Globaali Cybersota


Greatest Leader
WASHINGTON — The United States is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cybertools more aggressively, current and former government officials said. In interviews over the past three months, the officials described the previously unreported deployment of American computer code inside Russia’s grid and other targets as a classified companion to more publicly discussed action directed at Moscow’s disinformation and hacking units around the 2018 midterm elections.

Assault that crippled Revolutionary Guard missile system result of massive investment in cyber warfare by American military, likely took extensive preparation. A cyber attack on Iranian missile systems claimed by the US last week would have had to exploit a flaw in the heavily-guarded network, experts said. Citing US official sources, American media last week reported that the Army Cyber Command had crippled the Iranian Revolutionary Guard’s air defense units that shot down a sophisticated drone on June 20.


Greatest Leader
A prominent Russian hacker crew is seemingly expanding its reach – having just pulled off a multi-million dollar cyber-heist in Bangladesh, we're told.

Moscow-based security outfit Group-IB told The Reg it believes the crooks, dubbed Silence, stole at least $3m (£2.4m) from Bangladesh-based Dutch-Bangla Bank via a string of cash-machine withdrawals over a span of several days.

The cyber-gang made a name for itself last year by breaking into various bank networks using purpose-built exploits and tools. The group is extremely small, possibly made up of as few as two people, though it appears to be extremely smart and armed with a considerable arsenal of malicious code written by its members.

In this latest caper, according to the authorities, the group was able to infiltrate the Dutch-Bangla Bank's network, install malware on its PCs, and seize control of its card processing system, allowing them to, apparently, order individual ATMs to dispense cash without alerting the rest of the bank's network.

With the card system under their control, the hackers then sent people from Ukraine – possibly either group members or just hired money mules – to visit various ATM locations in Bangladesh and make fraudulent withdrawals that were processed by the compromised card system and thus approved: the hacked backend OK'd the withdrawals. Team Group-IB said the mules were on their phones before each withdrawal, likely in order to coordinate with the person remotely allowing the machines to dispense cash.

When all was said and done, Group-IB said, the criminals made off with at least $3m from Dutch Bangla alone.

The researchers believe the attack is the start of a larger campaign from Silence as the hacking operation looks to expand from regional attacks in Eastern Europe and move further into Asia in order to go after higher-value targets.

"Having tested their tools and techniques in Russia, Silence has gained the confidence and skill necessary to be an international threat to international banks and corporations. Asia particularly draws cybercriminals' attention," noted Group-IB head of dynamic analysis of malicious code Rustam Mirkasymov.

"Dutch Bangla Bank is not the first Silence victim in the region. In total, we are aware of at least four targets Silence attacked in Asia recently."

By the time you read this, there should be more details over on the Group-IB website.

Coffee Man

Respected Leader
Erityisesti Euroopassa, Yhdysvalloissa, Etelä-Amerikassa ja Japanissa on ollut häiriöitä.

  • Tykkää
Reactions: ctg


Tuntuu et ihmiset on enempi huolissaan ku insta kyykkää ja jää tuoreimmat persepeilinkautta-kuvat jakamatta.. justiin oli nordea kyykällään vaikka ja kuinka kauan. Op ollu pariin kertaan nyt ihan lähiaikoina. Lahdessa koko sairaanhoitopiiri. Gps suunnistaa vielä huonommin kuin minä.

Noita pankki juttuja ja korttien toimimattomuutta ollu nyt niin paljon että reipastelin seinästä seteleitä.

Sama lääkkeiden saatavuusongelmat. Fimean lista on melko pitkä. Kurjaa jos e-pillereitä ei saa, mulla oli migreenilääkkeet loppu vuoden vaihteesta kesäkuuhun ja ja ja..

Kummalliseks menny


Greatest Leader
Tuosta FBn fyysisestä hyökkäyksestä, on mahdollista että hyökkääjä laski että FB evakuoi väkensä, notta se pääsisi konsolille. Tämän päivän hyökkäys vaikuttaa siltä että niillä on haussa useampi profiili taikka kaikki.


kerrotaanko useinkin "mistä häiriöt johtuivat"? jotain liiba-laabaa tai paskaa jättäen totuus pimentoon?


