Cybercrime and cyber conflicts: US

Information Security in the United States

Main article: Information Security in the United States

Organizations

Key US organizations leading cyber attacks around the world are

• US Cyber Command (US Cybercom) and
• National Security Agency (NSA) of the United States, part of the
• The United States Department of Defense, and
• Central Intelligence Agency (CIA) and
• US FBI.
• U.S. Department of Homeland Security
• DARPA (Defense Advanced Research Projects Agency)

To strengthen protection state cyber security in 2016 was created

• Government Commission to Strengthen US National Cybersecurity.

At the global level, the United States is trying to promote its policies in the field of cyber attacks and cybersecurity through the North Atlantic Military Alliance

• NATO.

The facts related to the activities of these structures are collected in the relevant articles.

Cyber wars

Russia is forced to take measures to contain other countries in the field of cyberspace and thus becomes involved in cyber wars. The key opponent in this area is traditionally the United States:

• Cyber ​ ​ war of Russia and the United States

2024

Cyber ​ ​ attacks hit the American hotel company Omni Hotels. Electronic locks, booking and payment systems disabled

On April 1, 2024, the American hotel chain Omni Hotels & Resorts, which operates 50 facilities in the United States and Canada, reported a massive cyber attack on its IT infrastructure. The hacker invasion disrupted the work of electronic locks, booking systems and payment services. Read more here.

The main database of vulnerabilities has stopped its work, specialists have panic moods

USA A banner has https://nvd.nist.gov appeared on the website of the National Vulnerability Database (NVD), which indicates the suspension of NVD's work to collect information and publish data on vulnerabilities. The latest changes to the site date back to March 8. Similar changes in work were noted on the https://www.cve.org website, which belongs to a public organization sponsored by American departments - the Department of Homeland Security (DHS cyber security), the Cybersecurity and Infrastructure Security Agency (CISA) and the state corporation. MITRE

On the page of the National Institute for Standardization NIST, where the NVD base is located, a banner appeared as follows:

NIST is currently working to create a consortium to address issues in the NVD program and develop improved tools and methods. During this transition, you will see time delays in the analysis. We apologize for any inconvenience caused and ask for your patience as we work to improve the NVD program

NVD is a vulnerability database that collected information on all problems in all software products. NIST collected it, screened it and classified it. All others TI services and vulnerability control tools at least controlled the content of the NVD. The disappearance of such an important source of vulnerability information can lead to serious violations in the operation of the global vulnerability alert system. Although Russia it has its own similar vulnerability repository - a database of threats and vulnerabilities, FSTEC however, it very often referred to CVE numbering and NVD materials.

Panic is growing in the global community of vulnerability management specialists, "Alexander Leonov, an expert on vulnerability management at Positive Technologies, commented on the situation on his Telegram channel. - Everyone was used to using public NVD content and treated its update as something for granted. It turned out that everything could stop and figure out where to get technical data for each vulnerability yourself. It will not be so easy for individual users to find an alternative to these NVDs. But for large vendors, this is an occasion to start enriching CVE data, as well as think about creating an alternative to NVD together. And the longer the downtime lasts for the NVD, the more likely such an alternative is to emerge.

Ukrainian confessed to a cyber attack, due to which the American hospital lost $65 million and did not work for 2 weeks

On February 15, 2024, the US Department of Justice (DOJ) reported that Ukrainian citizen Vyacheslav Penchukov pleaded guilty to cyber attacks that caused tens of millions of dollars in losses. One of the victims was the University of Vermont Medical Center, which lost $65 million as a result of a hacker invasion and lost the ability to provide intensive care services for two weeks. Read more here.

2023

Americans lost $10 billion in a year due to fraudsters. From telephone swindlers the greatest losses

In 2023, Americans lost over $10 billion due to fraudsters, which is a record amount. This is approximately 14% more than in the previous year. The largest losses are recorded due to telephone swindlers, as stated in a report by the US Federal Trade Commission (FTC), released in mid-February 2024.

The FTC study says that in 2023, the department received about 2.6 million complaints about telephone or Internet fraud. Approximately the same figure was recorded in 2022. That means average financial losses in each incident rose year-on-year.

In 2023, Americans lost over $10 billion due to fraudsters

In 2023, investment frauds brought maximum profits to cybercriminals in the United States - more than $4.6 billion. The increase compared to the previous year was at around 21%. The second most profitable fraud scheme is the impersonation by swindlers of themselves for another person or representative of an organization or state structure: this method allowed criminals to receive $2.7 billion. In addition, e-commerce scams, fraudulent schemes with fake prizes, business and employment scams are often recorded.

Phone malicious campaigns bring attackers the highest average revenue per victim - about $1,480 in 2023. And the highest total losses from fraud are registered on social networks - in the amount of $1.4 billion. The largest losses (approximately $1.8 billion) in 2023 fell on bank transfers and payments, followed by cryptocurrency assets ($1.4 billion) and electronic transfers ($343.7 million). Most often, scammers use email, phone calls and text messages to communicate with victims, according to an FTC study.^[1]

Hackers created 750 million fake Microsoft accounts and attacked companies around the world

On December 13, 2023, Microsoft announced the elimination of the American infrastructure of a cybercriminal group called Storm-1152. It is alleged that the attackers created approximately 750 million fake Microsoft accounts, which were then used to organize all kinds of fraudulent schemes. Read more here.

In the United States, a Ukrainian was sentenced to 8 years in prison for creating an online platform that sold data from millions of Americans

On November 28, 2023, the US Department of Justice announced that District Judge Kathryn Kimball Mizelle sentenced Ukrainian citizen Vitaly Chichasov to eight years in prison for creating and managing an online platform that sold data from millions of Americans. Personal information such as names, dates of birth and social security numbers were distributed through the SSNDOB Marketplace. Read more here.

Hackers hacked and stole data from institutions of almost the entire US state

On November 9, 2023, the authorities of the US state of Maine reported a large-scale cyber attack, during which a huge amount of personal data was in the hands of the attackers. It is said that cybercriminals stole information about about 1.3 million citizens, that is, almost the entire population of the state was affected. Read more here.

Hackers hacked Boeing IT systems and posted secret documents on the Internet

On November 10, 2023, the cybercriminal group Lockbit posted on the Internet secret documents of Boeing, one of the world's largest manufacturers of aviation, space and military equipment. The released data was stolen as a result of the introduction of a ransomware program into Boeing's IT infrastructure. Read more here.

Casino operator Caesars paid hackers $15 million after hacking

On September 7, 2023, the American casino and hotel operator Caesars Entertainment reported a large-scale cyber attack on its computer infrastructure, as a result of which a large amount of customer information was stolen. The company paid hackers about $15 million - half of that amount. Read more here.

In Las Vegas and several US states, hackers disabled slot machines

On September 12, 2023, the American casino operator MGM Resorts International reported a large-scale cyber attack on its information infrastructure, as a result of which slot machines throughout the United States were disabled. Read more here.

The world's largest manufacturer of pleasure craft Brunswick admitted to losing $85 million due to a hacker attack

Brunswick Corporation, the world's largest manufacturer of pleasure craft, disclosed the damage from a serious cyber attack in early August 2023. The hacker invasion became known in June 2023. It is said that the attackers caused damage in the amount of approximately $85 million. Read more here.

American cosmetics manufacturer Estee Lauder reported a cyber attack that paralyzed the company

On July 18, 2023, the American cosmetics manufacturer Estee Lauder announced a hacker invasion, as a result of which the company's information infrastructure was paralyzed. Read more here.

Millions of US Army emails sent to Africa by mistake for 10 years

In mid-July 2023, it became known that millions of emails for the US military for about 10 years were mistakenly sent to Africa. Read more here.

The life of an entire American city with a population of 200 thousand people is paralyzed due to an ransomware virus attack

On May 25, 2023, the mayor's office of the American city of Augusta (Georgia) reported a massive cyber attack, due to which it was necessary to disable some computer systems. The BlackByte ransomware group claimed responsibility for organizing the attack. Read more here.

Colleges and schools across the US have shut down their IT systems due to a massive ransomware virus attack

At the end of April 2023, several educational institutions in the United States announced the shutdown of their IT systems due to massive cyber attacks, during which ransomware was used.

In particular, on April 30, 2023, Bluefield University, a private Baptist school in Bluefield, Virginia, with about 1,000 students, released a statement that IT services had to be stopped indefinitely due to an invasion by cybercriminals. Key services, including email, are not working. At the same time, BridgeValley Community and Technical College in West Virginia said it had fallen victim to a ransomware program.

Penncrest School District, which serves thousands of students in Crawford County (PA), reported a ransomware attack that disrupted internal information systems. In addition, the Nashua School District in New Hampshire announced a massive cyber attack: an investigation is underway into this incident. State Truman University in Kirksville (Missouri) said it was restoring its services after a hacker invasion that forced it to shut down the campus network.

Attackers are actively attacking small American colleges and K-12 educational institutions. It is noted that many students are at the stage of final exams, but due to the spread of ransomware viruses, the planned sessions had to be postponed. The Akira ransomware gang is known to be behind some of the intrusions. In particular, it was this cybercriminal group that attacked the BridgeValley infrastructure. How much data the attackers managed to steal is not clear. In general, during January-April 2023 alone, at least 27 educational institutions in the United States were attacked by ransomware.^[2]

US, Taiwan team up to defend against China's cyber attacks

Lawmakers in the US Congress have introduced a bill that would require the Pentagon to significantly expand cybersecurity cooperation with Taiwan to protect the island from cyber threats from China. This became known on April 23, 2023.

The Cybersecurity Sustainability Act would authorize the US Secretary of Defense to conduct cyber exercises with Taiwan, protect the island's military infrastructure and systems, and eliminate malicious digital activity against the island.

We must fight back against the growing aggression of the Chinese Communist Party (CCP) and its attempts to undermine democracy around the world, including through hostile cyber attacks. Too often, China used Taiwan as a testing ground for its cyberattacks, which were later aimed at the United States, the bill says.

Lawmakers noted that the legislation would help "arm Taiwan to the teeth in the cybersphere by strengthening the island's cyber powers and creating a stronger partnership between the U.S. and Taiwan to protect key systems that keep the U.S. island's military and economy operational and ^[3] teaming up ^[4].

Western Digital powerless before cyber attack: The company's services have been lying for a week

On April 7, 2023, Western Digital offered customers a workaround to access their files stored on the My Cloud cloud service. Serious problems in the operation of this platform arose after a cyber attack, the consequences of which the company could not eliminate even after a week. Read more here.

Western Digital confirms hacking of its IT systems and business disruption over it

On April 3, 2023, Western Digital announced that its information infrastructure had been hacked. Unknown attackers committed a cyber attack, as a result of which some Western Digital systems were damaged, and certain business operations were disrupted. Read more here.

The IT systems of thousands of companies around the world have been hacked due to a cyber attack on a corporate telephony provider 3CX

On March 29, 2023, it became known about a large-scale cyber attack through the supply chain related to the 3SKh VoIP telephony system. The IT systems of thousands of companies around the world are at risk. Read more here.

Hackers hacked into American police computers and extorted money from citizens whose data was stolen

On March 14, 2023, the US Department of Justice (DOJ) filed charges against two alleged members of the ViLE cybercriminal group. Men are suspected of doxing - searching and publishing on the Internet personal and (or) confidential information about victims. Read more here.

Largest group of ransomware hackers hacked into computers of key contractor SpaceX

In mid-March 2023, the cybercriminal group LockBit announced IT infrastructures the hacking of Maximum Industries, which is said to be a contractor for a private aerospace corporation. SpaceX Elona Musk More. here

FBI confirms hacking of its computer network

On February 17, 2023, the Federal Bureau of Investigation (FBI) reported a cyber attack on its computer network. Specialists of the department have already begun to investigate the incident. Read more here.

One of the largest web hosting operators GoDaddy stole source codes as a result of a long-term cyber attack

On February 16, 2023, GoDaddy, one of the largest web hosting operators in the United States, reported a cyber attack that lasted several years. During the hack, the attackers, in particular, managed to steal the source codes of the platform. Read more here.

20,000 students in West Virginia did not attend school for several days due to a cyber attack

On February 3, 2023, it became known that Berkeley County Schools had a massive malfunction of computer networks caused by a cyber attack. As a result of the incident, almost 20 thousand students in West Virginia were forced to miss classes, and various planned events had to be canceled. Read more here.

US fast food chain Chick-fil-A has customer accounts hacked

In early January 2023, the popular American fast food chain Chick-fil-A was hacked. Customers of the company complained about the theft of money and other fraudulent actions in their accounts. For example, a Georgia resident reported swindlers using her mobile app to buy food in Maryland, according to WSB-TV. Hackers hacked into its software and spent hundreds of dollars from a personal account, ordering half of the Chick-fil-A menu. Read more here.

2022

Ransomware viruses hit 870 critical US infrastructure

In 2022, at least 870 critical infrastructure facilities in the United States became victims of ransomware. Such data are provided in a report published on March 14, 2023 by the Federal Bureau of Investigation. Read more here.

FBI published a list of the most popular online crimes and the loss of Americans from them

In 2022, Americans lost more than $10 billion due to various fraudulent schemes and crimes on the Internet. This is stated in a report published in early March 2023 by the US Federal Bureau of Investigation.

The document was prepared by specialists from the Center for Complaints about Internet Crimes (IC3) as part of the FBI. It is said that during 2022, the center received more than 2,000 reports of various cybercrimes every day. The total loss of victims of intruders reached $10.3 billion. For comparison: in 2021, losses were estimated at $6.9 billion, and in 2020 - at $4.2 billion.

In first place in terms of damage in 2022 were investment fraud - $3.31 billion. Next are cyber campaigns aimed at compromising business email: such schemes brought attackers approximately $2.74 billion. Due to fraud on behalf of the technical support service, the Americans lost $806.55 million. Theft of personal data turned into losses in the amount of $742.44 million.

In 2022, victims of cybercriminals most often complained of phishing: in total, IC3 received more than 300 thousand such messages. In second place is the leakage of personal data - about 59 thousand complaints. Almost 52 thousand Americans reported that fraudsters did not fulfill their obligations to transfer money or deliver purchases.

The report states that the number of recorded incidents with ransomware has decreased, but such malware still poses a serious threat, especially for organizations working in the health care sector, the public sector, in the fields of financial services and information technology. It is also noted that a high level of activity of fraudsters posing as employees of various call centers remains.^[5]

US Federal Marshals Service attacked by ransomware virus

At the end of February 2023, the US Federal Marshals Service was subjected to a cyberattack using a ransomware virus. First, this was reported in the media, and the department confirmed the incident. Read more here.

Bay Area Rapid Transit (BART) cyber attack

On January 6, 2023, the Vice Society cybercriminal group announced the hacking of the Bay Area Rapid Transit (BART) computer infrastructure, one of the largest high-speed electric train systems in the United States. Read more here.

Hackers attacked 3 US nuclear laboratories

On January 6, 2023, it became known that the Cold River hacker group attacked three American nuclear research centers that are part of the US Department of Energy. Read more here.

How many government agencies, schools and hospitals in the United States have been affected by ransomware viruses

On January 2, 2023, the company cyber security Emsisoft published the results of a study that examined the intensity of ransomware attacks on state and medical structures, as well as educational institutions. USA More here.

Hacking of dispatching software and receiving bribes from taxi drivers for a place in line at a New York airport

On December 20, 2022, the US Department of Justice (DOJ) announced the arrest of two men from Queens (New York City area) for allegedly conspiring with Russian hackers to hack into the taxi control system at John F. Kennedy International Airport. Read more here.

FBI covered 48 domains of DDoS mercenaries

The US Department of Justice confiscated 48 domains and charged six suspects with administering boot services. In addition, the suspects are accused of using IP stressers against other people's networks and servers, which is a violation of the law. This became known on December 15, 2022. Read more here.

US and UK agree on mutual access to cloud storage "to combat terrorists and smugglers"

On October 5, 2022, it became known that the United States and the United Kingdom began implementing an agreement on access to data, which, according to them, will help law enforcement agencies in both countries fight terrorism and smuggling. Read more here.

The number of ransomware attacks on US medical organizations increased by 94%

On July 15, 2022, it became known that from 2021 hospitals , throughout the territory USA , they became the target of an aggressive campaign programs extortioners emanating from. North Korea This was announced. US authorities

Ransomware attacks on medical organizations increased 94% from 2021 to 2022, according to a report by cybersecurity agency Sophos. More than two-thirds of health care facilities in the U.S. said they were hacked in 2021, up from 34% in 2020.

In the United States, attacks on medical institutions using ransomware are much more frequent: in 2021, 41% of such attacks worldwide were directed against American companies.

In healthcare, where even a few minutes of downtime can be fatal, attacks like this often become devastating. In 2021, a newborn died in Alabama because heart rate monitors failed due to hacking. The child's mother filed a lawsuit calling the baby's death the first "ransomware death."

Ransomware attacks ON forced some hospitals to interrupt, chemotherapy delay the issuance of test results and delay the admission of patients to maternity hospitals. Hospitals even had to reroute ambulances because their emergency departments could not admit new patients.

Medical institutions are an attractive target for hackers, as they usually pay a ransom - so as not to risk the lives of patients. So, in 2021, 61% of medical organizations paid a ransom - the highest figure among all industries.

CISA and other organizations advise hospitals not to make payments, since in this way they only become even more attractive targets.

about Information patients is being digitally translated more and more. In 2009 state , the Obama administration passed a law requiring all and non-government health facilities to switch to digital health records by 2014, leading to a massive migration of paper-based data patient records to online systems.

However, hospitals have weak protection against threats, since many institutions simply did not have enough time and budget to ensure cybersecurity after such a large-scale digital transformation^[6]

Chinese hackers stole hundreds of gigabytes of commercial secrets from American companies

The Chinese hackers stole hundreds of gigabytes of commercial secrets the American from companies. This became known on May 5, 2022. More. here

The State Department announced a reward of $10 million for information about "Russian hackers"

At the end of April 2022 , the US State Department announced a reward of $10 million for information about allegedly six Russians whom the department considers involved in a hacker attack on US institutions in June 2017 using the Notpetya virus . Read more here.

US Department of Health prepares for attack by Russian hackers on hospitals

The US Department of Health has issued an IT manual for the management of hospitals, clinics and other medical institutions, fearing that hackers "supported by Russia" are paralyzing their digital infrastructure, making patient care impossible. This became known on March 25, 2022. Read more here.

China accused the United States of hacking computers to organize cyber attacks on Russia and Ukraine

China has been subjected to continuous cyber attacks since February, during which Internet addresses in the United States were used to seize control of Chinese computers directed against Belarus, Russia and Ukraine. This became known on March 12, 2022. Read more here.

FBI: Hackers send state-owned companies USB flash drives with viruses

In early January 2022, the US Federal Bureau of Investigation warned that hackers were mailing malicious USB drives to public and private companies in the hope that recipients would use the devices and thereby infect internal networks. This has been happening with impunity since at least August 2021.

According to ZDNet, the hacker team was FIN7 involved in the spread of malicious devices under the guise of a gift that it sent to various companies by mail. Attackers sent two different types of gifts to different companies. The US Federal Bureau of Investigation (FBI) reports that the first statements about strange parcels were received from a logistics, transport and defense company.

The first package was a letter with a USB drive from the allegedly Department of Health or US Social Security. Hackers motivated employees to connect the device to a computer using the text of a letter stating that the drive contains useful information on countering the spread of coronavirus infection (COVID-19). The second parcel was sent on behalf of Amazon, complete with a decorative gift box, with a letter of thanks or receiving an impressive bonus when performing further procurement operations on the Internet platform.

It's like evolution, only in the opposite direction... At a time when attacks are carried out using third-party software components and open source software, this looks like a step back to a bygone era when the start of an attack depended on human error or event. It could have been an attempt to cash in on lowering the level of defense when everyone is talking about more difficult attacks. Regardless, it demonstrated that attackers will not ignore any path to your wallet, "said Purandar Das, co-founder and CEO of Sotero.

In both of these cases, company employees and their management were simply misled, because of which the latter connected malicious flash drives to personal computers or laptops. The packages were shipped using the United States Postal Service and United Parcel Service. Both options contained LilyGO-branded USB drives that, when connected to the device, carry out a BadUSB attack and infect the victim's computer with malicious software (software) that gives hackers access to the company's internal network.

The BadUSB attack involves exploiting a vulnerability in the USB firmware that allows it to act as a device with a human-computer interface and inject malware. Having gained access through an attack, hackers FIN7 then use various malicious tools to inject ransomware viruses, including Metasploit, Cobalt Strike, PowerShell scripts, Carbanak, Griffon, Diceloader and Titian.^[7]

2021

Japan and the United States unite in the fight against cyber drivers

The governments of Japan and the United States plan to begin cooperation in the fight against ransomware viruses. This became known on December 27, 2021.

It is expected that Tokyo Washington they will agree on measures of cooperation in the region at the cyber security bilateral Security Advisory Committee in the "2 + 2" format, in which the heads of defense and foreign policy departments of both, countries scheduled for January 7 online, will take part.

The authorities of Japan and the United States will transmit and jointly analyze information about committed cyber attacks. In addition, the authorities of the two countries will establish the identities of hackers and develop appropriate countermeasures, as well as increase the resistance of local enterprises to the actions of cybercriminals on the network^[8] States ^[9].

Hacking the U.S. Commission on International Religious Freedom

In mid-December 2021, hackers gained access to the internal network of one of the federal government agencies in the United States, the antivirus company Avast reported. According to The Record, the target of the attack was the US Commission on International Religious Freedom (USCIRF). Read more here.

Russian in the United States received 4 years in prison for managing a service that hides viruses

In December 2021, Russian Oleg Koshkin in the United States received 4 years in prison for managing a service that hides viruses. Read more here.

US Cybercom confirms cyber attacks against ransomware

The United States Cyber ​ ​ Command (United States Cyber ​ ​ Command) publicly recognized the offensive actions to neutralize cybercriminal groups that attacked American companies with ransomware. This became known on December 6, 2021.

A US Cybercom spokesman in an interview with CNN declined to clarify exactly what actions the team of experts took. Computer operatives in the US military are increasingly willing to hack criminals, not just statesmen who pose a threat to critical US infrastructure. But this is one of the first unambiguous confirmations of Cyber ​ ​ Command that the department is aimed at criminal groups that hold the computer systems of American enterprises "hostage."

US government security agencies began actively targeting ransomware groups after attackers hacked the networks of fuel giant Colonial Pipeline and meat producer JBS in early 2022.

According to the head of the US Cybercom and the National Security Agency Paul Nakasone, the US government launched offensive actions against ransomware operators, including trying to block the sources of funding for hackers.

The U.S. government's counteroffensive against ransomware groups, many of which are based in Eastern Europe and Russia, also includes charging alleged extortionists and authorizing cryptocurrency exchanges accused of laundering money for hackers.

However, it is not just the US government that has decided to take more aggressive action against ransomware. The UK Government Communications Center announced plans to use the national cyber forces formed in 2020 to hack and prosecute ransomware groups. Although details of such operations are usually kept secret, they usually include blocking criminals' phone signals or interfering with their servers,^[10], the Financial Times notes].

Information security agencies warned of growing number of cyber attacks by Iran-linked groups

The cyber conflict between the United States and Iran continues to heat up. This became known on November 18, 2021. Read more here.

Hackers hacked into FBI mail system

In mid-November 2021, hackers sent thousands of fake emails from the real address of the Federal Bureau of Investigation (FBI), warning recipients that their networks were being attacked by a reputable cybersecurity researcher . Hackers sent about 100,000 fake letters allegedly from the FBI warning of a cyber attack on the addressee's systems. The letters indicated that cyberattack was carried out by cybersecurity expert Winnie Troy, who in 2020 conducted an investigation into the hacker group The Dark Overlord. Read more here.

Natives of Estonia and Lithuania received prison sentences in the United States for the services of "bulletproof" hosting to hackers

In October 2021, natives of Estonia and Lithuania received prison sentences in the United States for providing hosting services to hackers. Details are given on the website of the US Department of Justice. Read more here.

Ransomware Viruses Attack U.S. Water and Sewer Systems

In mid-October 2021, in a new recommendation, the US Cybersecurity and Infrastructure Protection Agency (CISA) warned operators of the country's water supply and sanitation systems about many cyber threats aimed at disrupting their work. The cybersecurity company Dragos, in conjunction with CISA, the FBI, the NSA and the United States Environmental Protection Agency (EPA), has compiled a list of cyber threats aimed at the information and operating technologies underlying the networks, systems and devices of water supply and sewerage facilities in the United States.

The notification, targeted phishing, names one of the most common methods used by cybercriminals and nation states to gain access to water systems, and explains that it is often used to deliver malware, including ransomware viruses. CISA added that since IT and OT systems are often integrated with each other, access to one of them automatically gives attackers access to the other.

CISA also mentioned the operation of Internet-connected services, such as the Remote Desktop Protocol (RDP), as another tool used to attack water systems. According to information security experts, many water system operators use RDP and other tools to remotely access systems, which makes them vulnerable to outdated operating systems (OS) or software (software).

The notice lists several attacks, including one in August 2021, during which a ransomware virus program called Ghost was implemented on a facility in California. The attackers spent a month inside the system, after which they posted their ransom message on three dispatch control and data collection servers. In July 2021, a ransomware virus attack called ZuCaNo damaged a sewage treatment facility in Maine located in the northeastern United States. In September 2020, the Makop ransomware virus hit a facility in New Jersey, and in March 2019, an attempt was made to threaten drinking water in a Kansas city.

CISA has listed a number of factors that operators should look out for, including the inability to access certain system controls such as dispatch control and data collection (SCADA), unfamiliar data windows or system alerts, abnormal operating parameters, and more. The service called on water bodies to strengthen security controls around RDP and implement robust network segmentation between IT and OT networks. All facilities must have an emergency response plan and take into account the wide range of consequences that a cyber attack can have on the functioning of systems. CISA noted that there should also be systems that physically prevent certain dangerous conditions from occurring even in the event of a system seizure.

Water Infrastructure Incident Response Specialist from cyber security firm Critical Insight, Bjorn Townsend, said alerts like this indicate CISA has specific evidence that threat actors are trying to intervene in our water systems on an ongoing basis and the service is trying to alert water system operators to this fact.

According to Bjorn Townsend, water systems often face a lack of resources, both in terms of management and TECont, and even a lack of investment in regular software and hardware updates for industrial control networks in these systems. Another problem is the lack of cooperation between water system operators and municipal IT specialists. Funding shortages are often the biggest challenge facing operators, as many organizations are limited to just the number of people who can perform these routine tasks. Their available staff are usually close to the minimum number required to respond to support requests.^[11]

US ambassador summoned to Russian Foreign Ministry due to interference in Russian elections

On September 11, 2021, it became known that he Ministry of Foreign Affairs of Russia summoned USA To Moscow the ambassador to John Sullivan to discuss the interference the American IT of -companies in the elections in. State Duma Read more. here

FBI: Attacks by ransomware viruses hit food and agricultural companies

On September 1, 2021, the FBI sent out a notice warning food and agriculture companies to beware of ransomware attacks. Read more here.

FSB of Russia agreed with the US authorities on the joint identification of cybercriminals

On June 15, 2021, information appeared that it Russia would work USA with in the field of detection - hackersextortioners within the framework of the agreement between the presidents of the two. countries This was announced by the director. FSB Alexander Bortnikov More. here

US Department of Justice puts ransomware virus attacks on a par with terrorism

In early June 2021, the US Department of Justice reported that ransomware attacks were equated to terrorism and received appropriate priority in investigations. The Justice Department's decision followed attacks by hackers on Colonial Pipeline and JBS, which led to fuel shortages on the east coast of the United States and beef shortages in North America and Australia. Read more here.

Hacking of US authorities due to vulnerability in Pulse Secure VPN equipment

According to a report by information security company FireEye, published at the end of April 2021, many US government agencies, defense companies and financial institutions in the US and Europe have been attacked by hackers through a vulnerability in VPN equipment. Read more here.

The White House intends to strengthen the cybersecurity of energy companies in the United States

The authorities of the United States of America intend to strengthen the cybersecurity of the energy system in the country. The so-called "action plan" of the administration of US President Joe Biden is designed to stimulate energy companies to radically change the way they protect themselves from cyber attacks by installing sophisticated new monitoring equipment and faster detection of hacks^[12].

According to a 6-page draft of the US National Security Council plan at the disposal of Bloomberg News journalists, utilities will need to identify critical sites that, if attacked, could have an undue impact on the network.

The plan would also expand the U.S. Department of Energy's partially classified program to identify vulnerabilities in power system components that could be exploited by the country's cyber adversaries, including Russia, Iran and China.

The plan marks the first step in a wide-ranging program to protect utilities from cyber attacks that put millions at risk of being left without electricity, water or gas. According to a source of the news agency, the final version of the plan may be presented this week.

US National Oil Council releases report on cyber security risks in oil and gas industry

Representatives of the National Petroleum Council (NPC) published^[13] report Dynamic Delivery: America's evolving oil and natural gas transportation infrastructure developing infrastructure for transporting oil and natural gas in America "), designed to help companies and organizations in the oil and gas industry better respond to cyber attacks^[14].

Plains All American Pipeline Senior Vice President of Technology, Processes and Risk Management Al Lindseth explained that a potential cyber attack on OT networks (Operational Technology) could lead to huge economic consequences for companies, including consequences for the environment, as well as human health and safety.

One of the key findings of the report concerns the importance of cooperation between industry companies and government agencies to reduce cyber risks. The so-called SMART approach calls for information exchange in both IT and OT. The SMART approach refers to information that is "specific, measurable, actionable, relevant and timely."

"We can build trust in relationships and we can share more information with others. It is especially important to be able to share with each other not only ordinary, simple data, but also more confidential and specific information that can serve the benefit of everything and improve the security of the entire industry, "said Angela Haun, executive director of the Center for Oil and Natural Gas Information Exchange and Analysis (ONG-ISAC).

The head of the FBI asked private companies to report hacker attacks

When American companies become aware that they have been attacked by cybercriminals or government-funded hackers, they must report it to the authorities and provide them with all the necessary information that can help the government better contain attacks by so-called "state" hackers. This was announced by FBI Director Christopher Wray, speaking to the US Congress. ^[15].

According to Ray, the correct behavior of companies that are victims of cyber attacks will help the government develop a kind of early warning system for attacks by foreign hackers conducting large-scale cyber operations against many American companies and government agencies. FBI explained, it is very important to identify the organization that became the first victim in a series of cyber attacks by foreign hackers so that the threat can be prevented from spreading further.

Hacking 60,000 companies due to vulnerability in Microsoft Exchange Server

In March 2021, it became known about the hacking of computer systems of at least 60 thousand companies in different countries due to a vulnerability in Microsoft Exchange Server software. Read more here.

In Florida, a hacker remotely poured a caustic substance into a water utility

In mid-February 2021, an unknown attacker gained remote access to a water treatment plant in Oldsmar, Florida, and tried to poison the water supply by raising the sodium hydroxide content to toxic levels. Sodium hydroxide, a caustic substance also known as caustic soda, is used to control acidity and remove heavy metals from water. In very small doses, its presence in water is safe, but in high concentrations it can cause various complications, from skin irritation to death as a result of severe burns. Read more here.

US Cybercom has placed its specialists in Macedonia, Montenegro and Ukraine

US Cybercom has deployed its specialists in Macedonia, Montenegro and Ukraine. This became known on February 5, 2021. Read more here.

2020

US intelligence agencies confirm a large-scale cyber attack on the government

The Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and the Office of the Director of National Intelligence issued a joint statement in December 2020, in which they reported on the "ongoing last few days" of a large-scale cyber attack on US government structures. The special services did not specify who was behind it. Earlier, the hacking of state systems was reported by the media. According to them, the attacks were organized by Russian hackers^[16][17].

"This is an evolving situation, and while we continue to work to fully understand the scope of this campaign, we know that this cyberattack has affected networks within the federal government," the statement said. Which structures were hacked is not specified.

A single cybersecurity coordination group has been formed to investigate the hack. Federal civilian agencies are tasked with immediately disconnecting from SolarWinds' Orion program. Earlier, the media wrote that it was through this program that hackers gained access to government structures.

Hacker attack on FireEye, theft of information security tools from the company

In December 2020, FireEye reported cyber attacks on the company. The maker of cybersecurity solutions believes government-sponsored hackers are behind the attack. FireEye has a lot of government contracts related to ensuring the national security of the United States and allied countries, Reuters notes. Read more here.

Iranian hackers send threatening letters to American voters

The Iranian hackers sent American threatening letters to voters. This became known on October 22, 2020. More. here

Hackers broke into US state networks through "holes" in VPN

The National Agency for cyber security Infrastructure Protection USA and Protection CISA () published a report that some "supported" state hackers attacked US election support systems, exploiting vulnerabilities in -networks VPN, as well as in (Windows CVE-2020-1472). were Attacks also aimed at government networks in general and at. critical infrastructure This became known on October 15, 2020.

Experts, however, show some uncertainty in their statements.

It is not like these goals were chosen in direct connection with the upcoming elections, the CISA and FBI said in a statement. - Information about elections in some government networks may be under threat.

Thus, in some cases, the attackers managed to penetrate the election support systems, but there is no evidence that the integrity of information in them was violated anywhere.

For initial penetration, attackers took advantage of vulnerabilities in VPN servers available from the Internet, in particular CVE-2018-13379 (Fortinet FortiOS SSL VPN) and CVE-2020-15505 (Mobile Iron Unified Endpoint Management) for mobile devices.

Then they exploited the Zerologon vulnerability in Windows (CVE-2020-1472), which allows you to elevate privileges to the level of a domain administrator; this allows you to seize control of the entire domain and change passwords for its users^[18].

At the same time, the CISA publication stipulates that the attackers then used legitimate access tools (VPN, RDP) with compromised details.

CISA did not specify the origin of the "state" hackers, but it is likely that we are talking about the same attacks that Microsoft attributed in early October 2020 to the Iranian cyber group Mercury (aka MuddyWater, SeedWorm, TEMP.Zagros), which actively uses Zerologon.

CISA has also warned of a series of other vulnerabilities that could also be exploited to attack government agencies and critical infrastructure to gain primary access. This refers to CVE-2019-19781 in the development of Citrix Net Scaler, CVE-2020-15505 in the development of Mobile Iron, CVE-2019-11510 in the development of Pulse Secure, CVE-2020-2021 (Palo Alto Networks) and CVE-2020-5902 (F5 BIG-IP).

All these vulnerabilities are urgently recommended to be fixed, especially by government agencies and critical information infrastructure facilities.

Up to 75% of all cyber attacks in the world are controlled from the United States - Security Council of the Russian Federation

Striving to ensure world dominance, the United States and its allies, on the one hand, are increasing efforts to carry out intelligence and destructive actions in the information space of other countries, and on the other hand, declare Russia, China, North Korea and Iran as the main sources of cyber threats. Thus, Washington is purposefully forming a "media picture," which is designed to justify in the eyes of the world community any subsequent actions, including of a forceful nature, against geopolitical competitors^[19].

The result of artificial escalation of confrontation in the information sphere is tension in international relations, slowing down the development of the global economy due to sanctions, as well as undermining confidence in digitalization processes in general.

Of the latest such actions, in particular, it can be noted that unproven accusations of cyber attacks against state bodies and the media of Georgia in October 2019 were made against Russia.

Similarly, hype was fanned about "inhuman" attacks on objects health care Czech Republic involved in the fight [[coronavirus. "Russian hackers" are trying to attribute attempts to gain access to the networks of vaccine developers against COVID-19 against from the United States]], and. Great Britain Canada

A separate topic is the alleged Russian influence on the results of the elections in the United States, in particular using information technology. This issue has become a "bargaining chip" in the heightened opposition of American political elites.

As a result, the US president instructed to launch a covert cyber attack on the Russian Internet Research Agency, which was named by the US intelligence services as a distributor of information qualified as interference without evidence. Donald Trump publicly admitted the fact of this attack in a recent interview with The Washington Post.

At the same time, according to fresh data published on the Yahoo News portal, in 2018, the US President endowed the CIA with expanded powers in the implementation of offensive operations in cyberspace, including operations to disable the enemy's infrastructure.

For example, an analysis of reports from leading foreign and Russian companies working in the field of information security shows that the largest number of computer attacks are carried out using information infrastructure located in the United States.

Moreover, Americans are leading in statistics on malicious activity by a significant margin: for 2016-2019 - from 40% to 75%, depending on the type of malicious effects.

Russia is allocated from 2% to 7%. These data not advertised in the West, but publicly available, clearly demonstrate to any sane person the inconsistency of the thesis about the total Russian threat in cyberspace.

At the same time, according to the FBI, more than 300 thousand cybercrimes are recorded annually in the United States itself, which, according to various estimates, damage the American economy in the amount of $57 to 109 billion. And we persistently invite our foreign partners at the state level to follow the path of non-politicized interaction in the fight against computer attacks.

On the Russian side, regular exchange of expert information on manifestations of malicious activity is provided by the National Coordination Center for Computer Incidents. It is significant that the number of states with which such interaction is organized in 2019 increased from 116 to 146.

North Korean hackers attack US military sector

On July 30, 2020, it became known that North Korean cybercriminals attacked defense and aerospace enterprises in the United States. Attackers sent fake job offers to military industry employees to hack into computer networks.

According to experts from McAfee, cyber attacks began at the end of March 2020 and continued until May. The malicious campaign, called Operation North Star, is associated with the North Korean cybercriminal group Lazarus (aka Hidden Cobra).

In the attacks, criminals sent phishing emails encouraging recipients to open fake documents with job offers. As experts noted, the attackers used the template injection technique. The.docx file is a multi-part ZIP file. Using a template embedding technique, an attacker places a link in a template file in one of the.XML files. The link downloaded a template file (DOTM) from a remote server. Some of these template files are renamed to JPEG files on the remote server to avoid any suspicion. Template files contain macro code written in Visual Basic that loads the DLL implant into the victim's system. Malicious DLL files delivered through fake documents were used by hackers to carry out cyber espionage.

Attackers always try to go unnoticed during attacks, so there is often a technique such as imitating the User-Agent present on the system. For example, using the same User-Agent string from the web browser victim configurations avoids detection and disguises traffic. In this case, the criminals Windows API using the ObtainUserAgentString received the User-Agent and used this value to connect to the C&C server.

According to experts, the hackers ensured persistence on the system by delivering the LNK file to the startup folder^[20].

Fancy Bear attacks critical U.S. infrastructure

On July 27, 2020, it became known that the cybercriminal group APT28, also known as Fancy Bear, carried out a number of previously undisclosed attacks on American enterprises, ranging from government organizations to critical infrastructure. As reported in the FBI notification sent to the victims of the malicious campaign in May 2020, operation APT28 lasted from December 2018 to at least May 2020.

According to data to the FBI, the attackers mainly tried to hack into mail and VPN-, servers accounts Microsoft Office 365 and. email The list of victims includes "a large range of American organizations, departments of the federal and state governments, as well as educational institutions." In addition, as part of this malicious campaign, APT28, which Western experts consider related the Russian to the special services, attacked electric power plants in the United States.

According to the FBI notification, the attackers penetrated the networks of the attacked organizations phishing using letters sent to both corporate and personal mail of employees. In addition, they used brute-force attacks and the so-called "password-spraying" passwords- an attack during which popular passwords are entered into many accounts at once. If the password fits at least one, attackers gain access to it.

The number of victims in this malicious campaign is not specified. Nevertheless, according to experts from FireEye, they became aware of several organizations compromised using IP-addresses from the APT28 arsenal. However, in these cases, attackers did not infect hacked networks with malware, but ON moved through them like legitimate employees.

A few days after notifying the FBI, the US National Security Agency warned of a wave of attacks on Exim mail servers. This operation was carried out by another group, which the US authorities also consider to ^[21] associated with the Russian government^[22].

"Almost certainly it was the Russian intelligence services"

"Almost certainly it was the Russian special services":, and USA Canada Great Britain declare that the Russian "commit hackers to cyber attacks organizations related to the search for a vaccine against." coronavirus

A July 2020 publication published by the UK's National Cyber ​ ​ Security Center (NCSC) talks about attacks on organizations looking for a vaccine against COVID-19. The attacks are attributed to hacker group APT29, also known as Cozy Bear, which they claim "almost certainly" works for Russian intelligence agencies.

"APT29's campaign of malicious action continues. The actions are directed mainly against government, diplomatic, analytical, medical and energy facilities. Their likely target is the theft of valuable intellectual property, "the press release said. "With a probability of more than 95%" this group is associated with the Russian special services, the special services say.

"The group uses a variety of tools and techniques, including phishing and malware known as WellMess and WellMail," it said. The statement also mentions that before that Cozy Bear was not associated with these programs,

Earlier today, a statement by the country's Foreign Ministry appeared on the website of the British Parliament that Russia "almost certainly" interfered in the 2019 parliamentary elections: "Although we have no evidence, we consider interference unacceptable," Dominic Raab said in a statement. Here you can also find already familiar "high likes," "this is unacceptable!" and "we leave the right to retaliate."

The Kremlin commented on the accusations: "We do not have information on who could hack pharmaceutical companies and research centers in the UK. We can say one thing - Russia has nothing to do with these attempts, "said Dmitry Peskov, press secretary of the Russian president. The Russian Foreign Ministry also called these accusations unfounded

Russian hacker jailed for 9 years for selling stolen bank cards

On June 26, 2020, a federal court in the Eastern District of Virginia sentenced Russian hacker Alexei Burkov to nine years in prison for cyber fraud. Read more here.

