Skip to content

The tragic consequences of a ransomware leak in a school district


Ransomware gangs have The long-sought soft spots where their extortion demands have the most influence. Now, an NBC News investigation has made clear what that cutthroat business model looks like when it targets children: the giant leak of a ransomware group’s sensitive files from the Minneapolis school system. exposes thousands of children at their most vulnerable momentcomplete with behavioral and psychological reports of individual students and highly confidential documentation of cases in which they have allegedly been abused by teachers and staff.

We’ll get to that. But first, WIRED contributor Kim Zetter broke the news this week that the Russian hackers who ran SolarWinds’ notorious spy operation were detected on the US Department of Justice network six months earlier than previously reported—but the Justice Department failed to realize the full scale of the hacking campaign that would later be revealed.

Meanwhile, WIRED reporter Lily Hay Newman was at the RSA cybersecurity conference in San Francisco, where she brought us stories of how security researchers interrupted the operators of the Gootloader malware who sold access to victims’ networks to ransomware groups and other cybercriminals, and how Google Cloud partnered with Intel to find and fix serious security vulnerabilities underlying critical cloud servers. He also captured a warning in a talk by NSA cybersecurity director Rob Joyce, who told the cybersecurity industry to “buckle up” and get ready for big changes to come from AI tools like ChatGPT, which will no doubt be used by attackers and defenders alike.

In that same looming AI issue, we looked at how deep fakes enabled by tools like ChatGPT, Midjourney, DALL-E, and StableDiffusion will have far-reaching political consequences. We examined a recently introduced US bill that ban children under 13 from joining social media. Us tested the new feature in the google authenticator app which allows you to backup your two-factor codes to a Google account in case you lose your 2FA device. And we opine, well, we rant, about the ever-increasing expansion of silly names given to hacker groups by the cybersecurity industry.

But that is not all. Every week, we round up the news that we don’t report in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

What happens when a school system is attacked by a ransomware group, refuses to pay, and therefore their stolen data is dumped wholesale on the dark web? Well, it’s even worse than it sounds, as NBC’s Kevin Collier found out this week when he reviewed parts of a trove of 200,000 files leaked online after the Minneapolis public school system was attacked by hackers earlier this year. .

The leaked files include detailed files that link the children by name, date of birth and address to a long list of highly private information: their special needs, their psychological profiles and behavioral analysis, their medications, the results of intelligence tests and the parents of which children. they have divorced, among many other sensitive secrets. In some cases, the files even point to children who have been allegedly abused by teachers or school staff. The hackers also went to extra lengths to publicly promote their toxic dumping ground for children’s information, with links posted on social networking sites and a video showing off the files and instructing viewers on how to download them.

The Minneapolis school system is offering free credit monitoring to parents and children affected by the data dump. But given the radioactive nature of personal information released by hackers, identity fraud may be the least of its victims’ worries.

In a rare declassified disclosure on a panel at this week’s RSA Conference, General William Hartman revealed that US Cyber ​​Command had disrupted an Iranian hacking operation targeting a local election website before the 2020 election. According to Hartman, who leads the Cyber ​​Command National Mission Force, the intrusion could not have affected the vote count or the actual voting machines, but had the Cyber ​​Command hackers themselves not blocked the operation , could have been used to publish false results as part of a disinformation effort.

Hartman named the Iranian hackers as a group known as Pioneer Kitten, also known as UNC757 or Parisite, but did not name the specific election website they targeted. Hartman added that the hacking operation was found thanks to Cyber ​​Command’s Hunt Forward operations, in which it hacks foreign networks to discover and preemptively disrupt adversaries targeting the US.

After a two-year investigation, The Guardian this week he published a harrowing exposé about the use of Facebook and Instagram as hunting grounds for child predators, many of whom traffic children as sexual abuse victims for money on the two social media services. Despite claims by the services’ parent company, Meta, that it is closely monitoring its services for child sexual abuse or sex trafficking materials, He guardian He found horrific cases of children whose accounts were hijacked by traffickers and used to advertise them as sexual victimization.

A prosecutor who spoke with The Guardian He said he had seen child trafficking crimes on social networking sites increase by 30 percent each year between 2019 and 2022. Many of the victims were as young as 11 or 12, and most were Black, Latino, or LGBTQ+.

A group of hackers have taken over AT&T email accounts (the telecommunications provider runs email domains that include att.net, sbcglobal.net, bellsouth.net) to hack into their cryptocurrency wallets, TechCrunch reports.

A whistleblower tells TechCrunch that hackers have access to a part of AT&T’s internal network that allows them to generate “mail keys” that are used to provide access to an email inbox through email applications. email such as Thunderbird or Outlook. The hackers then use that access to reset victims’ passwords on cryptocurrency wallet services like Gemini and Coinbase and, according to TechCrunch’s source, have already amassed between $10 million and $15 million in stolen crypto, though TechCrunch was unable to verify those numbers.


—————————————————-

Source link

For more news and articles, click here to see our full list.