Since late last month, hackers have been exploiting a flaw in widely-used software. The hacking spree mounts pressure on federal officials who have pledged to put a dent in the scourge of ransomware attacks that have hobbled schools, hospitals, and local governments across the US. Furthermore, these cyber-attacks have led to widespread disclosures of data breaches worldwide, impacting companies, federal government agencies, and local state agencies. One of the primary reasons for these digital intrusions becoming increasingly commonplace is that cybercrime has been commoditized. Is there anything we can do to minimize the damage? Tonight on Ground Zero, Clyde Lewis talks with cyber security and military analyst, James Ponder about CYBER STRUCK - END OF LINE.
SHOW SAMPLE:
SHOW PODCAST:
https://aftermath.media/podcast/6-20-23-cyber-struck-end-of-line-w-james-ponder/
SHOW TRANSCRIPT:
If you were to ask anyone on the street a year ago about Artificial Intelligence, I am sure you would be met with blank stares.
If you were to warn them that cyber attacks could affect them directly I am sure they would think you were a little apocalyptic and paranoid.
Well, here in Portland we were acquainted with what a cyber attack on a government facility can do with service providers that wish to shut down without warning in order to prevent a cyber breach.
But no matter how hard they tried and even when it shut down the internet, cable and phone systems in our offices they failed to shut down the breach.
Apparently, Louisiana and Oregon now say that millions of driverundefineds licenses were exposed in a data breach after a ransomware gang hacked their MOVEit Transfer security file transfer systems to steal stored data.
These attacks were conducted by the Clop ransomware operation, which began worldwide hacks of MOVEit Transfer servers on May 27th using a previously unknown, zero-day vulnerability tracked as CVE-2023-34362.
A Zero Day is a security flaw that has not yet been patched by the vendor and can be exploited and turned into a powerful weapon. Governments discover, purchase, and use zero days for military, intelligence and law enforcement purposes — a controversial practice, as it leaves society defenseless against other attackers who discover the same vulnerability.
Clop, which has claimed credit for the MOVEit hack, has previously said it would not exploit any data taken from government agencies.
Shell corporation in Britain, the Johns Hopkins University, the Johns Hopkins Health System and the University System of Georgia were also hit.
Johns Hopkins said it was “investigating a recent cybersecurity attack targeting a widely used software tool that affected our networks, as well as thousands of other large organizations around the world.”
The University System of Georgia, which groups about 26 public colleges, said it was “evaluating the scope and severity of this potential data exposure” from the MOVEit hack.
“IF YOU ARE A GOVERNMENT, CITY OR POLICE SERVICE DO NOT WORRY, WE ERASED ALL YOUR DATA,” the group said in a statement on its website.
The hacking spree mounts pressure on federal officials who have pledged to put a dent in the scourge of ransomware attacks that have hobbled schools, hospitals and local governments across the US.
Since late last month, the hackers have been exploiting a flaw in widely used software known as MOVEit that companies and agencies use to transfer data. Progress Software, the US firm that makes the software, told CNN Thursday that a new vulnerability in the software had been discovered “that could be exploited by a bad actor.”
These attacks have led to widespread disclosures of data breaches worldwide, impacting companies, federal government agencies, and local state agencies.
- Meanwhile, Pro-Russian hacking outfits Killnet, REevil and Anonymous Sudan have allegedly formed an alliance to launch a concerted cyberattack on the Western financial system, particularly targeting the SWIFT wire transfer system, according to CyberKnow.
Forged in the underground hacking forums, the groups stated their “no money – no weapons – no Kiev regime” formula to cut off the pipeline of Western aid to Ukraine.
Their primary target is the Society for Worldwide Interbank Financial Telecommunication (SWIFT) system, which powers most international money and security transfers, the failure of which could potentially cripple the Western financial system.
Other targets in their crosshairs include European and US banks and the US Federal Reserve System.
Spearheaded by REvil, one of the most notorious cybercrime syndicates in the world, and supported by Killnet, its close successor, their threats should not be taken lightly.
REvil was responsible for the Medibank data breach last year, where sensitive health records of nearly 10 million Australians were compromised in a cyberattack that shook the nation.
