Connect with us

Technology

Age of the cyber-attack: US struggles to curb rise of digital destabilization | Cybercrime

Voice Of EU

Published

on

It’s been 40 years since Lisa Donnan has queued for gas. But last month the cybersecurity expert found herself joining the long lines of cars across the east coast of the US looking for fuel after the latest in a series of cyber-attacks had shut down the pipeline that provides fuel to 45% of the region.

“The last time I did that was in the Iran crisis,” she said. “My dad had to wait with me.”

The hack of the Colonial Pipeline was just one of a series of cyber-attacks that have hit the US and elsewhere recently. Hackers have taken down JBS, the world’s largest meat processor, disrupting the global meat market, closed schools in Iowa and hit hospitals in Ireland in what experts say is a dangerous escalation of a crime wave that has swelled from the small-scale blackmail operations of a few years ago to major assaults that threaten the livelihoods – and potentially lives – of millions.

Many of the recent attacks have been sourced to operations in Russia and US officials say that Russia’s responsibility for ransomware attacks carried out from its territory would be a central issue when Joe Biden meets Vladimir Putin in Geneva next Wednesday.

“One of the things that President Biden will make clear to President Putin, when he sees him, is that states cannot be in the business of harboring those who are engaged in these kinds of attacks,” the secretary of state, Tony Blinken, told Congress this week.

Eric Green, the senior director for Russia and central Asia in the national security council, said that one of the expected outcomes from the Geneva summit was a routine dialogue between senior US and Russian officials aimed at bringing greater stability and predictability to the relationship. One of the issues in the dialogue would be ransomware attacks.

“When we talk about strategic stability cyber will also certainly be on the agenda,” Green said in a recent discussion organised by the Centre for a New American Security. “The recent ransomware attacks remind us that the cyber domain is prone to misperceptions and that there are dangerous escalation risks.”

US officials say America will be pushing for Nato to expand its involvement in cyberdefence at the alliance summit in Brussels. But the unanswered question is how to respond to ransomware attacks by criminal groups for whom their host countries deny responsibility.

“Putin will deny interfering in US politics or conducting cyber-attacks, asserting that Washington has no proof, while rejecting the legitimacy of US concerns about what happens within Russia,” said Steven Pifer, former deputy assistant secretary of state for European and Eurasian affairs and now a senior fellow at the Brookings Institution.

Joe Biden will raise the issue of ransomware attacks, some allegedly perpetrated by Russia-based hackers, at a summit with Vladimir Putin in Geneva this week.
Joe Biden will raise the issue of ransomware attacks, some allegedly perpetrated by Russia-based hackers, at a summit with Vladimir Putin in Geneva this week. Photograph: Sergei Ilyin/Tass

“Biden should not waste time arguing. He should aim instead to ensure that Putin has a clear understanding of what conduct is out of bounds.”

The pressure for Biden to act is rising. There has been a 62% increase in ransomware globally since 2019, and 158% spike in North America, according to the 2021 SonicWall Cyber Threat Report. Alongside that rise, the nature of the crimes and their targets are also changing.

“We are seeing more attacks, more sophisticated attacks, bigger attacks and the scary thing is we are seeing them more on supply chains,” said Donnan. “It used to be about financial exfiltration, stealing money, and reputational damage. It’s now in a life-threatening environment. That is a dramatic change.”

Now a partner at the cybersecurity private equity investor Option3Ventures, Donnan says she doesn’t expect to see any let-up in attacks. Nation states including Russia, China and North Korea are getting more ambitious in their attacks and the criminal enterprises that operate under their wings are getting more brazen.

“The landscape is ripe and ready for attack from a perfect storm of hackers, nation states and the average cybercriminal,” she said.

Part of the recent surge is down to the pandemic, which has helped the hackers by accelerating the digitization of business and giving them more access points as people and businesses have moved to work remotely.

On top of that there has been an explosion in software development, much of which was not built with security in mind from the beginning, said Donnan. “We still have a culture of get to market, be first. We are designing code without security in mind,” she said.

Lastly there are few consequences to cybercrime. Cryptocurrencies are the preferred payment for ransoms and are as hard to track as the origins of the hack. With the authorities unlikely to crack the case anytime soon – if ever – for many targets not paying is a difficult choice. Joseph Blount, Colonial’s chief executive, told Congress last week that he decided to pay the $4.4m bitcoin ransom to get the pipeline back online after he saw “pandemonium going on at the markets”.

