The ultimate side hustle for employees

Feb 27 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that goes the distance like Tommy TNT Fury. 

Today’s hottest cyber security stories:

  • Whodunnit? Secret Bitcoin mining rig discovered in U.S. school crawlspace
  • ‘Optus’ & ‘Medibank’ incidents prompt cyber talks in Oz
  • Dutch Ransomware scammers go public with stolen info despite being paid

“HONEST SIR, IT WEREN’T ME!” 

Ex-city employee, not pupil, fingered as cloaked miner

We were a bit disappointed to discover that this wasn’t the work of a sort of 21st century answer to Dennis the Menace or Dexter’s Laboratory, but hey ho.

Ex-city employee Nadeam Nahas was accused of using his job as a city’s assistant facilities director to hide the cryptocurrency mining operation.

In the crawlspace of a school in Massuchusetts, the dungeon of Bitcoin mining equipment was discovered by Nahas’ boss who, during a routine inspection, “noticed electrical wires, temporary duct work, and numerous computers that seemed out of place.

After researching and contacting the town IT director, it was learned that this was a cryptocurrency mining operation which was unlawfully attached to the school electrical system,” he said.

According to Boston news station WCVB, Nahas is said to have operated his underground crypto mine for eight months before being discovered in December, racking up approximately $17,492 (£14,644) in electricity.

He’s been charged with fraudulent use of electricity and vandalizing a school. On the bright side, maybe he can set up another Bitcoin mining rig at the prison he’s sent to!

MIND THE GAP!

Cyber-knights of the ‘round table’ discuss ‘gaps’ in Australia’s cyber defence

Following the monumental cyberattacks on Optus, Australia’s second largest telecom company, and Medibank, a top Australian health insurer, respectively, a ‘discussion paper’ was released. This was shortly after PM Anthony Albanese addressed the cybersecurity roundtable in Sydney.

Both hacks were majorly embarrassing for the two corporations involved because, as well as leaking millions of customers’ personal data, they also revealed major gaping holes in both companies’ cyber defences.

Just to catch you up, here’s a brief rundown of what happened in each of these attacks and then we’ll summarise what was said at today’s meeting, along with details of the discussion paper.

What? Optus telecom got hacked

Why? It was a ransomware attack, so the hacker stole data and demanded cash ($1m, to be exact) to return it.

When? The attack took place in September 2022, but the aftereffects were felt long after.

Where? Sydney, Australia

Who? Optusdata was the moniker used in the attack, per the error-riddled ransom note which said, amongst other things: “We are businessmen. 1.000.000$US is a lot of money and will keep to our word.” About 10 million were victimised.

How? With embarrassing ease, apparently. Cyber security minister, Clare O’Neill scoffed at the idea that the hack was sophisticated, saying: “[Optus] left the window open.”

What? Medibank health insurer got hacked

Why? Another ransomware hack. Yawn.

When? October 2022, about three weeks after the Optus one.

Where? Docklands, Australia (Medibank headquarters)

Who? Russian hackers connected to REvil ransomware group, according to the Australian Federal Police (AFP), targeted 9.7 million current and former customers.

How? It is thought someone gained access using fake or compromised user credentials.

Cyber Dawg’s Breakdown of the discussion paper:

  • The Optus and Medibank incidents have exposed “gaps” in Australia’s existing incident response functions
  • Business owners “often do not feel their cybersecurity obligations are clear or easy to follow”
  • “It is clear that a package of regulatory reform is necessary”
  • Other proposals for feedback include strengthening Australia’s international strategy on cyber security (such as boosting assistance to south-east Asian and Pacific countries).
  • Monkey see, monkey do! The paper also urges the government to lead by example, highlighting the fact that Australian government entities “have a long way to go to properly secure government systems”.

NO HONOUR AMONG THIEVES!

Three Dutch hackers just got arrested over ransomware attack that took place all the way back in March of 2021.

And get this! The bastards sold the stolen data to third parties even after they received their ransom payment. Perhaps if they’d have played ball and kept to their word after receiving the whopping €100,000 to €700,000 per company.

It’s estimated that the hackers stole personal data belonging to tens of millions of individuals.

This included:

  • Names
  • Addresses
  • Telephone numbers
  • Dates of birth
  • Bank account numbers
  • Credit card info
  • Passwords
  • License plates
  • Social security numbers
  • Passport details

Another reason this one caught our eye is because one of the guys was 18 years old, meaning he would have been about 16 at the time of attack. He’s also our first homeless hacker! Here’s to many more! Just kidding. I mean, he was of no fixed abode. Our guess is having stolen millions, he’s not queuing up for soup.

The arrests were made on January 23 2023, and the other two guys were both 21 years old and from Zandvoort and Rotterdam, respectively. Actually: disrespectfully.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles