Ransomware goes rogue

It’s bad when hackers lock up computers and hold them for ransom — but it’s about to get a whole lot worse. My first freelance article for the Tribune-Review delves into this frightening new world where hackers don’t want your bitcoin and they’re interested in deleting more than your files…

As bad as it seemed when hackers locked up computer systems at Los Angeles’ Hollywood Presbyterian Medical Center in February, demanding a $17,000 ransom, the attack could have been much worse, experts tell the Tribune-Review.

The cybercriminals used so-called ransomware that seeks victims through emails and websites, then locks their computer equipment until they pay a ransom.

When a victim pays the ransom — typically in digital bitcoins — the thieves provide a digital key to unlock the system. Yet hackers who aren’t motivated by money could refuse to offer a key, said Brian Nussbaum, a former security intelligence analyst who teaches computer security at State University of New York at Albany.

“There is certainly the potential for you to have organizations where the data is simply gone,” Nussbaum said. Read the full story here.

The Untouchables for the digital age

An inside look at an FBI hacker sting: Drinking Red Bulls to stay up all night. Posing as online criminals. Assembling an international hall of justice at Europol.

I had the rare opportunity to see behind the scenes as the FBI in Pittsburgh brought down the Darkode online black market. I spent some time with the Bureau as they disabled the network and then I had an exclusive interview with the undercover agents about how it went. The case ultimately involved 70 criminals from Brazil to Pakistan to the campus of Carnegie Mellon University.

J. Keith Mularski, the top FBI cyber guy in Pittsburgh, once posed as the hacker Master Splyntr to take down a crime ring.

Assistant U.S. Attorney Jimmy Kitchen and two FBI agents from Pittsburgh sat two weeks ago around a large square table inside the ultramodern, glass-walled offices of Europol, Europe’s leading law enforcement agency.

The Pittsburghers were joined by top prosecutors and police officers from 20 nations. Some were familiar from FBI training they had done in Pittsburgh, and others had become friendly during the previous six months as they worked together to take down Darkode, a private online black market for hackers and criminals.

“It was like we were the United Nations,” Kitchen told the Tribune-Review in an exclusive interview. “We had our little placard in front of us that said, the United States, and every country had its own.”

Read more: http://triblive.com/news/editorspicks/8749274-74/agents-darkode-fbi#ixzz3g45WTx91

Then my colleague Mike Wereschagin jumped in when I needed help tracking down the local man charged in the FBI’s Darkode sting. Our boss Jim Wilhelm challenged him to come up with this killer lede…

Agents say this CMU student operated online as a hacker known as Android.

A fresh-faced college student who once designed a mobile app to bring Pittsburghers together slipped from his prestigious Carnegie Mellon University classrooms into the shadows of the Web, where he sold a program that put thieves inside people’s pockets, federal authorities said Wednesday.

Read more: http://triblive.com/news/editorspicks/8749286-74/culbertson-fbi-android#axzz3fmxQzP3p 

The Inside Job

As journalists, we often report on secret meetings — closed to everyone but the participants. I dedicated “Breakway” to “anyone who has ever wondered what happens behind closed doors.” I did that mostly because I always wonder what decisions are made and deals reached behind closed doors.

For my latest assignment, I actually got to go behind closed doors. I went behind armed guards too. The U.S. Army War College permitted me to attend a policy planning session on “Cyber Sovereignty.” The three-day workshop brought together top minds from all branches of the military, from the private sector and from academia.

The event allowed me to provide readers of the Tribune-Review exclusive access to these deliberations about the future of our nation’s cybersecurity. I also discussed my findings on 90.5 WESA-FM, Pittsburgh’s NPR station.

My stories…

Infrastructure ‘legitimate target’ in battle for cyber supremacy

Summer Fowler

When Summer Fowler goes to sleep, the Cranberry mother of three knows computer hackers around the world are working through the night to undo the defenses she spends her days building.

