DOCSLIB.ORG

A Cybersecurity Threat Model for a Combined Cyberattack Against Hospitals and Terrorist Attack in Spain

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Cybersecurity Threat Model for a Combined Cyberattack Against Hospitals and Terrorist Attack in Spain A Cybersecurity Threat Model for a Combined Cyberattack against Hospitals and Terrorist Attack in Spain Oxford University - Universidad Autónoma de Madrid Project Report CONSULTANTS: Lucas Kello (Principal Consultant) Ivan Martinovic Martin Strohmeier Florian Egloff Academic Coordinator (UAM): Raquel Galindo Dorado A Cybersecurity Threat Model for a Combined Cyberattack against Hospitals and Terrorist Attack in Spain 1. INTRODUCTION This report is structured as follows: Section 2 will provide the necessary background on cybersecurity in the healthcare Hospital cybersecurity is a global concern. According sector. Section 3 discusses the capabilities and motivations to an investigation by Pulse magazine, health record of different threat actors while Section 4 presents the analysis security breaches in the United Kingdom’s at National of potential vulnerabilities in the reviewed hospitals in Health Service rose 20 percent in the last year. Data from Madrid. Section 5 compares the different IT infrastructure 55 hospitals indicated breaches included records dumped paradigms in terms of security and risk. In Section 6, a in public places, records given to the wrong patient and case study on large medical devices discusses the patching patient data given to relatives without permission. In 2015 process. Finally, Section 7 provides recommendations and alone, more than 94 million U.S. health records were concludes this report. compromised, costing affected institutions approximately $46 billion. According to Experian’s 2014 Data Breach Industry Forecast, the healthcare industry will be among 2. BACKGROUND the most susceptible industries to publicly disclosed and This section will discuss the current cybersecurity widely scrutinized data breaches.1 The October 2013 environment in the healthcare sector. We will frst review security breach of the U.S. FDA’s Center for Biologics the reported breaches and systematize them into separate Evaluation and Research compromised 14,000 accounts categories. Following this, we will survey the relevant and demonstrated that competitive pharmaceutical trade academic literature on cybersecurity in hospitals. secrets, which the federal government stores, represent an opportunity for foreign interests to beneft from new drug discoveries without having to invest in them. 2.1 Review of Reported Incidents Hospitals face signifcant cyber risks. Increasingly, hackers The Center for Internet Security reports that the “healthcare seek to exploit vulnerabilities in hospital computer systems industry is plagued by a myriad of cybersecurity-related and devices. Attackers’ motives are diverse—ranging from issues”. The reported attacks can be systematized into four stealing sensitive patient data to creating disruption and different major sectors: chaos in the delivery of services to the use of “ransomware” for criminal proft. With more hospital and patient data 2.1.1 Ransomware moving to the cloud and travelling across multiple national borders, the risk of complex international breaches increases. Ransomware, a type of malicious software that threatens Devices with default passwords that are left unchanged, to publish the victim’s data or perpetually block access and outdated operating systems that are connected to the to it unless a ransom is paid, has become the most network, such as medical databases, are all too common in prominent reported type of attack, not only in the health healthcare. Experts have already found faws in a blood gas care sector. analyzer, a medical image system and radiology equipment. Recent reported incidents with regards to hospitals Fundamentally, the question of cyber threats against include: hospitals is not whether investigative sites will suffer a 1. “Infection with ransomware via outdated server data breach, but when this will occur, and how serious the software. In these cases, the attacker uploaded consequences will be for the healthcare sector as a whole. malware to the out-of-date server without any There is no foolproof way to physically protect digital interaction from the victim, as opposed to infecting records that are frequently accessed, altered and shared, the hospitals through common workstations used by sometimes internationally. But it is possible to up the ante everyday staff. The Hollywood Presbyterian Hospital for hackers and malware by focusing on how you handle in California was one of the hospitals affected, in this data in the frst place. a case which delayed patient care and ultimately This report on cybersecurity in two Madrid hospitals, resulted in the hospital paying $17,000 to regain 2 Moncloa and Fuenlabrada, investigates the current state access to fles and their network.” of preparation against possible cyber attacks in these 2. “On June 14, 2017, the Pacifc Alliance Medical institutions. It will discuss possible vulnerabilities and learned its networked computer systems were generate recommendations which show a path towards affected by a cyber incident, which IT offcials later improved security and resilience in the future. determined to be ransomware. The medical center shut down its systems and initiated its response and recovery procedures. Offcials were able to decrypt 1 See Experian, 2014 Data Breach Industry Forecast, https://www. oppinsurance.com/wp-content/uploads/2014/02/experian-2014-data- breach-industry-forecast.pdf 2 https://www.cisecurity.org/ransomware-in-the-healthcare-sector/ 1 A Cybersecurity Threat Model for a Combined Cyberattack against Hospitals and Terrorist Attack in Spain the infected fles and have since taken action to restore Reported major examples of such data breaches include: 3 the affected systems.” 