Greatest Leader
kerrotaanko useinkin "mistä häiriöt johtuivat"? jotain liiba-laabaa tai paskaa jättäen totuus pimentoon?

Pimento suurimmalta osin. Homma on jatkunut samanlaisena useamman vuosikymmenen, mennen pitkälle takaisin viime vuosisataan. Kohteella on valta kertoa syistä, mutta esim rikostutkinnan alla ne syyt ja mitä niistä sitten seurasi on oikeusvaltion juttuja.


Respected Leader
Fb häiriöt on paljon isompia kun antavat ymmärtää. Hauska, että ilmoittivat siitä kilpailijansa Twitterin kautta. ”jotain ongelmia on”. Siellä kyykkää kaikki suurimmat palvelut whatsup,Fb ja Insta. Kunnon hyökkäys menossa. Iranin pojat laittanut ranttaliksi?


Greatest Leader
Iranin pojat laittanut ranttaliksi?

En tiedä. Valtiollinen on hyvä veikkaus mutta kuka? Meillä oli Lontoossa viime lauantaina iso katkos, ja häiriöt jatkuu vielä tänäänkin. Jos katson tätä cybersodan näkökulmalta niin hyökkäys on ilmeinen, mutta kukaan ei sano siitä mitään. Kukaan viranomaisista ei ole kommentoinut tapahtumia, mutta on melko varma että osapuolet ovat tietoisia tapahtumista.

Ongelma minkä tiedostin vuosituhanteen vaiheessa mutta en sanonut mitään on että cyberavaruudessa ei ole sovittelijoita. Sä et voi mitenkään helposti istua alas toisen osapuolen kanssa taikka käyttää kolmatta osapuolta neutraalina tuomarina. Ei ole diplomaatteja, ei lähettiläitä, ei neuvottelijoita. Ei ole rajoja muuta kuin fyysisessä maailmassa.


Greatest Leader
BEIJING — China has turned its western region of Xinjiang into a police state with few modern parallels, employing a combination of high-tech surveillance and enormous manpower to monitor and subdue the area’s predominantly Muslim ethnic minorities.

Now, the digital dragnet is expanding beyond Xinjiang’s residents, ensnaring tourists, traders and other visitors — and digging deep into their smartphones.


Greatest Leader
In the first of a three-part podcast series, we're going to look at the contemporary risks of cyber warfare, from ransomware and extortion to online banking and culture wars.

Just this week we learned a U.S. Coast Guard ship was hit with malware while entering a port in New York City back in February — enough malware, in fact, to trigger an investigation and a service-wide alert.


Greatest Leader
Computer hackers and propaganda specialists working in the British army are to be placed in a single division, as part of a reorganisation designed to reflect a belief that the boundary between peace and war has become increasingly blurred.

The cyber and intelligence experts will be consolidated into a reborn 6th Division – one of three in the army with a strength of 14,500 – which will also contain ground troops who can be used in secret, special forces-type operations.

Lt Gen Ivan Jones, the commander of the British field army, said the plan reflected the fact that “the character of warfare continues to change” and “the boundaries between conventional and unconventional warfare” had become blurred.

One of the early tasks for the rebranded unit is to better tackle disinformation and fake news emerging from Russia and elsewhere. For example, at the end of a recent exercise in Croatia, stories circulated that British soldiers had tried to abduct a native child only to be fought off by locals.

“What happened was that a handful of incidents that happened after the exercise, regrettable stories of soldiers accused of vandalism or urinating in public, were exaggerated online locally and began to appear in local media. We need people on the ground from the new 6th Div who can quickly counter that,” a military source said.

However, deliberate disinformation has been used in Mosul and northern Iraq “to great effect” to undermine Islamic State, army sources indicated, although they declined to provide further details for security reasons.

British combat operations in Iraq and Afghanistan finished 10 and five years ago, and while the military are now engaged in some covert missions such as in Yemen, conventional war fighting is currently rare.

Troops are more likely to be engaged in peacekeeping and security operations, such as leading a Nato battlegroup on the Russian border in Estonia, or engaged in exercises in parts of the world where a visible UK presence is deemed politically desirable.

But there is an increasing view that conflict has moved to the electronic and information arenas – particularly with Russia, but also with countries such as China and Iran – in which a key question is whether the UK can play a role to ensure that countries in eastern Europe remained allied with the west.

