Connect with us


Biden names 2 ex-NSA officials for senior cyber positions

Associated Press



Biden names 2 ex-NSA officials for senior cyber positions

President Joe Biden has selected two former senior National Security Agency officials for key cyber jobs in his administration, the White House said Monday in moving to fill out a team whose role has grown more urgent after two major hacks that have consumed the government’s attention.

Chris Inglis, a former NSA deputy director, is being nominated as the government’s first national cyber director. Jen Easterly, a former deputy for counterterrorism at the NSA, has been tapped to run the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security. The two officials are expected to work closely with Anne Neuberger, the administration’s deputy national security adviser for cyber and emerging technology.

The cyber director position, a job established by federal law and long championed by lawmakers and outside experts, is designed to help ensure a more streamlined strategy and coordinated response to cyberattacks that invariably pull in officials from multiple agencies. In filling it with a veteran intelligence and national security expert, Biden is likely signaling the importance of cybersecurity to his administration as it continues to grapple with two major cyber incidents.

“I’m proud of what we are building across the U.S. government when it comes to cyber,” national security adviser Jake Sullivan said in a statement announcing Biden’s plan to nominate Inglis and Easterly. “We are determined to protect America’s networks and to meet the growing challenge posed by our adversaries in cyberspace — and this is the team to do it.”

The administration is expected to soon announce a response to the SolarWinds hack, a breach of federal government agencies and American corporations believed to have been carried out by Russian hackers, and has also been occupied by an intrusion affecting Microsoft Exchange email software. The company has said that hack was carried out by Chinese state hackers.

Former President Donald Trump, who was seen as minimizing the importance of cybersecurity as he diminished Russian interference in the 2016 presidential election, eliminated the position of cybersecurity coordinator at the National Security Council in 2018. The move was widely condemned by lawmakers at the time who said it made no sense to do so with mounting hostile cyberthreats from adversaries.

The Cyberspace Solarium Commission, a bipartisan group that had recommended the establishment of a cyber director position, praised the appointments, saying “the need for a leader with statutory authority to coordinate the development and implementation of a national cyber strategy to defend and secure everything from our hospitals to our power grid could not be more clear.”

Sen. Angus King, an independent from Maine who has previously expressed frustration with how long the Biden administration took to fill the position, said he’s hopeful the appointments can be quickly confirmed by the Senate.

“We don’t want to rush the process in any way. On the other hand, another attack could occur at any moment,” King said.

Inglis spent 28 years at the NSA, including as a top deputy of the spy agency. His former boss, Gen. Keith Alexander, called Inglis a level-headed leader who excelled at bringing different groups together. He said he had a deep knowledge of U.S. adversaries’ capabilities.

“The seven years that I was with him, I was thankful for every day that he was there,” Alexander said. “He’s a master at working with people and getting people to work together.”

Besides her job at the NSA, Easterly also served on the National Security Council as senior director for counterterrorism and special assistant to the president in the Obama administration, and as a managing director of Morgan Stanley, heading the firm’s cybersecurity fusion center.

Easterly’s private-sector experience will also be valuable at CISA, said Thomas Warrick, a former Department of Homeland Security official.

“Her years at Morgan Stanley give her greater knowledge about how the private sector and CISA will need to work together to address today’s cybersecurity challenges,” Warrick said. “Her nomination bodes well for the kind of leadership that’s needed at CISA today.”

A third official with cyber experience, Robert Silvers, was announced Monday as the president’s pick for Under Secretary for Strategy, Policy, and Plans at the Department of Homeland Security.

The planned nominations were first reported by The Washington Post.




EXPLAINER: Why the Colonial Pipeline hack matters

Associated Press



EXPLAINER Why the Colonial Pipeline hack matters

A cyberattack on a critical U.S. pipeline is sending ripple effects across the economy, highlighting cybersecurity vulnerabilities in the nation’s aging energy infrastructure. The Colonial Pipeline, which delivers about 45% of the fuel used along the Eastern Seaboard, shut down Friday after a ransomware attack by gang of criminal hackers that calls itself DarkSide. Depending on how long the shutdown lasts, the incident could impact millions of consumers.


