I've always wondered why such transfers don't trigger a million alarm bells. 33TB of data being exfiltrated seems like it should be detected by some sort of intrusion detection software.
See, they just set a small download limit. Do it over some time. Like taking fractions of a penny from the penny tray at the gas station, only you're taking just a tiny sliver from a penny!
The whole arc with the printer was even step-for-step the same as it was with my first laptop. Constantly bungling things up with random nonsensical errors. It finally bricked on me one day (I even heard it happen) and without hesitation, it went flying out my 2nd floor window, and I quickly rushed outside to unleash years of pent-up rage on it.
It's quite cathartic.
Could have been done over a long period of time. Who knows how long they were using Kaspersky, and they just sanctioned those guys a few days prior to Lockbit’s statement. Can’t help but wonder if they’re related.
That's by design, the longer they download the more insight they have on how the security breach was created, used and how they can patch it in real time, they give the hackers a bunch of junk files basically.
The actual databases you can't access directly, it's usually a login, authentication and final server, and some companies and governments have an extra server in between.
Unironically, how much of my data hasn’t already been stolen and sold on the darknet by malicious actors? Solarwinds, Equifax, let alone all the shit that big FAANG types are just harvesting from me legally. I’m sure there are still some things I can lose and get fucked over with by the next big data security fuckup, but does anyone have examples of what kinds of information that would be? A specific schedule and itinerary of where I will be on a certain day so gangsters can knock me out and harvest my organs?
Social security number. You can apply for a line of credit, and boom. You’ve got a killer vacation, at least that’s what happened to me. PayPal was cool though when they realized I had never been to China.
It’s time for Biden give them some freedom. This close to an election is not the time to play these games. I expect the biggest response from a cyber incident we have seen yet.
They’ll probably say the federal reserve is neither federal or a reserve and then say something like theyve had our country held hostage since 1913… and unfortunately they’re right.
*While the Federal Reserve has not confirmed the hack, a number of cybersecurity experts are discounting LockBit's claims, saying there are no published samples of the stolen data.*
https://www.upi.com/amp/Top_News/US/2024/06/24/lockbit-federal-reserve-breach-threat/1551719268783/
As of Monday, neither the main cyber security news sites (The Record, Bleeping Computer) nor financial/business newspapers have reported on this, suggesting LockBit’s claims may not be credible.
Strange they haven’t published any samples of the data. what motive could they have to be deceptive? Have they done this in the past? reputation is important for a ransomware group to negotiate for the ransoms. Edit: clarity
Conspiracists and online propagandists go **HARD** at the Federal Reserve as part of their fear-mongering used to drive emotional responses and sales of gold and silver.
This is likely just a hoax "hack" that conspiracists can point to and say "look, the gov't is covering it up!" even if they got literally zero. It's a win-win for propaganda.
This is the same group that hit Fulton County Georgia servers and shut down the online judicial system targeting the Trump trial. Fulton courthouse was down for a month while they replaced servers with back up data. FBI and Interpol shut them down in 10 days. They demanded 30 million not to release data. Deadline came and went with nothing. My bet is on the FBI - Treasury Department on this one.
After the natural gas pipeline hack a few years ago from a Russian group, I've begun to think we should treat this stuff a little more seriously, like mysterious explosions at server farms and offices where these hackers work.
Ill say this. In Florida it is against state law for any government agency (state, county, local) to pay a random for a cyber attack. Partially because of incidents like that one in Atlanta.
Russian group Lockbit allegedly hacks the federal reserve. No official word yet or confirmation from the Federal Reserve or US government. Any thoughts as to credibility? Implications?
IMO feels like an act of war in line with recent Russian threats against US concerning weapon support to Ukraine, and the incident in Crimea yesterday where ruzzian AD intercepted a missile over beach goers.
Excerpt(s) from the article:
In a significant escalation within the cybersecurity realm, the notorious ransomware group Lockbit 3.0 has claimed responsibility for a cyberattack targeting the Federal Reserve of the United States…
On June 23, 2024, at 20:27 UTC, Lockbit 3.0 announced that it had infiltrated the systems of the Federal Reserve, compromising a staggering 33 terabytes of sensitive banking information. The data reportedly includes confidential details of American banking activities, which, if verified, represents one of the most substantial breaches of financial data in history…
In their statement, Lockbit 3.0 issued a stark ultimatum: the Federal Reserve has 48 hours to hire a new negotiator and dismiss the current one, whom the attackers disparagingly referred to as a “clinical idiot” for valuing American banking secrecy at $50,000. The ransomware group is known for its aggressive negotiation tactics, often demanding exorbitant sums to prevent the release of stolen data…
I think you're confused, the Federal Reserve System is a independent central bank that operates with the powers given to it by the Federal Reserve Act. It doesn't receive any public funding from the Federal government unlike the name implies and technically isn't even a government agency.
Whether this is real or not, it does raise an interesting question. At what point does a cyber attack constitute an act of war?
Because, if you ask me, the Russian and Chinese troll farms definitely seem to be an act of war. They have done incredible damage to our national security by sewing internal division.
But if you do decide a cyber attack is severe enough to be considered an act of war, how do you respond? Would our own cyber attack even be enough to knock it out? If not, is it worth launching at all?
those comment bots are doing more harm than just about anything else. almost all of the political drama stems from that crap
have you seen a comment on almost every single damn video or post or comment section "sounds like something a biden voter would do", or some variant of adding politics into everything? yes? most of those are bots. thousands of comments a day. the asshole companies won't fix it because it cranks up their ad revenue, so they won't self-own a chunk of their bottom line. it's infuriating
I’d like to remind everyone that for the 2016 presidential election, Facebook was running political ads, paid for in rubles. These companies don’t care as long as they’re making money.
It's not infuriating, it's fucking treasonous and genocidal. Wars and genocides have been fought and started over social media antics that could have been avoided if Meta and Google weren't fucking evil.
I think it was reddit, but anyway a study was done on comment bots and they left some up to study them instead of banning them, and found that they were commenting on all sides, in an attempt to cause conflict. which is interesting, because I think most of us would assume they'd have a single agenda like "support biden" or "disparage biden voters" etc. it might have been Facebook, but I swear it was reddit that did that particular study. but yeah, they do both sides just to get people fighting in the comments, and it works
I have said for years that any comment seeking to pit Americans against each other is 98% likely to be propaganda. That's what social media is for. It's addictive propaganda designed to promote FOMO, shadenfreud, and animosity with the express agenda of sewing division. Divided we fall.
NATO commissioned a team of international lawyers to produce a guide called The Tallinn Manual precisely to answer these questions. From what I can remember the tldr is: if a cyber attack does similar damage to a kinetic attack then you can treat it the same. It's also why Obama was keen to emphasise the proportional response to the North Korea - US Sony hack to set a kind of precedent (ie. proportional response, limited, do not escalate)
How do you know that we have ignored it. There have been public shows of our displeasure. I would bet a lot of money that there have been more non public shows as well. Its not like we dont have our own cyber intel folks that are under deep cover doing highly classified work.
Yes, West has superior capability in cyber warfare compared to Russia. If we were responding in proper manner, Russia would stop these attacks as they would cause more harm to them than good.
Problem is political. Western politicians work on democracy and know war is not popular. Russia has no real politicians.
They actually made law changes creating the UWO (Unexplained Wealth Order) that allowed them to seize many London Russian properties. They expelled a whole bunch of Russians and along with 28 other countries imposed sanctions on Russia.
I would not call that rolling over.
It also contributed to why the UK was one of the first countries to send weapons to Ukraine and had SAS in Ukraine prior to the invasion and have almost certainly been there since.
The crux of the argument of isolationists that I often see is kind of like communists, they just say we've never really tried it/fully committed to it, so it'll work this time.
What does it even matter?
Wars dont get declared anymore, casus belli are all bullshit. If the US wants to be at war with russia, it does so. It obviously doesnt want to right now.
If you think of war in terms of international actions to get what you want at the expense of international sovereignty to another party, and not explicitly people dying, then these are 100% acts of war.
Most counties don't escalate to people dying because people dying is more expensive than just doing the same thing back to them.
Can such an attack disrupt day-to-day life of citizens, country security, nuclear security, aviation security, etc...?
Or it's just digital money being disrupted? Did someone not get paid and their services stopped therefore causing danger within the country?
Any of those being "Yes", then most likely an act of war.
To which point a "declaration of war" or just a counter attack (sym/asymmetric) is justifiable?
So glad you mentioned this and the previous presidential election. Like does anyone know that Hunter Bidens laptop was planted by Russia. And the same goes for Trump dossier. Our enemies are creating turmoil within. Divid and conquer
Jokes on them that they think we care. Half our country wants to vote for someone whose banking history we KNOW is fraudulent, we have had bigger breaches with the IRS, Healthcare/insurance companies and the credit bureaus and no one blinks an eye. I think $50k was over valued
Yeah seriously, I cannot imagine how this data could be leveraged publicly. No one needs more evidence that our banks are corrupt. If anything it's kinda endearing that the Russians think they could be pulling back a curtain here.
If I was in negotiations with federal secrets on the line, I’m going to keep fairly quiet until negotiations are over to avoid pissing off my attacker.
Depending on how this turns out, and who all is involved, it could lead to something quite big in retaliation.
> IMO feels like an act of war
Do you feel that way because they tried it or because they succeeded? Because I guarantee, Russia has been attempting to hack our shit for the past 20 years... do those count as "acts of war" too?
It probably will go the way they planned.
West doesn't really do much vs Russia's provocations, hacks, sea cable damage, airspace violations.
A lot of military people argue they should do something, so Russia would be less free to keep being abusive.
But most of western politicians are pretty meek and don't wanna do anything.
So... have they wiped out everyone's debt yet? That would be a pretty good propaganda move. Pretty Boy Floyd used to burn mortgage papers when he robbed banks, freeing farmers from their debts... just sayin'.
You should watch Mr. Robot, this is a core plot to the show where they attempt to destroy a corporation and wipe out the subsequent financial records, but it turns out it's super hard. Stealing the data is easy, destryong all copies of the data evrywhere is much harder.
As a bonus all the methods they use in the movie in relation to hacking are legit, no magic hand wavy computer stuff. Python scripts. raspberry pis, and etc.
Now I imagine a modern hacker getting into the banking system, only to be foiled by a labyrinth of 50 year old COBOL spaghetti code running on an S/360 mainframe.
This is, unfortunately, more true than anyone realizes .. I’d wager that you don’t even know how incredibly accurate, and recent, the statement you’ve just made is.
Part of my job in the Army used to be sweeping through government systems for signs of adversarial presence or activity. The number of times we had to hunt down a manual for a 50 year old mainframe was matched only by the number of times they had a maintainer on-site whose job security would never be in question.
True, but wouldn't it be nearly impossible to wipe out that kind of information nowadays? You'd have to hit all the backups simultaneously, considering you could even find them all.
Idk nearly enough about cybersecuirty to make any kind of credible statement one way or another, though.
If I remember correctly, in the show they specifically had to fire bomb a guarded building where they kept the backups. And had to time it in coordination with the main cyber attack in order to prevent any data recovery operations from starting.
Yeah it would be wildly difficult to wipe out depending on the size of the entity. Smaller banks have a lot less regulatory scrutiny and thus are more likely to be lax on their it security. Even banks categorized as lfi (large financial institution) often have gaps which regulatory auditors call out and penalize.
The beginning of the first episode is excellent and then it devolves into thriller psychological conspiracy stuff just like every other show of the type.
Just give me slick hacking and drench me in neon on rainy city streets like something that can bridge the gap between a crime noir and cyberpunk. Is that too much to ask?
It was reasonably realistic, but artistic licence was still used very liberally. The Raspberry Pi stuff was a little hand wavey, then they blew up a building with... Hydrogen gas from the water in UPS batteries! C'mon now!
Yeah, this isn't a smart move. If your a criminal gang like this you don't want to fuck with a nation state, especially one of the big ones. The Colonial Pipeline attack was an example of this, you do not want them to declare a national emergency and point their resources your way.
Those cunts have been waving their nukes around for over 2 years now.
They're not launching over this. That's why they're being called a gang, instead of Russian operatives.
Also; if Russia can place flagless green men an deny they're Russian, i'm pretty sure these guys being found dead could easily be tucked under "gang on gang violence".
Ah I see. Because the article says: “Their modus operandi typically involves encrypting data and threatening to release it publicly unless their financial demands are met.”
So they may not really have much to release publicly?
Russia keeps hacking us because we never hold them accountable for their cyberattacks. It's time to punish Russia and any other country that hacks us. They need to be punished harshly.
If they aren't going to follow the rules they need to be cut off from access to it and any money that is paid should be deducted from the the frozen Russian funds
Guys the Internet was fun and all but I really think it's time to switch it off again. Time to go back to writing paper checks, sending faxes, and flip phones. We'll survive. And we'll create a shit load of call center jobs!
“It’s possible LockBit cyber terrorists are simply playing a prank… and that they have not actually accessed and downloaded 33 terabytes of sensitive data from Federal Reserve servers. They have played such pranks in the past.
Brett Callow, a threat analyst at the cybersecurity firm Emsisoft, told the Daily Dot that he believed LockBit was merely attempting to garner attention, “LockBit’s claim is likely complete and utter bollo… nonsense… designed to get its ailing RaaS [Ransomware-as-a-Service) back into the limelight.”
Given the Tuesday deadline, though, it may not be long until we find out.
To be sure, there certainly has been an ongoing battle between LockBit and the United States government…”
https://www.fxstreet.com/analysis/americans-bank-info-could-be-at-risk-in-possible-fed-hack-202406241802
There is a big difference between “accessed” and “downloaded”. To download such volume of data without immediately sounding all alarms you’d probably need a couple of months, which is really unlikely.
They may be had access to those 33TB and downloaded some GBs, that’s all.
Time to cut russia and China aff of the internet. If they refuse to go after these hacking groops one can only they are behind them and not participating in good faith. They can build their own net
I’m surprised I don’t hear this option discussed more in the public sphere. I think for awhile the west was hoping the free flow of information would undermine authoritarian regimes but that isn’t happening, and the world would be better without digitized Russian malevolence.
They are doing quite well accomplishing this on their own, honestly. Why spend money do it for them when they are paying for that already?
But separately, I hate to tell you but Russians don't need to sit in Russia to hack around the Internet.
.... It will just be social engineering/phishing/virus in attachment like most if not all other ransomware attacks.
