Category Archives: News

NHS cyber-attack: hospital computer systems held to ransom across England

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Hospitals across England have been hit by a large-scale cyber-attack, the NHS has confirmed, which has locked staff out of their computers and forced many trusts to divert emergency patients.

The IT systems of NHS sites across the country appear to have been simultaneously hit, with a pop-up message demanding a ransom in exchange for access to the PCs. NHS England has declared a major incident. NHS Digital said it was aware of the problem and would release more details soon.

Details of patient records and appointment schedules, as well as internal phone lines and emails, have all been rendered inaccessible.

NHS Digital said: “A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack which is affecting a number of different organisations.

“The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.

“NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations.

“This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.

“Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.”

According to reports, affected hospitals include those run by East and North Hertfordshire NHS trust, Barts Health in London, Essex Partnership university NHS trusts, the university hospitals of Morecambe Bay NHS foundation trust, Southport and Ormskirk hospital NHS trust and Blackpool teaching hospital NHS foundation trust.

More reports of affected hospitals are continuing to stream in, as well as claims that GP surgeries are coming down with the virus, which demands a payment of $300 to release files it claims have been encrypted. The NHS has been unable to give a full list of the sites affected.

British law enforcement believes the attack is criminal in nature, as opposed to be a cyber attack by a foreign power, and is being treated as serious but without national security implications.

The National Crime Agency, which is Britain’s version of the FBI, was taking the lead in dealing with the investigation into the attack. Investigators believe the attack is significant with many computers affected across the country.

A spokesman for the National Cyber Security Centre said: “We are aware of a cyber incident and are working with NHS digital and the NCA to investigate.”

In a message to a Guardian reporter, one NHS IT worker said: “At approximately 12.30pm we experienced a problem with our email servers crashing. Following this a lot of our clinical systems and patient systems were reported to have gone down.

“A bitcoin virus pop-up message had been introduced on to the network asking users to pay $300 to be able to access their PCs. You cannot get past this screen. This followed with an internal major incident being declared and advised all trust staff to shut down all PCs in the trust and await further instructions.

“This is affecting the east of England and number of other trusts. This is the largest outage of this nature I’ve seen in the six years I’ve been employed with the NHS.”

Another NHS worker, who works at an Essex hospital but asked to remain anonymous, said: “We got some ransomware that came through on the computers at about 2pm. We were told to shut down, take out network cables and unplug the phones. A message came up for just one of our team about the fact that all the files would be wiped in two hours unless we gave $300 in bitcoins.”

She confirmed that the image that appeared on her colleague’s screen was the same as one that has already been circulated on Twitter, which says: “Ooops, your files have been encrypted!

“Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.”

The screen tells users to send $300 worth of bitcoin to a bitcoin wallet address. It adds: “You only have three days to submit the payment. After that the price will be doubled. Also if you don’t pay in seven days, you won’t be able to recover your files forever.”

A Barts spokesman said it was experiencing “major IT disruption” and delays at all four of its hospitals, The Royal London, St Bartholomew’s, Whipps Cross and Newham. He said: “We have activated our major incident plan to make sure we can maintain the safety and welfare of patients.

“We are very sorry that we have to cancel routine appointments, and would ask members of the public to use other NHS services wherever possible. Ambulances are being diverted to neighbouring hospitals.”

GP surgeries across Liverpool and parts of Greater Manchester also appeared to have been affected by the cyber-attack.

The NHS Liverpool clinical commissioning group said: “Please be aware the NHS is experiencing serious IT problems today. Please only contact your GP surgery or hospital in a genuine emergency.”

One Liverpool GP, John Caldwell, said he had “no access to record systems or results” and described the disruption as “very limiting”. Dr Chris Mimnagh, a GP in Liverpool, told the Guardian that his surgery had “severed links” to the wider NHS network as a precaution.

