Early this morning German authorities in Berlin, working in
conjunction with the Federal Bureau of Inquiry arrested Kate Libby, a notorious
member of Stasi Ehemalige known by her hacker handle as GeschütztesDF, for her
part in last week’s ransomware attack on an airliner sitting on the ground at
Boston’s Logan Airport. Johnathan Quest, and FBI spokesperson, noted that the
two governments were still working out where she would be tried for the
attacks.
Quest refused to confirm that an American government agent
had managed to infiltrate Stasi Ehemalige. “US technical means and good, solid
police work by the Germans led to locating and arresting this notorious hacker”
Quest responded when asked about infiltration of the hacker collective.
Immanuel C. Securitage, spokesman for ECS-CERT the
cybersecurity agency that worked closely with the FBI on this case, reported
that the TOR site for the hacker collective had bragged about GeschütztesDF skills,
both in crafting the ransomware and inserting it into the airline crew
scheduling web page where it infected the phones for the crew of Flight 175.
Within hours of Libby’s arrest, announcements were made on a
large number of social media site providing links to the source code for the
WannaFly malware. The announcements, signed by GeschütztesDF, provided
credentials to access the source code on web sites for Robotron, Fieseler, and
a number of airlines. Publishing the code on these sites made it clear that
Stasi Ehemalige had compromised the security of the sites in question, raising
questions about what other attacks on those sites had accomplished.
An unnamed analyst from Dragonfire claims that, along with
the source code, the web site postings include instructions on how to modify
the ransomware to take effect when aircraft are in flight, as well as details
on two previously undetected vulnerabilities in the Robotron Reichenberg avionics
control system. Those zero-day vulnerabilities would allow inflight access to
the control system according to the analyst.
Securitage refused to comment on those claims, stating that
ECS-CERT was still looking at the malware.
Within minutes of the release of the GeschütztesDF messages,
the TOR site for Stasi Ehemalige published demands for the release of Kate
Libby. The web site claimed that unless Libby was released within 24 hours the
hacker group would also release copies of the WannaFly ransomware tailored to
attacks on avionics control systems from other manufacturers along with zero-day
vulnerabilities that would allow access to install that malware.
The Federal Airline Administration spokesman Oscar Holmes
reported that the FAA was closely monitoring the situation. The Fieseler
aircraft that are the only current users of the Robotron control system remain
grounded until airlines can certify that appropriate mitigation measures are
put into place on each potentially affected aircraft. Holmes noted that the FAA
was prepared to ground any aircraft affected by the threatened malware
releases.
When asked about the potential effect on holiday travel,
Holmes confirmed that even the limited Fieseler groundings had already caused
the cancelation of hundreds of flights. Any further groundings could cause
serious problems for travelers in coming weeks that are expected to see record
numbers of flyers. Travel plans could have to be canceled and people could be
stranded away from home searching for alternative modes of travel.
Robotron and Fieseler stocks fell sharply past previous
record lows on European exchanges before trading was stopped. US airline stocks
dropped sharply after the Stasi Ehemalige announcement as airlines reported an
increase in flight cancellations.
No comments:
Post a Comment