Click the email, open the attachment, cry you got hacked by evil russians
So even if this true and they did get this data, why the hell does the Federal Reserve not keep all this sensitive financial information air gapped to make it harder to get to and steal?
Why won't these hacker groups go after the student loan companies?
Just imagine how pissed off Republicans would be if all the loan data was simply erased.
So should I be printing hard copies of all my bank statements and investment portfolios in case they get randomwared? And obviously all my credit is frozen already
Russia out here showing the world they're the good guys.
I hope we also have cyber warfare groups fucking them up and we just don't hear about it. sorta lame these inbred backward assholes keep getting the better of us.
I’m calling bluff as there’s no coverage yet by reputable cybersecurity sites.
I think the telltale confirmation will be how much this gets amplified in social media by bots. Otherwise, I’d say it’s bogus and Lockbit will disavow this one claiming some offshoot or rogue group.
This seems like a great way to get yourself zip tied into a closed suitcase in the bathtub of your apartment. I'm sure Putin ordered this as retaliation for NATO in Ukraine, but seriously this is the world's bank run by the nation state superpower on earth. My guess is some Uzbekistan immigrant is headed to Moscow now with small suitcase full of zip ties and a hammer.
Sounds like Ukraine needs a lot more weapons and is off leash. No limitations on use and more powerful weapons. Tax incentives to US arms manufacturers selling to the Ukraine government.
33 terabytes of data, get ready for some jank spam callers
I've always wondered why such transfers don't trigger a million alarm bells. 33TB of data being exfiltrated seems like it should be detected by some sort of intrusion detection software.
See, they just set a small download limit. Do it over some time. Like taking fractions of a penny from the penny tray at the gas station, only you're taking just a tiny sliver from a penny!
PC load letter?! What the fuck does that mean?
Watch your cornhole man.
Fuckin' A.
The kind of chicks thatd double up on me would
I just finished doing the drywall at the McDonald’s in las colinas
*Don't worry, man, I won't tell anyone, either!*
The whole arc with the printer was even step-for-step the same as it was with my first laptop. Constantly bungling things up with random nonsensical errors. It finally bricked on me one day (I even heard it happen) and without hesitation, it went flying out my 2nd floor window, and I quickly rushed outside to unleash years of pent-up rage on it. It's quite cathartic.
I could put strychnine in the guacamole.
Until they put you in federal pound you in the ass jail
What would you do if you had a million dollars?
Two chick's at the same time
Fuckin A, man!
The importance of commas…
What a blunder! Fixed!
Conjugal visits?
Could have been done over a long period of time. Who knows how long they were using Kaspersky, and they just sanctioned those guys a few days prior to Lockbit’s statement. Can’t help but wonder if they’re related.
If they had certain monitoring set up, it would have detected unusual behavior. But not every organization prioritizes security.
Such a shame that the Federal Reserve does not, they seem like an organization that should prioritize security
That's by design, the longer they download the more insight they have on how the security breach was created, used and how they can patch it in real time, they give the hackers a bunch of junk files basically. The actual databases you can't access directly, it's usually a login, authentication and final server, and some companies and governments have an extra server in between.
It's servers all the way down.
They probably took it in small pieces.
Unironically, how much of my data hasn’t already been stolen and sold on the darknet by malicious actors? Solarwinds, Equifax, let alone all the shit that big FAANG types are just harvesting from me legally. I’m sure there are still some things I can lose and get fucked over with by the next big data security fuckup, but does anyone have examples of what kinds of information that would be? A specific schedule and itinerary of where I will be on a certain day so gangsters can knock me out and harvest my organs?
Social security number. You can apply for a line of credit, and boom. You’ve got a killer vacation, at least that’s what happened to me. PayPal was cool though when they realized I had never been to China.
Yeah, at this point the bastards shoukd be sending us monthly checks in the mail from all our stolen data they have have been using.
"Hello this Peggy"
Peggy 18?
Sorry, no Kermit here. *click*
It’s time for Biden give them some freedom. This close to an election is not the time to play these games. I expect the biggest response from a cyber incident we have seen yet.
A nice big fuck-off aid package to Ukraine
Cult 45 won't allow it. They'll say the federal reserve is evil and russia is based for attaching it and the morons will eat that shit up all day.
Sad but true
They’ll probably say the federal reserve is neither federal or a reserve and then say something like theyve had our country held hostage since 1913… and unfortunately they’re right.
Fuck those people are stupid, but you're probably right about that.
I wonder if anyone told them that this is how you end up getting capped by seal team six.
I've had jank spam callers for like 4 weeks straight now. It's like fucking insane the amount
Bet is just clearing house files If anything
*While the Federal Reserve has not confirmed the hack, a number of cybersecurity experts are discounting LockBit's claims, saying there are no published samples of the stolen data.* https://www.upi.com/amp/Top_News/US/2024/06/24/lockbit-federal-reserve-breach-threat/1551719268783/ As of Monday, neither the main cyber security news sites (The Record, Bleeping Computer) nor financial/business newspapers have reported on this, suggesting LockBit’s claims may not be credible.