Earlier this year, Gen Sir Mark Carleton-Smith, the chief of general staff, argued that peace and war were “two increasingly redundant states” because authoritarian regimes were “exploiting the hybrid space that exists in between”.

The reorganisation has been undertaken within the existing defence budget, although the army remains several thousand short of its target full-time strength of 82,000, with overall troop numbers at their lowest levels since before the two world wars.

In the race to be prime minister, the eventual winner Boris Johnson promised only to maintain defence spending at the existing level of just over 2% of GDP, unlike defeated rival Jeremy Hunt, who said he would lift it by £15bn to 2.5%.

Generals hope that it will be possible to further retrain soldiers keen to work or improve their skills as hackers or information specialists to enhance the capabilities of the 6th Division, based in Upavon in Wiltshire.

The change will also see the army’s 1st Division reorganised to focus more clearly on logistics, engineers and medics. The York-based 3rd Division – the army’s principal “war fighting” division – remains essentially unchanged.


Greatest Leader
People around the world may be worried about nuclear tensions rising, but I think they're missing the fact that a major cyberattack could be just as damaging – and hackers are already laying the groundwork.

With the US and Russia pulling out of a key nuclear weapons pact – and beginning to develop new nuclear weapons – plus Iran tensions and North Korea again test-launching missiles, the global threat to civilization is high. Some fear a new nuclear arms race.

That threat is serious – but another could be as serious, and is less visible to the public. So far, most of the well-known hacking incidents, even those with foreign government backing, have done little more than steal data.

Unfortunately, there are signs that hackers have placed malicious software inside US power and water systems, where it's lying in wait, ready to be triggered. The US military has also reportedly penetrated the computers that control Russian electrical systems.

Unlike a nuclear weapon, which would vaporize people within 100 feet and kill almost everyone within a half-mile, the death toll from most cyberattacks would be slower. People might die from a lack of food, power or gas for heat or from car crashes resulting from a corrupted traffic light system. This could happen over a wide area, resulting in mass injury and even deaths.

In early 2016, hackers took control of a US treatment plant for drinking water, and changed the chemical mixture used to purify the water. If changes had been made – and gone unnoticed – this could have led to poisonings, an unusable water supply and a lack of water.

In 2016 and 2017, hackers shut down major sections of the power grid in Ukraine. This attack was milder than it could have been, as no equipment was destroyed during it, despite the ability to do so. Officials think it was designed to send a message.

In 2018, unknown cybercriminals gained access throughout the United Kingdom's electricity system; in 2019 a similar incursion may have penetrated the US grid.

In August 2017, a Saudi Arabian petrochemical plant was hit by hackers who tried to blow up equipment by taking control of the same types of electronics used in industrial facilities of all kinds throughout the world.

Just a few months later, hackers shut down monitoring systems for oil and gas pipelines across the US This primarily caused logistical problems – but it showed how an insecure contractor's systems could potentially cause problems for primary ones.

If the world is to hold off major cyberattacks – including some with the potential to be as damaging as a nuclear strike – it will be up to each person, each company, each government agency to work on its own and together to secure the vital systems on which people's lives depend.


Greatest Leader
The rapidly growing hacking crew dubbed Silence, has – in less than three years – gone from ransacking small regional banks in Eastern Europe to stealing millions from some of the largest international banks.

A report issued this morning by Singapore-based infosec outfit Group-IB claims that Silence, active since 2016, is now operating in more than 30 countries, and has so far been able to infiltrate banks' computer networks to siphon at least $4.2m from compromised cash machines around the world.

Group-IB, which has monitored the cyber-crooks since their earliest days, says that as the Russian gang grew, so did the sophistication of their work. Now, having survived three years, Silence is operating as an extremely sophisticated and capable crew.

"Early on, Silence showed signs of immaturity in their tools, techniques, and procedures by making mistakes and copying practices from other groups," the report, due to appear on Group-IB's website today, recounts. "Now, Silence is one of the most active threat actors targeting the financial sector."

When we last took a look at Silence, the crew was fresh off of its largest-ever financial hacking caper: nicking $3m from Bangladesh-based Dutch Bangla's cash machines.

Since then, Group-IB estimates that the team has grown even more ambitious, sending out more than 170,000 emails to banks around the world, with a focus on Asia, where 80,000 messages were sent.