Politicians hit out at Blount for the company’s failure to stop the hack. But the government itself has also failed to stop numerous hacks and not paying the ransom can be more expensive than paying up and potentially leave companies open to further assaults. JBS paid $11m in bitcoin to its hackers, even though it had mostly fixed its problems, hoping the payment would prevent further issues arising from the attack.

Joseph Blount, president and CEO of Colonial Pipeline, explains to the Senate homeland security and government affairs committee why his company paid a $4.4m ransom.
Joseph Blount, president and CEO of Colonial Pipeline, explains to the Senate homeland security and government affairs committee why his company paid a $4.4m ransom. Photograph: REX/Shutterstock

In 2019 Baltimore was hit with a cyber-attack that seized control of parts of its government. The hackers demanded $760,000 in bitcoin but the mayor, Bernard “Jack” Young, refused to pay. The cost of rebuilding its systems has now reached $18.2m.

Publicly the FBI advises victims not to pay a ransom in order to discourage perpetrators from targeting more victims. But privately they will tell targets that they understand if they feel the need to pay.

In the Colonial case the FBI managed to seize the majority of the bitcoin payment – a hopeful sign that may discourage some attackers, according to experts – but the fact remains that most of these crimes go unpunished.

“It’s very difficult to prosecute, it takes a long time, it takes cooperation geopolitically because most of these attacks come from offshore,” said Donnan. “The government only has so many resources. It doesn’t take a lot of tools or brain capacity to do these things,” she said. “You can buy a tool kit on the dark web.”

One irony of the current wave of hacks is that the US is under attack by tools developed by its own National Security Agency (NSA). In 2016 an online group called the Shadow Brokers claimed to have infiltrated the Equation Group, the NSA’s own private hacking group, and obtained malware used by the US to target its enemies.

The Shadow Brokers claimed responsibility for the release of NSA software that facilitated May 2017’s WannaCry ransomware attack, which triggered more than 45,000 attacks in 99 countries and crippled parts of Britain’s National Health Service. Researchers believe that attack originated in North Korea.

In June 2017 the same cyber-attack tool developed by the NSA, called EternalBlue, was used to launch a series of attacks on Ukraine, affecting the government, banks and transportation systems and taking the radiation monitoring system at Chernobyl offline. That attack then spread around the world, hitting companies that had offices in Ukraine including FedEx, the advertising agency WPP, pharmaceutical company Merck and consumer goods maker Reckitt Benckiser.

The US, UK and other researchers blamed Russia for that attack, arguing it was not designed to make money but to damage Ukraine’s economy.

The escalation in cases comes even as spending on security is rising dramatically. The US is the number one country for cybercrime and also spends the most on cybersecurity.

In 2015 the US Office of Personnel Management (OPM) announced it was hacked in 2015, one of the largest data thefts in history. Since then the US has spent $115bn on cybersecurity and the White House is asking Congress to commit roughly $10bn to civilian government cybersecurity next year – a jump of nearly 14%. Industry spent $41bn on cybersecurity in 2019 and is expected to have spent $53bn in 2020.

JBS, the world’s largest meat processing company, recently paid ransomware hackers $11m.
JBS, the world’s largest meat processing company, recently paid ransomware hackers $11m. Photograph: Jeff Kowalsky/AFP/Getty Images

Even after all that money has been spent, said Donnan “we are still exposed because there is no consequence.”

But there are rewards.

Three years ago Paul Ferrillo, a partner at New York law firm Seyfarth Shaw who specialises in cybersecurity, says he was settling ransomware hacks for five bitcoin (about $6,000 per bitcoin then and currently around $36,000 each). “Now you are lucky if it’s 75 bitcoin or 100. I heard of one demand recently for $140m,” he said.

“If this is the new normal, they are winning,” he said. “These criminal actors are well-funded and smart whether they are state-funded or not. We need to be as smart as they are.”

Ferrillo said there was no silver bullet that would solve the crisis and that everyone from the government to the private citizen had to play a part. Companies have to get better at managing their data, storing backups offline and making sure it is harder to get into their systems.