He said: “Unable to access our clinical system – as a precaution our area has severed links to the wider NHS, which means no access to our national systems, no computers means no records, no prescriptions, no results, we are dealing with urgent problems only, our patients are being very understanding so far.”

A spokesman for the Royal Liverpool and Broadgreen university hospitals trust said it was “aware that there’s an issue nationally and we’re reviewing our IT systems”.

A spokeswoman for Central Manchester university hospitals, the largest NHS trust in Greater Manchester, said she was “genuinely not sure” if they had been affected and that they were investigating.

A GP surgery in Bury, Greater Manchester, said all networks in the region had been affected. Peel GPs said on Twitter: “All Greater Manchester networks down – we cannot access any patient info plz RT @NHSBuryCCG.”

Doctors have been posting on Twitter about what has been happening to their systems.

A screengrab of a instant message conversation circulated by one doctor says: “So our hospital is down … We got a message saying your computers are now under their control and pay a certain amount of money. And now everything is gone.”

East and North Hertfordshire NHS trust said in a statement: “Today (Friday, 12 May 2017), the trust has experienced a major IT problem, believed to be caused by a cyber attack.

“Immediately on discovery of the problem, the trust acted to protect its IT systems by shutting them down; it also meant that the trust’s telephone system is not able to accept incoming calls.

“The trust is postponing all non-urgent activity for today and is asking people not to come to A&E – please ring NHS111 for urgent medical advice or 999 if it is a life-threatening emergency.

“To ensure that all back-up processes and procedures were put in place quickly, the trust declared a major internal incident to make sure that patients already in the trust’s hospitals continued to receive the care they need.”

The attack comes as several Spanish companies, including the telecoms giant Telefónica, were also targeted by a “massive ransomware attack”, according to Spain’s national cyber-security centre. The attack appears to present the same message to users as those targeting the NHS.

In a statement released following an apparent wave of attacks on Friday morning, the National Cryptology Centre said a cyber assault had been launched “against various organisations”, affecting Windows systems and corrupting networks and archives.

The ransomware used in the Spanish attacks is a version of the WannaCry virus, which encrypts sensitive user data, the National Cryptology Centre said. Telefónica confirmed there had been “a cybersecurity incident” affecting the intranet of some computers at its Madrid headquarters.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Amazon AWS S3 outage is breaking things for a lot of websites and apps

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Amazon’s S3 web-based storage service is experiencing widespread issues, leading to service that’s either partially or fully broken on websites, apps and devices upon which it relies. The AWS offering provides hosting for images for a lot of sites, and also hosts entire websites, and app backends including Nest.

The S3 outage is due to “high error rates with S3 in US-EAST-1,” according to Amazon’s AWS service health dashboard, which is where the company also says it’s working on “remediating the issue,” without initially revealing any further details.

Affected websites and services include Quora, newsletter provider Sailthru, Business Insider, Giphy, image hosting at a number of publisher websites, filesharing in Slack, and many more. Connected lightbulbs, thermostats and other IoT hardware is also being impacted, with many unable to control these devices as a result of the outage.

Amazingly, even the status indicators on the AWS service status page rely on S3 for storage of its health marker graphics, hence why the site is still showing all services green despite obvious evidence to the contrary.

We’re monitoring the situation and will provide more info as it becomes available.

Source: https://techcrunch.com/2017/02/28/amazon-aws-s3-outage-is-breaking-things-for-a-lot-of-websites-and-apps/

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Belgian police says dont use Facebook’s reaction emojis if you value privacy

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Police in Belgium are warning citizens not to use Facebook’s new Reactions, to protect their own privacy and ensure they are not targeted by advertisers.

“Facebook never lets an opportunity to gather more information about us pass,” a post on Belgian’s official police website reads. “The [reactions]icons help not only express your feelings, they also help Facebook assess the effectiveness of ads on your profile.”

“One more reason to not rush to click if you want to protect your privacy,” the police statement ended.