US does not want to lay communication cable with China due to the threat of cyber espionage

On June 22, 2020, it became known that the United States does not want to lay a communication cable with China due to the threat of cyber espionage. The cable will allegedly allow Chinese intelligence services to gain access to American data.

As reported, the American Committee for the Assessment of Foreign Participation in the Telecommunications Services Sector Team Telecom recommended that the Federal Communications Commission (FCC) of the United States, based on national security concerns, refuse to lay the submarine cable system Pacific Light Cable Network (PLCN) on the bottom of the Pacific Ocean between Hong Kong and Los Angeles.

As Team Telecom fears, consisting of, and, the Ministry of Justice Ministry of Defence U.S. Department of Homeland Security cable will allegedly allow Chinese intelligence services to gain access to American data.

Team Telecom recommends that the FCC satisfy part of the PLCN application aimed at connecting the United States Taiwan and, which Philippines have no ownership in the People's Republic of China (PRC) and are separately owned and controlled by subsidiaries and, Google Facebook provided that subsidiaries of the companies enter into mitigation agreements for these respective connections. The Pacific Light Cable Network project involves laying a cable between Hong Kong and Los Angeles through Taiwan and the Philippines with a total length of about 13 thousand kilometers. This decision of the committee is related to the situation in the field of national security, including the efforts of the PRC government to obtain confidential data of American citizens. Thus, an underwater cable can be a rich and vulnerable data source for. China The laying of PLCN raised national security concerns for June 2020, as the influential investor in PLCN is a Hong Kong company - Pacific Light Data a subsidiary of the telecommunications provider in China Dr. Peng Telecom & Media Group. As members of the committee noted, PLCN is only one of several similar projects "causing such concern the United States[23] told in Team Telecom

SEC reaches agreement with accused of hacking her system

On April 9, 2020 U.S. Securities and Exchange Commission , she announced the conclusion of an agreement with a citizen, UkraineIgor Sabodaha whom the regulator, along with some other hackers, accused of hacking his IT system. More. here

CIA suspected of 11-year cyber espionage against China

• The Chinese INFORMATION SECURITY The company Qihoo 360 published a report linking the Central Intelligence Agency USA CIA to a long-term cyber espionage campaign targeting Chinese industrial and government organizations. This became known on March 4, 2020. The campaign continued between September 2008 and June 2019 and most of the targets were located in, Beijing Guangdong and Zhejiang, the researchers said. More. here

Ransomware virus attacked American gas pipeline operator and interrupted its operation

In mid-February 2020, it became known that the ransomware virus attacked the American gas pipeline operator and interrupted the compression plant. The date of the attack has not been announced, but technical recommendations are being given for other critical infrastructure operators to take appropriate precautions. Read more here.

2019

US Coast Guard base attacked by ransomware virus

At the end of December 2019, the US Coast Guard base was attacked by a ransomware virus that disabled cameras, door access control systems and monitoring systems. Read more here.

Cyber ​ ​ attacks on the aircraft maintenance system in Alaska

In late December 2019, RavnAir canceled nearly 20 flights in Alaska at the height of holiday Christmas travel. The reason was a cyber attack on the aircraft maintenance system. Read more here.

A record award was appointed for the capture of a Russian hacker in the United States

In early December 2019 , a record award was appointed for the capture of a Russian hacker in the United States. The State Department is ready to pay $5 million for information that will help detain the alleged leader of the cybercriminal group Evil Corp (also known as Dridex Gang) Maxim Yakubets. Read more here.

Medium and small businesses in the United States do not believe in the severity of cyber threats

The American SMB segment not only does not believe in the seriousness of the cyber threat, but also does not have any means to prevent the attack. A study conducted by industry experts showed that top managers of non-large enterprises do not even have any idea how to start preventing information security incidents^[24].

Cyberattack by Chinese hackers on the National Association of US Industrialists

In the summer of 2019, the network of the National Association of Manufacturers (NAM) of the United States was subjected to a cyber attack allegedly carried out by a cybercriminal group sponsored by the Chinese government. This became known on November 14, 2019. Read more here.

US blames North Korea for cyber attacks on financial sector

On November 12, 2019, it became known that the US Department of Defense accused cybercriminals working for the North Korean government of cyber attacks on the financial sector, including the SWIFT network, in order to enrich themselves. Read more here.

AT&T employees profited by installing hacker routers and viruses on the network

In early August 2019, AT&T employees were charged with fraud - they installed malware and unauthorized equipment on the company's network for a bribe. Read more here.

Viruses began to attack commercial ships

In July 2019, the U.S. Coast Guard issued two warnings highlighting the issue of cybersecurity on commercial marine vessels affected by viruses. Several ships were victims of email phishing due to many vulnerabilities in onboard systems.

The attackers presented themselves as official authorities of the US port and sent malware designed to hack on-board computer systems. The Coast Guard alerted stakeholders to the ongoing attacks but did not elaborate or provide any copies or hash files.

A second warning was sent out following an incident in February 2019 during an international flight. New York The vessel, bound for, said it was facing a serious one affecting cyber attack the on-board network of computers. A subsequent investigation by the Coast Guard and other agencies found that "while the malicious ON significantly impaired the functionality of the onboard system, the ship's main control systems were not affected." However, the interagency response team found the vessel lacked effective cybersecurity measures, leaving critical control systems vulnerable to hackers.

As a result of the incident, the Coast Guard also issued recommendations on cybersecurity. They include network segmentation and installation of antivirus software with timely updates. Given the growing reliance of ships on electronic mapping and navigation systems, protecting them with proper cybersecurity measures is as important as controlling physical access to a ship or performing routine maintenance.^[25]

US departments cannot patch "holes" in their IT systems, which have been known for 10 years

Vulnerabilities have been discovered in the computer networks of various US ministries, the existence of which these ministries have known for ten years, but which have not yet been eliminated. This is evidenced by the recently submitted report of the Senate Subcommittee on Homeland Security and Government Affairs. The report was compiled following an investigation that lasted ten months, writes The Hill^[26].

During the investigation, the departments of Homeland Security, Health and Human Services, Transport, Education, Agriculture, Housing and Urban Development, as well as the State Department (equivalent to the Ministry of Foreign Affairs) and the Office of Social Security passed the audit.

What the check found

The audit showed that of these structures, seven could not ensure adequate protection of personal data, and six did not install the necessary system patches against vulnerabilities on time. Eight ministries use legacy systems that are no longer supported by manufacturers.

The Departments of Homeland Security, Transportation, Agriculture, Health and Human Services still have not eliminated vulnerabilities found more than a decade ago. Critical vulnerabilities were discovered in the networks of the Social Security Administration, through which more than 60 million Americans can access personal data.

The Ministry of Education, as it turned out, since 2011 has not been able to close access to its networks for unauthorized devices. All it has been able to do is limit the time such devices stay on the network to 90 seconds, but this is enough to carry out an attack.

According to the chairman of the subcommittee, Senator Rob Portman, federal departments in the United States are subjected to cyber attacks quite often: in 2017 alone, 35,277 incidents were recorded. The senator emphasizes that against the background of such activity, the presence of vulnerabilities in networks is especially dangerous.

Fraudsters in the United States made millions saving users from "Russian hackers"

A user from USA paid $136.6 thousand to fraudsters who managed to convince her that her computer was hacked by "Russian hackers." It is reported by "" RIA Novosti with reference to the documents of the Federal Court for the Southern District New York^[27]

The defendants in the case are Gunjit Malhotra, Gurjet Singh and Jas Pal, who live in the Bronx. From April 2018 to February 2019, they repeatedly spoke to the victim by phone, posing as technical support personnel, according to the indictment. Over and over again, they convinced the user that problems with network system security, a computer company license and network equipment were found on her PC.

For a fee, the scammers agreed to "help" the victim restore the security and normal operation of the computer remotely. A few weeks after that, they called again and reported that the device was again under threat, since it was periodically hacked by Russian hackers.

The victim transferred fees for "services" to the accounts of two shell companies. In total, she made at least 18 payments: eight of them totaling $66 thousand in favor of Reussite Technologies and another ten in the amount of $71 thousand in favor of NY IT Solutions Inc.

US attacked Iran's computer systems by Trump decree

On June 23, 2019, information appeared that the president USA Donald Trump approved the launch Ministry of Defense of the country cyber attacks of computer systems Iran used to control the launch of missiles. As a result, the system was disabled. This was reported by The Washington Post, citing knowledgeable sources in intelligence services.

According to the newspaper, the attack, organized by US Cyber ​ ​ Command officers on computer systems controlled by the Iranian Islamic Revolutionary Guard Corps (IRGC), was carried out on the night of June 21, and preparations for it were carried out for "weeks, if not months." The process was coordinated by the CIA United States and Defense Department officials specializing in. Middle East The Pentagon invited Donald Trump to carry out this operation after the attributed Washington To Tehran attack on two oil tankers in the Gulf of Oman.

The White House and the US Cyber ​ US Cybercom (the government agency responsible for repelling threats and conducting operations in cyberspace) refused to comment on the publication's information.

As part of the policy and for operational security, we do not discuss cyber operations, intelligence or planning, said Pentagon spokeswoman Elissa Smith.

Earlier this month, Iranian authorities announced the elimination of a cyber espionage network allegedly deployed by the US Central Intelligence Agency.^[28]

President Trump declares US cyberspace emergency

On May 16, 2019, it became known that US President Donald Trump declared a state of emergency in US cyberspace. The statement is contained in the decree on ensuring the security of the supply chain of information and communication technologies and services, which was signed by the president.

In the decree, Trump explains that, according to him, US opponents are increasing the creation and exploitation of vulnerabilities in information and communication technologies and services used in the United States. Moreover, we are talking about those technologies and services where confidential information is stored, or which support the digital economy, as well as critical infrastructure and vital emergency services. Backdoors, Trump explains, are created with the aim of carrying out cybercriminal acts, including economic and industrial espionage against the United States.

Opponents have the opportunity to do this because in the United States there is no limitation on the purchase and use of technologies and services developed, produced or delivered by persons controlled by the jurisdictions of these opponents. Trump characterizes the current situation as "an unusual and extraordinary threat to national security, foreign policy and the US economy" and notes that it could have a "potentially catastrophic effect."

The President notes the importance of maintaining an open investment climate in ICT and the American economy in general, but stipulates that this openness should be in balance with "the need to protect our country against critical threats to national security."

