Security News for the Week Ending June 11, 2021
Feds Recover Some of the Colonial Pipeline Ransom
The feds say that they recovered most of the Bitcoin paid as ransom, but because the price of Bitcoin is in a slump, it is only worth about $2 million. The feds say that they acquired the private key to the Bitcoin wallet and transferred 63 Bitcoin out of it. The feds didn’t say how they did that, but the gang that claims to have carried out the attack, DarkSide, said that they lost control of their server (i.e. the hackers were hacked). If that was done by the feds **AND** the private key for the wallet was stored on that server **STUPID**, that would explain it. The good news is that most crooks operational security is horrible. Credit: Bleeping Computer
Colonial Breach Due to Compromised Password, Lack of 2FA
Hackers are not Superman; they tend to use simple attack vectors first. According to Bloomberg, a consultant says that the whole thing went down due to a compromised VPN password that allowed the attacker free reign of the network. On top of that, the account was no longer in use at the time, but still enabled. Finally, the VPN account did not use MFA. So, basic hygiene – MFA and disabling unused accounts – either of which – would likely have avoided the shut down of the fuel supply to the East coast. If I was a lawyer, I would be rubbing my hands in glee. If I was Colonial’s insurance company, I might be sending out a notice that I don’t plan to renew the policy. Credit: Bloomberg
Walmart to Give 700,000 Employees a Free Phone and Walmart App
Walmart plans to provide all of their employees a free Samsung phone so that they can keep tabs on them. Walmart has been sued enough times that they understand that the preloaded Walmart employee app will only work when the employee is clocked in. They don’t want hourly employees doing work things when they are off the clock. This a good thing. While buying 700,000 phones at $500 retail, maybe $300 in in that kind of volume is not cheap, it appears that they are not providing a voice or data plan, meaning that even though they say that you can use that phone for personal use, unless you buy your own voice/data plan, it is really only going to work while you are in a Walmart store while logged into the Walmart WiFi. Walmart says that they won’t spy on you, but that may be easier said than done. For example, they might say that they want to access your contacts so that they can connect you with other employees, but once you give them access to your contacts, they have them. Many employees are saying we would like Walmart to raise our salary instead. Credit: Vice
Biden Revokes Trump EOs Banning AliPay, TikTok, WeChat
A year ago former President Trump issued a series of EOs that were designed to hurt China, but for a variety of reasons, his administration never actually completed the EOs. This week President Biden revoked those failed EOs. The replacement EO does try to address the real problem – protecting the data of Americans. That is a very difficult problem because we really are not addressing the real problem, securing users’ phones and computers. Credit: ZDNet
Another Pipeline Hit By Ransomware – Lost 70 Gig of Data
LineStar Integrity Services was attacked at about the same time as Colonial Pipeline, but they tried to keep the attack quiet. That didn’t work. That is because the hackers posted the gigs of stolen data online. LineStar does not actually move petro; rather it helps those companies remain legally compliant. The data stolen and posted could enable future attacks. Given the rather crappy cybersecurity of the industry, that is likely to happen. Credit: Wired