Colonial Pipeline, the owner, halted all pipeline operations over the weekend, forcing what the company called a precautionary shutdown. U.S. officials said Monday that the “ransomware” malware used in the attack didn’t spread to the critical systems that control the pipeline’s operation. But the mere fact that it could have done so alarmed outside security experts.


It depends on how long the shutdown lasts. Colonial said it’s likely to restore service on the majority of its pipeline by Friday.

There’s no imminent shortfall, and thus no need to panic buy gasoline, said Richard Joswick, head of global oil analytics at S&P Global Platts. If the pipeline is restored by Friday, there won’t be much of an issue. “If it does drag on for two weeks, it’s a problem,” Joswick added. “You’d wind up with price spikes and probably some service stations getting low on supply. And panic buying just makes it worse.”


The average gasoline price jumped six cents to $2.96 over the past week, and it’s expected to continue climbing because of the pipeline closure, according to AAA. Mississippi, Tennessee and the East Coast from Georgia to Delaware are the most likely to experience limited fuel availability and higher prices, and if the national average rises by three more cents, these would be the highest prices since November 2014, according to AAA.


Ransomware scrambles data that can only be decoded with a software key after the victim pays off the criminal perpetrators. An epidemic of ransomware attacks has gotten so bad that Biden administration officials recently deemed them a national security threat. Hospitals, schools, police departments and state and local governments are regularly hit. Ransomware attacks are difficult to stop in part because they’re usually launched by criminal syndicates that enjoy safe harbor abroad, mostly in former Soviet states.


The hackers are Russian speakers from DarkSide, one of dozens of ransomware gangs that specialize in double extortion, in which the criminals steal an organization’s data before encrypting it. They then threaten to dump that data online if the victim doesn’t pay up, creating a second disincentive to trying to recover without paying.

Ransomware gangs say they are motivated only by profit. Colonial has not said how much ransom s.


Neither Colonial nor federal officials have explained how the attackers breached the company’s network and went undetected. Cybersecurity experts believe that Colonial may not have employed state-of-the-art defenses, in which software agents actively monitor networks for anomalies and are programmed to detect known threats such as DarkSide’s infiltration tools.


That depends on how extensively Colonial was infected, whether it paid the ransom and, if it did, when it got the software decryption key. The decryption process could take several days at least, experts say. Colonial has not responded to questions on these issues, although it said only its IT network was affected.


They’re not necessarily at greater risk, but they do pose unique challenges. The Colonial Pipeline structure is a vast piece of critical infrastructure that provides fuel supply to states along the East Coast. Such a large network is bound to have different control systems along its path where it connects with distributors or customers.

“Every single time you connect something, you run the risk that you’re going to infect something,” said Kevin Book, managing director at Clearview Energy Partners. That variability can also make it harder for hackers to know where to find vulnerabilities, he said.

Over time, as pipelines expand, companies can end up with a mix of technology — some parts built within the company and others brought in from outside, said Peter McNally, global sector lead at Third Bridge. Many large energy companies have been under pressure from investors to limit reinvestment in such assets, which can be decades old, he added. That can be a problem when dealing with modern criminals.

The Federal Energy Regulatory Commission has established and enforced mandatory cybersecurity standards for the bulk electric system, but there are no comparable standards for the nearly 3 million miles of natural gas, oil and hazardous liquid pipelines that traverse the United States. “Simply encouraging pipelines to voluntarily adopt best practices is an inadequate response to the ever-increasing number and sophistication of malevolent cyber actors,” said Richard Glick, chairman of the Federal Energy Regulatory Commission, and Democratic Commissioner Allison Clements, in a joint statement. They called for the U.S. to establish mandatory pipeline security standards.


Previous attempts to put ransomware operators out of business by attacking their online infrastructure have amounted to internet whack-a-mole. The U.S. Cyber Command, Microsoft and cross-Atlantic police efforts with European partners have only been able to put a temporary dent in the problem.

Last month, a public-private task force including Microsoft, Amazon the FBI and the Secret Service gave the White House an 81-page urgent action plan that said considerable progress could be possible in a year if a concerted effort is mounted with U.S. allies, who are also under withering attack.