He also wants to see more transparency from industry. Companies have often hidden hacks because they don’t want to look like “doofuses”, he said. “But when industry shares information, we all get smarter. We understand where we should look and how we should do better.”

But tackling this explosion in hacking will take action from everyone, he said, from government to private citizens. “Cybersecurity is a shared responsibility. We are all in this together,” he said.

Source link

Technology

Crypto is starting to lose its cool – just look at El Salvador | Rowan Moore

Voice Of EU

Published

on

To its evangelists, bitcoin is a frictionless, empowering form of money that liberates citizens of the world from the shackles of banks and national governments. To sceptics, the cryptocurrency is a tool of kleptocrats and gangsters, environmentally monstrous in its consumption of energy, a digitally glamorised Ponzi scheme whose eventual crash will most hurt those least able to afford a loss.

Confidence may or may not have been enhanced by the unveiling, by President Nayib Bukele, of images of a proposed bitcoin-shaped Bitcoin City in El Salvador, funded with a bitcoin bond, the currency’s logo embedded in the central plaza, a metropolis powered with geothermal energy from a nearby volcano. Bukele, the self-styled “coolest dictator in the world”, a former publicist who wears baseball caps back to front, has already made El Salvador the first country to adopt bitcoin as the official currency. “The plan is simple,” he said. “As the world falls into tyranny, we’ll create a haven for freedom.”

Leaving aside the worrisome Pompeii vibe of the city’s location, some shine has come off the president’s vision with the news that the country’s investments in cryptocurrency have lost 45% of their value, that it scores CCC with the credit rating agency Fitch, and that the perceived risk of its bonds is up there with that of war-torn Ukraine. And Bukele’s talk of freedom doesn’t sit well with Amnesty International’s claim that his recent state of emergency has created “a perfect storm of human rights violations”.

But why worry about any of this when you have shiny computer-generated images of a fantasy city to distract you?

Unsecured credit line

Boris Johnson waves his arms behind a podium with the Elizabeth line sign.
The Mayor of London Sadiq Khan looks on as Boris Johnson gives a speech at Paddington station on 17 May 2022. Photograph: Reuters

The use of constructional bluster by populist leaders – Trump’s wall, for example – is not in itself anything new. See also the island airport, garden bridge, Irish Sea bridge, 40 new hospitals and 300,000 homes a year promised but not delivered by Boris Johnson, and the nuclear power stations he has implausibly pledged to build at a rate of one a year.

Last week his fondness for Potemkin infrastructure took a new twist. Rather than over-promise illusory schemes and under-deliver them, he decided to take credit for something actually built, the £19bn Elizabeth line in London, formerly known as Crossrail, whose central section opens to the public on Tuesday. “We get the big things done,” he boasted to the House of Commons, choosing to ignore the fact that the line was initiated under a Labour prime minister and a Labour mayor of London. He almost makes Nayib Bukele look credible.

Behind the red wall

Characters from The House of Shades gather around a table on stage
Mounting misery: The House of Shades. Photograph: Helen Murray

If you want a light-hearted night out – a date, a birthday treat – then The House of Shades, a new play by Beth Steel, might not, unless you are an unusual person, be for you. It is a cross between Greek tragedy and what was once called kitchen sink drama, a story of ever-mounting misery set in a Nottinghamshire town from 1965 to 2019. It covers the collapse of manufacturing, the rise of Thatcherism, the promises of New Labour and the disillusionment that led to “red wall” seats voting Conservative in 2019.

It features illegal abortion, graphically portrayed, and the effects of inflation, both newly significant. All presented at the Almeida theatre in the famously metropolitan London borough of Islington, not far from the former restaurant where Tony Blair and Gordon Brown did the 1994 deal that shaped some of the events in the play. There’s irony here to make this audience squirm. Which, along with several other not-comfortable emotions, is probably the desired effect.

Rowan Moore is the Observer’s architecture correspondent

Source link

Continue Reading

Technology

Lonestar plans to put datacenters in the Moon’s lava tubes • The Register

Voice Of EU

Published

on

Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world’s data.

“It’s inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we’re setting off bombs and burning things,” Christopher Stott, founder and CEO of Lonestar, told The Register. “We need to put our assets in place off our planet, where we can keep it safe.”