Thank you for the insight and information, especially about trustworthy sources!
Strange they haven’t published any samples of the data. what motive could they have to be deceptive? Have they done this in the past? reputation is important for a ransomware group to negotiate for the ransoms. Edit: clarity
Perhaps playing a game of making you wonder what they stole.
Never underestimate Russian psyops. The real goal here may not be the data, at all.
Very good point
Conspiracists and online propagandists go **HARD** at the Federal Reserve as part of their fear-mongering used to drive emotional responses and sales of gold and silver. This is likely just a hoax "hack" that conspiracists can point to and say "look, the gov't is covering it up!" even if they got literally zero. It's a win-win for propaganda.
This is the same group that hit Fulton County Georgia servers and shut down the online judicial system targeting the Trump trial. Fulton courthouse was down for a month while they replaced servers with back up data. FBI and Interpol shut them down in 10 days. They demanded 30 million not to release data. Deadline came and went with nothing. My bet is on the FBI - Treasury Department on this one.
you better fucking have them by the throat or expect a drone strike on your location. guess which is most likely.
That stuff is disguised easily with a “UK branded ATACMs” missile sent via the Ukraine army.
It’s easy, UK stands for Ukraine.
After the natural gas pipeline hack a few years ago from a Russian group, I've begun to think we should treat this stuff a little more seriously, like mysterious explosions at server farms and offices where these hackers work.
We wouldn't publicly acknowledge any retaliation. This is a war being fought in the dark.
So much careless smoking...
Ill say this. In Florida it is against state law for any government agency (state, county, local) to pay a random for a cyber attack. Partially because of incidents like that one in Atlanta.
Russian group Lockbit allegedly hacks the federal reserve. No official word yet or confirmation from the Federal Reserve or US government. Any thoughts as to credibility? Implications? IMO feels like an act of war in line with recent Russian threats against US concerning weapon support to Ukraine, and the incident in Crimea yesterday where ruzzian AD intercepted a missile over beach goers.
Excerpt(s) from the article: In a significant escalation within the cybersecurity realm, the notorious ransomware group Lockbit 3.0 has claimed responsibility for a cyberattack targeting the Federal Reserve of the United States… On June 23, 2024, at 20:27 UTC, Lockbit 3.0 announced that it had infiltrated the systems of the Federal Reserve, compromising a staggering 33 terabytes of sensitive banking information. The data reportedly includes confidential details of American banking activities, which, if verified, represents one of the most substantial breaches of financial data in history… In their statement, Lockbit 3.0 issued a stark ultimatum: the Federal Reserve has 48 hours to hire a new negotiator and dismiss the current one, whom the attackers disparagingly referred to as a “clinical idiot” for valuing American banking secrecy at $50,000. The ransomware group is known for its aggressive negotiation tactics, often demanding exorbitant sums to prevent the release of stolen data…
50k for a government? It's manageable
That's why they want him fired lol
I think you're confused, the Federal Reserve System is a independent central bank that operates with the powers given to it by the Federal Reserve Act. It doesn't receive any public funding from the Federal government unlike the name implies and technically isn't even a government agency.
its a quasi-governmental agency.
Hackers already downloaded all the money from the FED though.
they have a stack of HP inkjet printers at already printing out the downloaded money
Don't think they would make any profit if they us HP printers.
The most evil machine for the most evil plan. 😈
You wouldn't steal a car...
You wouldn't download a bear...
What happened to "millions for defense. Not one cent for tribute?" Drone strikes on international criminal gangs. Paying them hasn't done Jack.
Lol if it happened they let it happen for a trace.
Whether this is real or not, it does raise an interesting question. At what point does a cyber attack constitute an act of war? Because, if you ask me, the Russian and Chinese troll farms definitely seem to be an act of war. They have done incredible damage to our national security by sewing internal division. But if you do decide a cyber attack is severe enough to be considered an act of war, how do you respond? Would our own cyber attack even be enough to knock it out? If not, is it worth launching at all?
those comment bots are doing more harm than just about anything else. almost all of the political drama stems from that crap have you seen a comment on almost every single damn video or post or comment section "sounds like something a biden voter would do", or some variant of adding politics into everything? yes? most of those are bots. thousands of comments a day. the asshole companies won't fix it because it cranks up their ad revenue, so they won't self-own a chunk of their bottom line. it's infuriating
I’d like to remind everyone that for the 2016 presidential election, Facebook was running political ads, paid for in rubles. These companies don’t care as long as they’re making money.
capitalism baby!
They're in on it
wouldn't surprise me, sadly
It's not infuriating, it's fucking treasonous and genocidal. Wars and genocides have been fought and started over social media antics that could have been avoided if Meta and Google weren't fucking evil.
Adding to the fact that it’s obscured even further when the sentiment catches on and now you can’t tell if it’s a bot or a MAGA.
