A pro-Palestinian group claims credit for the Twitter outage. A US cybersecurity group is devastated by Doge Cuts US authorities recover 23 million from a cryptocurrency hack and a developer is sentenced. For his kill switch. This is cybersecurity today. I'm your host, Jim Love, a pro-Palestinian Hacktivist group. The Dark Storm team has claimed responsibility for the distributed denial of service or DDoS attack on X Twitter on Monday of this week.
Elon Musk initially indicated that the massive attack came from IP addresses from around Ukraine. But cybersecurity experts cautioned against drawing conclusions based solely on IP data. Attackers often use compromised devices and proxy networks to mask their true locations. But Dark Storm emerged as the only group taking credit for the incident, posting their claim on their new Telegram channel. if this is true, it marks the resurgence of this dangerous group.
After a period of some inactivity established in 2023, the Dark Storm team is recognized for conducting cyber attacks against entities perceived to support Israel. Their operations have predominantly involved DDoS attacks, aiming to overwhelm targeted systems with excessive traffic, rendering them inaccessible to legitimate users. Prior to the attacks on X, the group had been inactive following the shutdown of their telegram channel.
I. Since reactivating the Dark Storm team has targeted various organizations across multiple countries, including in the United States, the Los Angeles International Airport in Israel, the Port of Haifa, and in the United Arab Emirates, the Ministry of Defense. These attacks have successfully disrupted critical infrastructure highlighting the group's capability to impact essential services.
So despite Musk's attempt to suggest that Ukraine was somehow responsible for the attack, there is no evidence of that at this point. But what Musk failed to talk about and what some analysts have reported is that some of X's origin servers were not adequately secured behind the company's DDoS protection services, rendering them susceptible to direct attacks and the oversight. Allowed the botnet to target these servers most effectively.
X has since addressed these vulnerabilities to bolster its defenses against future incidents, which leaves us with the potential resurgence of dark storm, with their focus on high profile platforms and critical infrastructure, necessitating robust security protocols and safeguards for digital communication channels and essential infrastructure services.
And in a related story, the US Cybersecurity and Infrastructure Security Agency, CS A, has experienced significant personnel reductions following a budget cut implemented by the Department of Government Efficiency or Doge, run by Elon Musk and established under President Trump's administration. These cuts have notably impacted top recruits responsible for safeguarding the nation's critical infrastructure against cyber threats. One of these being terminated, cybersecurity specialist Paula Davis.
Noted. We're being targeted daily, hourly, at every single minute. Citing suspected cyber criminals attempts to infiltrate water systems and even the power grid. the reduction in the workforce raises concerns about the agency's capacity to effectively coordinate cybersecurity efforts across federal agencies and the private sector.
Rob Joyce, former NSA Director of cybersecurity, expressed that such layoffs could have a devastating impact on national security, particularly encountering threats from adversarial nations. The layoffs exacerbate existing challenges in attracting and retaining cybersecurity professionals within the federal government in the first place. The cybersecurity industry already faces a workforce shortage with only enough professionals to fill at most, 83%. Of available jobs.
The recent cuts may deter potential candidates from considering federal positions further widening the talent gap. And on a more positive note, US authorities have seized over $23 million in stolen cryptocurrency linked to the $150 million hack of a Ripple wallet, a case that cybersecurity experts believe is connected to the 2022 LastPass data breach.
The Department of Justice alleges that attackers gained unauthorized access by cracking passwords stored in an online password manager widely believed. To be LastPass, and it's quite amazing that the police were able to track and freeze the funds stolen. hackers usually rapidly move stolen assets across multiple drop accounts and quickly cash out. But reportedly, Chris Larson Ripple, co-founder and the victim of the attack notified authorities quickly.
A team of security researchers and federal agents were able to trace and freeze the funds. A team of security researchers and federal agents were able to trace and freeze the funds, following them through multiple exchanges, including OKX, Kraken White Bit, and fixed float.
Authorities moved to swiftly freeze 24 million in crypto before it could be withdrawn according to a recently unsealed DOJ complaint, attackers likely extracted private keys from the victim's password vault, since they seem to bypass traditional attack techniques like device compromise or even sim swapping.