Stott said Lonestar’s efforts to build a data storage facility in space are a bit like trying to preserve all of the world’s seeds in the Svalbard Global Seed Vault, located on the Norwegian Arctic island ofSpitsbergen. But instead of trying to protect crop diversity, the upstart wants to safeguard human knowledge. 

“If we don’t do this, what will happen to our data on Earth?,” he asked. “The seed bank flooded due to effects of climate change. It’s also susceptible to other forms of destruction like war or cyber attacks. We need to have somewhere we can keep our data safe.” Lonestar has its sights set on the Moon.

One side of our bigger natural satellite is tidally locked and constantly faces Earth, meaning it would be possible to set up a constant, direct line-of-sight communication between devices on the Moon and our planet.

Lonestar is currently closing its $5m seed round from investors like Seldor Capital and 2 Future Holding. To raise more money, it’ll have to prove its technology is feasible and will start with small demos on commercial lunar payloads. Last month, it announced it had signed contracts to launch prototype demonstrations of its software and hardware capabilities aboard two lunar landers with NASA-funded aerospace biz Intuitive Machines.

Under the space agency’s Commercial Lunar Payload Services program, Intuitive Machines will, after some delay, send its Nova-C lander to the Moon for its first mission, dubbed IM-1, at the end of 2022. Lonestar will run a software-only test, storing a small bit of data on the lander’s hardware. IM-1 is expected to last one lunar day, an equivalent of two weeks on Earth. 

The second launch, IM-2, is more ambitious. Intuitive Machines plans to send another Nova-C lander to the Moon’s South Pole carrying various bits of equipment, including NASA’s PRIME-1 drill for ice and a spectrometer as well as Lonestar’s first hardware prototype: a one-kilogram storage device, the size of a hardback novel, with 16 terabytes of memory. IM-2’s is expected to launch in 2023.

Robots and lava tubes

The tiny proof-of-concept datacenter will be storing immutable data for Lonestar’s early beta of its so-called Disaster Recovery as a Service (DRaaS), Stott told us. “[We will be] performing upload and download tests (think refresh and restore of data), and performing edge processing tests of apps as well. It will be running Ubuntu.” The company is still in the process of determining bandwidth rates, and has secured permissions to transmit data to the Moon and back to Earth in the S, X, and Ka-Bands in the radio spectrum.

Lonestar’s opportunity to test its technology on the Moon for the first time will depend on whether Intuitive Machines’ Nova-C landers successfully make it to the lunar surface in one piece. Soft landings on the Moon are notoriously difficult; numerous endeavors from the Soviets and the US in the Sixties have ended in failure. The last two attempts that ended badly were in 2019, when Israel’s SpaceIL and India’s National Space agency’s respectively crashed their Beresheet and Chandrayaan-2 lunar landers.

The strong gravitational pull of the Moon and its very thin atmosphere means the speeds at which spacecraft approach the surface have to be considerably slowed in a short amount of time to land gently. Nailing the landing process is key to lunar exploration, whether it’s sending robotic spacecraft or a crew of astronauts. 

“Our turnkey solution for delivering, communicating, and commanding customer payloads on and around the Moon is revolutionary,” Intuitive’s president and CEO, Steve Altemus, told us in a statement. “Adding Lonestar Data Holdings and other commercial payloads to our lunar missions are critical steps toward Intuitive Machines creating and defining the lunar economy.”

The path from a book-sized prototype to real fully fledged cloud storage datacenters, however, is handwavy. Stott said Lonestar has plans for future missions to launch servers capable of holding five petabytes of data in 2024, and 50 petabytes of data by 2026. By then, he hopes the datacenter will be able to host data traffic to and from the Moon at rates of 15 Gigabits per second – much faster than home internet broadband speeds – beamed from a series of antennas. 

If the company is to continue scaling and storing data long-term, it’ll have to figure out how to protect its datacenters from cosmic radiation and deal with the Moon’s fluctuating surface temperatures, which can go from a scorching 222.8°F (106°C) during the day to a -297.4°F (-183°C) at night.

Stott has an answer for that: nestle the datacenters in lunar lava tubes, cavernous pits bored below the surface of the Moon by the flow of ancient basaltic lava. Inside these pits, the temperature will be steadier and the servers will be better shielded from harmful electromagnetic rays.