They made their threat days ago undefined but so far nothing has transpired but if it does we all know that this type of major hack in the banks was already in the planning years ago..
Back in January of 2021, there was a meeting at Davos with the World economic forum called Cyber Polygon. Cyber Polygon’s focus was on supply chain attack simulations which coincidentally, happened in real time -in Europe. The targets of the cyberattack were the banks and government facilities and government data facilities that have information about you and me.
They stated in their meeting that 2023 was the year that we were going to face a cyber disaster unless a proposed utility could be found to ensure the continuity of commerce.
Not surprisingly this opened up the conversation about a cashless society and the introduction of CBDCundefineds or central bank digital currency.
But now, after a major cycler security breach all over the world they have called an emergency meeting -and it looks like the new so called utility will be the requirement of Banks Worldwide to make Digital ID’s mandatory for all customers.
The plan is outlined in three new policy briefs from the UN entitled, “A Global Digital Compact, Reforms to the International Financial Architecture, and The Future of Outer Space Governance.”
The goal of the briefs is to advance UN Secretary-General Antonio Guterres’s “vision for the future” and Klaus Schwabundefineds plan for a ‘Great Reset’ by the year 2030.
Titled “Our Common Agenda,” Guterres’ draconian plan should be given the green light in September 2024 during an event dubbed, “The Summit for the Future.”
From the report, it states:
undefinedDigital IDs linked with bank or mobile money accounts can improve the delivery of social protection coverage and services to better reach eligible beneficiaries. Digital technologies may help to reduce leakage, errors and costs in the design of social protection programs.undefined
is it just me or does anyone else see this as counterintuitive? We have a breach of security where information is gathered from digital data -and the answer is a digital ID?
I feel so comfortable already. I am just oozing with confidence as they keep up the innocuous reasons for trying to push the beast system on everyone.
Line up for your number undefined it is the 666 proposal all over again.
Not unlike their unofficial counterparts over at the WEF, the UN also speaks about basically regulating the global digital future.
The unelected organization uses phrases such as “international cooperation” and “many stakeholders” who will “advance principles, objectives, and actions” to describe this globalist agenda.
The UN describes this goal as “an open, free, secure and human-centered digital future.”
he digital future as envisaged by these groups is going to be quite the opposite of open, free, or human-centric, however.
As far as the UN’s “vision” for a future global financial system, it is supposed to be harmonized with the 2030 Agenda for Sustainable Development.
It would be governed by something called “the apex body” that is yet to be set up.
The key actors here would be the UN chief, as well as the Group of 20 or G20, the Economic and Social Council, and “heads of international financial institutions.”
Within this, the UN sees “visions” of “a Global Digital Compact.”
Essentially, the objective is to have people, devices, and entities, all tied up in a connected network that could apparently be centrally administered, seemingly by unelected bureaucrats.
When those planning this future scheme worry about any negative impact, they never see it as potentially affecting everyone – but only “civil society or selected groups excluded from social benefits.”
Meanwhile, the WEF has just partnered with a leading biometrics company to advance its own agenda to digitize humanity.
Swedish biometrics company Fingerprint Cards has taken a big step into the WEF’s New Champions Community, an assembly of mid-sized enterprises.
The WEF is keen to promote biometric forms of digital ID and claims the technology would serve as a steward of “social inclusion.”
The New Champions Community’s schedule includes a meeting in Tianjin, China from June 27 to 29 during the WEF Summer Davos gathering.
That is seven days away -what timing. As I say timing is everything and if this is just a taste of things to come undefined then their meeting and their mandatory digital ID I am sure will be welcomed as a solution to the crisis that they have already created.
I am sure there is a zero-day program that they have devised to bring down the banks and return with some sort of saving utility that will require the mark of their beast system.
Zero Day undefinedend of lineundefined exploits can already be in our grid system and if they are, they could trigger at any time leaving systems vulnerable to a kill switch scenario.
Joe Biden is well aware of Zero Day because he along with Barack Obama had the NSA hoarding Zero Day exploits.