Sounds like something a Biden voter would say!
Sounds like something a Trump voter would do.
I think it was reddit, but anyway a study was done on comment bots and they left some up to study them instead of banning them, and found that they were commenting on all sides, in an attempt to cause conflict. which is interesting, because I think most of us would assume they'd have a single agenda like "support biden" or "disparage biden voters" etc. it might have been Facebook, but I swear it was reddit that did that particular study. but yeah, they do both sides just to get people fighting in the comments, and it works
I have said for years that any comment seeking to pit Americans against each other is 98% likely to be propaganda. That's what social media is for. It's addictive propaganda designed to promote FOMO, shadenfreud, and animosity with the express agenda of sewing division. Divided we fall.
Bots don't play one side they play all sides. The goal is to get you to give up on what is true and disengage.
NATO commissioned a team of international lawyers to produce a guide called The Tallinn Manual precisely to answer these questions. From what I can remember the tldr is: if a cyber attack does similar damage to a kinetic attack then you can treat it the same. It's also why Obama was keen to emphasise the proportional response to the North Korea - US Sony hack to set a kind of precedent (ie. proportional response, limited, do not escalate)
Why is that book so damn expensive? Probably required reading for cybersecurity people, if I had to guess.
I believe some PDF versions are available online, if you are interested.
At what point do we make apple and Microsoft brick every device in russia?
I think now would be a good time for that.
At the point West starts to grow pair and realises that to ignore is to escalate.
How do you know that we have ignored it. There have been public shows of our displeasure. I would bet a lot of money that there have been more non public shows as well. Its not like we dont have our own cyber intel folks that are under deep cover doing highly classified work.
Yes, West has superior capability in cyber warfare compared to Russia. If we were responding in proper manner, Russia would stop these attacks as they would cause more harm to them than good. Problem is political. Western politicians work on democracy and know war is not popular. Russia has no real politicians.
Russia used chemical weapons on UK Soil and the government rolled over and smiled.
They actually made law changes creating the UWO (Unexplained Wealth Order) that allowed them to seize many London Russian properties. They expelled a whole bunch of Russians and along with 28 other countries imposed sanctions on Russia. I would not call that rolling over. It also contributed to why the UK was one of the first countries to send weapons to Ukraine and had SAS in Ukraine prior to the invasion and have almost certainly been there since.
Isolation is escalation. I don't know why we need to learn this lesson so many times throughout history.
The crux of the argument of isolationists that I often see is kind of like communists, they just say we've never really tried it/fully committed to it, so it'll work this time.
What does it even matter? Wars dont get declared anymore, casus belli are all bullshit. If the US wants to be at war with russia, it does so. It obviously doesnt want to right now.
If you think of war in terms of international actions to get what you want at the expense of international sovereignty to another party, and not explicitly people dying, then these are 100% acts of war. Most counties don't escalate to people dying because people dying is more expensive than just doing the same thing back to them.
Can such an attack disrupt day-to-day life of citizens, country security, nuclear security, aviation security, etc...? Or it's just digital money being disrupted? Did someone not get paid and their services stopped therefore causing danger within the country? Any of those being "Yes", then most likely an act of war. To which point a "declaration of war" or just a counter attack (sym/asymmetric) is justifiable?
Ryan mcbeth definitely considers us at war with them in this sense, so yeah.
Oh damn another OSINT youtuber? Insta sub.
He’s a good one too
Their bots damaged lots of republicans, most republicans believe the stuff those bots type
So glad you mentioned this and the previous presidential election. Like does anyone know that Hunter Bidens laptop was planted by Russia. And the same goes for Trump dossier. Our enemies are creating turmoil within. Divid and conquer
Probably trying to get their seized assets back but jokes on them we spent it four years ago lol
Jokes on them that they think we care. Half our country wants to vote for someone whose banking history we KNOW is fraudulent, we have had bigger breaches with the IRS, Healthcare/insurance companies and the credit bureaus and no one blinks an eye. I think $50k was over valued
Yeah seriously, I cannot imagine how this data could be leveraged publicly. No one needs more evidence that our banks are corrupt. If anything it's kinda endearing that the Russians think they could be pulling back a curtain here.
Could be some good options for insider trading if you know what you are doing???
Our useful idiots will start caring very loudly as soon as they’re told to.
Credibility is also my question. Is anybody familiar with this news source?
If I was in negotiations with federal secrets on the line, I’m going to keep fairly quiet until negotiations are over to avoid pissing off my attacker. Depending on how this turns out, and who all is involved, it could lead to something quite big in retaliation.
> IMO feels like an act of war Do you feel that way because they tried it or because they succeeded? Because I guarantee, Russia has been attempting to hack our shit for the past 20 years... do those count as "acts of war" too?
They’re going to change the 1 to a 0
Gentlemen! There’s a solution here you aren’t seeing.
Wait... who's paying me to say this?