Some experts advocate banning ransom payments. The FBI discourages payment, but the task force said a ban would be a mistake as long as many potential targets remain “woefully unprepared,” apt to go bankrupt if they can’t pay. Neuberger said Monday that sometimes companies have no real choice but to pay a ransom.

The task force said ransomware actors need to be named and shamed and the governments that harbor them punished. It calls for mandatory disclosure of ransom payments and the creation of a federal “response fund” to provide financial assistance to victims in hopes that, in many cases, it will prevent them from paying ransoms.


Bajak reported from Boston. AP Writer Matthew Daly contributed from Washington.

Continue Reading


FBI names pipeline cyberattackers as company promises return

Associated Press



pipeline cyberattackers

Hit by a cyberattack, the operator of a major U.S. fuel pipeline said Monday it hopes to have services mostly restored by the end of the week as the FBI and administration officials identified the culprits as a gang of criminal hackers.

U.S. officials sought to soothe concerns about price spikes or damage to the economy by stressing that the fuel supply had so far not experienced widespread disruptions, and the company said it was working toward “substantially restoring operational service” by the weekend.

The White House said in a statement late Monday that it was monitoring supply shortages in parts of the Southeast and that President Joe Biden had directed federal agencies to bring their resources to bear.

Colonial Pipeline, which delivers about 45% of the fuel consumed on the East Coast, halted operations last week after revealing a ransomware attack that it said had affected some of its systems.

Nonetheless, the attack underscored the vulnerabilities of the nation’s energy sector and other critical industries whose infrastructure is largely privately owned. Ransomware attacks are typically carried out by criminal hackers who scramble data, paralyzing victim networks, and demand large payments to decrypt it.

The Colonial attack was a potent reminder of the real-world implications of the burgeoning threat. Even as the Biden administration works to confront organized hacking campaigns sponsored by foreign governments, it must still contend with difficult-to-prevent attacks from cybercriminals.

“We need to invest to safeguard our critical infrastructure,” Biden said Monday. Energy Secretary Jennifer Granholm said the attack “tells you how utterly vulnerable we are” to cyberattacks on U.S. infrastructure.

The attack came as the administration, still grappling with its response to massive breaches by Russia of federal agencies and private corporations, works on an executive order aimed at bolstering cybersecurity defenses. The Justice Department, meanwhile, has formed a ransomware task force designed for situations just like Colonial Pipeline, and the Energy Department on April 20 announced a 100-day initiative focused on protecting energy infrastructure from cyber threats. Similar actions are planned for other critical industries, such as water and natural gas.

Despite that, the challenge facing the government and the private sector remains immense.

In this case, the FBI publicly assigned blame Monday by saying the criminal syndicate whose ransomware was used in the attack is named DarkSide. The group’s members are Russian speakers, and the syndicate’s malware is coded not to attack networks using Russian-language keyboards.

Anne Neuberger, the White House deputy national security adviser for cyber and emerging technology, said at a briefing that the group has been on the FBI’s radar for months. She said its business model is to demand ransom payments from victims and then split the proceeds with the ransomware developers, relying on what she said was a “new and very troubling variant.”

She declined to say if Colonial Pipeline had paid any ransom, and the company has not given any indication of that one way or the other. Though the FBI has historically discouraged victims from making payments for fear of promoting additional attacks, she acknowledged “the very difficult” situation that victims face and said the administration needs to look “thoughtfully at this area” of how best to deter ransomware.

“Given the rise in ransomware, that is one area we’re definitely looking at now to say, ‘What should be the government’s approach to ransomware actors and to ransoms overall?'”

Speaking later in the day at a conference on national security, Neuberger said the administration was committed to leveraging the government’s massive buying power to ensure that software makers make their products less vulnerable to hackers.

“Security can’t be an afterthought,” Neuberger said. “We don’t buy a car and only then decide if we want to pay for seatbelts and airbags.”

The U.S. sanctioned the Kremlin last month for a hack of federal government agencies, known as the SolarWinds breach, that officials have linked to a Russian intelligence unit and characterized as an intelligence-gathering operation.

In this case, though, the hackers are not known to be working at the behest of any foreign government. The group posted a statement on its dark web site describing itself as apolitical. “Our goal is to make money, and not creating problems for society,” DarkSide said.