Tram summed up the above:

In light of these surveys, I hereby declare a state of emergency with regard to this threat. Donald Trump, President of the USA '

The executive order empowers the U.S. federal government to prohibit any American person from acquiring and using foreign-born ICT equipment and services if it poses risks to U.S. national security. Determining which purchases are safe and which are not will be the Secretary of Commerce, in consultation with the Secretary of the Treasury, the Secretary of State, the Secretary of Defense, the Attorney General, the Secretary of Homeland Security, the Director of National Intelligence, the head of the Federal Communications Commission and other heads of various departments and departments.

At the same time, the Minister of Commerce has the right to develop some measures that can mitigate the degree of risk of a particular purchase. In this case, the purchase can be allowed, even if without these measures it would be prohibited. When exactly and in what way purchases from a foreign company should be stopped, the Minister of Trade also decides.

At the same time, the Director of National Intelligence is ordered to continue assessing the threats to the United States posed by foreign ICTs. The preliminary assessment must be completed within 40 days of the signing of the decree. The same assessment, in cooperation with relevant departments, should be carried out by the Minister of National Security, for which he is given 80 days. Subsequently, such an assessment will have to be made annually.

American IT publications agree that Trump's decree is aimed primarily at purchasing telecommunication equipment from. the Chinese Huawei The US president has long been known for his dislike of Huawei - he accuses it, whenever possible, of complicity, To Iran then of spying on US citizens and officials in favor of the government. China

Earlier, Trump officially banned all American officials from using Huawei gadgets and ZTE along the way, and in November 2018 called on allied countries to completely abandon Huawei telecommunications equipment, including base stations for 5G networks. In both cases, this was motivated by the possibility of espionage in favor of China, but in reality the call to abandon devices 5G Huawei of stems from the US desire to become a leader in the equipment market for fifth-generation networks.

Huawei has repeatedly denied the allegations, and in addition responded to them with a large-scale media company, giving journalists access to its campus and allowing them to interview key founder Ren Zhengfei, who usually keeps a low profile.

Under pressure from authorities, major U.S. cellular operators such as AT&T and Verizon have pulled out of selling Huawei smartphones in their stores. One of the US measures may be a ban on the use of the Huawei of the American OCGoogle Android in smartphones, but in this case the company has an alternative: it is actively developing its own Kirin OS platform, the existence of which Huawei confirmed on November 30, 2018.

In early December 2018, at the request of the United States, the Canadian authorities detained Huawei CFO Meng Wanzhou, Zhengfei's daughter, on suspicion of violating sanctions against Iran and stealing technology from the American company T-Mobile. Wangzhou was released on bail, China responded by detaining three Canadian citizens. This incident was the beginning of another round of confrontation between Huawei and the American government^[29].

2018

NCCCA: US and NATO cooperate with malware manufacturers

Intelligence agencies of the United States and other NATO countries are actively supporting the development of malware. Moreover, malware production is a multi-million dollar business that involves more than forty companies in the USA, Great Britain, France, etc. This was announced on Tuesday, December 11, at a briefing by the deputy head of the National Coordination Center for Computer Incidents (NCCCI) Nikolai Murashov^[30]

As an example, Murashov cited the now defunct French company Vupen, which sold exploits to the US National Security Agency. After Vupen closed, its founder moved to the United States and created Zerodium, which offers security researchers huge sums for zero-day vulnerabilities. During the speech, Murashov presented the current prices for Zerodium. For example, vulnerabilities in the iPhone cost up to $1.5 million, and in messengers Telegram, Viber, WhatsApp and iMessage - up to $500 thousand.

The deputy head of the NCCC also noted the need to combat the production of malware at the global level and, above all, in the legal plane. According to the expert, there is no ban on the development of malware "almost everywhere."

NATO to launch cyber command center

On October 18, 2018, information appeared that the North Atlantic Alliance intends to launch a cyber command center capable of containing and carrying out cyber attacks. It is assumed that the structure will be fully staffed and functional in 2023, Euractiv reports.

According to the resource, the staff of the cyber operations center Belgian in Mons will consist of 70 experts, who by 2023 will receive military intelligence and information in real time.

Our ultimate goal is to fully understand our cyberspace, to understand the state of our networks every minute so that the command can rely on them, "said Ian West, head of cybersecurity at NATO Communications and Information Agency.

Earlier, NATO Secretary General Jens Stoltenberg admitted the possibility of using Article 5 on collective defense by the countries of the North Atlantic Alliance in the event of serious cyber attacks by Russia. ^[31]

US National Security Agency seeks information on spy microchips from China

On October 11, 2018, it became known that the US National Security Agency (NSA) is searching for witnesses who could confirm information about the installation of Chinese spy microchips on the servers of American companies. This was reported by Bloomberg with reference to NSA expert Rob Joyce. Read more here.

China spied on Apple and Amazon through chips in hardware

In early October 2018, it became known that China spied on Apple, Amazon and other technology companies by installing special chips in equipment used in data centers.

According to Bloomberg, the American authorities suspected China of secretly using chips for surveillance back in 2015 and then began a secret investigation. These chips could be installed by Super Micro Computer.

In 2015, Amazon acquired video distribution software developer Elemental Technologies to expand the capabilities of its video streaming service Amazon Prime Video. While Amazon's main interest in the deal was not related to Elemental's government contracts, they complemented Amazon's related Web Services (AWS) business, which provides CIA cloud services in particular.

Amazon has hired a third-party firm to scrutinize the security of Elemental's purchase. Amazon's keen interest turned out to be expensive servers that the startup used in its networks to compress video. In these servers, which Super Micro Computer produced for Elemental, extraneous tiny microchips smaller than rice grain were found - their use was not provided for by the technical project.

Amazon notified the American authorities about this, and they were very worried, because Elemental servers were installed in data centers of the Ministry of Defense, used during CIA operations with drones, as well as on Navy warships. Elemental was one of hundreds of Super Micro Computer customers.

Over the three years of the investigation, which continues by the beginning of October 2018, it turned out that the chips introduced into computer equipment made it possible to create an "invisible door to any network," allowing, among other things, to make changes to the operation of the equipment.

Spy chips have integrated at facilities owned by manufacturing subcontractors in China, according to Bloomberg's knowledgeable interlocutors.

17 people, including 6 current and former senior national security officials, confirmed to the publication the fact of manipulation of components of the Super Micro Computer and other elements of the attack.

The news agency notes that this attack is much more serious than hacking software systems that the world is already accustomed to. Hacking through hardware is difficult to fix and can be more disruptive because it provides long-term hidden access to systems. Intelligence agencies have been willing to invest millions of dollars in such technology for years.

According to the publication, Apple removed Super Micro servers from its data centers in 2015 immediately after it became known about the data leak. In 2016, the contract between the companies was completely terminated.

Several additional investigations were subsequently conducted by American government agencies. The publication claims that no user data was stolen as part of that alleged hacking campaign.

Washington has long suspected Beijing of mass espionage using equipment manufactured by Chinese companies. Most electronic components are manufactured in the PRC. Theft of intellectual property became one of the arguments of US President Donald Trump when introducing new duties on the import of goods from China.

US Vice President Mike Pence also announced the fact of espionage in a speech at the Hudson Institute. He noted that Russia's interference in US affairs "fades in comparison with what China is doing."^[32]

The United States allowed itself preventive cyber attacks against Russia, China and its own allies

The US military has received expanded powers to conduct "preventive" cyber attacks. This follows from a document called "Cyber ​ ​ Strategy," published in September 2018 by the US Department of Defense^[33].

The new strategy allows the use of cyber attacks by the US military to "violate or block malicious cyber activity at its source, including activity that is below the level of armed conflict."

The strategy signed by Secretary of Defense James Mattis also implies "the creation of a more lethal force," that is, formations of hackers capable of preemptively striking the infrastructure of a conditional enemy.

The document stipulates that preventive strikes will be launched to prevent cyber attacks on critical US infrastructure, including voting systems and power grids. Under the new rules, military hackers will have the right to act at their own discretion; earlier, to begin active actions in cyberspace, approval from the National Security Council under the President of the United States would be required. Now, to conduct "preventive cyber attacks," neither the permission of the Security Council nor the approval of the National Security Agency will be required.

The Pentagon called the Russian Federation and China the main threats to US cybersecurity

The Pentagon published^[34] in September 2018, a new cybersecurity strategy in which it named Russia, China, North Korea and Iran as the main threats to US interests. The ^[35]. As noted in the document, the United States faces "imminent and unacceptable threats" in the form of "malicious cybercriminal activities."

"The United States was involved in a long-term strategic rivalry with Russia and China. Russia used information operations in cyberspace to influence our population and challenge our democratic processes, "the document says. China, according to the Pentagon, tried to steal confidential information from the American government and private sector companies.

In addition to the Russian Federation and the PRC, North Korea and Iran are among the main threats, which, according to the military department, are trying to use operations in cyberspace to "harm American citizens and the interests of the country."

In the future, the Pentagon intends to "suppress or suspend malicious activity" in advance, as well as create "deadlier forces," including to counter cyber operations, the document emphasizes.

US State Department publishes recommendations to Trump to strengthen cybersecurity

On Thursday, May 31, the US State Department published^[36] recommendations to President Donald Trump to strengthen cybersecurity. As noted in the accompanying statement of Secretary of State Mike Pompeo, the recommendations emphasize the importance of interaction between the State Department and the US government with foreign partners to combat threats in cyberspace^[37]

The document highlights five key areas of cybersecurity that will have specific goals. In particular, the main goals are: strengthening stability in the cyber sphere; identifying and countering cyber attacks, as well as finding their organizers; protection of the freedom of the Internet and the rights of its users; development of technical standards and protection of intellectual property.

The president is also recommended to create a mechanism according to which organizers and participants in cyber attacks will be held accountable. In addition, it is proposed to develop a spectrum of "rapid, sensitive and transparent consequences below the threshold of use of force" for violators. It is planned to develop mechanisms for the introduction of such "consequences." The president is also recommended to build cooperation with partner states to ensure a more effective response to cyber incidents.

Atlanta did not pay ransom to hackers and spent $3 million after cyber attack

On April 23, 2018, it became known that the authorities of the American city of Atlanta spent $3 million to restore IT systems after a cyber attack, although they could pay much less.

According to the SlashGear portal, Atlanta was subjected to a powerful attack to extort ransom, as a result of which especially important IT systems were affected. Hackers demanded a ransom in bitcoins equivalent to $51 thousand, but the city refused to pay. Instead, officials spent significantly more on rebuilding IT infrastructure after the cyber attack.

The attack took place on March 22, 2018, as a result of which many authorities and officials lost access to systems containing digital data, emails, etc. Why the city administration did not want to pay the ransom is not reported.

