, the attack was simply part of a bitcoin scheme that ended up generating around $ 120,000. Altogether, scammers targeted 130 accounts and took control of 45. In a mad rush to contain the situation, Twitter temporarily froze all verified accounts, blocking its ability to tweet or reset the account password. Some of the blockages lasted for hours.
A subsequent investigation revealed that the attackers had called Twitter customer service and technical support lines and tricked reps into accessing a phishing site to harvest their special Twitter back-end credentials, including their username, password and multifactor authentication codes. Then, attackers were able to use their access to these support accounts to reset passwords on target user accounts. In late July, three suspects were arrested and charged with committing the hack, including 17-year-old Graham Ivan Clark of Tampa, Florida, who allegedly led the digital attack. In the wake of the breach, Twitter says it has launched a major effort to review its employees’ access controls, especially with the approaching US presidential election in November.
On June 19, the leak-focused activist group Distributed Denial of Secrets published a treasure trove of 269 gigabytes of United States law enforcement information, including emails, intelligence documents, audio and video files. DDOSecrets said the data came from a source who claims to be part of the ephemeral hacking collective Anonymous. Published after the assassination of George Floyd, the eviction of more than a million files included documents and internal police communications about law enforcement initiatives to identify and track protesters and share information about movements like Antifa. Much of the information came from law enforcement “fusion centers”, which gather and share information with law enforcement groups across the country. “It is the largest published hack by American law enforcement agencies,” Emma Best, co-founder of DDOSecrets, told WIRED in June. “It provides a closer look at the state, local and federal agencies charged with protecting the public, including [the] government response to Covid and BLM protests. “
In September, a ransomware attack apparently aimed at Heinrich Heine University in Düsseldorf, instead, paralyzed 30 servers at University Hospital Düsseldorf, putting hospital systems and patient care in a crisis. Unfortunately, ransomware agents have long targeted hospitals, due to the urgent need to restore services in the interest of patient safety. It is also common for hospitals affiliated with universities to be hit inadvertently. The incident at University Hospital Düsseldorf was especially significant, because it may represent the first time that a human death can be attributed to a cyber attack. As a result of the ransomware attack, an unidentified woman who needed emergency treatment was redirected from the University Hospital in Düsseldorf to a different provider in Wuppertal, about 61 kilometers away, causing an hour delay in treatment. She did not survive. The researchers note that it is difficult to definitively establish causality. The incident is clearly an important reminder, however, of the real-world impacts of ransomware attacks on healthcare facilities and any critical infrastructure.
In late October, amid a worrying wave of health-related ransomware attacks, hackers threatened to release stolen data from one of Finland’s largest psychiatric service networks, Vastaamo, if individuals or the organization as a whole did not pay to keep the data confidential. Hackers may have obtained information from an exposed database or through an internal operation. These attempts at digital extortion have existed for decades, but Vastaamo’s situation was particularly striking, because the stolen data, which dated to about two years ago, included psychotherapy notes and other confidential information about patients’ mental health treatment. Vastaamo worked with private security company Nixu, the Central Criminal Police of Finland and other national law enforcement agencies to investigate the situation. Government officials estimate that the episode affected tens of thousands of patients. The hackers demanded bitcoin worth 200 euros, about $ 230, from individual victims 24 hours after the initial request, or 500 euros ($ 590) thereafter to maintain the data. Finnish media also reported that Vastaamo received a demand for about $ 530,000 in bitcoins to avoid publishing the stolen data. A hacker persona “ransom_man” posted information that leaked from at least 300 Vastaamo patients to the anonymous web service Tor to demonstrate the legitimacy of the stolen data.
In late July, hackers launched a ransomware attack against navigation and fitness giant Garmin. It brought down Garmin Connect, the cloud platform that synchronizes user activity data, as well as large blocks from Garmin.com. The company’s e-mail systems and customer service centers have also been disabled. In addition to athletes, fitness fans and other regular customers, airline pilots using Garmin products for positioning, navigation and timing services also dealt with disruptions. The flyGarmin and Garmin Pilot apps were interrupted for several days, which affected some Garmin hardware used on planes, such as flight planning tools and updates to the FAA aeronautical databases. Some reports indicate that the Garmin ActiveCaptain marine application has also been disrupted. The incident highlighted the exposure of IoT devices to systemic failures. It’s bad enough if your GPS-equipped activity tracking watch stops working. When you need to land planes over instrument problems caused by a ransomware attack, it is very clear how tenuous these interconnections can be.
Honorable mention: Hacking supported by the Chinese government
China continued its relentless global wave of hackers this year and appeared to be launching an increasingly broad network. Beijing-backed hackers have buried themselves deep in Taiwan’s semiconductor industry to steal an enormous amount of intellectual property, from source code and software development kits to chip projects. Australian Prime Minister Scott Morrison said in June that the country’s government and other organizations have repeatedly been the target of a flurry of attacks. Australia has pledged to invest around $ 1 billion over the next 10 years to expand its defensive and offensive cybersecurity resources. Although Morrison did not specify which actor has been chasing the country, it is widely reported that he referred to China. Australia and China are waging an intense trade war that is redefining relations between the two countries. A Reuters report this month also provided an example of Chinese hacking operations under way across Africa after the African Union in Addis Ababa, Ethiopia, discovered suspects of Chinese invaders stealing surveillance images from its servers. The United States has also faced years of widespread digital espionage and intellectual property theft attributed to China. And it has continued this year, especially in the field of public health and vaccine research at Covid-19.
More of the year under review by WIRED