1. “Banner Health is contacting 3.7 million individuals 3. “Atlanta-based Peachtree Neurological Clinic whose personal information may have been accessed uncovered a 15-month breach to its computer system in a cyberattack that began on systems that process while investigating a separate ransomware attack. credit card payments for food and beverage purchases The clinic reported nearly 176,295 patient records at Banner locations. The breach then expanded to were potentially affected.” 4 include patient and health plan information.” 8 4. “Fayetteville-based Arkansas Oral & Facial Surgery 2. On March 21, Bowling Green, Kentucky-based Med Center notifed 128,000 patients of a July ransomware Center Health, which includes several hospitals, attack on its computer network that may have issued a public notifcation saying that on Jan. 4, compromised some patient names, dates of birth and 2017, “during the course of an internal investigation, Social Security numbers, among other data.”5 we determined that [a] former Med Center Health employee had, on two past occasions during their 5. The most publicized attack in Europe was the employment, obtained certain billing information WannaCry attack on the UK National Health Services by creating the appearance that they needed the in May 2017. The UK National Audit Offce reports: information to carry out their job duties for Med “The attack led to disruption in at least 34% of Center Health.” This breach affected almost 700,000 trusts in England although the Department and NHS individuals.9 England do not know the full extent of the disruption. On 12 May, NHS England initially identifed 45 3. “Peachtree Orthopedics has announced a hacker NHS organizations including 37 trusts that had been gained access to a patient database containing names, infected by the WannaCry ransomware. Over the addresses, dates of birth, email addresses, treatment following days, more organizations reported they had codes, prescription records, and Social Security been affected. In total, at least 81 out of 236 trusts numbers. The breach notifcation letters sent to across England were affected.” 6 patients on October 7, 2016 explain that the hacker potentially stole the contents of the database.” 10 Not all ransomware attacks on hospitals have been publicly reported, however, just from the size of the known incidents These examples illustrate the severity of data breaches, we can deduce that ransomware has been the main active which can be conducted both by outsiders and insiders. threat vector for attacks on hospitals in 2017. While they do not actively interfere with health care operations in a direct way, they can lead to serious 2.1.2 Data Breaches consequences for patients in the long run (e.g., blackmail Data breaches are generally more diffcult to detect compared or fraud). In most industrialized countries laws exist which to ransomware attacks or other active cybersecurity issues. require public notifcation of data breaches concerning In 2017, there have been many large cases where hospital patient data, causing a potentially severe loss of reputation security has been breached and data siphoned off by attackers for the affected health care provider. with the intent to exploit or sell it. It is likely that many such 2.1.3 Distributed Denial of Service Attacks attacks have not been noticed (yet) as they do not necessarily have a noticeable impact on day-to-day operations. Distributed denial of service (DDoS) attacks, which overpower and effectively disable network connections using The U.S. Department of Health and Human Services numerous distributed clients, are extremely common against provides a breach portal, that as of the time of writing lists services connected to the global Internet, from popular 391 data breaches affecting 500 or more individuals within 7 websites to governments. For hospitals,
Load more

Recommended publications
  • 2016 8Th International Conference on Cyber Conflict: Cyber Power
    2016 8th International Conference on Cyber Conflict: Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 31 MAY - 03 JUNE 2016, TALLINN, ESTONIA 2016 8TH International ConFerence on CYBER ConFlict: CYBER POWER Copyright © 2016 by NATO CCD COE Publications. All rights reserved. IEEE Catalog Number: CFP1626N-PRT ISBN (print): 978-9949-9544-8-3 ISBN (pdf): 978-9949-9544-9-0 CopyriGHT AND Reprint Permissions No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence ([email protected]). This restriction does not apply to making digital or hard copies of this publication for internal use within NATO, and for personal or educational use when for non-profit or non-commercial purposes, providing that copies bear this notice and a full citation on the first page as follows: [Article author(s)], [full article title] 2016 8th International Conference on Cyber Conflict: Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 2016 © NATO CCD COE Publications PrinteD copies OF THIS PUBlication are availaBLE From: NATO CCD COE Publications Filtri tee 12, 10132 Tallinn, Estonia Phone: +372 717 6800 Fax: +372 717 6308 E-mail: [email protected] Web: www.ccdcoe.org Head of publishing: Jaanika Rannu Layout: Jaakko Matsalu LEGAL NOTICE: This publication contains opinions of the respective authors only. They do not necessarily reflect the policy or the opinion of NATO CCD COE, NATO, or any agency or any government.
