Clogged Pipes
Clogged Pipes
Colonial Pipeline, Apple Hack, Magazine Scams, and the NRA
Colonial Pipeline
Last week, a hacker group compromised the network of Colonial Pipeline, a US gasoline giant:
The hackers had started their blitz on Thursday, nabbing more than 100 gigabytes of data in just two hours and threatening to leak it before before Colonial Pipeline shut the system down on Friday, Bloomberg reported on Sunday, citing sources involved in the investigation.
The FBI, the Energy Department, and the White House are all on the case and assessing the damage after Colonial Pipeline announced Friday it had shut down 5,500 miles of pipeline along the East Coast, potentially disrupting supplies of gasoline and jet fuel in a huge swath of the country. The company, which is responsible for transporting 45 percent of fuel used on the East Coast, said its corporate computer networks had been breached, with ransomware attackers holding data hostage.
Then, the group responsible issued a statement saying they didn’t mean to cause a gas shortage:
Our goal is to make money, and not creating problems for society," the statement continues.
The statement also indicated that the group may be making changes to how it operates and chooses targets.
"From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future," it read.
How nice! I appreciate that they’ll more carefully vet their targets in the future to ensure they aren’t part of the US’s crumbling infrastructure. For a day or two, people thought the hackers had simply handed over the unlock codes, but that wasn’t really true either:
Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.
[…]
Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.
Oops! I have no issues with companies paying hackers, and neither does the White House, apparently:
However, Anne Neuberger, the White House’s top cybersecurity official, pointedly declined to say whether companies should pay cyber ransoms at a briefing earlier this week. “We recognize, though, that companies are often in a difficult position if their data is encrypted and they do not have backups and cannot recover the data,” she told reporters Monday.
Such guidance provides a quandary for victims who have to weigh the risks of not paying with the costs of lost or exposed records. The reality is that many choose to pay, in part because the costs may be covered if they have cyber-insurance policies.
This is true! Any large company carries insurance policies against hacking and ransomware. When critical infrastructure or services are hit by attacks, it’s far more important to get things fixed than it is to quibble over a few million dollars in crypto:
“They had to pay,” said Ondrej Krehel, chief executive officer and founder of digital forensics firm LIFARS and a former cyber expert at Loews Corp., which owns Boardwalk Pipeline. “This is a cyber cancer. You want to die or you want to live? It’s not a situation where you can wait.”
In many cases, like this story in Ireland from today, it is literal life and death - hackers have hit hospital chains all over the world which can put patient lives at risk. Ransomware is our new reality, as the computer systems that run everything grow increasingly complex, and hackers grow increasingly sophisticated.
Apple Hack
Last week we talked about an Apple ransomware hack - or, rather, one of Apple’s vendors being hacked and schematics being stolen. Well, it turns out the hack had some unintended consequences:
But the PDFs viewed by Motherboard contain no such information: Anyone hoping for a tantalizing render of a sleek new device would be sorely disappointed, and you couldn't possibly use these to engineer a MacBook clone.
You could, however, use them to understand how all of the MacBook's parts fit together.
That is exactly what independent repair experts will do with these documents. They've already shown up on forums and online marketplaces.
[…]
"Our business relies on stuff like this leaking," Louis Rossmann, owner of the Rossmann Repair Group, which specializes in board level repair, said in a phone call. "This is going to help me recover someone's data. Someone is going to get their data back today because of this."
Lovely! The debate around “right to repair” has been raging for years - with companies like Apple insisting they must keep their hardware schematics a secret, and independent repair shops arguing they should be able to fix things for their customers. Tech companies have come to rely on consumers buying newer versions of their products every few years, and making them difficult to repair helps their cause. Justin Ashford, a popular repair vlogger, makes the case:
"Apple is acting like they haven't been using the same circuits for years," Ashford said. "There are so many things that are identical from phone to phone that are just kind of moved around. This whole thing about arguing about trade secrets is horse shit."
[…]
"I'm still waiting for someone to tell me legitimately what having a wiring diagram ahead of time does to hurt them, especially since they used to give it away," Ashford said. "I'm going to use it and I'm going to help people with it."
Magazine Scams
Last year I wrote about the takedown of a decades-long magazine subscription scam network that targeted seniors. It’s often difficult to glean much information from indictments or local reporting, but fortunately John Rosengren has written an excellent piece in Mpls St Paul magazine explaining the scheme, and how it unraveled:
Joseph and Phyllis are only two of more than an estimated 183,000 victims of a magazine scam that preyed primarily upon the elderly and otherwise vulnerable people over 20 years to steal more than $335 million. The roots of the elaborate scheme are deeply embedded in Minnesota, where, late last fall, then U.S. Attorney Erica MacDonald indicted 63 individuals from companies in 14 states and two Canadian provinces who “did knowingly conspire with each other” to defraud the elderly and vulnerable with lies and threats.
