Delano, GA lawyer, Junior Butts announced this morning that the Department of Justice had dropped all charges against his client, David Lightman, for the ransomware attack on Bliechen Chemicals last December. Butts told reporters: “My client is a diligent white-hat hacker who found a vulnerability in the Robotron SK-1a safety system and reported that defect to the manufacturer. It was hardly his fault that Robotron was unable to control access to their site.”
Lightman has been in federal custody in Atlanta since January 2nd. He was released this morning. Lightman was arrested on December 31st and all of his research computers and equipment were seized on that day. Lightman referred all questions from the press today to his lawyer.
Della Street, spokesperson for the DOJ confirmed that Barlow was no longer a suspect in the case. “Mr. Lightman’s story checked out in all particulars after we were able to convince his lawyer to provide us access to the unencrypted contents of his research computer,” Ms. Street said this morning; “We are now on the trail of the team that hacked the Robotron web site that allowed them to intercept David’s vulnerability disclosure.”
The Federal Bureau of Inquiry is reportedly on the trail of AssaB, a notorious environmental hacker, thought to be working with Students for Immediate Neutralization of Chlorine Technology and Energy Reversion (SFINCTER). Johnathan Quest, FBI spokesperson, confirmed that AssaB was a person of interest in the case. “Anyone with information about the whereabouts of AssaB, should contact the FBI or their local law enforcement personnel,” Quest told reporters.
A reliable source at the National Critical Infrastructure Security Operations Center (CI-SOC) who is not authorized to talk to the press confirmed that someone had hacked the Robotron web site and substituted the links to their ‘Security.txt’ listing on the main page that pointed at a web site controlled by SFINCTER. That allowed the hacker collective to intercept Lightman’s vulnerability report which included proof-of-concept code. That vulnerability, along with at least one other zero-day vulnerability allowed SFINCTER to install ransomware on the Bleichen Chemical safety controller.
Carl Scheele, the Bleichen Delano Plant Manager, told reporters in December that the company was forced to shut down production at the plant for five days while they negotiated a final ransom payment to unblock the safety controller. “There was no way that we were going to run our chlorine production unity without that safety controller in place,” Scheele told reporters at the time; “We had to pay the ransom as we had no other way to restart that controller.” Bleichen has not disclosed how much ransom was paid to SFINCTER. Sources report that it was certainly less than the 100 bitcoin asked for in the initial ransom demand.
Kate Libby, security researcher at Dragonfire Cyber, provided background information on the ‘Security.Txt’ exploit used by the attackers. She explained that industry has been settling on using a standardized link on their web pages to allow independent security researchers like Lightman to reach out to the appropriate folks at a company to report cyber vulnerabilities. The ‘Security.txt’ link takes the researcher to a brief message that provides contact information, including an encryption key, to allow them to securely send information about vulnerabilities to teams at the company that are responsible for fixing such vulnerabilities.
“In this case,” Libby said; “Poor web site security allowed hackers to substitute their own contact information for those of the company’s security team.” That allowed SFINCTER to utilize the good work of Lightman for their own nefarious ends.
Erich Mielke, spokesperson for Robotron refused to take questions from reporters after issuing the following statement:
“Robotron thanks Mr. Lightman for his efforts to help us maintain our high standards of security. Researchers like Mr. Lightman are an important part of our security program. We are happy to see him vindicated and look forward to working with him in the future.”
No comments:
Post a Comment