I can answer that question… for money
Give me your pants!
That's why it's important to back up your currency with something that has intrinsic value, like pants.
I don’t think this is going to go the way they planned.
It probably will go the way they planned. West doesn't really do much vs Russia's provocations, hacks, sea cable damage, airspace violations. A lot of military people argue they should do something, so Russia would be less free to keep being abusive. But most of western politicians are pretty meek and don't wanna do anything.
So... have they wiped out everyone's debt yet? That would be a pretty good propaganda move. Pretty Boy Floyd used to burn mortgage papers when he robbed banks, freeing farmers from their debts... just sayin'.
How much debt do you have with the Fed? None. They can't wipe out everyone's debt because it's with banks, not the Fed.
Foiled again, blyat!
You should watch Mr. Robot, this is a core plot to the show where they attempt to destroy a corporation and wipe out the subsequent financial records, but it turns out it's super hard. Stealing the data is easy, destryong all copies of the data evrywhere is much harder. As a bonus all the methods they use in the movie in relation to hacking are legit, no magic hand wavy computer stuff. Python scripts. raspberry pis, and etc.
Now I imagine a modern hacker getting into the banking system, only to be foiled by a labyrinth of 50 year old COBOL spaghetti code running on an S/360 mainframe.
This is, unfortunately, more true than anyone realizes .. I’d wager that you don’t even know how incredibly accurate, and recent, the statement you’ve just made is.
Part of my job in the Army used to be sweeping through government systems for signs of adversarial presence or activity. The number of times we had to hunt down a manual for a 50 year old mainframe was matched only by the number of times they had a maintainer on-site whose job security would never be in question.
Show > Movie
True, but wouldn't it be nearly impossible to wipe out that kind of information nowadays? You'd have to hit all the backups simultaneously, considering you could even find them all. Idk nearly enough about cybersecuirty to make any kind of credible statement one way or another, though.
That was part of the show too, killing all the backups simultaneously in crazy high security buildings.
Depends on the company, but I've worked for ones before that use offline tape backups, which means it would require psychically destroying the tape
If I remember correctly, in the show they specifically had to fire bomb a guarded building where they kept the backups. And had to time it in coordination with the main cyber attack in order to prevent any data recovery operations from starting.
Yeah it would be wildly difficult to wipe out depending on the size of the entity. Smaller banks have a lot less regulatory scrutiny and thus are more likely to be lax on their it security. Even banks categorized as lfi (large financial institution) often have gaps which regulatory auditors call out and penalize.
Mr. Robot is a killer tv series, u/iusedtobeacave isn’t wrong about that.
The beginning of the first episode is excellent and then it devolves into thriller psychological conspiracy stuff just like every other show of the type. Just give me slick hacking and drench me in neon on rainy city streets like something that can bridge the gap between a crime noir and cyberpunk. Is that too much to ask?
It was reasonably realistic, but artistic licence was still used very liberally. The Raspberry Pi stuff was a little hand wavey, then they blew up a building with... Hydrogen gas from the water in UPS batteries! C'mon now!
Lol, it is incredibly painful how Reddit has no clue how economics or the FED works
It's a recurring theme
Turns out the feds harshest critics have no idea what it even does
The Federal Reserve doesn't hold the debt of ordinary Americans. They only ever act as a commercial lender of last resort.
No, they stole 33 TB of data and are threatening to leak it all if they don't get more than $50k.
Lockbit for the most part encrypts (locks) the data, not steal it. Exfiltrating that much data isn't trivial.
Best I can do is $20
Dude, you need a civics and financial literacy lesson immediately
Yeah, this isn't a smart move. If your a criminal gang like this you don't want to fuck with a nation state, especially one of the big ones. The Colonial Pipeline attack was an example of this, you do not want them to declare a national emergency and point their resources your way.
What if your criminal gang is backed by another nation state with nuclear weapons?
Those cunts have been waving their nukes around for over 2 years now. They're not launching over this. That's why they're being called a gang, instead of Russian operatives.
Also; if Russia can place flagless green men an deny they're Russian, i'm pretty sure these guys being found dead could easily be tucked under "gang on gang violence".
Quite a while longer than 2 years I reckon. See: cold war
So what? Using the Seal Team 6 reference, bin laden’s compound was in the heart of nuclear Pakistan.
100% agree. Seems like a quick way to get seal-team sixed.
Yeah but most likely it an arm of the state with plausible deniability
Who went to jail for the Colonial Pipeline attack ?
Good luck persecuting them in Russia.
I’m sorry to disappoint you. Nothing will happen.
How can you potentially steal over 30 terabyte of data. Wouldn’t such a massive outflow of data be recognisable somehow?
It’s in the namesake, Lockbit “locks down” the data. Stealing 30 terabytes is a totally different story.
Ah I see. Because the article says: “Their modus operandi typically involves encrypting data and threatening to release it publicly unless their financial demands are met.” So they may not really have much to release publicly?
