The Good, the Bad and the Ugly in Cybersecurity – Week 49

The Good

The US Department of Justice has been busy this past week, sentencing two individuals to long prison terms for their cyber crimes.

Ryan S. Hernandez  (aka Ryan West or “RyanRocks” as he called himself online), 21, was sentenced to three years in prison, with a further seven years of supervised release and registration as a sex offender after release. Hernandes’ cyber crimes included spearphishing a Nintendo employee, stealing his credentials and downloading confidential Nintendo files related to its consoles and games, such as the then much-anticipated Nintendo Switch console. He then went on and shared this confidential information on gaming forums.

In June 2019, FBI agents raided his house and seized numerous electronic devices. Further forensic investigation revealed that he had collected thousands of videos and images of minors engaged in sexually explicit conduct, which he stored in the aptly named folder “Bad Stuff”.

Hernandez will be joined in klink by another individual named Timothy Dalton Vaughn, 22, (aka “WantedbyFeds” and “Hacker_R_US”). Vaughn was a member of the “Apophis Squad,” a worldwide collective of computer hackers and swatters.

The collective has a reputation for making threatening phone calls and issuing bomb-related threats, but primarily engages in DDoS attacks. In early 2018, Vaughn demanded 1.5 bitcoin from a Long Beach company in exchange for not launching a DDOS attack against the company’s website. When it failed to make the payment, he launched an attack that knocked the website offline. Vaughn also possessed hundreds of sexually explicit images and videos depicting extremely young children.

Vaughn was sentenced to nearly eight years in federal prison for his crimes.

The Bad

Most of us are breathing a sigh of relief now that a viable Covid-19 vaccination seems just around the corner. However, before any effective vaccine can be distributed and administrated to the general public, it needs to be manufactured, stored and shipped with utmost care. In particular, the Moderna and Pfizer vaccines need to be stored at very low temperatures, -4 and -94, respectively. Those conditions make it necessary to have a dedicated network of “cold chain” distributors at every stage of delivery.

This week, security researchers at IBM have released findings concerning a malicious cyber campaign aimed at attacking this elaborate supply chain, focusing on companies and organizations associated with Gavi, the Vaccine Alliance’s Cold Chain Equipment Optimization Platform.

The campaign started in September and used Haier Biomedical, a credible and legitimate company that manufactures cold chain storage equipment. Purporting to be from a Haier employee, crafted phishing emails were sent to the European Commission’s Directorate-General for Taxation and Customs Union, as well as other organizations headquartered in Germany, Italy, South Korea, the Czech Republic, greater Europe and Taiwan. The emails attempted to harvest credentials to infiltrate the targeted organizations.

While the origin and goals of the campaign are still unclear, it seems that someone wants to nurture the capability to disrupt the global effort to develop and distribute vaccinations.

In addition, Interpol has issued an alert suggesting that “plain” cybercriminals would also utilize the public availability of a vaccine to gain some quick bucks. Interpol fears that the desire of some to obtain the vaccination at all costs will result in “Criminal networks targeting unsuspecting members of the public via fake websites and false cures, which could pose a significant risk to their health, even their lives.”

Interpol suggests extreme caution when looking for and ordering medicines online. However, just browsing these sites can put users at risk of contracting another kind of virus: Interpol’s Cybercrime Unit has revealed that of 3,000 websites associated with online pharmacies suspected of selling illicit medicines and medical devices, more than half contained cyber threats, especially phishing and spamming malware.

The Ugly

Brazilian newspaper Estadao reports that the personal information of more than 243 million Brazilians, both living and deceased, has been exposed online for at least 6 months.

The data leak came from a website called e-SUS-Notifica, an official web portal of the Brazilian Ministry of Health, where Brazilian citizens can sign up and receive official government notifications about the COVID-19 pandemic.

The site’s source code contained the administrator username and password encoded in a rather easy to decode format: Base64. Using the decoded credentials, it was possible to access the official Brazilian Ministry of Health (SUS) database, which stores information on all Brazilians who signed up for the country’s public-funded health care system, established in 1989, and contains full names, home addresses, phone numbers and, of course, medical records.

It’s not the first time the Ministry has had data security problems, with one security expert commenting that “Every time you stop and go to analyse the information security and data management policy of the Ministry of Health, you find a more serious vulnerability”.

It is not currently known if the data was illegally accessed during the six months it was exposed. The ministry says the incident is being investigated. If the database had been stolen or accessed without authorization, it would amount to the largest data breach Brazil has ever known.