    [Show full text]
  • Hacking for ISIS: the Emergent Cyber Threat Landscape
    Hacking for ISIS: The Emergent Cyber Threat Landscape By Laith Alkhouri, Alex Kassirer, & Allison Nixon April 2016 Hacking For ISIS Contents Click on a title to navigate to the page Introduction ...........................................................................................................................................2 Cyber Caliphate ...................................................................................................................................3 Islamic State Hacking Division .......................................................................................................6 Islamic Cyber Army ............................................................................................................................9 Rabitat Al-Ansar ................................................................................................................................ 12 Sons Caliphate Army ...................................................................................................................... 15 United Cyber Caliphate .................................................................................................................. 17 Techniques, Tactics, & Procedures (TTPs) .............................................................................. 20 The Future of ISIS’s Cyber Capabilities .................................................................................... 24 Conclusion .........................................................................................................................................
    [Show full text]
  • Sector 17 1 TABLE of CONTENTS
    BlueVoyant | Sector 17 1 TABLE OF CONTENTS Executive Summary 3 Key Findings 4 Part 1: Industry Overview 5 Part 2: Threat Landscape 7 Section 1: Criminal Pursuit of Sensitive Financial Information 7 Section 2: Extortion (Non-Ransomware) 9 Section 3: Ransomware 10 Section 4: Criminal Pursuit of PII 11 Section 5: Third-Party Risks 12 Section 6: Password Breaches and Leaks 14 Section 7: Hacktivism 16 Part 3: Dark Web Overview 18 Part 4: Industry Cybersecurity Review 24 Section 1: Legal Sector Overview – Global 24 Section 2: Legal Sector Overview – In Depth 25 Conclusion - Sector 17 28 Citations and Endnotes 29 Recommendations 30 BlueVoyant | Sector 17 2 EXECUTIVE SUMMARY In 2013, the Department of Homeland Security defined 16 sectors critical to securing national infrastructure, resources, and resiliency1. BlueVoyant, a company made up of seasoned cybersecurity experts, including former leaders in our intelligence and law enforcement communities, has identified one more: the legal sector. The integrity of U.S. and international law firms is indispensable ot the functioning of our economies and key public and private institutions. The legal sector ensures justice and order, as well as providing mechanisms that encourage and safeguard innovation and economic growth. The lawyers who help interpret, apply, and enforce the law necessarily become trusted advisors to individuals and corporations. Like healthcare institutions, law firms hold troves of personally identifiable information (PII); they also hold critical intellectual property (IP) and sensitive data for clients. Like banks and credit unions, law firms are critical to the proper functioning of our economy. And like no other sector, except perhaps government, law firms act as a major arbiter and safekeeper of public trust.
    [Show full text]
  • A DIY Guide to Rob Banks by Subcowmandante Marcos
    _ _ _ ____ _ _ | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | _ | (_| | (__| < | |_) | (_| | (__| <|_| |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_) A DIY guide to rob banks ^__^ (oo)\_______ ( (__)\ )\/\ _) / ||----w | (.)/ || || `' Formatted and distributed by ftp://distro "Live Communism, Spread Anarchy!" ------------------------------------------------------------------------------------ by Subcowmandante Blog: Marcos https://ftpdistro.noblogs.org Instagram: https://instagram.com/ftp.distro Store: https://ftpdistro.github.io Translation of Phineas Fishers Cayman Bank Hack Communique No Copyright 2020© Set in Source Code Pro (24pt, 10pt) and Garamond (12pt) ******************************* We were born at night. We live in it, we hack in it. Here we are, we are the rebel dignity, the forgotten heart of the Интернет. Translation notes: Our fight is for memory and justice, Bulk of translation done by Google Translate (which and the bad government is filled with criminals and did a remarkably good job outside of slang and computer terms!), with edits for clarity and murderers. formatting by @laudecay. I got the Spanish version from the bottom of this article, it’s in the leak: Our fight is for fair and decent work, https://unicornriot.ninja/2019/massive-hack-strikes- and bad government and corporations buy and sell zero offshore-cayman-national-bank-and-trust/ days. The UR article also has a lot of info about the history of Phineas’s hacks and resources she’s provided to the community in the past, and Crimethinc For all tomorrow. has some interviews with her.