The conclusion was that Larson, like other high profile crypto theft victims, had stored his seed phrases, the keys to his crypto accounts in LastPass secure note section before the 2022 breach While LastPass appears to deny conclusive evidence linking its breach to the crypto heists, the evidence certainly suggests that it was a result of this 2022 hack, which raises the question that some security researchers have asked Why didn't LastPass? Notify people about this vulnerability.
The case highlights the lingering risks of password manager breaches and the vulnerabilities of storing sensitive financial data online. And New York State has filed a lawsuit against Allstate Insurance and its subsidiary National General, alleging inadequate data security measures led to two significant data breaches in 2020 and 2021. These breaches exposed the driver's license numbers of nearly. 200,000 individuals, including over 165,000 New Yorkers.
Between August and November, 2020, attackers exploited vulnerabilities in the National General's online quoting websites. A function that pre-populated the web forms would give anyone access to key information like the driver's license number of any resident at a given address that affected 12,000 individuals. The company made the situation worse by not just failing to detect the breach for over two months, but also not notifying consumers or state agencies as is required by law.
A second breach occurred in early 2021. This one more extensive in compromising the personal information of an additional 187,000 individuals, including about 155,000 New Yorkers. This type of information is hugely valuable to cyber crooks who are looking to exploit it for identity theft and other nefarious purposes. This incident was discovered in February, 2021. Shortly after Allstate acquired National General in January of 2021.
The lawsuit filed by the New York Attorney General Letitia James Accuses National General and Allstate of failing to implement reasonable data security measures, misrepresenting their data security practices to consumers and neglecting to notify affected individuals promptly. The state seeks civil fines a. $5,000 per violation and other remedies. Allstate has stated that it has addressed the issue years ago by securing its systems.
After identifying vulnerabilities in the online quoting pools, the company claims it promptly notified regulators contacted potentially affected consumers, and offered free credit monitoring as a precaution. But this legal action underscores the critical importance of robust cybersecurity measures in protecting consumer data. Companies know that they're legally obligated to safeguard personal information and promptly inform affected individuals and authorities in the event of a breach.
But it appears that New York is demonstrating that failure to do this can result in some severe legal consequences, financial penalties, in addition to damage to the company's reputation. after this breach. Nobody's gonna say you're in good hands with Allstate. And finally, a 55-year-old software developer from Houston, Texas has been convicted of intentionally damaging his employer's computer systems by deploying malicious code designed to disrupt operations.
Upon his departure, the developer identified as Davis Lu. Worked for an Ohio based company, reportedly Eaton Corporation from November, 2007 until his termination in September of 2019. Following a corporate restructuring in 2018, Lu experienced a reduction in his responsibilities, which led to some dissatisfaction with his role.
So in August, 2019, Lu reportedly deployed custom malware that caused production servers to crash by exhausting system resources through putting them through infinite loops. He has also said to have deleted colleagues user profiles, but finally he also implemented a kill switch named is DL enabled in ad. An abbreviation of IS Davis Lu enabled in Active directory? The code was designed to lock out all users if his account in the company's Windows active directory was disabled.
Upon his termination on September 9th, 2019, the kill switch was activated, resulting in thousands of employees losing access to critical systems. The sabotage was discovered following the system disruptions that coincided with Lu's termination. Investigations revealed the presence of the malicious code linked to Lu. Some reports stated that the code was linked to his computer or his id, but frankly, the name of the kill switch alone made it clear who had implemented the malicious code.
Lu was subsequently arrested and charged with causing intentional damage to protected computers. But a jury recently convicted Lu and he now faces a maximum penalty of 10 years in prison. A sentencing date has not yet been set. While events like this are certainly extreme. Other forms of sabotage such as leaking company information could be equally damaging.
So companies of all sizes need to take a serious look at their security and termination processes with what we are calling a zero trust lens. It's almost like you really wanna do terminations carefully, not with a chainsaw. Just a thought. Thanks to all of you who went to buy me a coffee.com/tech podcast to support the podcast. We're about halfway to where we need to be to stay solvent.
So if you haven't already done it, if you can chip in as little as five bucks a month Canadian, we can keep these programs on the air. That's buy me a coffee.com/tech podcast. Thanks again. And as always, thanks for listening.