Kaseya hack: FBI had the master key - and withheld it for weeks

 After the attack on the IT company Kaseya in July 2021, the master key for the locked data came from the FBI - but with a delay.

Several hundred companies are affected in July 2021 when the hacker group Revil exploits a vulnerability of the IT service provider Kaseya: Using malware, data on the hard drives of numerous customers is encrypted. The extent of the attack is particularly obvious in Sweden, where almost all branches of the supermarket chain Coop have to be temporarily closed. The attackers' ransom demand for decrypting the locked data: 70 million US dollars (about 59 million euros) in the digital currency Bitcoin.

Kaseya attack: FBI waited almost 3 weeks to hand over keys

A few weeks after the attack, a "trusted third party" plays a master key to Kaseya; whether the company had to pay for it, and if so, what sums, remains open. Now it should be clear who that third party was and why hacked customers had to wait nearly three weeks for redemption from their threatening slumber. The Washington Post cites "several current and former U.S. officials" as whistleblowers - and cites the FBI as the transmitter of the key. By accessing Revil servers, the security agency had obtained the master key shortly after the attack. According to the Washington Post, if the affected data had been unlocked immediately, the millions of dollars in consequential damage caused by the attack could have been prevented or at least significantly reduced.

Kaseya master key: the reasons for the delay

However, the FBI had initially kept the successful access secret, with the approval of other parties, in order to be able to carry out a counterstrike on Revil without arousing the group's suspicions in advance. In addition, a government assessment concluded that the extent of the damage was not as great as originally feared. The counterattack never happened, however; the hackers' platform went offline in mid-July without the FBI's intervention, and Revil had withdrawn from the network.

"The questions we ask ourselves every time: What would be the value of a key if it were exposed? How many victims are there? Who can be helped?" the Washington Post quotes an anonymous interviewee as saying. "And on the other hand, how valuable would a potentially more long-term operation to destroy an ecosystem be? Those are the questions we need to continue to balance."

FBI Director Christopher Wray spoke to a Senate committee on Sept. 21 about the procedures. He attributed the delays to, among other things, collusion with various other organizations, such as the Cybersecurity and Infrastructure Security Agency, as well as testing and validation of the key, The Hill reports.  Overall, Wray's testimony was part of an ongoing review process in which the U.S. Congress is discussing several bipartisan proposals on how to handle cyber incident reporting to best address related attacks.

Comments

Post a Comment

Popular posts from this blog

Chrome targeted by criminals: Why users need to update quickly now

A security vulnerability in Google Chrome is currently being exploited by cyber criminals. Malware could land on your PC through it. Read here how you can protect yourself. The Google Chrome browser is currently struggling with some security vulnerabilities. In a blog post , Google warns about a total of seven vulnerabilities, with the majority of these gaps being classified as a "high" threat to users. The vulnerabilities have been fixed in the latest version of Chrome for Windows, Linux and macOS. If you have Chrome version 90.0.4430.85 installed, it can no longer be exploited. If you have an older version of the browser installed, you should update urgently. You can find the download of the new version below these lines. Smartphone users do not have to be afraid of the security vulnerability. Google has not had to take any security measures here for the time being. The security vulnerability probably remained undiscovered by cyber criminals for the time being. So far, noth...
Read more

Face and voice recognition: Why TikTok wants to be allowed to collect biometric data in the USA

TikTok's privacy policy for the US now mentions the collection of biometric data from faces and voices. The background is likely to be a legal dispute that cost the company $92 million. Neue Datenschutzbestimmungen sind oft eher etwas für Juristen, doch die jüngste Aktualisierung von TikTok sollte alle Nutzerinnen und Nutzer in den USA aufhorchen lassen. Denn in den am 2. Juni aktualisierten Datenschutzbestimmungen für die USA ist ein Abschnitt enthalten, den es zuvor nicht gab. Er lautet übersetzt: »Wir sammeln möglicherweise biometrische Identifikationsmerkmale und biometrische Informationen, wie sie im US-Recht definiert sind, wie etwa von deinem Gesicht und deiner Stimme, aus deinen Inhalten.« Im englischsprachigen Original ist von »faceprint« und »voiceprint« die Rede. »Bevor wir damit anfangen«, frage man jedoch nach dem Einverständnis, wenn dies gesetzlich nötig sei, fügte noch TikTok hinzu. In response to an initial inquiry from "TechCrunch" about the ba...
Read more

Microsoft Teams, Zoom, WebEx: Berlin authority warns against popular video systems

After an initial data protection audit, some video service providers have made improvements to their offerings. But the Berlin data protection commissioner still sees serious shortcomings. The State Commissioner for Data Protection in Berlin (Germany), Maja Smoltczyk, advises against using leading video conferencing systems such as Microsoft Teams, Skype, Zoom, Google Meet, GoToMeeting, Teamviewer and Cisco WebEx. The reason is a retest of various offerings. After a number of services had already failed a test of data protection requirements last year, a new test of the major providers did not reveal any substantial improvement. Smoltczyk said that she was pleased "that our comments had persuaded so many providers to improve their offerings, in some cases very significantly, in terms of data protection". There are now enough legally compliant services for a wide range of purposes that there is no reason to break data protection law for video conferencing. However, if a provid...
Read more