Connect with us

Biz & IT

Big data trove dumped after LA Unified School District says no to ransomware crooks

Published

on

A ransomware outfit calling itself Vice Society has dumped nearly 300,000 files belonging to the Los Angeles Unified School District as punishment for rebuffing demands it pay the group a hefty fee to recover data stolen during a recent cyber intrusion.

Ransomware operators breach targets’ networks, encrypt all their data, and then charge victims a ransom for the decryption key. More recently, the groups have moved to a double extortion model, in which they also publish the data on the dark web unless victims pay a ransom to keep it private. Already this year, 27 school districts with 1,735 schools among them have been hacked in ransomware incidents, Brett Callow, a threat analyst with security firm Emsisoft, said.

The Los Angeles Unified School District is the second biggest school district in the US, behind the New York City Department of Education, making it a trophy of sorts for ransomware groups that prey on these organizations.

Vice Society is a Russian-speaking ransomware group that has emerged over the past couple of years to become a menace, mainly to small- and middle-sized companies. The group specializes in human-operated ransomware attacks, as opposed to automated attack techniques favored by many of its peers. Callow said in a direct message that the Vice Society gang attacked at least eight other US school districts, colleges, and universities so far in 2022.

In the past it has used critical vulnerabilities in network devices from SonicWall and the Windows zero-day known as PrintNightmare as an initial entry point into companies it has targeted.

The LAUSD said in early September it suffered a ransomware attack that created districtwide disruptions to email, computer systems, and applications. A couple of days later, the Cybersecurity and Infrastructure Security Administration published an advisory warning that the group had been “disproportionately targeting the education sector.”

On Friday, district officials said they had no intention of paying a ransom to the threat actors.

“Los Angeles Unified remains firm that dollars must be used to fund students and education,” they wrote. “Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate. We continue to make progress toward full operational stability for several core information technology services.”

On Friday, LAUSD superintendent Alberto Carvalho was even more forceful in his rejection of the group’s demands.

“What I can tell you is that the demand—any demand—would be absurd,” he told the Los Angeles Times. “But this level of demand was, quite frankly, insulting. And we’re not about to enter into negotiations with that type of entity.”

Friday’s LAUSD statement warned employees and families that the group was likely to respond by releasing breached data publicly.

Over the weekend, that’s precisely what Vice Society did on its name-and-shame site. The haul, which researchers from security firm Checkpoint said included more than 284,000 files, contains a wide variety of documents, images, and other documentation. One video purports to be part of an incident report and appears to show district personnel monitoring a video feed and responding to other staff members over a two-way radio. Other documents list the names, Social Security numbers, attendance records, unredacted passports, and other sensitive information of school employees and contractors.

Like many municipalities, school districts are particularly vulnerable to ransomware attacks because they frequently use outdated hardware and software.

Continue Reading

Biz & IT

Nvidia AI plays Minecraft, wins AI conference award

Published

on

Enlarge / MineDojo’s AI can perform complex tasks in Minecraft.

Nvidia

A paper describing MineDojo, Nvidia’s generalist AI agent that can perform actions from written prompts in Minecraft, won an Outstanding Datasets and Benchmarks Paper Award at the 2022 NeurIPS (Neural Information Processing Systems) conference, Nvidia revealed on Monday.

To train the MineDojo framework to play Minecraft, researchers fed it 730,000 Minecraft YouTube videos (with more than 2.2 billion words transcribed), 7,000 scraped webpages from the Minecraft wiki, and 340,000 Reddit posts and 6.6 million Reddit comments describing Minecraft gameplay.

From this data, the researchers created a custom transformer model called MineCLIP that associates video clips with specific in-game Minecraft activities. As a result, someone can tell a MineDojo agent what to do in the game using high-level natural language, such as “find a desert pyramid” or “build a nether portal and enter it,” and MineDojo will execute the series of steps necessary to make it happen in the game.

Examples of tasks that MineDojo can perform.

Examples of tasks that MineDojo can perform.

Nvidia

MineDojo aims to create a flexible agent that can generalize learned actions and apply them to different behaviors in the game. As Nvidia writes, “While researchers have long trained autonomous AI agents in video-game environments such as StarCraft, Dota, and Go, these agents are usually specialists in only a few tasks. So Nvidia researchers turned to Minecraft, the world’s most popular game, to develop a scalable training framework for a generalist agent—one that can successfully execute a wide variety of open-ended tasks.”

Nvidia

The award-winning paper, “MINEDOJO: Building Open-Ended Embodied Agents with Internet-Scale Knowledge,” debuted in June. Its authors include Linxi Fan of Nvidia and Guanzhi Wang, Yunfan Jiang, Ajay Mandlekar, Yuncong Yang, Haoyi Zhu, Andrew Tang, De-An Huang, Yuke Zhu, and Anima Anandkumar of various academic institutions.