Those emails were often booby-trapped with links or attachments in an attempt to trick victims into downloading and opening one or more of the group's preferred pieces of malware. The infected PCs connect back to a command-and-control server, and are then used to allow the hackers to move laterally around the bank's computer networks.

The actual theft of the money is conducted through ATMs. As in the Dutch Bangla operation, other banks have reported that, once the miscreants get into the network, they gain control of the servers managing the cash machines and card processing systems.


Greatest Leader
For years, an enduring mystery has surrounded the Stuxnet virus attack that targeted Iran’s nuclear program: How did the U.S. and Israel get their malware onto computer systems at the highly secured uranium-enrichment plant?

The first-of-its-kind virus, designed to sabotage Iran’s nuclear program, effectively launched the era of digital warfare and was unleashed some time in 2007, after Iran began installing its first batch of centrifuges at a controversial enrichment plant near the village of Natanz.

The courier behind that intrusion, whose existence and role has not been previously reported, was an inside mole recruited by Dutch intelligence agents at the behest of the CIA and the Israeli intelligence agency, the Mossad, according to sources who spoke with Yahoo News.

LIHKG, a forum that's been used for organizing mass rallies in Hong Kong, posted a statement online after it was the target of what's known as a distributed denial of service, or DDoS, attack, or a flood of traffic that disables a site by overwhelming its computers. Total requests to the site hit 1.5 billion and unique visitors surged to 6.5 million per hour, the group said. "We have reasons to believe that there is a power, or even a national level power behind to organize such attacks as botnet from all over the world were manipulated in launching this attack," the statement read.

The Hong Kong protests began in June over a bill allowing extraditions to mainland China and have evolved into a wider push against Beijing's expanding control over the city. Participants, often under the controversial slogan "Liberate Hong Kong; revolution of our times," have used digital services like LIHKG and Telegram to organize secretly. Digital Attack Map, which provides information on daily cyber attacks around the world, showed the financial hub at the heart of a DDoS attack in recent days, as protesters clashed with police.


Greatest Leader
Fresh from secretary-general Jens Stoltenberg’s repeated promises to hack back at cyber-attackers, NATO is now preparing to run a large-scale cyber exercise to test its infosec defences.

NATO’s Exercise Cyber Coalition 19 is intended to bring together doers of all things digital from the alliance’s 27 member countries in order to test them against a realistic scenario where Russia a threat actor with state-level resources starts picking on a NATO country’s next-door neighbour.

With between 700 and 900 military infosec specialists scheduled to test their skills against the most challenging scenarios that NATO’s Communications and Information Agency (NCIA) can dream up, the exercise will hopefully serve as a deterrent to Russia threat actors with state-level resources.

Referring to Stoltenberg’s recent declaration that NATO will “deter and defend against any aggression towards allies, whether it takes place in the physical world or the virtual one,” Lieutenant Commander Robert Buckles, the US Navy officer directing the exercise, told The Register: “The aim of the exercise is to stay below [the] threshold.”

Experts have previously described the problem with NATO’s “an attack on one is an attack on all” policy in cyberspace. Warlike actions in the real world – invading territory, sinking ships, bombarding soldiers and civilians – are very different from warlike, or potentially warlike, actions online.

“Obviously,” said Lt Cdr Buckles, “that decision about where that threshold is, is not something that we’re seeking to find in the exercise. But we’re pretty confident that the storylines we play out are below that.”

NATO’s infosec bods will be on the lookout for low-level but annoying attacks such as “cyber intrusion, espionage, maybe defacement, deterioration of the network, or masking or affecting communications within the network,” according to Lt Cdr Buckles. On top of that, the exercise will also model things like “attacks on a water treatment system or train system,” to add some urgency from the civilian perspective.

Cyber Coalition 19 will be taking place in December over a dedicated sandbox-style network, which Lt Cdr Buckles referred to as a “cyber range”. Flinging virtual bricks at each other across this network will be techies from NATO’s 27 members, as well as representatives from Finland, Sweden, Switzerland, Ireland and Japan.

Finland and Sweden are the two most interesting attendees; Sweden in particular regards Russia as a military threat, while Finland has been a staunch critic of Russian aggression and expansionism.

