Saturday, April 11, 2015

Hackers Tweak Tewksbury Police

And they just paid 'em off, huh?

"When hackers cripple data, police departments pay ransom; Tewksbury, other departments powerless against computer hackers" by Hiawatha Bray, Globe Staff  April 06, 2015

At first, the problems with the Tewksbury Police Department system — difficulty calling up arrest and incident records — seemed to be just the usual system crankiness. No big deal.

But it persisted, and a technician was called in.

That was when the menacing message popped up on the screen, an explanation in the form of a ransom note:

“Your personal files are encrypted,” it read. “File decryption costs ~ $500.”

It continued: “If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.”

Tewksbury had joined the list of police departments victimized by “ransomware,” an insidious form of Internet crime that is crippling computers worldwide.

Uh-huh. That must explain the failures of all the state websites, etc, etc, etc. 

“My initial thoughts were we were infected by some sort of a virus,” Tewksbury Police Chief Timothy Sheehan recalled of the attack on Dec. 8. “Then we determined it was a little bit bigger than that. It was more like cyberterrorism.”

Here we go, and to who$e benefit?

Digital thieves smuggle ransomware programs with names like KEYHolder, CryptoLocker, or CryptoWall by sending tainted e-mail messages, such as a fake notice from a package delivery service containing a hyperlink that infects the recipient’s computer when clicked.

I never even read or open email anymore. I go in and check all the boxes, hit delete.

Once on board, the ransomware program encrypts the victim’s data, making it useless without a key that unscrambles it. The victim can obtain the key by paying a ransom, usually a few hundred dollars.

Yeah, no big deal(?). Why aren't they a$king for more?

The cyberattack on Tewksbury police proved so sophisticated that specialists from federal and state law enforcement agencies — plus two private Internet security firmscould not unscramble the corrupted files. After five days of desperate efforts to unlock it, Tewksbury police decided to pay the anonymous hacker the $500. 

Let me guess: from China. Russia. Iran. Korea. Syria. Anywhere but the venture-capital sprouting hacking collectives being formed with all that wealth inequality dough. Gives the illusion of real economic activity while furthering the $urveillance $tate.

The attack was first reported over the weekend by the Tewksbury Town Crier.

Harrumphmmmmm!?

Among other small-town police forces hit was the Swansea Police Department. It fell victim to the same threat in November 2013 and paid $750 to get its files back.

The police department in the Chicago suburb of Midlothian paid $500 in January. In Dickson County, Tenn., the sheriff’s office came under attack in October. Despite seeking aid from the FBI, the agency ended up paying $572 in ransom.

Do I really even have to.... $igh.

But in Durham, N.H., Police Chief Dave Kurz chose not to pay because the department had backed up the encrypted information and could work around the seized database.

“We had to clean essentially all the computers, but all of our data was prepared,” Kurz said.

Government wants and has all your info but can't protect it(?).

The four-member police force in Collinsville, Ala., was hit in June, with the hackers demanding $500 to free up a database of mugshots. Chief Gary Bowen dug in, refused to pay, and never got his department’s files back.

“There was no way we were going to succumb to what felt like terrorist threats,” Bowen said.

I know! It was SILLI, I mean, ISIS!

As best as law enforcement can tell from the incidents, no data were stolen, nor were details of investigations or other sensitive police matters posted online.

That made me laugh. As far as they can tell, blah, blah, blah, blah, blah, blah. 

God, this is so useless.

The evil genius of ransomware is that victims are far more likely to pay small amounts to recover crucial data. And if enough people give in, the total can be substantial.

$ure can!

Although the virus’s success rate is unknown, a survey of CryptoLocker victims in the United Kingdom by the University of Kent found that 41 percent paid up.

“It’s the old idea that if a million people give a dollar, you have a million dollars,” said Diana Dolliver, a criminal justice professor at the University of Alabama who specializes in cybersecurity.

Oh, so it is like the bank deceit and deceptions where they rearrange fees and add charges, etc, etc, but things you don't really notice in the fine print and all.

But in Detroit, hackers in April 2014 demanded the equivalent of $800,000 to unlock a city database they had encrypted. The attack became public in November, when Mayor Mike Duggan told the Detroit News the city had refused to pay because the vandalized database was not being used and did not contain critical information.

“It was a good warning sign for us,” Duggan told the newspaper.

