Attackers had full access – a nightmarish security scenario that would be a nation-state hacker’s dream. Instead, the assault was simply part of a Bitcoin scam that ended up grossing around $ 120,000. In all, the crooks targeted 130 accounts and took control of 45. In a mad race to contain the situation, Twitter temporarily froze all verified accounts, blocking their ability to tweet or reset the account password. . Some of the lockdowns went on for hours.
A subsequent investigation found that the attackers called Twitter customer service and tech support and tricked reps into a phishing site to retrieve their special Twitter credentials, including username, password and multi-factor authentication codes. Then, the attackers were able to use their access to these support accounts to reset passwords on the target user accounts. At the end of July, three suspects were arrested and charged after committing the hack, including Graham Ivan Clark, 17, of Tampa, Florida, who allegedly led the digital assault. In the wake of the breach, Twitter said it has launched a major effort to overhaul its employee access controls, particularly in the run-up to the November US presidential election.
On June 19, the activist group focused on the leaks Distributed denial of secrets posted a 269 gigabyte mine of law enforcement information in the United States, including emails, intelligence documents, audio and video files. DDOSecrets said the data came from a source claiming to be part of the short-lived Anonymous hacking collective. Posted in the wake of George Floyd’s murder, the dump of more than one million files included documents and internal police communications on law enforcement initiatives to identify and track protesters and share intelligence on movements like Antifa. Much of the information came from law enforcement “fusion centers”, which gather and share intelligence with law enforcement groups across the country. “This is the biggest hack published by US law enforcement agencies,” Emma Best, co-founder of DDOSecrets, told WIRED in June. “It provides the closest inside view of state, local, and federal agencies responsible for protecting the public, including government response to Covid and BLM protests. “
In September, a ransomware attack apparently targeting the Heinrich Heine University in Düsseldorf crippled 30 servers at Düsseldorf University Hospital, plunging hospital systems and patient care into crisis. Unfortunately, the ransomware players have long-targeted hospitals, due to their pressing need to restore service in the interests of patient safety. It is also quite common for hospitals affiliated with the university to be inadvertently affected. The Düsseldorf University Hospital incident was particularly significant, as it may represent the first time that a human death can be attributed to a cyber attack. Following the ransomware attack, an unidentified woman in need of emergency treatment was redirected from Düsseldorf University Hospital to another provider in Wuppertal, approximately 61 km away, resulting in an hour delay in the treatment. She did not survive. The researchers note that it is difficult to definitively establish causality. The incident is clearly an important reminder, however, of the real impacts of ransomware attacks on healthcare facilities and any critical infrastructure.
In late October, amid a wave of healthcare-focused ransomware attacks, hackers threatened to disclose stolen data to one of Finland’s largest psychiatric service networks, Vastaamo, if individuals or the organization as a whole did not pay for the enveloped data. Hackers may have obtained the information from an exposed database or through a inner workings. Such digital extortion attempts have been around for decades, but Vastaamo’s situation was particularly obvious, because the stolen data, which dated back about two years, included psychotherapy notes and other sensitive information about treating patients’ mental health. Vastaamo worked with private security firm Nixu, the Central Criminal Police of Finland, and other national law enforcement agencies to investigate the situation. Government officials believe the episode impacted tens of thousands of patients. The hackers demanded $ 200 in bitcoin, about $ 230, from individual victims within 24 hours of the initial request, or $ 500 ($ 590) thereafter to retain the data. Finnish media also reported that Vastaamo received a request for around $ 530,000 worth of bitcoin to avoid the publication of the stolen data. A hacker persona “ransom_man” posted leaked information from at least 300 Vastaamo patients to the anonymous Tor web service to demonstrate the legitimacy of the stolen data.
At the end of July, hackers launched a ransomware attack against the navigation and fitness giant Garmin. It removed Garmin Connect, the cloud platform that syncs user activity data, as well as large parts of Garmin.com. The company’s messaging systems and customer call centers were also scrapped. In addition to athletes, fitness enthusiasts and other repeat customers, airline pilots who use Garmin products for positioning, navigation and timing services have also faced disruption. The flyGarmin and Garmin Pilot applications both experienced multi-day outages, which impacted some Garmin hardware used in aircraft, such as flight planning tools and required aviation database updates. the FAA. There are reports that Garmin’s ActiveCaptain maritime application has also experienced failures. The incident underscored how vulnerable Internet of Things devices are to systemic failures. It’s bad enough if your GPS-equipped activity tracker stop working. When you need to ground planes over instrument issues caused by a ransomware attack, it’s very clear just how tenuous these interconnections can be.
Honorable mention: Hacking supported by the Chinese government
China continued its global hacking craze this year and seemed to be casting an ever wider net. Beijing-backed hackers dug deep in Taiwan’s semiconductor industry to steal a huge amount of intellectual property, from source code and software development kits to chip designs. Australian Prime Minister Scott Morrison said in June that the country’s government and other organizations had been repeatedly targeted by a barrage of attacks. Australia has pledged to invest nearly $ 1 billion over the next 10 years to expand its defensive and offensive cybersecurity capabilities. Although Morrison did not specify which actor is holding the country, he is said to have been referring to China. Australia and China are embroiled in an intense trade war that is redefining relations between the two countries. A Reuters report This month also provided an example of Chinese hacking operations underway across Africa after the African Union in Addis Ababa, Ethiopia discovered suspected Chinese attackers stealing CCTV footage from their servers. . The United States has also faced years of widespread digital espionage and intellectual property theft attributed to China. And it has continued this year, especially in the Covid-19 kingdom bound public health and vaccine research.
More from WIRED’s Year in Review