With Cyber Coalition 19 specifically focusing on a scenario where NATO “is asked through a UN resolution to go and provide a safe and secure environment” in a “non-NATO nation”, the hope of Western commanders is that state-backed threat actors will sit up, pay attention – and leave the West’s allies alone. ®


Greatest Leader
Jenkkilä on huonossa tilanteessa jos random dDoS ajaa alas heidän sähköverkkonsa

A first-of-its-kind cyberattack on the U.S. grid created blind spots at a grid control center and several small power generation sites in the western United States, according to a document posted yesterday from the North American Electric Reliability Corp.

The unprecedented cyber disruption this spring did not cause any blackouts, and none of the signal outages at the "low-impact" control center lasted for longer than five minutes, NERC said in the "Lesson Learned" document posted to the grid regulator's website.

But the March 5 event was significant enough to spur the victim utility to report it to the Department of Energy, marking the first disruptive "cyber event" on record for the U.S. power grid (Energywire, April 30).

The case offered a stark demonstration of the risks U.S. power utilities face as their critical control networks grow more digitized and interconnected — and more exposed to hackers. "Have as few internet facing devices as possible," NERC urged in its report.

The cyberattack struck at a challenging time for grid operators. Two months prior to the event, then-U.S. Director of National Intelligence Dan Coats warned that Russian hackers were capable of interrupting electricity "for at least a few hours," similar to cyberattacks on Ukrainian utilities in 2015 and 2016 that caused hourslong outages for about a quarter-million people.

The more recent cyberthreat appears to have been simpler and far less dangerous than the hacks in Ukraine. The March 5 attack hit web portals for firewalls in use at the undisclosed utility. The hacker or hackers may not have even realized that the online interface was linked to parts of the power grid in California, Utah and Wyoming.

"So far, I don't see any evidence that this was really targeted," said Reid Wightman, senior vulnerability analyst at industrial cybersecurity firm Dragos Inc. "This was probably just an automated bot that was scanning the internet for vulnerable devices, or some script kiddie," he said, using a term for an unskilled hacker.

Nevertheless, the case turned heads at multiple federal agencies, collectively responsible for keeping the lights on in the face of an onslaught of cyber and physical threats. The blind spots would have left grid operators in the dark for five-minute spans — not enough time to risk power outages but still posing a setback to normal operations.

NERC, DOE, the Federal Energy Regulatory Commission and the Western Electricity Coordinating Council, which monitors and enforces grid security in the western United States, have all declined to share the name of the utility involved in the March 5 incident or other details that they warn could jeopardize the reliability of the grid.

"Lessons learned are an anonymized resource that identifies the lessons and contains sufficient information to understand the issues, and show the desired outcome," NERC spokeswoman Kimberly Mielcarek said in an emailed response to questions, adding that the documents can be based on a "single event" or general trends.

The latest NERC "lesson" calls on utilities to add additional defenses beyond a firewall, which is designed to block malicious or unwanted web traffic from spilling into power companies' sensitive control networks.

In the March episode, a flaw in the victim utility's firewalls allowed "an unauthenticated attacker" to reboot them over and over again, effectively breaking them. The firewalls served as traffic cops for data flowing between generation sites and the utility's control center, so operators lost contact with those parts of the grid each time the devices winked off and on. The glitches persisted for about 10 hours, according to NERC, and the fact that there were issues at multiple sites "raised suspicion."

After an initial investigation, the utility decided to ask its firewall manufacturer to review what happened, according to NERC, which led to the discovery of "an external entity" — a hacker or hackers — interfering with the devices.

NERC stressed that "there was no impact to generation." Under federal rules, grid operators aren't normally required to report communication outages unless they last for a half-hour or more at a major control center. The fact that hackers, and not some more ordinary source, had caused the temporary blind spots in the incident prompted the victim's DOE filing.

"I'm sure [grid] communications have been disrupted by backhoes in the past," Wightman pointed out. He added that grid operators can pick up the phone and call remote sites to check on operations if normal lines of communication go down.


Greatest Leader
For nearly three years, the December 2016 cyberattack on the Ukrainian power grid has presented a menacing puzzle. Two days before Christmas that year, Russian hackers planted a unique specimen of malware in the network of Ukraine's national grid operator, Ukrenergo. Just before midnight, they used it to open every circuit breaker in a transmission station north of Kyiv. The result was one of the most dramatic attacks in Russia's , an unprecedented, automated blackout across a broad swath of Ukraine's capital.

