The Worst Hacks of 2020, a Surreal Pandemic Year

The attackers had full access – a nightmare security scenario that would be the dream of any nation-state hacker. Instead, the attack was only part of a bitcoin scam that ended up netting about $ 120,000. In all, scammers targeted 130 accounts and took control of 45. In a crazy scramble to control the situation, Twitter temporarily freezes all verified accounts, blocking their ability to tweet or reset account passwords. Some lockdowns lasted for hours.

Subsequent investigations revealed that the attackers had called Twitter’s customer service and technical support lines and had accessed a phishing site to access a particular site, including usernames, passwords and multiformer authentication codes. Special backend Twitter credentials included. Attackers were then able to use their access to these support accounts to reset passwords on target user accounts. In late July, there were three suspects Arrested and charged Along with hacking, including 17-year-old Graham Evan Clarke of Tampa, Florida, who allegedly led the digital attack. In the wake of the breech, Twitter says it launched a major effort to overhaul its employee access controls, most notably with the November US presidential election.

On junehith, leak-focused activist group Distributed the secret Published a 269-gigabyte troop of United States law enforcement information, including email, intelligence documents, audio, and video files. DDOSecrets said the data came from a source claiming to be part of the arbitration hacking collective Anonymous. Published in the wake of George Floyd’s assassination, the dump of more than one million files contained documents and internal police communications about law enforcement initiatives to identify and track protesters and share intelligence about movements like Antifa. A lot of information came from law enforcement “fusion centers”, who gather and share intelligence with law enforcement groups around the country. “This is the largest published hack of US law enforcement agencies. WIRED said in June.” Said cofounder Emma Best of DDOSecrets. “It’s the closest look at state, local, and federal agencies to work with the public’s protection.” Provides [the] Government’s response to Kovid and BLM’s opposition. “

In September, a ransomware attack apparently targeted Heinrich Hein University in Düsseldorf, instead crippling 30 servers at University Hospital Düsseldorf, jeopardizing the hospital’s systems and patient care. Unfortunately, ransomware actors have Long term targeted hospital, Because of their pressure to restore service in the interest of patient safety. It is somewhat common for university-affiliated hospitals to be unintentionally hit. The University Hospital Düsseldorf incident was particularly significant, however, because it may represent the first time that a human death can be attributed to a cyber attack. As a result of the ransomware attack, an unknown woman in need of emergency treatment was referred to a different provider in Wuppertal, about 38 miles from Dusseldorf University Hospital, delaying treatment by an hour. She did not survive. Researchers note that this is Tough Definitely establishing a work-cause. The incident is clearly an important reminder, however, of the real-world effects of ransomware attacks on healthcare facilities and any critical infrastructure.

In late October, amid a raging wave of health-care-focused ransomware attacks, hackers threatened to release stolen data from one of Finland’s largest psychiatric services networks, Vaasto, if individuals or organizations Did not pay to keep in form. data under wraps. Hackers may have obtained information from an exposed database or via a Inside operation. Efforts of this kind of digital extraction have been taking place for decades, but the situation was really Especially arrogant, Because the stolen data, which went back nearly two years, included psychotherapy notes and other sensitive information about patients’ mental health treatment. Vastamo worked with private security firm Nixu, Finland’s Central Criminal Police and other national law enforcement agencies to investigate the situation. Government officials estimate that the episode affected thousands of patients. The hackers demanded a value of 200 euros of bitcoin, about $ 230, from individual victims, within 24 hours of the initial asking, or 500 euros ($ 590) to keep the data. Finnish media also reported that Vastamo received a demand for bitcoins worth approximately $ 530,000 to avoid publication of the stolen data. “Ransom_man”, a hacker personality, posted leaked information from at least 300 Vastaamo patients on the anonymous web service Tor to demonstrate the validity of the stolen data.

In late July, hackers launched a ransomware attack against navigation and fitness giant Garmin. It moved to Garmin Connect, a cloud platform that syncs large portions of user activity data as well as There was also a knock in the company’s email system and customer call centers. In addition to athletes, fitness lovers and other regular customers, airplane pilots using Garmin products for positioning, navigation and timing services also deal with disruption. The Flygarmin and Garmin Pilot apps both had day-long outages, affecting some of the Garmin hardware used in aircraft, such as flight-planning tools and updates to the required FAA aeronautical database. Some reports indicate that Garmin’s ActiveCaptain marine app has also suffered damage. This incident underscored how Internet-of-the-device devices are exposed, to systemic failures. It’s bad enough if your GPS-equipped, activity-tracking clock stops working. When you have to explain the equipment issues caused by the ransomware attack, it is very clear how these interconnects can occur.

Honorable Mention: Chinese Government Supported Hacking

China continued its unbelievable global hacking spree this year, and it appears to be laying a wide net ever. Beijing Supported Hackers Deeply drowned In Taiwan’s semiconductor industry for stealing massive amounts of intellectual property, from source code and software development kits to chip design. Australian Prime Minister Scott Morrison said in June that the country’s government and other organizations have been targeted by repeated attacks. Australia has committed to invest approximately $ 1 billion over the next 10 years to expand its defensive and offensive cyber security capabilities. Although Morrison did not reveal which actor is dogging in the country, he is widely referring to China. Australia and China are locked in an intense trade war that is redefining the relationship between the two countries. a Reuters report In this month, an example was provided of the ongoing Chinese hacking operation across Africa after the African Union in Addis Ababa, Ethiopia, in which suspected Chinese attackers were found stealing video surveillance footage from their servers. The United States has also faced years of digital espionage and intellectual property theft attributed to China. And it continued this year, especially in Kovid-19-Realm Scope Public Health and Vaccine Research.

Over WIRED’s Year in Review