Google sues two Russian nationals for allegedly hacking computers

Google is suing two Russian nationals it claims are part of a criminal enterprise that has silently infiltrated more than a million computers and devices around the world, creating “a modern technological and borderless incarnation of organised crime.”

In a complaint being unsealed Tuesday in the US District Court for the Southern District of New York, Google names two defendants, Dmitry Starovikov and Alexander Filippov, as well as 15 unnamed individuals. Google claims the defendants have created a “botnet” known as Glupteba, to use for illicit purposes, including the theft and unauthorised use of Google users’ login and account information.

A botnet is a network of internet-connected devices that have been infected with malware. When summoned together, they can do the bidding of a hacker, often with the devices’ owners not realising their machines have been hijacked. A swarm of devices can jam traffic at websites, run malware to steal login credentials, sell fraudulent credit cards online and grant unauthorized access to other cyber criminals.

Botnet attack

The Glupteba botnet stands out from others because of its “technical sophistication,” using blockchain technology to protect itself from disruption, Google said in the complaint. At any moment, the power of the Glupteba botnet could be used in a powerful ransomware attack or distributed denial of service attack, Google said.

It’s the first time that Google is going after a botnet, a spokesperson for the Mountain View, California-based company said in an email. “We are taking this action to further protect internet users and to send a message to cyber criminals that we will not tolerate this type of activity.”

The spokesperson said the company worked with the…


Hackers Attacked a Hospital and Allegedly Killed a Newborn Baby

Image by Getty / Futurism

A woman who gave birth at a hospital that had been brought to its knees by a ransomware hack is now suing over the death of her newborn daughter. The death appears to mark the first official casualty of a ransomware hack, in which hackers seize control of a computer network and demand payment, usually in cryptocurrency, to restore it — a crime that, clearly, can be lifethreatening when directed at critical infrastructure like hospitals.

When the hackers took control of Springhill Medical Center in Alabama in 2019, the hospital refused to pay the ransom or acknowledge the attack, The Wall Street Journal reports, opting instead to mitigate the damage by shutting off its network and attempting to carry on as usual. Jobs that used to be automated suddenly fell on junior staffers, and doctors and nurses suddenly had to treat patients without access to crucial digital records or computer equipment.

A week after the attack, Teiranni Kidd went to Springhill Medical Center to deliver her daughter, Nicko Silar, according to the WSJ. Without the monitors that doctors and nurses use to keep an eye on the vitals of patients and their soon-to-be born children, the staff missed that Nicko had a dangerously accelerated heartbeat — a sign that Nicko’s umbilical cord was wrapped around her neck. Nicko was born unresponsive and with severe brain damage, and died nine months later.

Since then, Kidd has sued the hospital, and documents revealed that the medical staff texted one another about how the death would have been easily preventable. Had they been able to see the warning signs — it’s unclear if anyone did at the time — they would have safely delivered Nicko via caesarian section.

The hacker hasn’t been publicly identified, but the WSJ reports that it’s likely the Russian Ryuk gang, which has targeted at least 235 hospitals and dozens of other healthcare facilities with ransomware attacks since 2018.

Outside of this case, there hasn’t been a recorded death caused by a ransomware attack, though Joshua Corman, a senior advisor for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency told the WSJ that the hacks could make…


OFAC Targets Virtual Currency Exchange for Allegedly Facilitating Ransomware Attack | Ballard Spahr LLP

First Post in a Two-Part Series on Recent OFAC Designations

On September 21, 2021 OFAC issued its first sanctions designation against a virtual currency exchange by designating the virtual currency exchange, SUEX OTC, S.R.O. (SUEX) “for its part in facilitating financial transactions for ransomware variants.”  Although this is a unique development, the broader and more important issue for any financial institution or company facing a ransomware attack is the continuing problem encapsulated in OFAC’s six-page Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, which OFAC released in conjunction with the announcement of the SUEX designation.  The Updated Advisory illustrates a “Catch 22” scenario, in which a victim that halts a ransomware attack by making the demanded payment then may find itself under scrutiny from OFAC on a strict-liability basis if it turns out that the attackers were sanctioned or otherwise had a sanctions nexus.  The Updated Advisory states that OFAC will consider self-reporting, cooperation with the government and strong cybersecurity measures to be mitigating factors in any contemplated enforcement action.

OFAC has been busy.  Tomorrow, we will blog on a more traditional action announced by OFAC right before the SUEX designation:  OFAC’s designation of members of a network of financial conduits funding Hizballah and Iran’s Islamic Revolutionary Guard Corps-Qods Force.  This designation is notable for the targets’ alleged use of gold as a vehicle to launder illicit funds through front companies.

The Blacklisting of SUEX

According to OFAC, over 40% of SUEX’s known transaction history is associated with illicit actors.  As a result, SUEX is prohibited from transacting with U.S. persons or transacting within the United States, and financial institutions and other persons that engage in certain transactions or activities with the sanctioned entities and individuals may expose themselves to sanctions or be subject to an enforcement action.  OFAC issued the designation pursuant to Executive Order (E.O.) 13694, entitled “Blocking the Property of Certain Persons Engaging in Significant Malicious…


Israeli firm allegedly behind unique hacking tool for Apple iPhones, Latest World News

NEW YORK: A cyber surveillance company based in Israel developed a tool to break into Apple iPhones with a never-before-seen technique that has been in use since at least February, Internet security watchdog group Citizen Lab alleged on Monday.

The discovery is important because of the critical nature of the vulnerability, which requires no user interaction and affects all versions of Apple’s iOS, OSX, and watchOS, except for those updated on Monday.

The tool allegedly developed by the NSO Group defeats security systems designed by Apple in recent years. Apple said it fixed the vulnerability in Monday’s software update.

“After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS 14.8 to protect our users,” said Mr Ivan Krstic, head of Apple Security Engineering and Architecture.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers…” he added.

NSO did not confirm or deny that it was behind the technique, saying only that it would “continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime”. – REUTERS