Not to mention already being bankrupt. Thankfully, their was a mind-manipulating psyop of a bomb threat, real or contrived, makes no difference. The agenda is clear, and it is being backed up by the barrage of these items that have recently come to the fore in the agenda-pushing propaganda pre$$.

In that case, the attackers demanded payment in bitcoin, a digital currency that is much harder to trace than other forms of money.

Bitcoin? Harder to trace than paper bills? Puh-leeze! That crappy piece of collapsed currency, at least as far as my pre$$ is concerned?

Moreover, in the Tewksbury case, hackers demanded that a bitcoin payment be sent through Tor, a technology that makes it very difficult to identify the physical location where the money is received.

Oh, no! Tor has been compromised and is in fact a program of data collection for the government (while exposing a certain person for the fraud he is)!

And once again, I a$k who benefits?

Data security experts at Dell Inc. estimate that in a six-month period last year, CryptoWall infected more than 625,000 computers worldwide, including 250,000 in the United States. During that time, the gang that operated CryptoWall raked in about $1 million in ransom payments, according to Dell.

An earlier ransomware program, CryptoLocker, was even more profitable, hauling in between $3 million and $27 million, according to various estimates.

The Tewksbury attack revealed the hydra-like nature of some computer viruses. The Department of Justice declared last summer that an operation to disable CryptoLocker and a related virus had succeeded. 

Have they broken the USraeli-created Stuxnet or Gauss or Flame or whatever they call them now.

Yet other ransomware viruses have appeared in its place, doing basically the same thing.

“This is very likely a case of one of the many CryptoLocker copycats infecting police departments,” said Kyrksen Storer, spokesman for Fire Eye Inc., a Milpitas, Calif., cybersecurity firm that helped develop an online tool for retrieving files corrupted by CryptoLocker.

If they can't protect law enforcement computers, how well do you think they can protect sites with your info? Can't have it both ways, guys!

The Tewksbury attack featured ransomware called KEYHolder, which is designed to cover its own tracks.

Gee, and who could develop such things?

Tewksbury authorities sent their infected computer server to the Commonwealth Fusion Center, where Massachusetts State Police work with federal law enforcement agencies on antiterrorism and cybercrime cases. Despite their best efforts, the KEYHolder encryption proved unbreakable.

Oh, they sent it over the the Fusion Center and they couldn't solve it. Hmm.

The department might have refused to pay if it had up-to-date backups of its files.

But.... (sigh)

Tewksbury police regularly back up their data, but those files had separately become corrupted and unusable. With no way to crack the code, Sheehan felt he had no choice but to pay to recover his original database. 

So where did the payment go (bit coin!)

Computer security analyst Brian Krebs, author of the book “Spam Nation,” said it is no surprise ransomware attacks against police agencies have become public, while those against private companies have not.

“They’re dealing with public funds,” Krebs said. “They can’t hide the fact that they paid the ransom.”

Well, they kinda can. Now back to the video game....

Although most ransomware attacks are sent out by the thousands, Krebs warned that criminals may target specific businesses or government agencies that might be willing to pay larger sums.

“You get inside of a pharmaceutical company or something like that, that has all their net worth tied up in their files,” Krebs said, “they’d be willing to pay a lot more.”

Oh. Now I $ee why they need all the tax loot subsidies.

--more--"

Has anyone checked Silicon Valley for the source of the hacks? Certainly the NSA would know, what with scooping up all electronic communications. Right?

NDU: Two police departments pay ransom to hackers

The FBI tracked it to a Swiss bank account where they lost the trail. 

Pffffft!

UPDATE: Nigerian princes were so much easier to deal with

Yeah, ha-ha, it's all a big joke on us.

FURTHER UPDATE:

"A Tewksbury man already facing charges for a November assault in Boston was arraigned Wednesday on an additional charge of violating his victim’s civil rights in the reported hate crime, officials said. Ryan Sugrue, 24, is accused of attacking a 37-year-old Chelsea man on New Chardon Street around 1:30 a.m. on Nov. 30, prosecutors said. The man was on his way to work when, without provocation, Sugrue allegedly began shouting ethnic slurs at him. When the victim tried to cross the street, Sugrue punched and kicked him, prosecutors said. An MBTA Transit Police officer detained Sugrue near the scene. Boston police arrested him soon afterward. Sugrue’s next court appearance is scheduled for May 27."

Looiks likie adrunk defense.