    [Show full text]
  • Reporting, and General Mentions Seem to Be in Decline
    CYBER THREAT ANALYSIS Return to Normalcy: False Flags and the Decline of International Hacktivism By Insikt Group® CTA-2019-0821 CYBER THREAT ANALYSIS Groups with the trappings of hacktivism have recently dumped Russian and Iranian state security organization records online, although neither have proclaimed themselves to be hacktivists. In addition, hacktivism has taken a back seat in news reporting, and general mentions seem to be in decline. Insikt Group utilized the Recorded FutureⓇ Platform and reports of historical hacktivism events to analyze the shifting targets and players in the hacktivism space. The target audience of this research includes security practitioners whose enterprises may be targets for hacktivism. Executive Summary Hacktivism often brings to mind a loose collective of individuals globally that band together to achieve a common goal. However, Insikt Group research demonstrates that this is a misleading assumption; the hacktivist landscape has consistently included actors reacting to regional events, and has also involved states operating under the guise of hacktivism to achieve geopolitical goals. In the last 10 years, the number of large-scale, international hacking operations most commonly associated with hacktivism has risen astronomically, only to fall off just as dramatically after 2015 and 2016. This constitutes a return to normalcy, in which hacktivist groups are usually small sets of regional actors targeting specific organizations to protest regional events, or nation-state groups operating under the guise of hacktivism. Attack vectors used by hacktivist groups have remained largely consistent from 2010 to 2019, and tooling has assisted actors to conduct larger-scale attacks. However, company defenses have also become significantly better in the last decade, which has likely contributed to the decline in successful hacktivist operations.
    [Show full text]
  • 2016 CYBERTHREATS and TRENDS REPORT Verisign Idefense® Security Intelligence Services CONTENTS
    2016 CYBERTHREATS AND TRENDS REPORT Verisign iDefense® Security Intelligence Services CONTENTS INTRODUCTION 3 EXECUTIVE SUMMARY 4 CYBERCRIME 6 Criminal Migration to the Darknet 6 Ransomware-as-a-Service 6 The Rise of DD4BC 7 Downloader Architecture Evolves 8 VULNERABILITIES 10 Increased Adobe Flash Exploitation 10 Proliferation of Exploit Kits 11 Hacking Team Hacked; Zero-Days Leaked 12 HACKTIVISM 14 Ideological Hacktivism in International Decline 14 Increase in Hacktivist OPSEC 15 Shift to Criminal and Notoriety Hacktivism 15 Increasing Size, Complexity of DDoS Attacks 16 CONCLUSION 18 ABOUT VERISIGN 18 2 Verisign Public | 2016 Cyberthreats and Trends INTRODUCTION The Verisign iDefense 2016 Cyberthreats and Trends Report provides an overview of the key cybersecurity trends of the previous year and insight into how Verisign believes those trends will evolve over the coming year. The objective of this report is to assist in informing cybersecurity and business The Verisign iDefense 2016 operations teams of the critical cyberthreats and trends impacting their Cyberthreats and Trends enterprises, helping them anticipate key cybersecurity developments and more Report provides an overview effectively triage attacks and allocate increasingly limited resources. of the key cybersecurity trends of the previous year This report features conclusions drawn from Verisign iDefense Security and insight into how Verisign Intelligence Services research and analysis covering cybercrime, hacktivism believes those trends will and vulnerabilities. These areas of coverage include public and zero-day evolve over the coming year. vulnerabilities, threat tactics, distributed denial of service (DDoS) attacks, threat actors, threats to key infrastructure, strategic intent, malware tools, and threat and vulnerability management, mitigation and countermeasures.