Asked Monday whether Russia was involved, Biden said, “”I’m going to be meeting with President (Vladimir) Putin, and so far there is no evidence based on, from our intelligence people, that Russia is involved, although there is evidence that the actors, ransomware, is in Russia.

“They have some responsibility to deal with this,” he added.

U.S. officials have sought to head off anxieties about the prospect of a lingering economic impact and disruption to the fuel supply, especially given Colonial Pipeline’s key role in transporting gasoline, jet fuel, diesel and other petroleum products between Texas and the East Coast.

Colonial is in the process of restarting portions of its network. It said Monday that it was evaluating the product inventory in storage tanks at its facilities. Administration officials stressed that Colonial proactively took some of its systems offline to prevent the ransomware from migrating from business computer systems to those that control and operate the pipeline.

In response to the attack, the administration loosened regulations for the transport of petroleum products on highways as part of an “all-hands-on-deck” effort to avoid disruptions in the fuel supply.

“The time of the outage is now approaching critical levels and if it continues to remain down we do expect an increase in East Coast gasoline and diesel prices,” said Debnil Chowdhury, IHS Markit Executive Director. The last time there was an outage of this magnitude was in 2016, he said, when gas prices rose 15 to 20 cents per gallon. The Northeast had significantly more local refining capacity at that time.

The pipeline utilizes both common and custom technology systems, which could complicate efforts to bring the entire network back online, according to analysts at Third Bridge.

Granholm, the Energy Secretary, said “Cyber attacks on our critical infrastructure — especially energy infrastructure — is not going away.”

“This is a serious example of what we’re seeing across the board in many places and it tells you that we need to invest in our systems, our transmission grid for electricity. We need to invest in cyber defense in these energy systems,” she told Bloomberg TV.

The attack has not affected the supply of gasoline, she said, “but if it goes on too long, of course that will change.”

Gasoline futures ticked higher Monday. Futures for crude and fuel, prices that traders pay for contracts for delivery in the future, typically begin to rise anyway each year as the driving season approaches. The price you pay at the pump tends to follow.

The average U.S. price of regular-grade gasoline has jumped 6 cents over the past two weeks, to $3.02 per gallon, which is $1.05 higher than a year ago. The year-ago numbers are skewed somewhat because the nation was going into lockdown due to the pandemic.

The attack on the Colonial Pipeline could exacerbate the upward pressure on prices if it is unresolved for a period of time.


Associated Press writers Frank Bajak in Boston and Matthew Daly in Washington contributed to this report.

Continue Reading


Ransomware gangs get more aggressive against law enforcement

Associated Press



Police Chief Will Cunningham came to work four years ago to find that his six-officer department was the victim of a crime.

Hackers had taken advantage of a weak password to break in and encrypt the files of the department in Roxana, a small town in Illinois near St. Louis, and were demanding $6,000 of bitcoin.

“I was shocked, I was surprised, frustrated,” Cunningham said.

Police departments big and small have been plagued for years by foreign hackers breaking into networks and causing varying level of mischief, from disabling email systems to more serious problems with 911 centers temporarily knocked offline. In some cases important case files have gone missing.

But things have taken a dark turn recently. Criminal hackers are increasingly using brazen methods to increase pressure on law enforcement agencies to pay ransoms, including leaking or threatening to leak highly sensitive and potentially life-threatening information.

The threat of ransomware has risen to a level that’s impossible to ignore, with hardly a day going by without news of a hospital, private business or government agency being victimized. On Saturday, the operator of a major pipeline system that transports fuel across the East Coast said it had been victimized by a ransomware attack and had halted all pipeline operations to deal with the threat.

The increasingly defiant attacks on law enforcement agencies underscore how little ransomware gangs fear repercussions.

In Washington, D.C., a Russian-speaking ransomware syndicate called Babuk hacked into the network of the city’s police department and threatened to leak the identities of confidential informants unless an unspecified ransom was paid.

A day after the initial threat was posted in late April, the gang tried to spur payment by leaking personal information of some police officers taken from background checks, including details of officers’ past drug use, finances and — in at least one incident — of past sexual abuse.