In February this year, Facebook had released reaction emojis to users around the world. It added reactions emojis such as laughter, amazement, anger, sadness and love to the ubiquitous ‘like’ button.

“We’ve been listening to people and know that there should be more ways to easily and quickly express how something you see in (the) news feed makes you feel,” wrote Facebook product manager Sammi Krug in an announcement of the release in February. “That’s why today we are launching Reactions, an extension of the Like button, to give you more ways to share your reaction to a post in a quick and easy way.” However, its blog post introducing the feature made no reference of the reactions’ advertising potential.

The Belgian police is claiming that the site is using them as a way of collecting information about people and deciding how best to advertise to them. As such, it has warned people that they should avoid using the buttons if they want to preserve their privacy.

“If it appears that you are in good spirits, Facebook will infer that you are receptive and will be able to sell advertising space by explaining to the advertisers that they are more likely in that way that you will react,” the police said in a statement.

“By limiting the number of icons to six, Facebook is counting on you to express your thoughts more easily so that the algorithms that run in the background are more effective,” the Belgian police post continues. “By mouse clicks you can let them know what makes you happy.

“So that will help Facebook find the perfect location, on your profile, allowing it to display content that will arouse your curiosity but also to choose the time you present it. If it appears that you are in a good mood, it can deduce that you are more receptive and able to sell spaces explaining advertisers that they will have more chance to see you react.”

The company has acknowledged how data collected from user emotions represents key marketing opportunities for businesses, and as benchmarks for brand loyalty.

“We see this as an opportunity for businesses and publishers to better understand how people are responding to their content on Facebook,” it said. At present, it registers any reaction the same way it does a “like”.

This is not the first time that the social media giant has faced resistance from the Belgian Police. Late last year, its privacy authorities stopped Facebook from tracking non-users who visited the site with browser cookies.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Hacking Drones

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leaked emails between Italian spyware vendor Hacking Team and Boeing subsidiary Insitu revealed that drones carrying malware to infect targeted computers via Wi-Fi by flying over their proximity is close to becoming a reality.

Spyware-carrying drones were being discussed by Insitu, a division of Boeing and now-disgraced malware firm Hacking Team, according to leaked emails from the recent breach of the Italian company which have been posted on WikiLeaks, Engadget reported.

It was only the failure to come to terms over a non-disclosure agreement that kept Insitu and Hacking Team ‘teaming up’ together in order to create the malware infesting drone.

Early conversations took place regarding the inception and the possibility of a spy drone created by Boeing’s aircraft expertise, carrying malware that Hacking Team is notorious for. The concept was designing a drone capable of intercepting communications and hacking on-the-fly, via Wi-Fi. Discussions didn’t get far, however, when lawyers representing both companies couldn’t see eye-to-eye on a viable non-disclosure agreement.

The Talks Behind the Flying, Hacking Drone

Initial discussions kicked off when Giuseppe Venneri, a mechanical engineering graduate from UC and internee at Insitu took notice of Hacking Team’s “Galileo”, a piece of hardware otherwise known as the Tactical Network Injector. This is essentially designed to infiltrate networks and insert the malicious code via Wi-Fi networks to launch man-in-the-middle attacks and other exploits.

Venneri wrote to Emad Shehata, Hacking Team’s key account manager, stating:

We see potential in integrating your Wi-Fi hacking capability into an airborne system and would be interested in starting a conversation with one of your engineers to go over, in more depth, the payload capabilities including the detailed size, weight, and power specs of your Galileo System.

Shehata replied by sending in the standard Hacking Team NDA, to which Venneri responded with Boeing’s own PIA (Proprietary Information Agreement) which the intern noted “must be signed before we engage with potential partners.”

“Signing our PIA (attached) will dramatically shorten the authorization process at our end,” Venneri added. “Let me know if you are willing to sign our document to engage in conversations with us.”