    [Show full text]
  • Cyber Activities in the Syrian Conflict CSS CY
    CSS CYBER DEFENSE PROJECT Hotspot Analysis The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict Zürich, October 2017 Version 1 Risk and Resilience Team Center for Security Studies (CSS), ETH Zürich The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict Authors: Marie Baezner, Patrice Robin © 2017 Center for Security Studies (CSS), ETH Zürich Contact: Center for Security Studies Haldeneggsteig 4 ETH Zürich CH-8092 Zürich Switzerland Tel.: +41-44-632 40 25 [email protected] www.css.ethz.ch Analysis prepared by: Center for Security Studies (CSS), ETH Zürich ETH-CSS project management: Tim Prior, Head of the Risk and Resilience Research Group; Myriam Dunn Cavelty, Deputy Head for Research and Teaching; Andreas Wenger, Director of the CSS Disclaimer: The opinions presented in this study exclusively reflect the authors’ views. Please cite as: Baezner, Marie; Robin, Patrice (2017): Hotspot Analysis: The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict, October 2017, Center for Security Studies (CSS), ETH Zürich. 2 The use of cybertools in an internationalized civil war context: Cyber activities in the Syrian conflict Table of Contents 1 Introduction 5 2 Background and chronology 6 3 Description 9 3.1 Attribution and actors 9 Pro-government groups 9 Anti-government groups 11 Islamist groups 11 State actors 12 Non-aligned groups 13 3.2 Targets 13 3.3 Tools and techniques 14 Data breaches 14
    [Show full text]
  • Troll Hunting
    For my father, Brian, who taught me to love wor ds. Hell is empty, and all the devils are here. William Shakespeare, The Tempest, Act 1, Scene 2 THIS IS A work of nonfiction, researched and documented to the best of my ability. There were significant security risks in writing this book. I sought expert advice and wrote according to it. Therefore, some of the trolling syndicates mentioned within these pages have been given pseudonyms or go unnamed. Likewise, some of the trolls themselves are discussed only with a pseudonym. A few of the trolls who spoke to me behind the scenes are not named at all and others are composites or have been segmented. Some readers may be critical of the decision to provide anonymity for people who are hurting others so much. However, sometimes access to information comes at a cost – and, all things being equal, the trolls gave me great access. By the same token, some predator-troll victims are in physical danger. This is especially true where domestic violence is involved. In those cases, names and other identifying details may have been altered but the facts of the stories are unchanged. I have worked hard to quote all interviewees verbatim, but for the sake of readability have corrected some spelling errors and syntax. When I’m messaging with trolls in the United States, I use Australian spelling and they use American spelling. For authenticity, I’ve left this as is. This is a book about the internet and how it bleeds into real life. When quoting links and screenshots, I’ve aimed for accuracy.
    [Show full text]
  • Cyber-Terrorism Activities Report No. 16 January
    ICT Cyber-Desk PERIODIC REVIEW Cyber-Terrorism Activities Report No. 16 January – March 2016 Highlights This report covers the period of January - March 2016 and covers two main subjects: cyber-terrorism (offensive, defensive, and the media, and the main topics of jihadist discourse) and cyber-crime, whenever and wherever it is linked to jihad (funding, methods of attack). The following are among the issues covered in this report: The continuing trend of publishing information security guidelines and recommendations, including information and recommendations for correct methods of operation and software manuals, or services with a high encryption or anonymity level. Terrorist organizations continue to publish information about the dangers of intelligence and law enforcement officials who operate on the Internet to search for and locate terrorism supporters. In addition, all supporters are called on to continue spreading the organizations’ messages and guidelines for proper work. Officials in jihadist organizations continue to spread Best Practice guidebooks on the Internet and guidelines for using software and applications to increase information security. These are mainly used to encrypt data on the device and/or for data trafficking and maintaining the anonymity of Internet users. In addition, manuals for video processing are found. As previously stated, in recent years organizations have been using a wide range of software in order to create visual content at a professional level. Terrorists and terrorism supporters continue to hack Internet sites, especially as part of defacement attacks. In January 2016, Islamic State activists tried to recruit hackers to hack into government databases for pay. In February 2016, a television interview in Lebanon reported the existence of a Shi’ite hacker group, affiliated with Hezbollah, named Kadimon (translation – we are coming).