Sometimes, when trying to extort, hackers increase the ransom after the initial payment is made. Perhaps the officials assumed that the criminals would increase the amount of compensation.

However, some taxpayers are angry that Atlanta ultimately paid millions of dollars to address the issue. Officials paid large sums of money to several contractors, including SecureWorks and Pioneer Technology Group, according to data published on the Atlanta government's website.

As a result, the Atlanta authorities spent more than $2.5 million to solve this problem.

Ransom attacks are becoming more common and can affect small and large companies. Some companies give in to requirements and pay the requested amount, after which the malware is turned off. For example, in early 2016, a California hospital paid a bitcoin ransom to restore its IT systems after negotiations reduced the ransom to about $17,000.^[38]

The United States is already actively preparing for a possible cyber strike on the DPRK

Over the past six months, the US government has been actively preparing for a possible cyber strike on the DPRK. According to Foreign Policy, citing informed sources, a real US struggle has erupted between the special services responsible for espionage and cyber war^[39].

According to one of the sources, the first blow to the DPRK will be dealt, rather, with the use of digital, not physical weapons. "The first shot will be fired in cyberspace," the publication quotes the former head of one of the special services.

With the nuclear threat posed by North Korea, the US government has been secretly preparing for a possible cyber strike on it from South Korea and Japan for the past six months. The preparation involves the installation of fiber optic cables and bridges on the territory of these countries, the configuration of remote bases and stations for intercepting communications, with which hackers can gain access to the North Korean Internet isolated from the rest of the world.

According to sources, now the attention of the special services has completely and completely shifted towards the DPRK. The government is investing billions of dollars to build technical infrastructure and train specialists for cyber attacks on North Korea. Analysts specializing in certain regions are also reassigned. "If your specialization is Africa, you are unlucky," one of the sources noted.

Preparations for a cyber strike on the DPRK also involve the return to service from the reserve of military intelligence analysts. Over the past few months, the American government has also opened vacancies for the position of analysts with knowledge of the Korean language.

2017

Pentagon program to reward hackers for detecting vulnerabilities

In November 2017, it became known about the US Department of Defense (DoD) conducting an extensive program to encourage hackers to detect holes in the security systems of government agencies. A total of about $300 thousand was paid for indicating thousands of vulnerabilities.

In June 2015, information appeared that the HR office was subjected to a serious hacker attack, as a result of which the data of 4 million people fell into the hands of the attackers. After this incident and several others like it, the US Department of Defense began to investigate the possibility of encouraging third-party specialists to identify vulnerabilities.

The first program called Hack the Pentagon Pentagon was held from April 18 to May 12, 2016. During this period, 138 unique and legal reports on security holes were submitted, which led to a total amount of payments of $75 thousand with an individual incentive spread from $100 to $15 thousand. A few months later - in November 2016 - the Pentagon also launched the Hack the Army program to find problems with websites that facilitate military admissions, then, in May 2017, Hack the Air Force ("Hack the Air Force") to protect online assets belonging to a different branch of the military. The total amount of payments in these programs increased to about $300 thousand.

These time-limited measures were accompanied by an open program called the Vulnerabilities Disclosure Policy (VDP). The program does not provide a reward for detecting problems in the security system, but offers a previously unreachable legal way that allows individuals to flag problems with public sites and web applications. During the year, 650 people reported a total of 3,000 vulnerabilities.

VDP just started really sharply and began to represent value in a way that no one could have imagined when we launched the program, "Alex Rice, CTO of HackerOne, a company that worked with the US Department of Defense on the program, told Wired. 'It was assimilating something new. The Department of Defense understood this... if someone was still working to identify problems in the cybersecurity system, they did not have a legal channel to deliver this to the government.

According to the HackerOne website, the Pentagon was able to build an infrastructure to solve these problems relatively quickly, compared to private companies that have run similar programs in the past.^[40]

FBI blindly hacked computers in Russia

The FBI routinely hacked devices abroad as part of standard criminal investigations, according to released court documents. During the investigation of the Playpen website, which distributed child pornography, in 2015, the FBI hacked devices in Russia, China, Iran and other countries, according to The Daily Beast. A hacker operation using malware was carried out on the Deep Web (the shadow part of the Internet). Playpen visitors entered the site via Tor, so their real IP addresses were hidden, and law enforcement officers did not initially know the true location of those they hacked.

US State Department to close cybersecurity department

On July 20, it became known that the US State Department would close the unit that coordinated cybersecurity issues at the international level, Bloomberg writes, citing anonymous sources familiar with the situation.^[41]

As noted, the liquidation of the unit is part of the reorganization of the State Department, implemented by Secretary of State Rex Tillerson. The goals of the reorganization, in turn, are to eliminate duplication of functions performed by such special forces departments and regional departments, as well as to cut the budget by 30% in accordance with the intention of President Donald Trump (Donald Trump). Trump considers excessive spending on foreign affairs to be a manifestation of the "Cold War mentality," Bloomberg writes. Instead, he intends to focus on state security and the fight against terrorism.

The so-called Office of the Coordinator for Cyber ​ ​ Questions was created at the State Department in 2011 under President Barack Obama (Barack Obama). The office will cease to exist as an independent department and integrate into the Bureau of Economic and Business Affairs, another division of the State Department. As a result, the cyber coordinator will not directly report to the Secretary of State - all reports will be sent "up" the Bureau of Economics chain. Current coordinator Christopher Painter will leave his post before the end of the month.

According to a Bloomberg source in the State Department, the new position will strengthen the position of the coordinator on cyber issues. In addition, in the new department, he will be able to receive the necessary consultations on politics for work.

Supreme Court judge herself transferred $1 million to Internet thieves

In early June 2017, US Supreme Court judge Lori Sattler lost more than $1 million, becoming a victim of an Internet fraudster who deceived her using email.

According to Bleeping Computer, citing the New York edition of the Daily News, the judge received an e-mail letter from a certain person who called herself her real estate lawyer. Posing as a lawyer, the fraudster convinced the 51-year-old woman to transfer a round amount to his bank account - $1,057,500.

Having received the money, the fraudster immediately transferred it to the Chinese bank Commerce Bank of China. No further details have been reported.

The attacker, apparently, knew that the judge was buying a new apartment to replace the old one and was in correspondence with his lawyer, who was engaged in the execution of a real estate acquisition.

The letter from the fraudster came on June 7, but the woman turned to the police only after almost 10 days - on June 16.

Lucian Chalfen, spokesman for the Office of Judicial Administration, confirmed that the judge was indeed the victim of the crime, but declined to comment, citing an unfinished investigation.^[42]

The publication notes that over the past few days, this is the second high-profile incident in the United States related to Internet fraud.

Earlier, the Mail Tribune reported a similar case in Oregon, as a result of which the American University of Southern Oregon University lost more than $1.9 million.

The administration of the educational institution was also misled by e-mail. The university believed that they were transferring money to the contractor for work in a new recreational center for students, but in fact it turned out that the funds were sent to unknown attackers posing as representatives of the construction company Andersen Construction.^[43]

Donald Trump's decree to strengthen cybersecurity

At the end of January 2017, the president USA Donald Trump unexpectedly postponed indefinitely the signing of a decree dedicated to. cyber security The draft of this decree got into the media and was very widely discussed in the press, but for a not very clear reason, its signing has not yet taken place. There has been no explanation from the White House yet.^[44]

Representatives of the presidential administration shortly before the alleged signing of the decree briefly introduced the media to its content. The general principle of the decree was to comprehensively strengthen the cyber protection of state institutions. One of the key points was to assign full responsibility for the penetration of hackers into the infrastructure of federal structures, agencies and ministries to the heads of these institutions.

At the beginning of 2017, each federal institution itself is responsible for its own cybersecurity, as a result of which each institution has its own norms and practices for working with IT.

The Department of Homeland Security lobbied for the transfer of all aspects of cyber defense to federal institutions, while Trump, according to a draft version of the decree, planned to transfer this to the Administration and Budget Office under the President of the United States.

The decree also suggested that all government organizations would be obliged to adopt "optimal approaches of the private sector" in terms of protecting information infrastructure.

According to some reports, President Donald Trump decided to first "listen to the opinions of those who have ideas." This is evidenced by a note handed over to the presidential press secretary during a press briefing on the failed signing of the decree.

It is worth adding that a large-scale assessment of the general state of cybersecurity of government structures in the United States has not yet been carried out, but there is every reason to believe that the situation with this is unimportant.

Any large-scale information systems necessarily require regular audits, especially government ones, "says Dmitry Gvozdev, CEO of Security Monitor. - Large information infrastructures - that in industry, that in government organizations - usually do not appear overnight: as a rule, they grow over a long time, becoming more structurally complex, and, accordingly, more vulnerable and less manageable. The UK recently announced the launch of a comprehensive audit of the cyber security of its government agencies, and, by and large, the governments of all countries with little or no developed information infrastructure would not be prevented from following suit.

On May 15, 2017, US President Donald Trump signed a decree yesterday to strengthen the federal government's cybersecurity and protect the country's critical infrastructure from cyber attacks. This was reported by Reuters, citing a senior administration official.

The agency notes that the document was signed amid a heated discussion in American society about possible interference Russia in the 2016 presidential campaign, when the hackers Democratic Party's email server was allegedly hacked.

However, as US Presidential Advisor on Internal Security Tom Bossert said at a briefing, Trump's decree on cybersecurity measures is not related to Russia's actions, but to US needs. According to Bossert, the document meets the long-overdue needs of a deterrence policy in cyberspace, and Russia is not the only US adversary on the Internet.

"Russians are not the only ones who behave negatively on the Internet. Russia,, China, Iran other countries are interested in using cyber capabilities to attack our people, our government and its data, "Bossert said.

US Marines recruit 3,000 cyber warfare experts

The US Marine Corps wants to expand its cyber division by increasing the number of personnel by three thousand people. Read more - U.S. Marines.

2016

Zecurion: The United States has the most developed cyber warfare in the world

Russia may be in the top 5 countries with the most developed cyber warfare - specialized units cyber security for military or intelligence purposes. This is evidenced by the data of Zecurion the Analytics study, which leads "" Kommersant^[45][46]

So, according to the study, the most developed cyber warheads in the world are currently possessed. USA According to analysts, state funding for this area in the States can be about $7 billion a year, and the number of hackers cooperating with the state - 9 thousand people.

The exact figures in the company refused to disclose, however, according to the interlocutor of the publication in the information security market, Russia's spending on cyber warfare is about $300 million per year, and the number of Russian special forces is about 1 thousand people.

In second place in Zecurion was put, Chinawhere funding for this area can be $1.5 billion per year, and cyberarmia is estimated as the largest, up to 20 thousand people.

