Posts

DOJ charges security exec for hacking a Georgia healthcare company in 2018

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


A security company executive has been charged for hacking into (PDF) the Gwinnett Medical Center’s network on or around September 27th, 2018. According to the Department of Justice, Vikas Singla from Georgia conducted a cyberattack on the not-for-profit network of healthcare providers in part for commercial advantage and personal financial gain. Singla was the chief operating officer of a network security company in metro-Atlanta — the DOJ didn’t name the company, but the profile matches that of Securolytics — that served the healthcare industry. He (and his yet-to-be-named associates) allegedly disrupted GMC’s phone service, obtained information from a digitizing device and disrupted network printer service during the attack.

While the DOJ didn’t dive into the specifics of the case, it was reported back in 2018 that GMC was investigating a possible data breach that led to the leak of patient information online. The attackers also threatened GMC’s staff and shamed the provider on the internet. Now-deleted blog posts on Securolytics’ website written by Singla describe attacking targets in healthcare, presumably to fix problems with their security. How that activity is linked to the data breach reported in 2018, or the charges filed this week, is still unclear.

The executive was indicted by a federal grand jury on June 8th and was charged with 17 counts of intentional damage to a protected computer, with each charge carrying a maximum sentence of 10 years in prison. He was also charged with one count of obtaining information by computer from a protected computer, which has a max sentence of five years in prison.

Special Agent in Charge Chris Hacker of the FBI’s Atlanta Field Office said:

“This cyberattack on a hospital not only could have had disastrous consequences, but patients’ personal information was also compromised. The FBI and our law enforcement partners are determined to hold accountable, those who allegedly put people’s health and safety at risk while driven by greed.”

Source…

Chief Operating Officer of network security company charged with cyberattack on Gwinnett Medical Center | USAO-NDGA

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


ATLANTA – Vikas Singla has been arraigned on charges arising out of a cyberattack conducted on Gwinnett Medical Center in 2018. Singla was indicted by a federal grand jury on June 8, 2021.

“Cyberattacks that target important infrastructure, like healthcare, pose a serious threat to public health and safety,” said Acting U.S. Attorney Kurt R. Erskine. “In this case, Singla allegedly compromised Gwinnett Medical Center’s operations in part for his own personal gain.”

“Criminal disruptions of hospital computer networks can have tragic consequences,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division. “The department is committed to holding accountable those who endanger the lives of patients by damaging computers that are essential in the operation of our healthcare system.”

“This cyberattack on a hospital not only could have had disastrous consequences, but patient’s personal information was also compromised,” said Chris Hacker, Special Agent in Charge of FBI Atlanta. “The FBI and our law enforcement partners are determined to hold accountable, those who allegedly put peoples health and safety at risk while driven by greed.”

According to Acting U.S. Attorney Erskine, the indictment, and other information presented in court: Vikas Singla, the Chief Operating Officer of a metro-Atlanta network security company that served the healthcare industry, allegedly conducted a cyberattack on Gwinnett Medical Center that involved:

  • Disrupting phone service,
  • Obtaining information from a digitizing device, and
  • Disrupting network printer service.

The indictment further alleges that the cyberattack was conducted, in part, for financial gain. 

Vikas Singla, 45, of Marietta, Georgia, made his initial appearance before U.S. Magistrate Judge Linda T. Walker.  Singla was charged with 17 counts of intentional damage to a protected computer and one count of obtaining information from a protected computer. Members of the public are reminded that the indictment only contains charges. The defendant is presumed innocent of the charges and it will be the government’s burden to prove the defendant’s guilt beyond a…

Source…

What Can Contractors Do to Protect Company Data, Assets From Hackers? : CEG

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Though people want to be able to access data from anywhere, in reality the fewer places data lives the safer it is.

Though people want to be able to access data from anywhere, in reality the fewer places data lives the safer it is.

Challenge-junkie cybercriminals have moved on from hacking personal information. Now corporate intelligence, infrastructure and even heavy equipment are targets. Though currently cybersecurity threats are incidental in the construction industry, the potential for widespread damage exists. What can contractors do to protect their company data and heavy machinery assets?

“We’ve crossed the rubicon,” said Erol Ahmed; director of communications of Built Robotics, San Francisco. Cybercrime is “now moving on to critical infrastructure, pipelines and potentially heavy equipment.”

Ahmed believes these large-scale operations make more attractive targets because the software used to run them is easy and accessible to criminals.

“So, it’s important to provide the right protection for users as much as possible.”

The bottom line, said Ahmed is yes, “we’re seeing an increase in ransomware and hacking, but we have the capabilities to fight back and keep our equipment running smoothly and safely.”

How It Happens

In early May, Colonial Pipeline suffered a ransomware cyberattack that impacted computerized pipeline management equipment.

The pipeline originates in Houston, Texas, and carries gasoline and jet fuel mainly to the southeastern United States.

Colonial Pipeline Company halted all of the pipeline’s operations and paid the requested ransom of nearly $5 million within several hours after the attack.

The hackers then sent Colonial Pipeline a software application to restore their network.

It was determined to be the largest cyberattack in U.S. history on oil infrastructure.

In 2019, two white-hat hackers selling security software from Japan-based Trend Micro proved how easy it would be to hack a construction crane.

With permission from machinery owners, while sitting in their car, the two hacked cranes and other construction machinery at 14 different sites in Italy.

The cranes’ vulnerability lies in their communication systems, which connect machine to controller.

According to…

Source…

NZ cloud storage company being used by ransomware attackers, says FBI


Waikato DHB’s IT centre was the target of a major cyber security attack. Video / Waikato DHB

By Phil Pennington for RNZ

The FBI warns Auckland company Mega.NZ is being used by ransomware attackers.

The company has told RNZ there is no sign hackers are using its service to store patient data stolen from Waikato hospitals, but it cannot rule out the possibility.

The FBI has issued a series of alerts since last year, naming Mega.

The latest – on May 20, three days after Waikato DHB was crippled – said Mega was one of two cloud storage services that hackers behind mass attacks, including on health services, had been using.

Another, in March, said: “The cyber actors have uploaded stolen data to Mega.NZ, a cloud storage and file sharing service, by uploading the data through the Mega website or by installing the Mega client application directly on a victim’s computer.”

Mega said there was no way to prevent criminals using legitimate software since they fully controlled the system they hacked.

It was also impossible to know what its 220 million account holders kept on their encrypted files, except if law enforcement or a hacked company alerted it.

“If they found a Mega link, it would be reported to us and [the account] closed within minutes,” Mega chief executive and chair Stephen Hall told RNZ.

He could “not guarantee” Mega’s services were not being used by the Waikato DHB’s hackers, but so far the company had not been alerted by local police or Waikato DHB.

“All I can say is there’s no sign of that being on Mega at this stage,” Hall said.

The FBI alerts also referred to hackers using Microsoft’s Windows Sysinternals and Swiss firm pCloud.

Mega.NZ is a successor company to Megaupload, set up by Kim Dotcom. Megaupload’s domains were seized by the US Department of Justice.

Dotcom exited Mega years ago, and Hong Kong’s Cloud Tech Services owns most of it.

‘The last thing we would ever want’

It has been suggested the Waikato attack used ransomware called Conti, or Zeppelin.

The FBI said one indicator of a Conti ransomware attack was when large transfers went to Mega or pCloud servers.

Hall, asked if hackers had ever used Mega’s premium and very large accounts, which it charges for, said the company was not…

Source…