    [Show full text]
  • Security Challenges
    Security Challenges Volume 13 Number 1 (2017) Security Challenges ISSN 1833 – 1459 EDITORS: Dr Greg Raymond Dr Andrew Carr Ian Henry Managing Editors [email protected] Robert Wylie Geoff Hunt Consulting Editor Defence Industry Policy Production Editor [email protected] [email protected] EDITORIAL BOARD: Robert Ayson Sam Bateman Rod Lyon Victoria University University of Wollongong ASPI Wellington, New Zealand Wollongong, Australia Canberra, Australia Leszek Buszynski Eliot Cohen Ralph Cossa Strategic and Defence John Hopkins University, Pacific Forum CSIS Studies Centre, Australian Washington, DC, USA Honolulu, Hawaii, USA National University Bates Gill Gerald Hensley Ramesh Thakur Professor of Strategic Studies Former Secretary of Defence Asia-Pacific College of Strategic & Defence Studies New Zealand Diplomacy, Australian Centre, Australian National National University University Andrew Mack Andrew O’Neill Rizal Sukma Simon Fraser University Director, Griffith Asia Institue, Centre for Strategic and Vancouver, Canada Griffith University, International Studies Brisbane, Australia Jakarta, Indonesia William Tow Akio Watanabe Department of International Research Institute for Peace Relations, Australian National and Security University Tokyo, Japan Project Management and Cover: Qote Canberra (02) 6162 1258 Published and distributed by: The KoKoda Foundation 2/10 Kennedy St (PO Box 4060), Kingston ACT 2604 T: (02) 6295 1555 F: (02) 6169 3019 E: [email protected] W: www.securitychallenges.org.au © The KoKoda Foundation. All rights reserved. Apart from any fair dealing for the purposes of private study, research, criticism or review as permitted by the Copyright Act, no part of this publication may be reproduced, stored, transmitted or disseminated in any form or by any means without prior written permission.
    [Show full text]
  • Epilogo Anonymous Oggi Sono Arrivato Ad Apprezzare La
    Epilogo Anonymous oggi Sono arrivato ad apprezzare la segretezza. Mi sembra l’unica cosa capace di rendere misteriosa o meravigliosa la vita moderna. La cosa più mondana diventa deliziosa quando gli altri la ignorano. –Oscar Wilde I tecnici apolitici hanno un’educazione politica straordinaria. –Julian Assange Quanto descritto fin qui potrebbe sembrare a molti il periodo di maggior splendore per le attività di Anonymous: il ruolo di sostegno ai vari movimenti coinvolti nella Primavera Araba; l’attenzione mediatica di alto profilo conquistata dagli spavaldi hack di LulzSec e AntiSec; il crescente impegno a sostegno della giustizia sociale negli Stati Uniti, oltre alla concreta opposizione alla cultura dello stupro e alla brutalità della polizia. Ovviamente questa nutrita ondata di proteste è andata scontrandosi con la repressione, parimenti copiosa, delle forze dell’ordine. Complessivamente, tra Europa, Asia, Australia e Americhe, sono stati arrestati oltre un centinaio di attivisti legati ad Anonymous – compresi alcuni già menzionati nelle pagine precedenti, tra cui Jeremy Hammond e John Borell negli Stati Uniti, Ryan Ackroyd e Mustafa Al-Bassam nel Regno Unito. Altri geek vennero arrestati semplicemente per aver prestato una piccola porzione dei loro computer alle campagne DDoS organizzate dal collettivo nel tentativo di colpire collettivamente gli istituti finanziari come PayPal, quando cedettero alle pressioni del governo Usa bloccando tutti i loro servizi a WikiLeaks, già sotto assedio su vari fronti. Rispetto a ogni altra nazione del mondo occidentale, gli Stati Uniti sono stati i più aggressivi nel perseguire penalmente gli hacktivisti di Anonymous, con condanne ben più lunghe accompagnate da multe astronomiche. Non solo gli attivisti, tra cui Jeremy Hammond, ma anche i collaboratori esterni, come Barrett Brown, hanno ricevuto pene severe a seguito del caso Stratfor (maggiori dettagli più avanti).
    [Show full text]
  • From Bozkurt to Buhtrap
    From Bozkurt to Buhtrap Cyber threats affecting financial institutions in 1H 2016 1 Table of Contents Executive Summary ............................................................... ...............................3 Hacktivism........................................................................................................... ..4 OpIcarus............................................................................................................... ..4 OpAfrica................................................................................................................ ..5 Phineas Fisher........................................................................................................5 Cybercrime ............................................................................................................6 DDoS-based extortion activity................................................................................6 Data breaches...................................................................................................... ..8 Business email compromise .............................................................................. ..9 Malware campaigns............................................................................................. 10 Targeted attacks..................................................................................................12 Mossack Fonseca..................................................................................................12 Attacks on the SWIFT network in 2016................................................................12
    [Show full text]