The elderly are especially vulnerable to these aggressive tactics - the folks at Metals.com were good at it - because they are more trusting, and more likely to have significant assets scammers can target. They’re also less likely to report being scammed:
“They’re embarrassed to report scams because if the family finds out they’ve fallen for one, they might take away their checkbook,” says Steven Eppley, supervisory special agent of the Financial Crimes squad in the FBI’s Minneapolis field office. This hesitance to report these crimes makes seniors even more desirable victims.
The scammers used two different techniques to trick seniors out of their money:
The first, a “payment reduction” script, promised to lower the amount and number of monthly payments, say to $44.90 for 20 months, which adds up to $898. The callers positioned this as payment on existing subscriptions when they were in fact recording the customer’s consent to trick them into signing up for additional subscriptions.
[…]
In the other technique, known as the “consolidation script,” the caller often claimed to be from the cancellation department—which got the attention of many victims who had tried in vain to cancel their mystifyingly multiplying subscriptions—and offered to stop the magazines and zero out their balance if they made a large lump-sum payment.
They’d also trick victims into giving “consent” over the phone - often in an attempt to stop further charges - and use the recordings to defend against credit card disputes.
The scammers made those disputes as unpleasant as possible for their victims:
When victims tried to cancel their subscriptions, the companies told them the cancellation period had expired. Some victims cancelled their credit cards to stop autopayments, only to receive harassing phone calls from debt collectors. (Some companies in on the scheme serviced delinquent accounts for others; others pursued outstanding payment themselves.)
The feds indicted 63 people in the crimes, a mix of telemarketing company owners, sales reps, and lead list brokers. I’ve spoken before about lead lists:
This included exchanging “lead lists” with names of potential victims. The most valuable lists—with consumers who are actively being billed for magazine subscriptions—sold for as much as $10–$15 per name. The companies traded lists with one another or purchased them from lead brokers.
These lists became the group’s downfall, when federal investigators seeded the files:
Thompson and his team hatched an innovative plan that, to their knowledge, has never been used before: using bogus lead lists for Dahl to pass on to lead brokers, who in turn sold them to the companies involved in the scheme. The names on the lists would be fictitious with phone numbers assigned to phones answered by undercover agents. They recorded over 400 calls—like those mentioned earlier to Jason Baxter and Rose Cubur, who were actually imaginary characters played by undercover agents. As the calls came in, investigators were able to see how the lead lists had been disseminated among multiple companies, connecting the dots of the network. The recorded calls helped them gather evidence of the fraud and identify the various players involved in the scheme.
Despite multiple people involved in the scheme having criminal records, with some having previously plead guilty to similar crimes, the scammers ran their scheme for over a decade. How was this possible? Each individual crime didn’t meet the threshold for a full scale investigation:
The problem with a case like Dahl’s was that even though some of the victims lost more than $50,000, the amounts were small by federal white-collar crime standards—too small, the assistant U.S. attorneys on this case say, to justify the time spent to prosecute it.
In 2018, a US Attorney in Minneapolis put the pieces together and started an investigation into the web of companies involved. As of March 2021, 28 of the 63 have pleaded guilty.
How is Wayne LaPierre Doing?
Texas-based Judge Harlin Hale formally rejected the NRA’s attempt to use the bankruptcy courts in this way, ruling that “the NRA did not file the bankruptcy petition in good faith because this filing was not for a purpose intended or sanctioned by the Bankruptcy Code.”
The NRA had filed for bankruptcy - without notifying its board of directors - in an attempt to become a Texas company and avoid the New York Attorney General’s legal case against the organization, but the judge wasn’t buying it, and threw it out.
The Vox piece delves into what could potentially happen to the NRA - it’s unlikely the organization will be totally dissolved, as the AG has requested, but could be restructured and have its leadership removed. This doesn’t affect the IRS’s fraud investigation into LaPierre, and it may allow the lawsuit between the NRA and its advertising firm to go forward. The NY case against the NRA won’t even go to trial until 2022, and could spend years winding its way through the courts. If you have enough money, you can avoid consequences for a long time with the right lawyers.
Short Cons
Bloomberg - “A dedicated group of YouTubers and Reddit posters see the Singer Building and countless other discarded pre-modern beauties and extant Beaux-Arts landmarks as artifacts of a globe-spanning civilization called the Tartarian Empire, which was somehow erased from the history books.”
WaPo - “Uber and Lyft are facing a supply shortage, as returning and newly vaccinated customers again flood the apps, only to find out there aren’t enough drivers to serve them.”
Business Insider - “Per the filing first viewed by Bloomberg, Coinseed on April 16 converted all investor assets into bitcoin "without notice or authorization" and disabled all functionality in the application, so that they will not be able to withdraw their money.”
Tips, thoughts, or Wayne LaPierre’s tax returns to scammerdarkly@gmail.com