Computers and the Internet have long been infrastructure, but we don't care enough about its security.
Author | Jingyu
In Hollywood film and television works, FBI agents are always handsome and throw out their documents, through careful reasoning and excellent skills, foiling the conspiracy of criminals one after another.
Although art comes from life, sometimes life will make a big joke with you.
Late on the night of November 12, the FBI's affiliated website was exploited by hackers to send a large number of fake scam emails. Not long ago, the United States offered a reward of $15 million to combat hacking.
01
FBI: I'm sorry, I was "hacked."
The FBI confirmed nov. 13 that its affiliated website, which is used to share information with state and local law enforcement, had been hacked and sent out a flood of fake emails about cybercrime investigations.
Late November 12, EST, millions of fake emails were sent from [email protected], including KrebsOnSecurity, a well-known security website.
"Hi, I'm pompompurin," the email wrote, "and if you look at the email header, you'll see it's from the FBI." We found a suspicious network when we investigated your profile information, please deal with it immediately and take relevant action, thank you."
Image source: Spamhaus.org
Subsequent investigations revealed that the email was indeed from the FBI and was the FBI's own WEB address. The sender's domain name [email protected] corresponds to the FBI's Criminal Justice Information Services (CJIS). CJIS is responsible for the management and operation of public safety communities and can also support several national crime information systems used in criminal and civil cases, including law enforcement, prisons, inspection departments, courts, and probation and pre-trial procedures.
Dramatically, in an interview with KrebsOnSecurity, Pompompurin said the hack was intended to "point out" an obvious vulnerability in the FBI system.
Pompompurin's work on the FBI website is more of a prank than a normal hack. Of course, the FBI probably doesn't find it funny.
"We can use this vulnerability to send seemingly problem-free emails to companies and then have them hand over confidential data," Pompompurin said. No one in charge will find a problem with the email because the FBI has posted a notice on their website."
Pompompurin uses the FBI Law Enforcement Enterprise Portal (LEEP) as an incision to control its mail system and describes LEEP as a "portal that provides resources for law enforcement agencies, intelligence organizations, and criminal justice entities."
The FBI's Law Enforcement Enterprise Portal (LEEP)网站页面
"These resources can be used to help investigators move cases forward, enhance information sharing between agencies, and can be used in one location!" The FBI's website introduction was quite enthusiastic, and even until the 13th, the LEEP portal allowed users to register, and the relevant steps were generously posted on the official website of the Ministry of Justice. (It's worth noting that the "first step" in these instructions is to use Internet Explorer to access websites, but Microsoft doesn't encourage people to use Internet Explorer for security reasons.) )
Embarrassingly, according to Pompompurin, the FBI's own website leaked a one-time password for new user registration in the HTML code of the web page, and the content of the message could be modified with a simple script. "Needless to say, it's scary on any website. I've seen this a few times before, but I've never seen it on government websites, let alone FBI-managed websites."
02
The Matrix
If this hack has a bit of a "trick" (prank) comedic color, then the one from a few days ago is not very funny.
On November 4, local time, the U.S. State Department announced that it would offer a maximum reward of $10 million (about 64 million yuan) to any informant who can provide information about the leader of the hacking organization "DarkSide", and an additional reward of $5 million (about 32 million yuan) for finding criminal personal information involved in the "dark side" ransomware attack. The total amount of these two rewards is about 96 million yuan.
The "dark side" has a long-standing grudge with the United States, which launched a ransomware attack on Colonial, the largest fuel pipeline operator in the United States, in May this year, and the pipeline system of Colonial was forced to shut down, resulting in the supply of gasoline, diesel and other fuels in most parts of the United States being affected, and there was a rush to buy gas stations in Georgia, North Carolina and other places. At the worst of the moments, the United States entered a state of national emergency, and US President Joe Biden slammed it harshly, saying that attacking the oil pipeline was "a criminal act". The United States was extorted $5 million worth of bitcoin (about 32.2 million yuan), and after the "dark side" received the cryptocurrency, it provided decryption tools to help it recover its computer network.
The "dark side" differs from Pompompurin, who teased the FBI, who issued a statement saying, "Our goal is to make money, not to create trouble for society, nor to act politically." It is reported that the "Dark Side" was established in August 2020 to steal confidential data from companies and institutions for extortion in exchange for ransom, and the "Dark Side" virus was developed by the organization.