Over the past few years, different parts of the US government have repeatedly assured us that the NSA does not hoard “zero days.undefined
But now that this administration has weaponized the security apparatus in this country -it is certainly hard to trust whatever President Biden says.
Today, any sufficiently motivated government or criminal enterprise can get its hands on hacking tools, including zero-day exploits, regardless of regulation.
If lockdowns were successful in ruining economies, how does cybercrime ruin the lives of those who have now been forced into the new normal of telecommuting and interconnectedness online?
There is a sophisticated system of control and there are many intelligence hubs that can be targeted in this cyberwar. While these systems can be rebuilt, the information they contain can all disappear and be replaced with revised information.
There are worldwide data hubs that host global internet communications. There are hundreds, if not thousands of these facilities worldwide. They work with each other to distribute the world’s internet traffic. If there is a disruption anywhere along this complex network, we would see modern life as we know it changes dramatically.
While the system is designed to absorb the impact of a failure at a few of these hubs, a chain reaction could cause a domino effect where the systems we count on for life-giving resources would be limited if not dismantled permanently.
The arrogant recklessness of the people who have been buying and selling the vulnerability of the rest of us is not just part of an intelligence-agency game; it has been the ethos of Wall Street and Silicon Valley for decades.
By 2025, it’s expected that cybercrime will cost the world economy around $10.5 trillion annually, increasing from $3 trillion in 2015 according to Cybersecurity Ventures. To put that in context, if it were a country, then cybercrime would have the third largest GDP behind the US and China. Key drivers of this growth are the ongoing digitization of society, behavioral changes due to the global Covid-19 pandemic, political instability such as the war in Ukraine, and the global economic downturn.
According to the WEF report, of particular concern is that the nature of cybercrime is becoming increasingly unpredictable. This is due to technology becoming more complex – in particular, breakthrough technologies such as artificial intelligence.
This means that we are increasingly at risk of what has been termed a “catastrophic” cyberattack – one that will have severe and ongoing ramifications for society at large.
According to the WEF report, one of the biggest threats is a “mutating” threat. This could take the form of an AI-enabled virus that transforms as it infects various systems and organizations to evade defense systems or even detection.
I have been seeing a lot of people on Facebook saying that they have been hacked and that a doppelganger is posting messages and spam posing as them.
This is something that many people have dealt with undefined it is called Phishing.
One of the most common threats – is phishing attempts. Typically, these involve sending out emails that attempt to dupe unwary recipients into disclosing personal details.
The details are then used either to steal from the victim or to commit identity theft – perhaps to apply for loans or credits in the victim’s name.
Once attackers have successfully taken control of a victim’s identity, they may then go on to use it to attempt to defraud their friends and family, for example, by claiming that the victim is in trouble and urgently needs money.
Phishing attacks like this rely on social engineering, but purely technology-based attacks exist, too, such as malware. This involves installing malicious software onto a targeted system in order to let the attacker control the system or access data on it.
Most of the time it is installed when someone sends you an email that says something like undefinedI love youundefined or undefinedHey I have these old photos of you check them out.undefined
You click and bam you get a virus or a Trojan horse that sits in your computer and then one day goes off and exploits your data.
One of the reasons for all of these attacks becoming increasingly common is that cybercrime itself has been commoditized now.
Exactly what the danger could be of a “catastrophic” attack, as described in the WEF report, are difficult to predict. But the fact is, with so much of our business and private lives conducted online, they could be practically unlimited. But it’s certainly worth remembering that the vast majority of attacks could be thwarted by individuals taking sensible precautions and encouraging others we work or come into contact with to do the same.
undefined
SHOW GUEST:
James Ponder was in the Army from 1975-1987 as a Missile and Testing officer and Chief Data Officer. He was privy to Soviet tactics and strategies, Russian and Warsaw Pact equipment, and specialized in their nuclear and space systems as well as their deployment of forces. In 2011, he was taught that the Iranian government-based cyber attackers were branching into all fields of attacks on Western sites (esp. US, UK and Israel), including logic bombs, DDoS attacks, hidden malware and ransomware. James is a co-founder of EMP Survival Systems.