Similar threats were made recently against a small police force in Maine. The police department in Dade City, a small town in Florida, currently has many of its files posted on the dark web by the ransomware gang Avaddon after the city decided not to pay the $450,000 worth of bitcoin that was demanded. Leaked files show pictures of a dead body from a crime scene.

Ransomware gangs have been leaking sensitive data from victims for well over a year, but experts said they’ve not seen such aggressive new tactics used before against police departments.

“It should be a wake-up call to government that it finally needs to take strong and decisive action,” said Brett Callow, a threat analyst at the security firm Emsisoft.

Making the ransomware attacks potentially more damaging, police are now able to collect and store more personal information than ever before through advances in surveillance equipment and technologies such as artificial intelligence and facial recognition software.

April Doss, the executive director of the Institute for Technology Law & Policy at Georgetown University Law School, said laws and regulations about how police collect, retain and secure that data are largely unsettled.

“Where that leaves us is with police departments getting to use a great deal of their own discretion in terms of what technologies they adopt and how they use them,” said Doss, who previously worked at the National Security Agency and recently wrote a book on cyberprivacy.

Homeland Security Secretary Alejandro Mayorkas has called ransomware a “threat to national security” and said the issue is a top priority of the White House. Congress is exploring giving state and local governments grant money to boost their response to ransomware.

Because ransomware is so lucrative for its perpetrators, who operate out of Western law enforcement’s reach in Russia and other safe havens, experts say the most important tools for battling it are elementary cybersecurity measures.

Statistics of how many police departments have been hit by ransomware attacks are hard to come by, as is information on whether departments ever pay a ransom. There’s no official count and not every incident is made public.

Callow, the threat analyst, said he’s counted at least 11 law enforcement agencies affected by ransomware since the beginning of 2020. Officers have been locked out of their computer systems and forced to resort to paper records. Prosecutors in Stuart, Florida, told local media last year they had to drop a case against suspected drug dealers after a local police department’s files were encrypted by a ransomware gang.

In the nation’s capital, the final outcome is uncertain. The Babuk gang’s threats to release more information have so far not come to pass and the files that were posted have been taken down.

The city’s lower income areas are struggling with increased violence. Longtime community activist Philip Pannell said police already have a hard time getting witnesses to come forward, and having hackers threaten to release information about confidential informants would make it even harder. If the names of confidential informants are released, Pannell said it would put them in real danger.

“Why would someone want to do something like that? They just want to foment chaos.” he said.

Gregg Pemberton, chairman of the D.C. Police Union, said officers are extremely concerned about such private information being in the hands of foreign hackers.

“The fact that data of such a sensitive nature was able to be accessed by hackers says a lot about the quality of service elected officials provide this city. What is ironic is that in an era where police officers are targeted by their leaders for alleged misfeasance, it’s really their leaders that are truly unable to perform to standards,” he said.

The department said in a statement it’s still trying to determine the size and scope of the breach and has urged officers to obtain a free copy of their credit reports. The FBI is assisting with the investigation.

Law enforcement agencies require thorough and intrusive background checks that gather a wealth of information about a person’s history and character. It’s perfect blackmail material for hackers, whether they are criminal gangs or foreign governments. Six years ago Chinese hackers stole millions of background check files of federal government employees from the Office of Personnel Management.

Randy Pargman, who worked for the FBI for 15 years, said police departments need to do some “soul searching” about how they currently protect sensitive data such as background check files. He said many departments don’t have the budget or staffing for sophisticated cybersecurity measures, but could still transfer sensitive files to external hard drives kept offline and used only when needed.

“Every police department needs to think about their threat model and that they will probably be a target at some point,” said Pargman, vice president of threat hunting and counterintelligence at the private firm Binary Defense.

Back in Roxana, the police chief said he didn’t have to pay the hackers because the files were backed up and the department bought new computer equipment for roughly the same amount as the ransom demand. Cunningham reported the hackers to the FBI, but as far as he’s heard they were never caught. The whole experience, Cunningham said, was a real eye-opener.

“It’s amazing how much opportunity is out there for these computer crimes,” he said.

Continue Reading