Lior Div, head of Cybereason, a U.S. cybersecurity company, revealed that the "dark side" is made up of a group of veteran hackers, very professional, and even set up its own news center, victim hotline, mailing list, and code of conduct similar to the company's guidelines, trying to package itself as a trustworthy business partner.
After the Colonial Pipeline was hacked, the United States even declared a state of emergency| image network
Although the "Dark Side" has not been established for a long time, more than 10 large institutions have been attacked by the "Dark Side" so far this year, and tens of millions of dollars in profits have been made. In addition, the organization has listed information on at least 40 victim companies.
Some analysts pointed out that the ransomware used by the "dark side" has no technological breakthrough compared to other ransomware viruses, and the organization's strength is to conduct in-depth investigations of target companies before the attack. Before launching the extortion attack, the "dark side" basically grasped the key information of the target company's management composition, decision-making mechanism, company size, asset size, and so on.
According to previous extortion cases, the "dark side" is very strong in the process of demanding ransoms, accepting only cryptocurrencies such as Bitcoin or Monero, ranging from $200,000 to $20 million, depending on the financial situation and business size of the extortion company.
If the company does not pay by the specified date, the ransom will be doubled. If the company refuses to pay the ransom, the "dark side" will expose all the stolen confidential information, including the name of the extortion company, the time of attack, the size of the data stolen, the type of data stolen, etc., or directly attack the other party's network system, forcing its business line to collapse.
Previously, the "Dark Side" had issued a statement on the dark web, saying that it had stolen the 740G confidential information of the French branch of the Japanese Toshiba Company and demanded that the other party pay the ransom within the specified time, otherwise the confidential information would be exposed; the Coroners Pipeline Transport Company and meat producer JBS were the latter.
03
Hackers shoot, no winners
At present, the global hacker network attack, extortion has formed an "industry", the scope of attack is very extensive, every year a large number of institutions suffer from network attacks, at least 50% of the victims finally have no choice but to pay the ransom to the hackers, the amount of extortion and the loss caused by the increase.
According to the Department of Homeland Security, ransomware attacks increased by 300% in 2020, with victim losses of more than $350 million. Separately, FBI Director Christopher Ray said cyber threats have grown almost exponentially, and a large number of government agency intrusions and other types of cybercrime attacks are being investigated, a scale of cyberattacks that have never been seen before in the United States and are set to get worse for now.
In June, the United States released a study showing that if a major cyberattack occurs on a major U.S. utility or service provider, the potential damage could be equivalent to the damage caused by natural disasters such as hurricanes.
The findings estimate that if a provider of critical IT services to hundreds of customers is attacked and forced to go out of network for 3 days, it could result in nearly $80 billion in economic damage, more than the $65 billion caused by Hurricane Sandy in 2012; if a key utility such as a regional power company suffers a cyber attack, the potential loss is even greater, and a cyber attack that causes a power outage for 5 days can cause losses of up to $193.5 billion (about 1238.4 billion yuan), More than Hurricane Katrina in 2005 and wildfires in California in 2018.
This has undoubtedly sounded the alarm bell for the US government, and it is imminent to crack down on hacker network attacks and extortion. Therefore, it is not difficult to understand that although the United States recovered the bitcoins extorted by Colonial, it also paid a heavy reward for the information of the leaders of the "dark side".
This year, mordor intelligence released the Defense Cybersecurity Market: Developments, Trends, COVID-19 Shocks and Outlooks (2021-2026). The report points out that there is a huge demand for cybersecurity from government departments as well as defense companies, and the global defense cybersecurity market is huge, with a value of $16.22 billion in 2020 and a desire to reach $28.53 billion by 2026. The compound annual growth rate (CAGR) for the period 2021-2026 is around 10.51%, and the outlook is generally positive.
But at the same time, the development of network security also faces many unfavorable factors. For example, due to the impact of the new crown epidemic, most countries around the world are cutting military spending, and investment in cybersecurity has been affected. Moreover, the current awareness of network security in society needs to be improved, which increases the obstacles to the development of network security, which does not match the good market prospects.
According to the Global Cybersecurity Index 2020 (GCI) report released by the International Telecommunication Union (ITU), the United States ranks first among 193 ITU Member States in terms of cybersecurity, followed by the United Kingdom, Saudi Arabia and Estonia, all of which scored more than 99 points.
When the Internet and the mobile Internet become the infrastructure for the operation of the country and human society, how to protect these infrastructures is as important as building these infrastructures. Hackers' "success" again and again is actually sounding an alarm bell for people.
This article is the original article of Geek Park, please contact Geek Jun WeChat geekparker for reprint