Russian Ministry of Justice Requests DOJ Assistance

The Department of Justice announced today that it had received a request for assistance from the Russian Ministry of Justice (Minyust) to help them identify and apprehend the hackers who have recently been attacking railroad operations in western Russian and Belarus. According to news reports in Russia, there have been cyberattacks on the railroad system that have caused intermittent shutdowns of rail traffic throughout western Russia and Belarus since last Thursday.

Della Street, spokes person for DOJ, told reporters this morning that the Attorney General was considering the request because of recent Minyust actions against Russian cybercriminals who have been conducting ransomware attacks against organizations in the United States and Europe. “We are talking with our allies in the region about this request.”

According to Nikolai Krylenko, Minyust spokesperson, the cyberattacks have disrupted key freight and passenger services thoughout Western Russia. “Our government is concerned that this criminal activity is harming the free movement of our citizens and hampering distribution of key materials throughout the region,” Krylenko said in a statement released this morning in New York.

The Free Ukraine Cyber Kollective against Russian has claimed responsibility for cyberattacks against the Russian military. A report on their web site, which was taken offline this morning, noted that they had delayed movement of military supplies and personnel to the border region with the Ukraine.

Rep. Harvey Milk (D,CA) told reporters that, while he has concerns about the use of cyber attacks against critical infrastructure any where in the world, the actions of the Kollective do not appear to be as concerning since they have been made in response to the Russian attack against the Ukraine. He said that he will be introducing legislation today prohibiting DOJ from taking any action against civilians that undertake cyberattacks against foreign military invasions of free countries. “We have a long history, reaching back to World War I, of civilians joining military action against oppressors in Europe before the United States government joins the fray,” Milk told reporters.

CAUTIONARY NOTE: This is a future news story –

 

Russians Selling Access to Critical Infrastructure on Dark Web

Dragonfire Cyber released a brief report today concerning recent offerings on the Dark Web for access to critical infrastructure computer systems. They report that the Zhukov Brigade, a Russian hackers collective sometimes loosely associated with the Russian military, had posted a long list of organizations in Europe and the United States that it had proven access to computer networks. Exclusive access was being offered to those systems individually or in related groups.

Maskirovka, the frequent spokesperson for the Zhukov Brigade on these Dark Web sites, reports that the access being sold is sufficient to allow ransomware attacks on the systems without the need for additional exploit tools. Access is being offered for 1BTC (about $35,000) and 10% of ransomware proceeds.

Dade Murphy, CTO of Dragonfire Cyber, told reporters this morning that the list of organizations includes public sector and private sector systems in power generation and transmission, ports, railroads and airports throughout the United States and Europe. “We have notified each of the organizations listed, as well as cybersecurity organizations in the respective governments,” Murphy said.

When asked if this appeared to be related to last night's invasion of the Ukraine by Russia, Dade replied: “We do not know. The Zhukov Brigade is not an agency of the Russian government, but they have been employed by the Russian military for some specific hacking operations that we know of.

General Turgidson, Director of the National Critical Infrastructure Security Operations Center (CI-SOC), was asked about the report at this morning’s CI-SOC briefing, he told reporters that they had received advanced notice of the information from Dragonfire Cyber. “We have a close working relationship with Dade and his outstanding crew,” The General explained; “And we continue to work with them to address any potential threats to organizations in this country.”

When asked about rumors of government agencies buying up the access rights on the Dark Web sites, Turgidson laughed and said: “We do not have budget authority for that type of operation. Besides, I do not think that the Zhukov Group would be interested in selling us that access.” When asked if any intelligence agency might have the necessary authority, the General replied: “No comment.”

CAUTIONARY NOTE: This is a future news story –

Insulin Pump Hack Discovers Dosing Errors

Medical device software expert FrediG announced today at BlackCap Europe that he had found a calculation error in the GerateSoft application that he uses with the Robotron IPumpe insulin pump that he used to control his blood sugar levels. The pump routinely administered 0.5% more insulin than was necessary to keep his blood sugar levels at target levels. As a result, his blood sugar levels over the last six months have routinely been on the low end of the target range for the treatment of his Type 1 diabetes.

Robotron spokesperson, Erich Mielke, told reporters at a news conference at the conference that FrediG had disclosed the problem to Robotron last week, and that Robotron was recommending that the users of its IPumpe stop using the GerateSoft application. “We are very concerned that the application is incorrectly dosing patients using our device,” Mileke said; “But we are even more concerned that it appears that this dosing error may be deliberate.”

That unusual comment by Mielke was based on a claim by FrediG that the application used two different calculation formulas, depending on which account was used. FrediG reported in his talk today that the equations used when the default account on the application was being used was the industry standard calculation. The default account would be expected to be used by regulatory agencies and companies like Robotron when testing the application.

Users are specifically warned by GerateSoft not to use the default account to protect their privacy. But when users set up their own unique account on the App, a different equation is used to calculate the insulin dosage. That calculation produces a dose that is 0.5% higher than the industry standard equation.

GerateSoft tried to get a German Court to stop FrediG’s presentation claiming that he had accessed GerateSoft’s system without permission, but lawyers for Robotron told the Court that FrediG had been a registered member of Robotron’s vulnerability discovery program and access to GerateSoft’s application was covered by that program.

Mielke noted that FrediG had reported vulnerabilities in a number of Robotron’s devices over the last two years, including a vulnerable version of OpenSSL used in the IPumpe that Robotron reported and corrected last summer.

CAUTIONARY NOTE: This is a future news story –

EF-1 Charging Stations Hacked Again

The San Francisco Transit Authority (SFTA) announced today that hackers were stealing electricity from the enroute charging stations for the City’s new electric bus fleet. The electric costs for the new charging stations were five times higher than expected during the first six months of operation according to a report released today by the SFTA. Johan Muir, a spokesperson for the SFTA reported that the federal grant supporting the e-charging system would only last another three months at this rate.

Brewster Zenneck, the Director of the City’s SF eBus System, explained this morning that the innovative new electric transit bus system was able to use smaller, lighter batteries to power their new busses because the city had installed cordless power charging stations at about half of the bus stops used by the new vehicles. This means that the busses could partially recharge their batteries while unloading and loading passengers.

Zenneck explained that the system uses inductive charging plates built into to road at the bus stop. When a bus stopped to pickup passengers, a device on the bus would signal the charging system to turn on and then turn off when the bus pulled away. The high-powered charging system would be able to provide enough electricity to the vehicles batteries to allow it to reach the next powered bus stop.

According to an article in last week’s Democratic Press, an alternative new site, not long after the EF-1 charging system was installed a free application appeared on some alternate power web sites that would operate the charging stations. These apps would allow users to charge electric vehicles equipped with cordless charging systems while parked on or near the bus stops. Other apps soon appeared that would allow cordless charging of smaller devices, including cell phones from the vehicle charging system.

Zenneck confirmed that the appearance of the apps had taken the SFTA by surprise. They were enabled by the hard-coded credentials used by the busses to control the charging stations. Once the SFTA had become aware of the problem they had worked with Robotron, the supplier of the EF-1 charging system, to update the system software to provide for unique passwords for each city vehicle that used the system.

Updates for the apps soon appeared on scene that were able to steal passwords from the vehicles when they powered on the system. Zenneck said that the SFTA was working with Robotron to solve that problem.

CAUTIONARY NOTE: This is a future news story –