And how will the Lonestar get them down there? “Robots… lots of robots,” Stott said. ®

Source link

Continue Reading

Technology

Here are the Royal Irish Academy’s newest members from STEM

Voice Of EU

Published

on

14 of the 29 new members being welcomed by the Royal Irish Academy this year are from STEM. We take a quick look at what they do.

Every year, the Royal Irish Academy admits new members to its prestigious roster of researchers from across the island of Ireland for their exceptional contributions to the sciences, humanities, social sciences and public service.

This year, the 236-year-old institution has elected 29 new members from universities and bodies across Ireland, officially welcoming 24 of them at its Admittance Day event held in Dublin today (20 May).

Future Human

“We are immensely proud of these 29 new members who we are recognising today for their scholarly achievements, their research and international distinction or for significant contributions to Irish society,” said Dr Mary Canning, president of the Royal Irish Academy.

“As new members of the Academy, they will contribute to and strengthen our capacity to provide expert advice on higher education and research policy.”

Here we take a quick look at 14 new members who have a background in STEM-related fields.

Linda Doyle, TCD

Doyle made history by becoming the first woman provost of Trinity College Dublin in its 429-year history last year. Before that she was a professor of engineering and the arts at Trinity and the university’s dean of research from 2018.

Geraldine Boylan, UCC

A former Science Foundation Ireland Researcher of the Year, Boylan is the director of the Infant research centre for maternal and child health research and professor of neonatal physiology at University College Cork.

Mary Cannon, RCSI

Cannon is a consultant psychiatrist and professor of psychiatric epidemiology and youth mental health at the Royal College of Surgeons in Ireland. She is a leading researcher in the area of youth mental health and childhood and adolescent risk factors for mental illness.

Rónadh Cox, Williams College

One of this year’s five honorary members, Cox is the Brust Professor of Geology and Mineralogy at Williams College, Massachusetts. She is prominent internationally within the coastal erosion and geomorphology community.

Marie Donnelly, Climate Change Advisory Council

Donnelly is the only new member in this list not associated with any university. Instead, she is the chair of the Climate Change Advisory Council. She previously worked with the European Commission for three decades.

Gary Donohoe, NUI Galway

A professor of psychology at NUI Galway, Donohoe is an internationally known researcher in the cognitive neuroscience and mental health space. His work focuses on understanding and treating factors relevant to social and occupational function.

Fiona Doohan, UCD

Doohan is a professor of plant health at University College Dublin’s School of Biology and Environmental Science. She is one of the co-founders of agricultural sustainability company CropBiome, which is one of the many high-potential start-ups backed by Enterprise Ireland.

David Jones, QUB

A professor of pharmaceutical and biomaterial engineering at Queen’s University Belfast, Jones is an internationally recognised researcher in polymer-based implanted medical devices and enhanced pharmaceutical dosage forms.

Patricia Kearney, UCC

Kearney is a professor of epidemiology in the School of Public Health at UCC. A recognised clinical triallist, her research focuses on population health and health services.

Mairead Kiely, UCC

Another researcher working in the area of health, Kiely is a professor of human nutrition at UCC. Her research focuses macronutrients, particularly vitamin D, and their impact on health and child development.

Hannah McGee, RCSI

McGee is the deputy vice-chancellor for academic affairs at the Royal College of Surgeons in Ireland and a scholar in psychology. A former president of the European Health Psychology Society, she was also appointed as the deputy chair of Ireland’s National Research Ethics Committee for Covid-19.

James P O’Gara, NUI Galway

A professor of microbiology at NUI Galway, O’Gara’s research focuses on the mechanisms underpinning biofilm production and antimicrobial resistance in staphylococci, including MRSA.

Stefan Oscarson, UCD

Oscarson is a professor of chemical biology at UCD and an internationally known researcher in the field of carbohydrate chemistry. His synthetic work underpins the development of drug and vaccine candidates against various infectious diseases.

Patrick Wyse Jackson, TCD

Curator of the Geology Museum based in Trinity College Dublin, Jackson is also a professor of geology at the university. He is an expert on the history of Irish geology and his research focuses on fossil bryozoans – a large phylum of invertebrate animals.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!