Cybersecurity investigators worry ransomware attacks may worsen as young Western hackers work with
Cybersecurity investigators worry ransomware attacks may worsen as young, Western hackers work with Russians
Russians team up with young British hackers to launch cyberattacks | 60 min 13:37 This is an updated version of the plot that premiered on April 14, 2024. You can watch the original video here. Hospitals, pharmacies, technology companies, the biggest hotels and casinos in Las Vegas have been crippled over the past year by ransomware attacks, in which hackers infiltrate corporate networks, encrypt or block important files, and hold them hostage until a ransom is paid. As we first reported in April, the crime is becoming more costly and destructive every year. There is a daring group of young hackers from the US, UK and Canada that the FBI calls "Spin". Even more alarming, they have teamed up with Russia's most notorious gangsters and are involved in distributing redemption software. Last September, MGM Resorts was hit by the most destructive attack in the history of red hot software, costing the hotel and casino giant more than $100 million. They broke into 12 of the most famous gambling palaces on Kaya Boulevard in Las Vegas, including the MGM Grand, Aria, Mandalay Bay, New York New York, and Bellagio.
Anthony Curtis is a regular in Las Vegas. He was banned from participating in card games because he was good at counting cards. He now writes for the Las Vegas Advisor, a monthly publication on all things Las Vegas. Anthony Curtis: It's hard to believe, but I was in the MGM Hotel when this happened. I went to the casino and saw the slot machines in the dark and people scattered around. The shutdown started. Anthony Curtis on 60 Minutes Vegas... Thousands of slot machines suddenly stopped making money.
Anthony Curtis: And suddenly people started asking: What happened? "People were sitting and waiting and not getting their money. Bill Whitecher: Were they angry? Anthony Curtis: Yes they were angry. And that was just the tip of the iceberg. Lifts wouldn't work. Car park gates were frozen. Digital keys on the doors didn't work. Computers broke down, bookings were blocked and there were queues at the reception racks.
Bill Hornbackel (at the October meeting): Look, this is corporate terrorism at its finest.
The company refused to request an interview, but at the time of hacking and moon meeting, MGM's General Manager accepted that work failure was destructive.
Bill Hornbul (at a October meeting): We were in the absolute darkness of the 36. 000 hotel rooms and several regions of properties on the right 4-5 days.
Hackers demanded $ 30 million to cancel MGM data. The company has declined and refused. However, the price had lost 100 million dollars (about 10 billion yen) and had a chance to pay millions of dollars to server recovery.
How did the scammers invade? Using the technique of lies and operations called public engineering. First, hackers targeted employees and collected information from open source such as black networks and link toins. Later, an employee cracker called the MGM technical assistance and taught him to reduce his password.
Later, the cracker was found to be a person inside the MGM compilation, and launched a destructive malware. According to Anthony Curtis, it was actually a cyber criminal version for the movie "Eleven Sea Friends."
Anthony Curtis: they are doing it in the traditional way. I have a form to do it for a bassy, but for my previous purpose. They want to get money.
Bill White Har: What do you think?
Anthony Curtis: I try not to shine much. Are they a rudimentary Peten teacher? However, the hackers succeeded in changing the flow of the incident. The casino has its own ... they have their own systems. They have defense. There are also experts. These children with security are better. "
Later, MGM's main rival Caesers was attacked by the introduction of a group, probably a group of public engineering. However, Rumors paid a ransom of $ 15 million, according to rumors.
From the Brian Wardrun FBI's perspective, it is basically opposed to paying ransom. However, we recognize that this is a business solution to the decline stage.
Brian Wordrun 60 minutes
Brian Wordru n-In charge of the FBI Cybernetics category. He said, basically, the attack on the atonement is becoming more and more rude.
This is a matter of Brian Bordran numbers, for the world economy, the US economy, and the US security. According to the estimation, the huge cost exceeds $ 1 billion a year.
Bill Whitecher: Have you ever been arrested for a business in Las Vegas?
Brian Wardrun We do not talk about specific incidents or specific companies.
But he showed me from my head to the suspect.
When talking about an active person behind the latest attacks that introduced Brian Wardrun Atonement software, the name is generally named. This is a criminal group, and we are very interested in confusion on the US land.
The FBI calls a "fragmented spider" a cracker network that is serious about casino hacking and his native language. Their specialty is public engineering.
Alison Nixon: To some extent, their victory is explained by the fact that they are fluent in Western culture. They understand the mechanism of our conversation. You understand what you need to explain to solve something to someone.
Alison Nixon is a major academic staff of the unit 221B, specializing in cyber security and studying Cyber criminals in the UK. According to his text, the scat spider is just one of the many illegal hackers, a part of a wide group of cyber criminals who claim to be a "community" or "com".
Alison Nixon: Com is a culture. In particular, it is a British youth abuse that has appeared in recent years. She is quite fresh, but incredibly destroyed.
COM members hack these companies such as Microsoft, Nbidia, and Electronic Arts.
Bill White Har: How many people are involved?
Alison Nixon: It is very likely that there were a certain number of 100 people many years ago. However, since 2018, these groups have been funded, and the number has increased. Now thousands of people are participating.
Bill White Cur: How are you connected?
Alison Nixon: Connected online. A public place where people spend time. Game server. This is almost the same as the gateway where evil kids hang out, but they are online.
Alison Nixon 60 minutes
Bill White Her: How old are you talking about?