But an hour later, Ukrenergo's operators were able to simply switch the power back on again. Which raised the question: Why would Russia's hackers build a sophisticated cyberweapon and plant it in the heart of a nation's power grid only to trigger a one-hour blackout?

A new theory offers a potential answer. Researchers at the industrial-control system cybersecurity firm Dragos have reconstructed a timeline of the 2016 blackout attack [PDF] based on a reexamination of the malware’s code and network logs pulled from Ukrenergo’s systems. They say that hackers intended not merely to cause a short-lived disruption of the Ukrainian grid but to inflict lasting damage that could have led to power outages for weeks or even months. That distinction would make the blackout malware one of only three pieces of code ever spotted in the wild aimed at not just disrupting physical equipment but destroying it, as Stuxnet did in Iran in 2009 and 2010 and as the malware Triton was designed to do in a Saudi Arabian oil refinery in 2017.

The specter of physical destruction attacks on electric utilities has haunted grid cybersecurity engineers for more than a decade, since Idaho National Labs demonstrated in 2007 that it was possible to destroy a massive, 27-ton diesel generator simply by sending digital commands to the protective relay connected to it. The engineer who led those tests, Mike Assante, told WIRED in 2017 that the presence of a protective relay attack in the Ukrenergo malware, though not yet fully understood at the time, hinted that those destructive attacks might finally be becoming a reality. "This is definitely a big deal," warned Assante, who passed away earlier this year. "If you ever see a transformer fire, they’re massive. Big black smoke that all of a sudden turns into a fireball."

If the new Dragos theory of the 2016 blackout holds true, it would make the incident only one of three times when in-the-wild malware has been designed to trigger destructive physical sabotage. The first was Stuxnet, the US and Israeli malware that destroyed a thousand Iranian nuclear enrichment centrifuges roughly a decade ago. And then a year after the Ukrainian blackout, in late 2017, another piece of malware known as Triton or Trisis, discovered in the network of Saudi oil refinery Petro Rabigh, was revealed to have sabotaged so-called safety-instrumented systems, the devices that monitor for dangerous conditions in industrial facilities. That last cyberattack, since linked to Moscow’s Central Scientific Research Institute of Chemistry and Mechanics, merely shut down the Saudi plant. But it could have led to far worse outcomes, including deadly accidents like an explosion or gas leak.

What worries Caltagirone the most is how much time has passed since those events and what the world's industrial-control-system hackers might have developed over those three years. "Between this and Trisis, we now have two data points showing a pretty significant disregard for human life," Caltagirone says. "But it's what we’re not seeing that's the most dangerous thing out there."


Greatest Leader
The hacker who breached the system managed to briefly increase the amount of sodium hydroxide by a factor of one hundred (from 100 parts per million to 11,100 parts per million), according to Pinellas County Sheriff Bob Gualtieri.

Sodium hydroxide, also called lye, is used to treat water acidity but the compound is also found in cleaning supplies such as soaps and drain cleaners.
It can cause irritation, burns and other complications in larger quantities.
Authorities say a supervisor saw the chemical being tampered with and was able to intervene and immediately reverse it.
Gualtieri insists the public was never in danger but admitted the intruder took ‘the sodium hydroxide up to dangerous levels’.

The city of Oldsmar, which has a population of about 15,000, is located about 15 miles from Tampa.


Greatest Leader
Syy miksi laitoin yllä olevan postauksen tänne on että peli on koventunut vuoden vaihteen jälkeen ja maailma on muuttunut kohti sitä minkä itse tiedostin mahdolliseksi vuosikymmeniä sitten. On vain ajasta kysymys ennenkuin globaali cybersota muuttaa ihmiskuntaa. Aloitus voi olla tahallinen taikka tahaton, mutta viime aikojen vedot tuntuvat enemmän tahallisilta kuin tahattomilta.

Kukaan meistä ei ole nähnyt suurempaa sotaa verkossa mutta kaikinpuolin se on tulemassa joka päivä enemmän mahdolliseksi kuin muuttumassa mahdottomaksi. Siksi ketju ja postaus tänne.