Hackers posted stolen district files to dark web

Hackers who demanded but did not receive ransom payments from Manhasset schools last month posted stolen district files to the dark web, according to the acting superintendent of schools.

“We were notified that yesterday, the criminals posted certain files to the dark web that they stole from our servers. We are currently reviewing these files, and we will provide direct notification, in accordance with applicable laws, to any individual whose personal information was potentially acquired by these criminals,” according to a letter dated Oct. 18 from Dr. Gaurav Passi.

Passi says he alerted law enforcement and “worked with cybersecurity experts” once the ransomware was found last month.

“Due to security updates completed by our network engineers and IT staff that included network segmentation, we were able to restore our computer systems from backups. As such, the district did not make any ransom payment to the criminals,” the letter says.

Those who were affected by the dark web leak would be directly notified, according to Passi, who encouraged everyone to “remain vigilant by regularly reviewing your credit reports and financial account statements for any unauthorized activity.”

“Our District was the victim of a criminal enterprise, and we understand how upsetting this is for our community. Unfortunately, ransomware attacks have been on the rise. We are one of the latest victims in this growing trend which has targeted other school districts, hospitals, and municipalities across the country. The district takes data security very seriously, and we are implementing several additional measures to enhance our security in an effort to prevent an incident like this from reoccurring in the future.”


The Hackers and the Hacked

Each week in October, as part of Cybersecurity Awareness Month, we’ll publish an article packed with facts and stats, to give you an in-depth look at the state of cybersecurity in today’s world. We’ll start with the basics, then cover vulnerabilities, risks, costs – and much more.

Need a geographical breakdown of hacking? If you’ve read Part 1: Hacking Basics and Part 2: What’s Being Hacked (And What Changed with Covid) of our Hacking the World series, then Part 3 should help clarify the “who” and “where” of what’s happening in hacking globally.

For a refresher of key hacking terms and definitions, read our helpful cybersecurity glossary from Part 1.

Jump to a section below, or read on:

The Hackers & the Hacked

Hacking Geography

The Hackers & the Hacked

Statistics on the individuals and industries targeted with cyberattacks, as well as the perpetrators who conduct them.

How Many People Get Hacked?

Inconsistencies in the identification, recording and reporting of data breaches since the beginnings of the internet make it almost impossible to know the total number of hacks (and exposed users) around the world in every past year.

For example, a lot of cybersecurity firms only analyze data on their clients and numerous nations/companies have inadequate cybersecurity practices.

That being said, the US has recorded cyber incidents since 2005, and, as one of the most attacked nations, the stats show a staggering amount of affected users.

Since 2005, nearly 2 billion sensitive US records have been exposed. That includes PII such as names, addresses, and credit card details.

According to the Privacy Rights Clearinghouse, over 10 billion US records have been exposed over that period in total.

Victim Demographics

Who is vulnerable to cybercrime? Fraud data from the Federal Trade Commission suggests older internet users are often victims.

According to Pew Research, younger age groups use technology more often than older adults, yet fraud complaints are less common in younger people.

Computer literacy is typically lower in older adults and the results suggest older age groups are more susceptible to cyberattacks and social engineering. While less active online,…


Cyber Private Eyes Go After Hackers, Without Counterattacking

Companies hit by hackers typically limit themselves to playing defense to comply with a federal law against invading someone’s computer. But some specialist cybersecurity firms say they can pursue criminals without launching their own attacks.

Most cybercrimes in the U.S. fall under the Computer Fraud and Abuse Act, a 1986 law that prohibits unauthorized access of computer systems. The law effectively places offensive cybersecurity actions solely in the hands of the federal government.

Striking back against hackers directly might be off limits but some former spies and cyber cops say that disrupting an attack in progress is a different story, as long as defenders follow the letter of the law. That often means persuading a hacker to give consent to access the computer or database being used in the suspected cyberattack, for instance by posing as a customer for stolen data.

Max Kelly,

the chief executive of security-services provider Redacted Inc., advocates proactively going after digital criminals. Businesses hire Redacted to manage their security, but the company can also take on hackers, he said.

Redacted’s employees, 60% of whom are former intelligence officers, will engage with cybercriminals such as ransomware operators, those offering his clients’ data for sale on the dark web, or serial online harassers, he said.

Mr. Kelly’s team builds a profile of the attackers by gathering information about them from the public internet and hidden hacker forums on the dark web. The investigators can often find out which hacking tools were used and where they were bought and can trace emails to identify a culprit, he said.

A direct confrontation often can be enough to get them to back off, said Mr. Kelly, who previously worked at the Federal Bureau of Investigation, the National Security Agency and

Facebook Inc.

“[The attackers] think they’re impervious and can’t be touched,” he said. “As soon as you come and poke at them, and they’re able to connect that to the activity they’re involved with, they disappear.”

The idea…


Hackers targeted US drinking water and wastewater facilities as recently as August, Homeland Security says

WASHINGTON – The nation’s top civilian cybersecurity agency issued a warning Thursday about ongoing cyber threats to the U.S. drinking water supply, saying malicious hackers are targeting government water and wastewater treatment systems.

Authorities said they wanted to highlight ongoing malicious cyber activity “by both known and unknown actors” targeting the technology and information systems that provide clean, drinkable water and treat the billions of gallons of wastewater created in the U.S. every year.

The alert, which disclosed three previously unreported ransomware attacks on water treatment facilities, was issued by the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA). It was the result of analytic efforts by DHS, the FBI, the Environmental Protection Agency and the National Security Agency.

One DHS cybersecurity official described it as the routine sharing of technical information between federal agencies and their industry partners “to help collectively reduce the risk to critical infrastructure in the United States.” Added a second Homeland Security official: “It’s not any indication of a new threat. We don’t want anyone to think that their drinking water supply is under attack.”

Both officials spoke on the condition of anonymity in order to elaborate on the agency’s public statements.

Despite their assurances, the advisory disclosed that in March 2019, a former employee at a Kansas-based water and waste water treatment facility unsuccessfully tried to threaten drinking water safety by logging in with his user credentials – which had not been revoked at the time of his resignation – to remotely access a facility computer.

In that case, a federal grand jury in Topeka, Kansas accused Wyatt Travnichek, 22, of tampering with the water treatment facilities for the sprawling, eight-county Post Rock Rural Water District.

The indictment, announced March 31, alleges that Travnichek’s job for the utility was to monitor the water plant remotely by logging into its computer system. Two months after he left his job with the water district in January 2019, it said, Travnichek logged in remotely with the intent of shutting shut down…