It was at this point when Hacking Team’s Chief Operating Office Giancarlo Russo stepped into the conversation, taking the authority and stating: “I saw your document and it will require additional legal verification from our side regarding the applicability of ITAR and other U.S. Law,” he said. “In my opinion, for a preliminary discussion our non-disclosure agreement should be sufficient to protect both companies and as you will see it is including mutual provision for both parties and it will make things easier and faster for us.”

Venneri’s response was short and succinct: “If you are unable to review/sign our form, know it will take some time on our side to seek approval from our Boeing parent. Are you willing to consider our form?”

Communications went quiet for about a month after this exchange and Venneri sent in another email on 11 May 2015: “We corresponded with you about a month ago and were unsure about the progress going forward with preliminary discussions regarding any future collaborations. If you could please reconsider our mutual PIA, know that the questionnaire at the beginning of the document is just for gathering information and has no impact on the PIA itself. We have lots of Non-US companies under our PIA. If you or your legal team have any requested changes to our PIA please don’t hesitate to add them in the attached document.”

This was the last known correspondence taken from the leaks which came from the data breach two months later in July 2015. All NDAs are have been rendered obsolete and ineffective due to the Hacking Team hack.

Images from Wikimedia Commons and Shutterstock.

Original Source

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Hacker given in-game death sentence

Facebooktwittergoogle_plusredditpinterestlinkedinmail

A character controlled by a hacker who used exploits to dominate online game Guild Wars 2 has been put to death in the virtual world.

The character, called DarkSide, was stripped then forced to leap to their death from a high bridge.

The death sentence was carried out after players gathered evidence about the trouble the hacker had caused.

This helped the game’s security staff find the player, take over their account and kill them off.

Death leap

Over the past three weeks many players of the popular multi-player game Guild Wars 2 have been complaining about the activities of a character called DarkSide. About four million copies of the game have been sold.

Via a series of exploits the character was able to teleport, deal massive damage, survive co-ordinated attacks by other players and dominate player-versus-player combat.

To spur Guild Wars’ creator ArenaNet to react, players gathered videos of DarkSide’s antics and posted them on YouTube.

The videos helped ArenaNet’s security head Chris Cleary identify the player behind DarkSide, he said in a forum post explaining what action it had taken. Mr Cleary took over the account to carry out the punishment.

The video shows DarkSide being stripped to his underwear then made to leap from a high bridge in one of the game’s cities. It also shows the character being deleted by Mr Cleary.

“Oh yah, he’s also banned,” he wrote. Several other accounts belonging to the same player have also been shut down.

ArenaNet did not reveal any information about how the player behind DarkSide had managed to exploit the game or whether the vulnerabilities used had been patched.

The punishment has sparked comment among Guild Wars players with some welcoming the action saying it felt like “justice”.

Others wondered what effect it would have and if it would deter anyone else from seeking out and using exploits in the same way.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Dashcam footage accepted by insurers in disputed claims

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Most UK insurance companies will now accept dashboard camera footage in disputed claims – but few will offer a discount on premiums for using one.

These “dashcams” are small, forward-facing cameras that film a driver’s view of the road.

When asked by provider Nextbase, 29 insurers said they would consider using dashcam evidence in the claims process.

This would be put alongside any accounts from independent witnesses if the parties involved disagreed.

Experts also stress that drivers with dashcams should still collect as much evidence as possible in a claim when there is disagreement between the parties involved, such as the details of other motorists who may have seen the collision.

Discounts

Insurance premiums have been falling in recent months, according to various measures.

The AA said that the cheapest annual comprehensive car insurance on the market was £200 lower in the early months of 2015 than at its peak in 2011.

But the motoring group said it expected this average of the cheapest deals – £540 a year – to increase in the coming months.

Some drivers are able to secure a discount on their premium by installing a “black box” in their vehicle.

This records evidence, such as whether a driver is travelling within speed limits, and is aimed at encouraging safer use of the roads.

Malcolm Tarling, of the Association of British Insurers (ABI), said that it was far more likely for motorists to get a discount from their insurer when using a black box than when using a dashcam.

