The Maze group, an anonymous cybercrime group who pledged not to target any medical organizations during the worldwide pandemic, broke their promise and carried out a ransomware attack against Hammersmith Medicines Research. Hammersmith Medicines Research is a British vaccine test center that is on standby to perform clinical trials on potential vaccines for the COVID-19 virus.
The attack took place on March 14th, which was just days before the Maze group announced on March 18th that they would not target any medical organizations during the pandemic. The clinical director of Hammersmith Medicines Research, Malcolm Boyce, stated that the attack was noticed in progress and was able to be stopped without causing any downtime. However, the Maze group was able to exfiltrate patient data which they are using to extort the vaccine test center.
Boyce expressed that his company would not be giving into the demands of the cybercriminals, and as a result, the Maze group leaked some of the patient data on the dark web on March 21st. The publishing of the data online completely violated their public statement that they would not continue to attack medical organizations during the pandemic.
“We have no intention of paying. I would rather go out of business than pay a ransom to these people,” Boyce said. If the Maze group follows their typical pattern, they will continue to release the stolen data on a staggered basis until the company pays the ransom or all of the data has been released.
On a more optimistic side, security companies such as Emsisoft and McAfee are providing free assistance to medical organizations being hit by cyber attacks. These companies are providing threat analysis, development of decryption tools, and even negotiating with cyber attackers.
I stumbled upon an interesting case that involved a violation of the CFAA. The crimes occurred in 2015, but the trial finally happened in 2019 and is called United States vs. Van Buren . Van Buren was a sergeant for Cumming, Georgia, Police Department. While an officer, he forged a relationship with a shady character named Albo. Van Buren’s finical situation wasn’t the greatest and he saw a chance to improve his finical situation through Albo. Van Buren approached Albo asking him for a loan, but unbeknownst to Van Buren, Albo recorded their conversations and report Van Buren to the local county Sheriff’s Office. This act tipped off the FBI and they wanted to see how far Van Buren out go to achieve the money. They gave Albo a fake license plate number and Albo contacted Van Buren to ask if the license plate belongs to an undercover cop who was trying to bust Albo for prostitution. In exchange for money, Van Buren would run the license plates and report back to Albo.
Albo paid Van Buren to use a sensitive police database to run the plates. This act immediately violates CFAA and Van Buren has commited computer fraud. The police data base is only supposed to be used for law enforcement purposes only. Officers are trained with proper and improper use of the system and this action falls onto the improper use category. The jury found Van Buren guilty without a reasonable doubt for committing computer fraud for finical gain. Van Buren was sentenced to prison for a year and six months followed by two years of supervised release.
I believe the CFAA did an effective job of punishing the criminal in this case. In class we discussed United States vs. Swartz, a case where I believe the CFAA failed to enforce reasonable a punishment on a criminal. Swartz faced a million dollars in fines and up to 35 years in prison for illegally downloading academic documents from a database, while Van Buren faces a lesser punishment for committing an arguably worse crime. In this case, the CFAA does a good job and I would like to see this trend continue in future cases regarding the CFAA.
A new method by which online criminals are adapting their delivery techniques of spam is through Google Calendar and other Google Services according to Russian cyber security company, Kaspersky. The criminals are taking advantage of the default feature implemented in Google Calendar that automatically adds calendar invitations and notifications from emails.
The attacks are carried out by spamming several email addresses with unsolicited calendar invitations that are actually linked to a malicious phishing site. Currently, the malicious sites have simply asked for users to input their credit card or other personal information. However, a more intricate and advanced attack can inject malware without requiring to click on anything more that the invitation in their calendar.
“The ‘calendar scam’ is a very effective scheme, as most people have become used to receiving spam messages from emails or messenger apps,” said Maria Vergelis, security researcher at Kaspersky in a press release of this new scam.
Most individuals would not think twice to trust the event on their personal calendar, since for the most part they are the only ones adding information to it. The good news, however, is that the automatic adding of events from email invitations is able to be turned off under the Google Calendar settings.
In addition to the calendar scam, Google photos has also fallen victim to the spam that plagues the internet. In this scam, victims will receive a photo of a check they can receive if they email the address supplied in the message. A much larger sum can be collected if the victim pays “a commission”. These scammers will in turn collect the money that the victim pays and will never deliver on the promised amount of the check.
While Google is working on better detecting and eliminating spam from their products and services, spammers will still find ways to slip it through. This is why the people that are being targeted need to be made aware of the attacks in order to prevent themselves from falling victim.
This all started back in 2008 when the Russians dropped of multiple USB flash drives in parking lots around US military bases located in the middle east. These flash drives were picked up and then inserted into computers inside the various bases spreading malware across the US’s machines allowing the Russians access to a secret network called SIPRNet. The network was used by the pentagon to transmit highly classified information. This was the first major cyber warfare incident pertaining two very powerful countries and it raised many questions as to how to respond to such threats.
Following multiple attacks from various countries over the years and the failure of the US Cyber Command, to deter those attacks, President Trump nominated Lieutenant General Paul Nakasone as the commander of the United States Cyber Command. This marked a new era for the organization and the way Cyber Warfare played out in the US as the lieutenant believed offense was greatly needed in order to defend.
In August of 2018, a few months after the nomination, Trump signed the National Security Presidential Memorandum 13 which basically allowed the US Cyber Command Team operate inside foreign networks without gaining presidential approval. This showed how big of a deal securing the nation’s cyber network had become, as they were indefinitely granted freedom to operate just as the military would operate independent. Once they gained this new power, the first thing they did was to go after the Russians who had attacked them multiple times over the years.
The US shutdown Russia’s Internet Research Agency who was responsible for designing many of the social media ads which impacted the 2016 elections. In addition, they hacked into the Russian Military intelligence, sending various threats to officers and hackers who had participated in the hack against the Pentagon back in 2008. But more importantly, the US recently deployed malicious code into Russia’s power grid system giving them the ability to turn off electricity supply to homes, hospitals and schools in an instant.
The goal here was mainly to deter the Russian’s from further cyber attacks against the US but this approach was basically the same strategy used during the Cold War era. With this more aggressive strategy which uses offense as a form defence, the cyber war would not slow down in anyway without set regulations agreed upon by not just Russia and the US but by every country.
In December of last year, Automattic, the company that runs WordPress, was awarded over $25,000 in damages against Nick Steiner, a member of the group Straight Pride UK. Normally in cases that involve the DMCA, liability for damages is a given, and the one who initiated the suit is normally the one to be awarded the money. However, what makes this case unique is the substantial of money awarded and the fact that it was awarded to the defendant.
In this case in question, a blogger requested information from Steiner, and included parts from the press release given to him in a negative report about the group. Steiner retaliated with a DMCA claim against WordPress, and Automattic responded by filing suit. They won the case and with the new precedent that they set, sent a message to others who may abuse DMCA claims. Alongside that, small businesses who may be victims to claims such as these may have found an ally in WordPress, who plans to battle DMCA abuses. With such a big player retaliating and winning, fraudsters may now have to seriously consider the risks of making fraudulent claims, and if they’re willing to take the risks of making such a claim.
Now, DMCA claims aren’t anything new and there’s plenty of claims that have merit in existing. However, in recent years, the number of DMCA claims has gone up dramatically, and according to Google’s transparency report, a large number of those claims are baseless or used for malicious purposes. According to Google, about ⅓ or 37% of the claims made were not valid claims, and 57% of claims were made by businesses against their competitors. DMCA claims are easy to abuse, with little risk for the accuser and large rewards. In a system that doles out punishment without any real due process, lots of abuse is going to occur.