Fowler, 37, is deputy technical director for cybersecurity solutions at CERT, the nation’s first computer emergency response team, at Carnegie Mellon University’s Software Engineering Institute. She works with Pentagon soldiers, intelligence directors and corporate titans to help them identify key electronic assets, secure them from cyber attacks and plan for what happens if someone steals them.

But at the end of the day, once her children are tucked into bed, Fowler wonders what the impact would be from a real cyber 9/11 attack…Read more.

How Pittsburgh invented computer emergency response

Richard Pethia

Pittsburgh’s prominent and growing role as a national center for cybersecurity started with a chance encounter more than 25 years ago.

On Nov. 2, 1988, researchers at the Defense Advanced Research Projects Agency, or DARPA, were ending the workday when calls started coming in from across the country. Something was slowing computer connections on the early Internet — moving freely, guessing passwords to break into systems, accessing files and quickly replicating.

About 60,000 people were connected to the infant web in those days, and many knew each other. The idea had been to build a network for military operations and research that could withstand attacks on any one or two individual computers.

But as the so-called Morris worm spread, questions about security quickly arose. The first computer virus had been unleashed…Read more.

Sony hack redefines online warfare

CARLISLE — Rarely has a raunchy movie done so much to change the world.

When hackers broke into computer systems at Sony Pictures Entertainment in a failed attempt to stop the release of “The Interview” late last year, the cyberattack changed the way top American military policymakers look at online warfare, experts say.

Electronic skirmishes that had played out quietly among computer technicians at a hacked company and a federal agency contacted for advice instead went all the way to the Oval Office, as President Obama blamed the Sony incident on a nation-state attack by North Korea. Read more.

Intelligence agency to battle online threats

CARLISLE — If President Obama’s proposed new agency to coordinate federal cybersecurity efforts leads to increased information sharing among government agencies and private companies, that will improve defenses against hack attacks all around, experts gathered here this week said. Read more.

Cool but creepy future

Companies understand the delicate balance between collecting detailed information on shoppers — and revealing how much they know or what they do with it. Jon Iwata, an IBM vice president, talks about it as the continuum between privacy and convenience, similar to the government one between security and civil liberty. To understand companies’ reticence, note that few responded to my request for information…

The Trib’s great Andy Russell took this photo of Erin Price. Funny back story: He set up the photo because it looks great — and only realized after talking with Erin how steps play into her exercise routine. That coincidence makes for a great illustration.

Giant Eagle won’t say much about the information it collects on people who enroll in its rewards program to earn savings on food and fuel, but it knows who has a weakness for Goldfish crackers.

GNC can see when your New Year’s resolution ended. And Dick’s Sporting Goods has a pretty good idea who will return to its stores this spring to gear up for baseball or softball season.

Consumers willingly — if unwittingly — provide trillions of “data points” to companies about their purchases, intimate habits and even where a computer mouse hovers on a computer screen without clicking. Americans worried about government spying often have themselves to blame when it comes to private-sector monitoring, experts said.

Read more about this story. Check out our entire Cyber Rattling series here.

Hackers? Yes. But what color hat?

PBS NewsHour re-aired a short documentary on hackers that draws on the stories from our Cyber Rattling series. Coresondent Rick Karr spent some time with me at the Trib and focused on the work CMU does to train hackers. Whether they go on to wear a white hat or black, well…

ANDREW CONTE:  It’s often the people who as young high school students they started goofin’ around with– electronics or computers, and they started figuring out, you know, how to do simple attacks, how to get inside of– machines.

RICK KARR: Andrew Conte is an investigative reporter at the Pittsburgh Tribune-Review who’s written dozens of articles about hackers and cybersecurity.

ANDREW CONTE : And at some point they make the decision.  You know, “Am I going to be– a good hacker or a bad hacker? And there’s not that much difference between them in terms of– their abilities.  Huge difference in terms of their motivations.

Watch the entire video here. And check out our Cyber Rattling series by clicking here.