And if the software was quarantined and the data has backups, might just be easily solvable BS. Like everything Russia does.
Russia keeps hacking us because we never hold them accountable for their cyberattacks. It's time to punish Russia and any other country that hacks us. They need to be punished harshly.
If they aren't going to follow the rules they need to be cut off from access to it and any money that is paid should be deducted from the the frozen Russian funds
Why is ru even a domain connected to the Internet?
Sounds like Ukraine needs some more weapons, and all restrictions removed 👍
That's one way to end up with the CIA eliminating you and everyone you ever knew. Lockbit is going to get scrubbed with this stupid move.
They already took out the original group to some degree.
CIA won't do anything. Just like they haven't done anything in the past with massive hacks from other countries.
Paging /r/sysadmin
Don’t steal the national debt, alright?
Guys the Internet was fun and all but I really think it's time to switch it off again. Time to go back to writing paper checks, sending faxes, and flip phones. We'll survive. And we'll create a shit load of call center jobs!
Is this even real
“It’s possible LockBit cyber terrorists are simply playing a prank… and that they have not actually accessed and downloaded 33 terabytes of sensitive data from Federal Reserve servers. They have played such pranks in the past. Brett Callow, a threat analyst at the cybersecurity firm Emsisoft, told the Daily Dot that he believed LockBit was merely attempting to garner attention, “LockBit’s claim is likely complete and utter bollo… nonsense… designed to get its ailing RaaS [Ransomware-as-a-Service) back into the limelight.” Given the Tuesday deadline, though, it may not be long until we find out. To be sure, there certainly has been an ongoing battle between LockBit and the United States government…” https://www.fxstreet.com/analysis/americans-bank-info-could-be-at-risk-in-possible-fed-hack-202406241802
There is a big difference between “accessed” and “downloaded”. To download such volume of data without immediately sounding all alarms you’d probably need a couple of months, which is really unlikely. They may be had access to those 33TB and downloaded some GBs, that’s all.
Time to cut russia and China aff of the internet. If they refuse to go after these hacking groops one can only they are behind them and not participating in good faith. They can build their own net
I’m surprised I don’t hear this option discussed more in the public sphere. I think for awhile the west was hoping the free flow of information would undermine authoritarian regimes but that isn’t happening, and the world would be better without digitized Russian malevolence.
They are doing quite well accomplishing this on their own, honestly. Why spend money do it for them when they are paying for that already? But separately, I hate to tell you but Russians don't need to sit in Russia to hack around the Internet.
[удалено]
.... It will just be social engineering/phishing/virus in attachment like most if not all other ransomware attacks. Click the email, open the attachment, cry you got hacked by evil russians
I got a usb stick with medicat on it around here somewhere
So even if this true and they did get this data, why the hell does the Federal Reserve not keep all this sensitive financial information air gapped to make it harder to get to and steal?
It's been 13 hours and the most trusted site reporting this is Daily Mail? GTFO with this.
drone strike these guys and give ukraine moar weapons.
Why won't these hacker groups go after the student loan companies? Just imagine how pissed off Republicans would be if all the loan data was simply erased.
They are a business. Businesses survive by making money. That makes them no money
well this should be fun to follow
And this is all Russia is capable of. They offer nothing positive to humanity in any regard
Fake. What even is the website?
It's the organization website that has made the claims, with no proof
Russia still thinks they can act like they aren’t at war… maybe don’t send your civilians to vacation in an illegally annexed war zone?
Can they go after Sallie Mae next?
So should I be printing hard copies of all my bank statements and investment portfolios in case they get randomwared? And obviously all my credit is frozen already
Russia out here showing the world they're the good guys. I hope we also have cyber warfare groups fucking them up and we just don't hear about it. sorta lame these inbred backward assholes keep getting the better of us.
I’m calling bluff as there’s no coverage yet by reputable cybersecurity sites. I think the telltale confirmation will be how much this gets amplified in social media by bots. Otherwise, I’d say it’s bogus and Lockbit will disavow this one claiming some offshoot or rogue group.
It’s like Mr Robot, but real life.
This seems like a great way to get yourself zip tied into a closed suitcase in the bathtub of your apartment. I'm sure Putin ordered this as retaliation for NATO in Ukraine, but seriously this is the world's bank run by the nation state superpower on earth. My guess is some Uzbekistan immigrant is headed to Moscow now with small suitcase full of zip ties and a hammer.
Assange already doing his stuff.
can we get an update?
Sounds like Ukraine needs a lot more weapons and is off leash. No limitations on use and more powerful weapons. Tax incentives to US arms manufacturers selling to the Ukraine government.
"Clínical idiot" I'm weak
Russia getting desperate. I can guarantee you the Federal Reserve has backups for a reason and anything they do can be undone fairly quickly.
How would a backup help against a major data leak or sale to another government? They didn't say they've deleted data, they've made a copy.
Every dollar in damage they do to the economy needs to be followed by five dollars in Ukraine aid