technology computer desktop programming

The Wednesday Politics Thread Can Barely Hack It

Slapped on that ‘I Voted’ sticker after trusting a damn robot to accurately convey my ballot. Having the sticker really is nice 🙂

Russian Hacking Cartel Attacks Costa Rican Government Agencies

A Russian hacking cartel carried out an extraordinary cyberattack against the government of Costa Rica, crippling tax collection and export systems for more than a month so far and forcing the country to declare a state of emergency.

The ransomware gang Conti, which is based in Russia, claimed credit for the attack, which began on April 12, and has threatened to leak the stolen information unless it is paid $20 million. Experts who track Conti’s movements said the group had recently begun to shift its focus from the United States and Europe to countries in Central and South America, perhaps to retaliate against nations that have supported Ukraine.

The New York Times [archive]

Doctor by day, cybercriminal by night

A truly bizarre hacking case from the Justice Department is shedding light on just how broad and diverse the cybercriminal community is becoming.

The defendant, Moises Luis Zagala Gonzalez, spent his days working as a cardiologist in Venezuela. But he allegedly spent his free time going by ominous screen names culled from Greek mythology and developing ransomware that wreaked havoc on victims.

Zagala’s ransomware tools were so effective they were even used by Iranian government-backed hackers to target Israeli businesses — something he bragged about to other clients that used his tools, according to a criminal complaint.

The Washington Post [archive]

Pro-Russia hackers tried to disrupt the Eurovision Song Contest

The Russia-allied hacking group Killnet attacked Eurovision’s network infrastructure in Turin, Italy, during both the semifinals May 10 and the final this weekend, authorities said. Law enforcement blocked all the attacks, which were aimed at disrupting performances and audience voting. 

The attempted Eurovision hacks came shortly after a rash of Killnet attacks targeting Italian institutions, including the nation’s Parliament, military and National Health Institute. The group earlier targeted websites for Romania’s Ministry of Defense, border police and national railway.

The Washington Post [archive]

How criminals got away with hacking Pennsylvania unemployment accounts

Pennsylvania confirms at least $6 billion dollars were stolen across UC programs, as of January. That’s a 13% fraud rate, but some cyber experts believe that number is more than double, as high as 30%.

In an exclusive interview with 11 investigates, the Deputy Secretary for PA Unemployment Compensation Programs acknowledged that controlling fraud has been a challenge.

“It’s definitely a surprising number,” Deputy Secretary Susan Dickinson said. “They get the information from the dark web. They use it to file a claim or hijack a claim, and, you know, that’s how they get their foot in the door.”

WPXI [archive]

Don’t accidentally hire a North Korean hacker, FBI warns

US officials have warned businesses against inadvertently hiring IT staff from North Korea, saying that rogue freelancers were taking advantage of remote work opportunities to hide their true identities and earn money for Pyongyang.

An advisory issued by the state and treasury departments and the FBI said the effort was intended to circumvent US and UN sanctions, and bring in money for North Korea’s nuclear weapons and ballistic missile programs. The officials said companies who hired and paid such workers may be exposing themselves to legal consequences for sanctions violations.

The Guardian [archive]

Teslas and other Bluetooth-enabled locks can be hacked

The cybersecurity firm NCC Group just demonstrated that millions of locks worldwide can be unlocked by hackers using a vulnerability in Bluetooth technology, and a Tesla was the company’s prime example.

Tesla vehicles, like the Model 3 and Model Y, use a technology called Bluetooth Low Energy (BLE) that allows owners to unlock and operate their vehicles via their phones within a short range of the vehicle. They don’t require any user interaction with the device to do so. As for the vulnerability, all the hardware you need to hack/break into and drive these cars away is easily found, for the NCC Group says it only requires “cheap off-the-shelf hardware” to hack a car or device using BLE technology from anywhere in the world. Yes, this hack is doable from anywhere — the hacker doesn’t need to be standing in your driveway to gain access.

MSN [archive]

Cork man hacked Park Magic computer system to get free parking in city

A personal trainer who paid a huge price for getting a small amount of free parking by hacking into a computer system has now been given a two-year suspended jail term.

30-year-old David Young’s case at Cork Circuit Criminal Court — for an offence dating from May to September 2018 — was the first prosecution under the Criminal Justice (Offences Relating to Information Systems) Act 2017.

Irish Examiner [archive]

McSquirrel Rule: In Effect — Clams: Wrangled — Upvote Notifications: Borked (for our own good, they say). It’s Wednesday; you know what to do.