Feb 27 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that goes the distance like Tommy TNT Fury.
Today’s hottest cyber security stories:
Ex-city employee, not pupil, fingered as cloaked miner
We were a bit disappointed to discover that this wasn’t the work of a sort of 21st century answer to Dennis the Menace or Dexter’s Laboratory, but hey ho.
Ex-city employee Nadeam Nahas was accused of using his job as a city’s assistant facilities director to hide the cryptocurrency mining operation.
In the crawlspace of a school in Massuchusetts, the dungeon of Bitcoin mining equipment was discovered by Nahas’ boss who, during a routine inspection, “noticed electrical wires, temporary duct work, and numerous computers that seemed out of place.
After researching and contacting the town IT director, it was learned that this was a cryptocurrency mining operation which was unlawfully attached to the school electrical system,” he said.
According to Boston news station WCVB, Nahas is said to have operated his underground crypto mine for eight months before being discovered in December, racking up approximately $17,492 (£14,644) in electricity.
He’s been charged with fraudulent use of electricity and vandalizing a school. On the bright side, maybe he can set up another Bitcoin mining rig at the prison he’s sent to!
Cyber-knights of the ‘round table’ discuss ‘gaps’ in Australia’s cyber defence
Following the monumental cyberattacks on Optus, Australia’s second largest telecom company, and Medibank, a top Australian health insurer, respectively, a ‘discussion paper’ was released. This was shortly after PM Anthony Albanese addressed the cybersecurity roundtable in Sydney.
Both hacks were majorly embarrassing for the two corporations involved because, as well as leaking millions of customers’ personal data, they also revealed major gaping holes in both companies’ cyber defences.
Just to catch you up, here’s a brief rundown of what happened in each of these attacks and then we’ll summarise what was said at today’s meeting, along with details of the discussion paper.
What? Optus telecom got hacked
Why? It was a ransomware attack, so the hacker stole data and demanded cash ($1m, to be exact) to return it.
When? The attack took place in September 2022, but the aftereffects were felt long after.
Where? Sydney, Australia
Who? Optusdata was the moniker used in the attack, per the error-riddled ransom note which said, amongst other things: “We are businessmen. 1.000.000$US is a lot of money and will keep to our word.” About 10 million were victimised.
How? With embarrassing ease, apparently. Cyber security minister, Clare O’Neill scoffed at the idea that the hack was sophisticated, saying: “[Optus] left the window open.”
What? Medibank health insurer got hacked
Why? Another ransomware hack. Yawn.
When? October 2022, about three weeks after the Optus one.
Where? Docklands, Australia (Medibank headquarters)
Who? Russian hackers connected to REvil ransomware group, according to the Australian Federal Police (AFP), targeted 9.7 million current and former customers.
How? It is thought someone gained access using fake or compromised user credentials.
Cyber Dawg’s Breakdown of the discussion paper:
Three Dutch hackers just got arrested over ransomware attack that took place all the way back in March of 2021.
And get this! The bastards sold the stolen data to third parties even after they received their ransom payment. Perhaps if they’d have played ball and kept to their word after receiving the whopping €100,000 to €700,000 per company.
It’s estimated that the hackers stole personal data belonging to tens of millions of individuals.
This included:
Another reason this one caught our eye is because one of the guys was 18 years old, meaning he would have been about 16 at the time of attack. He’s also our first homeless hacker! Here’s to many more! Just kidding. I mean, he was of no fixed abode. Our guess is having stolen millions, he’s not queuing up for soup.
The arrests were made on January 23 2023, and the other two guys were both 21 years old and from Zandvoort and Rotterdam, respectively. Actually: disrespectfully.
So long and thanks for reading all the phish!