Alison Nixon: A 2 5-yea r-old young man.
Bill Whitecher: How long is it until the age of 25?
Alison Nixon: Until 13, 14 years old.
Bill Whiteshire: Have you ever participated in the publication of serious crime?
Alison Nixon: Yes.
The members of the group talk and publish photos in messaging applications such as telegrams. Their inactive reading gives themselves a harmful mix, such as racist discrimination, gender discrimination, a boastful story about how tough you are and how tough you are.
Alison Nixon: There are such harmful online space, and young people have all the opportunities to meet or meet the perpetrators and gang members. As a result, the Internet society has spread nationwide, thinking about the crime, thinking about the meaning of that person, and thinking about how much damage to the world.
Scattered Spiders are one of the most sophisticated branches of COM. Their criminal exploits have committed the concerns of cybersecurity companies ... and other crackers ... How many of the most famous Russian gangs dealing with ransomware, Blackcat. They noticed a moment of young English Westerners, which contributed to their rise in strength. Both groups took it upon themselves to attack MGM.
Ellison Nixon: Historically, Russian cybercriminals have been reluctant to work with Western cybercriminals, not only because of the language barrier, but also because they saw them in reality and considered them unprofessional.
Russian and Western hackers met in the shadowy corners of the Black Network and are now considered powerful partners in atrocities. Scattered Spiders are used by personal British and public technical skills to penetrate the networks of Western companies. BlackCat provides personal techniques and malicious software used in the most shocking ransomware attacks.
......, over the attack on the Colonial Pipeline in 2021 that caused a gas shortage on the East Coast and this year's attack on the Unitedhealt-group that did not comply with the work of pharmacies nationwide. The local government department invites a merit order of $15 million for information on Russia's Black Cat.
John DiMaggio, who was an analyst for the National Protective Agency in the past and is now the chief strategist at Analyst1, specializing in cybersecurity, likes to study extortion programs.
John DiMaggio: There is a similar term. It is called "ransomware as a service" ("exchange according to service"), which gives the structure and format of the gang's data.
John DiMaggio and Bill Whittacher 60 Minutes
According to DiMaggio's writing, it has taken "ransomware as a service" to a new dimension. Not long ago, domestic gangs like Blackcat had their own proposals - malicious software, redemption negotiations and money laundering skills - called "branches", for example, scat spin.
John DiMaggio: This way, once the victim pays the ransom, the profits are shared among the perpetrators.
The most successful domestic gangs operate as legitimate businesses on regular online platforms ... such as ReconClock Assistance Services ... including staff resources to hire software creators.
John DiMaggio: There are people who specialize in developing malicious and theft programs, and they are in high demand.
Bill Whitehar: You said you've met some of those people.
John DiMaggio: Yes.
Bill Whitehar: Are those young people at the host?
John DiMaggio: The heads are.... They're 40+, 30+ strong men. They have a financial history.
DiMaggio's book says that domestic governments provide a safe haven for extortion rings.
John DiMaggio: They can't be prosecuted unless they target organizations in the territory of the Russian Federation or the former Soviet Union. This is not a crime.
Bill Whitaker: Isn't it a crime to actively attack South American companies?
John DiMaggio: Yes. But this way.... Like, this way.
Bill Whitaker: So they're working in the open.
John DiMaggio: 100% right. This is the root cause of the popularity of this crime.
Russian ransomware has become a threat. Russian ransomware has become a threat that has brought expensive cyber warriors from the National Security Agency into the fight.
Rob Joyce was the head of cybersecurity at the NSA until he resigned last March. He says the Colonial Pipeline attack was a worrying sign for him.
Rob Joyce 60 minutes
Rob Joyce: This forced us to take a step back and decide that we needed to devote more resources to this overseas threat. For example, the NSA has hackers. And sometimes you really need an intruder to defeat an intruder. That's the point of the NSA. We can identify people, specific people who engage in this kind of behavior.
The NSA definitely helped identify the Russian hackers involved in the Colonial Pipeline attack. And in January 2022, after several months of negotiations, the Russian Federation arrested him and other accomplices. But five months later, it all fell apart.
Rob Joyce: After going into Ukraine, these guys were released from prison.
Bill Whitaker: So they're back in action, right?
Rob Joyce: Yes.
And now they've combined with the young speaker in the UK, Scattered Spider. Brian Vaughnndran of the FBI calls this an evolution of cybercrime.
Brian Borndran: In the case of Scattered Spider, is it strong that you are actually collaborating with BlackCat? Absolutely. I think it's important to recognize that it's a pretty capable opponent and they're pretty good at what they do. We're pretty good at what we do, too.
In January, the FBI arrested 19-year-old Florida boy Noah Urban on charges of cryptocurrency theft. He pleaded not guilty. Cyber investigators have linked him to Scattered Spider, but not yet to the casino heist. Two more people were arrested last month, both of which are linked to Scattered Spider, as one of them was likely involved in the casino hack. The others are still in hiding. Alison Nixon calls Las Vegas a harbinger.
Alison Nixon: The level of cybercrime is rising to a level that seems unfathomable. And every year, it gets more and more terrifying. And we, the intercessors, seem to be winning every battle and losing the war.
Producer: Graham Messick. Associate Producer: Jack Weingart. Field Assistant Producer: Elisa Costas. Broadcast Assistant: Mariah B. Campbell. Editor: Matthew Lev.