He added that insurers would generally have to write a clause into the terms and conditions of any discount to be able to demand dashcam footage be released by the owner, even if this implicated the driver as the cause of a collision.

Meanwhile, a price comparison website is warning drivers to ensure that any pets travelling in vehicles are secure.

“The law is clear – you must secure your animal while in a car,” said Matt Oliver, car insurance spokesman at Gocompare.com.

“Therefore if you don’t do this and an animal roaming freely around the vehicle is said to have contributed to causing an accident, then an insurance company could be well within their rights not to pay out on a claim.”

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Wake up, daddy’s looking for you’: Creepy hacker accesses baby monitor and speaks to frightened tot at night

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Mum and dad left distraught after sick hacker spied on their three-year-old through their baby monitor

 

A horrified couple have revealed how a sick hacker gained remote access to their baby monitor, then spied on their toddler son and spoke to him as he lay in his cot.

The child’s terrified parents only realised what was happening when they heard a stranger’s voice coming over the device saying : “Wake up little boy, daddy’s looking for you.”

The mother then broke down in tears as the penny dropped the monitor and its camera had been remotely hacked.

Her shocking discovery came after the three-year-old had been complaining that somebody was talking to him at night.

The parents, who want to remain anonymous for fear the hacker might track them down, thought it was down to the toddler’s overactive imagination until they heard the voice themselves.

The mum told CBS New York.: “I started to cry in there, because it all started coming back to me, and I started figuring things out.”

Technology experts are now warning parents that new baby monitors are at risk of hacking as many connect to the internet.

Worried mums and dads are being urged to change passwords and security settingsto make it harder for sinister strangers to infiltrate their child’s bedroom.

In a chilling warning Lance Ulanoff, chief correspondent for the digital media website Mashable, said when hackers succeed: “It’s basically like they’re standing next to you in your house.”

This is not the first time parents have found hackers remotely accessing baby monitors.

In November last year, hacked footage from baby monitors, webcams and CCTV systems in Britain were broadcast live by a Russian website.

And earlier this year a nanny described the terrifying moment she heard a stranger’s voice from her baby monitor calling the little girl “cute.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

RAF jets scrambled after Russian aircraft seen off Cornwall

Facebooktwittergoogle_plusredditpinterestlinkedinmail

RAF jets were scrambled on Wednesday after two Russian military aircraft were seen off the Cornwall coast, the Ministry of Defence says.

An MoD spokesman said the two planes were escorted by the RAF until they were out of the “UK area of interest”.

The Russian Bear bombers did not enter UK sovereign airspace, he added.

Defence Secretary Michael Fallon has warned there is a “real and present danger” of Russia trying to destabilise three Baltic states.

On Wednesday, Mr Fallon spoke of his concerns about Russian interference in Latvia, Lithuania and Estonia.

Part of a trend

The MoD said: “RAF Quick Reaction Alert Typhoon fighter aircraft were launched [on Wednesday] after Russian aircraft were identified flying close to UK airspace.

“The Russian planes were escorted by the RAF until they were out of the UK area of interest. At no time did the Russian military aircraft cross into UK sovereign airspace.”

The BBC’s political correspondent Ross Hawkins says that, according to the Department for Transport, there was no record of disruption to civil aviation as a result of the bombers’ presence.

He said the incident was part of a trend of Russian aircraft flying close to UK airspace and there have also been concerns about similar incidents across Europe.

It is a show of strength from the Russians, and such incidents are carried out with political intent as the Russian government knows it will be noted and reported on, our correspondent added.

A similar incident occurred in January, when the UK Foreign Office said two Russian Tu-95 Bear H bombers flying near UK airspace had caused “disruption to civil aviation”.

They were also escorted by RAF jets throughout the time they were in the “UK area of interest”, according to officials.

Facebooktwittergoogle_plusredditpinterestlinkedinmail