The top three countries where the most developed special forces on cybersecurity are closed by the United Kingdom, which allocates $450 million a year to cyber troops consisting of 2 thousand people. In fourth place is South Korea with a budget of $400 million per year and a composition of 700 hackers.

American hackers against Turkey

While Russian hackers are allegedly breaking the Western electoral system, Turkish Minister of Energy and Natural Resources Berat Albayrak said at the end of the year about intensive hacker attacks that are allegedly being carried out from the United States^[47].

"These attacks were carried out systematically on various objects of the Ministry of Energy, but we repelled them all," the head of the department said. Thus, Albayrak explained the increasing power outages.

This is not the first time Turkey has accused the US of cyber interference. So, in July 2016, after an attempted military coup in the country, the Turkish state information agency Anadolu announced that its servers were attacked at the time of publication of statements by the country's authorities.

American hackers, according to the Turkish side, tried to disrupt the normal operation of the agency's web services, followed by the disabling of the entire system.

Hillary Clinton Correspondence Archive Visualization

On December 20, 2016, the InfoWatch analytical center announced the completion of the analysis of data from the archive of personal correspondence of the US presidential candidate in the 2016 election from the Democratic Party Hillary Clinton, published in open sources on the Internet.

See - DLP: High-Profile Leaks

The United States will use the Internet of Things for total surveillance of users

In the future, intelligence services USA will be able to use the Internet of Things (-) Internet of Things IoT to identify and locate people, as well as to monitor their actions and movements, as well as to gain access to computer networks and user credentials. This was announced to the US Senate Commission as part of a report on national threats by US National Intelligence Director James Clapper^[48]

In

early February 2016, researchers at the Berkman Center for the Study of the Internet and Society at Harvard Law School concluded that the development of the Internet of Things would negatively affect privacy. According to them, the increase in the number of signals by which devices will exchange data with each other will ultimately lead to the fact that encryption technologies will no longer play such an important role for intelligence services as they do now.

"Right" of FBI attack on any computer in the world

In April 2016, the US Supreme Court approved amendments to legislation under which American courts will be able to issue sanctions to investigative authorities, in particular the FBI, to access any computers, including those located outside the United States. According to the previous procedure, judges could issue sanctions only for access to computers located in their jurisdiction.^[49]. For more details, see the FBI.

2015

US to raise $1 billion in cybersecurity spending

The draft US budget for 2016, submitted by US President Barack Obama to Congress, includes $14 billion for cybersecurity, which is $1 billion more than laid down for 2015 and was in the previous few years, writes Washington Times^[50].

The budget was increased after carrying out a series of well-planned hacker attacks, including an attack on Sony Corporation, which, according to US officials, was organized by North Korea. According to the US Department of Homeland Security, in 2014 there were about 56 thousand cyber attacks only on the computer networks of federal authorities and utility systems.

"Hackers are attacking the private sector, critical infrastructure and the federal government. No sector, no network and no system has immunity in case anyone wishes to take possession of commercial or state secrets, "the White House says

.

$480 million from the cybersecurity budget U.S. Department of Homeland Security intends to be allocated to initiatives designed to protect officials from hacker attacks. Some of these funds will be used to improve the Einstein system, designed to protect against penetration into the networks of ministries and departments. This system is managed by the US National Administration cyber security.

The agency plans to spend another $100 million on the purchase of hardware, software and services necessary to continuously support the networks of federal authorities.

About $230 million, according to the draft budget, in 2016 it is planned to spend on the construction of the Civilian Cyber ​ ​ Campus center in the suburbs of Washington. Civil servants and hired employees will be here, they will monitor threats and repel attacks on civilian objects.

Obama's security principles:

• the principle of separation - government and business must work to ensure cybersecurity together, information exchange must be established;
• focus on strengths - business strengthens its protection and develops technologies, the state ensures standards and their widespread implementation;
• focus on privacy - ensuring security and respect for privacy;
• cybersecurity framework - monitoring cyber threats 24/7, data collection, countermeasures development;
• standards for informing users about the theft of their personal data;
• users should know what their personal information is collected and how it will be used;
• creation of a joint center for combating cyber threats - companies must send information about attacks and share countermeasures;
• data exchange hubs to speed up data acquisition;
• creation of a cybersecurity committee;
• investment in biometric identification.

Creating an Information Security Center (CTIIC)

The US authorities have created a new agency in the field of information security - Cyber ​ ​ Threat Intelligence Integration Center (CTIIC), which has become part of the Office of the Director of National Intelligence of the United States, reports Washington Post^[51].

The agency will analyze external cyber threats and coordinate the response of different authorities. Initially, CTIIC will consist of 50 employees. The agency's budget will be $35 million, the newspaper writes.

"CTIIC will become an" intelligence center that will "link together" various external attacks on the state and will inform the relevant ministries and agencies about these attacks in real time, "a source in the authorities told Reuters. "There is currently no agency in the U.S. performing these functions," he added

.

There are departments that monitor and research hacker attacks in many US federal structures, including the National Security Agency, the US Department of Homeland Security, the FBI and the CIA. The White House is trying to unite all these teams and create a "single alarm button for the entire American government," explained Shawn Henry, president of CrowdStrike.

As the Washington Post notes, the creation of a new agency has matured in recent years, as the United States began to face attacks from other states (the newspaper mentions Russia and China among them). At the same time, a recent attack on Sony Pictures strengthened this idea and forced the authorities to speed up the project. Recall that as a result of the attack in November 2014, several films planned for rental and personal data of company employees were on the Internet. The US blamed North Korea for the attack.

U.S. cybersecurity spending

In February 2015, US President Barack Obama introduced an increase of $1 billion in government spending on cybersecurity to $14 billion in the 2016 draft budget, which will amount to about 16% of the country's total IT budget ($86 billion for 2016). By comparison, the corporate sector spends about 4% of its budget on the same purposes.

As he now writes, Reuters the actual increase in US spending on cybersecurity in 2016 may turn out to be more significant. The agency does not specify which one, but writes that work in this direction is underway.

The Department of Homeland Security intends to allocate about $480 million from the cybersecurity budget to initiatives designed to protect officials from hacker attacks. Some of these funds will be used to improve the Einstein system, designed to protect against penetration into the networks of ministries and departments. This system is managed by the US National Administration cyber security.

The agency plans to spend another $100 million on the purchase of hardware, software and services necessary to continuously support the networks of federal authorities.

About $230 million, according to the draft budget, in 2016 it is planned to spend on the construction of a center in the suburbs of Washington. It will employ civil servants and hired employees who will monitor threats and repel attacks on civilian targets.

About $5.5 billion in the draft budget was proposed to be allocated to the Pentagon. The Ministry of Defense will receive these funds to ensure the security of military communications and computers, including for software updates and the release of regular patches.

2013

Third of hacker attacks against China committed by Americans

A third of hacker attacks on Chinese sites and computers in 2013 were carried out from the United States, according to a report by China's national Internet security agency.

The number of hacker attacks on Chinese sites and computers carried out from abroad increased by 62% in 2013. About 11 million computers came under the control of foreign servers, 61 thousand websites were hacked by foreign hackers, the agency reports.

The attacks were mainly carried out by attackers from the United States, South Korea and Hong Kong. Important information systems are regularly at risk in China, and the country's entire security system is at risk, the agency says.

In March 2014, The New York Times published an article based on information from Edward Snowden about the espionage of American services against the Chinese telecommunications equipment manufacturer Huawei since 2007. The United States has denied accusations of espionage.

2012: Attack on the computers of the election commission during the US presidential election

In 2012, during the presidential election in America, many viruses penetrated the technique for counting votes. The result was the confiscation of all infected computers.

2011: Attacks on 760 US organisations

In 2011, 760 American organizations reported hacker attacks, including consulting an audit company, PriceWaterhouseCoopers banks Wells Fargo and, Citigroup an online store, Amazon IT giants,,,,, and IBM. Intel Yahoo Cisco Google Facebook Microsoft

Over the years of the existence of the global network, the US has lost $400 billion from the actions of hackers.

The Barack Obama administration is seriously tightening the screws in the war on botnets, in particular, to neutralize infected PC networks, suggesting cooperation with private companies. According to Howard Schmidt, the White House cyber security officer, one in ten Americans has malicious code on their PC or mobile device.

Speaking to an audience of officials and business representatives, Secretary of the US Department of Homeland Security Janet Napolitano presented cyber crime as the "greatest threat" no less than "al-Qaeda and the activities of related groups."

Citing Symantec data, Napolitano outlined a global annual cyber crime turnover of $388 billion: more than the annual turnover of the global market for heroin, cocaine and marijuana combined. "I consider these estimates conservative, since they are based only on the information that Natzbez has," she added.

The White House views botnets as "heavy artillery cyber criminals." Moreover, any attempts to combat botnets are both expensive and require serious coordination between a number of stakeholders, including antivirus manufacturers and operating systems vendors such as Apple and Microsoft.

US Secretary of National Security Janet Napolitano said that cyber aggression is no less terrible than terrorism, and now network attackers around the world earn more than drug dealers

It is not surprising that the industry is expanding the ranks of volunteers to combat botnets. So, at the end of 2011, an alliance of Industry Botnet Group was founded by a number of trade and non-profit organizations. Earlier in March 2011, another expert group called Communications Security, Reliability and Interoperability Council (CSRIC), which provides advice to the US Federal Communications Commission, released the U.S. Anti-Bot Code of Conduct for Internet Service Providers.

Michael O'Reirdan, who heads one of the CSRIC working groups, as well as the Messaging Anti-Abuse Working Group (MAAWG), said that the purpose of such a code was to encourage service providers to solve problems related to botnets. Providers can set this code on a voluntary basis, it is technologically neutral.

Industry Botnet Group and the US Presidential Administration have also jointly prepared nine fundamental principles for combating botnets. In other words, at the moment they have quite common wording ("share responsibility," "approach the solution of the problem globally," "train users," "promote innovation," and so on). No specific examples of their implementation have yet been presented.

2004: Chinese attack Lockheed-Martin

In 2004, in the network of one of the enterprises of the defense concern Lockheed-Martin, Chinese hackers broke through the computer protection system, left many traces of their stay in the form of Trojans and backdoors. It is still not clear whether the hackers managed to copy important data, but some of the company's data was badly spoiled.

Hackers and the computer network of the US Department of Defense did not ignore, whose sysadmins did not even notice that attackers have had free access to valuable information for 2 years. The US government accused Russian programmers of a hacker attack, but the Official Kremlin denied this accusation.

Notes