Cybersecurity Roundup: Internet Outage, Wild Dual FBI Coups
This site rarely does “round-ups,” but my Tron has there been a lot of cybersecurity news lately — including news overnight of a mass internet outage after a critical player in the internet’s infrastructure hit a hiccup. That came just hours after it was revealed the FBI and its law enforcement partners had scored a double win against criminals: one by stealing back some ransomware payments and the other by duping hundreds of criminals into using “secure” communications that were actually run by the FBI. So, to catch up:
Swaths of the Internet Go Down After Company Hits Bug
First things first: The internet blackout that hit major websites from The New York Times to CNN early Tuesday morning does not appear to be the result of a cyber-attack, at least from the scant details available. What happened was Fastly, a private company that provides a content delivery network (CDN) services to the sites and many others “identified a service configuration that triggered disruptions[,]” according to a tweet from the company. Fastly said on its company blog it first identified the issue around 6 a.m. ET.
Kentik, an internet monitoring firm, said it observed a 75 percent drop in traffic volume before the company started fixing the issue.
RELATED: State Department ‘Data at Risk’ as Embassy Cyber Officers Lag Behind
While the damage from the outage appears to have been brief and limited — especially since it took place mostly in the early AM for American users — it illustrated the vulnerability of an internet infrastructure that relies so heavily on just a few companies, many of them unknown to the general public, as The Associated Press pointed out.
FBI, Cops Around the World Dupe Hundreds of Criminals Into Using FBI-Run ‘Secure’ Phones
The FBI deemed the operation Trojan Shield and while they’ll get no points for originality, it’s hard to argue it’s not an apt description for some 21st century epic trickery.
In the culmination of a two-year effort, the FBI, working with Australian security services and with the help of a confidential informant, took over and operated its own supposedly secure encrypted device company and then stealth-marketed the devices to criminal groups around the world. While alleged drug dealers, hit men and human traffickers believed they were communicating securely with the “An0n” devices, the FBI and other international law enforcement agencies were able to read every word — some 27 million messages over an 18-month period.
RELATED: After COVID Vaccine News, INTERPOL Warns of ‘Onslaught’ of Criminal Activity
The FBI-run company “grew to service more than 12,000 encrypted devices to over 300 criminal syndicates operating in more than 100 countries, including Italian organized crime, outlaw motorcycle gangs, and international drug trafficking organizations,” the European police agency Europol wrote in a statement today.
Then, in a fell swoop, law enforcement agencies from 16 countries struck in the past days, “resulting in more than 700 house searches, more than 800 arrests and seizure of over 8 tons of cocaine,” tons of other drugs, 250 firearms, 55 luxury vehicles and over $48 million in “various worldwide currencies and cryptocurrencies.”
“We have been in the back pockets of organized crime,” top Australian Federal Police official Reece Kershaw said today.
The service said it expects “countless” follow-on law enforcement operations.
FBI Nabs Some of the Ransomware Payment, Prompts Questions About How
The massive, international sting was only the FBI’s second coup of the day on Monday, as it announced it had managed to claw back approximately $2.3 million of the about $5 million in ransomware payments made to hackers by Colonial Pipeline. For those with a shorter attention span, Colonial Pipeline was the fuel supply company that was hit last month with an attack that caused the company to temporarily shut down operations and sent America into a brief gas shortage panic.
RELATED: Colonial Pipeline Hack Effect Ripples Into Blood Supply: Red Cross
According to the Department of Justice, after Colonial was hit with the attack in early May, the company paid a ransom in Bitcoin to unlock its data but also informed the FBI. The FBI was able to trace the payment through the public ledger that underpins Bitcoin, but beyond that there shouldn’t have been much the FBI could do. Except that somehow the Justice Department said investigators watched as the payment was transferred “to a specific address, for which the FBI has the ‘private key,’ or the rough equivalent of a password needed to access assets from the specific Bitcoin address.”
How the FBI got its hands on the private key for that address is something of a mystery. April Falcon Doss, executive director of the Institute for Technology Law and Policy at Georgetown Law, told NPR it was likely one of three ways: they got it from a tip-off from someone on the inside, they uncovered it during longer-term investigations into the hacking group, or they got it from one of the currency exchanges the payment had been routed through.
But the news that a private key can be obtained at all, regardless of how, appears to have hit Bitcoin’s value on open market, sending prices down a few percentage points as of this morning, according to Fast Company.
[Do you have a tip or question for Code and Dagger? Send it along at CodeAndDagger@protonmail.com. Also, consider contributing to Code and Dagger on Patreon at Patreon.com/CodeAndDagger.]