You can see examples of MineDojo in action on its official website, and the code for MineDojo and MineCLIP is available on GitHub.

Continue Reading

Biz & IT

European Parliament DDoSed after declaring Russia a sponsor of terrorism

Published

on

Enlarge / An iteration of what happens when your site gets shut down by a DDoS attack.

The European Parliament website was knocked offline for several hours on Wednesday by a distributed denial-of-service (DDoS) attack that started shortly after the governing body voted to declare the Russian government a state sponsor of terrorism.

European Parliament President Roberta Metsola confirmed the attack on Wednesday afternoon European time, while the site was still down. “A pro-Kremlin group has claimed responsibility,” she wrote on Twitter. “Our IT experts are pushing back against it & protecting our systems. This, after we proclaimed Russia as a State-sponsor of terrorism.”

While this post was being reported and written, the website became available again and appeared to work normally.

The pro-Kremlin group Metsola referred to is likely the one known as Killnet, which emerged at the start of Russia’s invasion of Ukraine and has posted claims of DDoS attacks in countries supporting the smaller nation. Targets have included police departments, airports, and governments in Lithuania, Germany, Italy, Romania, Norway, and the United States.

Shortly after Wednesday’s attack against the European Parliament started, Killnet members took to a private channel on Telegram to post screenshots showing the European Parliament website was unavailable in 23 countries. Text accompanying the images made a homophobic remark directed at the legislative body.

The outage occurred shortly after the parliament overwhelmingly voted to declare the Kremlin a sponsor of terrorism.

Members of the European Parliament “highlight that the deliberate attacks and atrocities committed by Russian forces and their proxies against civilians in Ukraine, the destruction of civilian infrastructure and other serious violations of international and humanitarian law amount to acts of terror and constitute war crimes,” the declaration stated. “In light of this, they recognize Russia as a state sponsor of terrorism and as a state that ‘uses means of terrorism.’”

The resolution was adopted with 494 votes in favor, and 58 against. There were 44 abstentions.

DDoS attacks typically harness the bandwidth of hundreds, thousands, and in some cases, millions of computers infected with malware. After coming into their control, the attackers cause them to bombard a target site with more traffic than they can accommodate, forcing them to deny service to legitimate users. Traditionally, DDoS has been among the crudest forms of attack because it relies on brute force to silence its targets.

Over the years, DDoSes have become more advanced. In some cases, the attackers can increase the bandwidth by as much as a thousand-fold using amplification methods, which send data to a misconfigured third-party site, which then returns a much larger amount of traffic to the target.
Another innovation has been designing attacks that exhaust the computing resources of a server. Rather than clogging the pipe between the website and the would-be visitors—the way more traditional volumetric DDoSes work—packet-per-second attacks send specifc types of compute-intensive requests to a target in an attempt to bring the hardware connected to the pipe to a standstill.

Metsola said the DDoS attacks on the European Parliament were “sophisticated,” a word that’s often misused to describe DDoSes and hacks. She provided no details to corroborate that assessment.

Continue Reading

Biz & IT

Apple iPhone factory workers clash with police in China

Published

on

Enlarge / Workers walk outside Hon Hai Group’s Foxconn plant in Shenzhen, China, in 2010.

Violent worker protests have erupted at the world’s largest iPhone factory in central China as authorities at the Foxconn plant struggle to contain a COVID-19 outbreak while maintaining production ahead of the peak holiday season.

Workers at the factory in Zhengzhou shared more than a dozen videos that show staff in a standoff with lines of police armed with batons and clad in white protective gear. The videos show police beating workers, with some bleeding from their heads and others limping away from chaotic clashes.

Beijing’s strict zero-COVID regime has posed big challenges for the running of Foxconn’s Zhengzhou plant, which typically staffs more than 200,000 workers on a large campus in the city’s suburbs.

Wednesday’s unrest will heighten investor concerns about supply chain risk at Apple, with more than 95 percent of iPhones produced in China.

Problems at the plant earlier this month led Apple to cut estimates for high-end iPhone 14 shipments and to issue a rare warning to investors over the delays.

Two workers at the Foxconn factory said the protests broke out on Wednesday morning after Apple’s manufacturing partner attempted to deny bonuses promised to new workers put into quarantine before being sent to assembly lines.

“Initially they just went into the plant seeking an explanation from executives, but they [the executives] didn’t show their faces and instead called the police,” said one of the workers.

Another worker said there was growing discontent over the factory’s continued inability to curb a COVID outbreak, tough living conditions, and fear among staff that they would test positive.

Foxconn said the company would work with employees and the government to prevent further violent acts.

The company said it had always fulfilled its contracts and would continue to “communicate and explain” that to new staff. It said reports that the company had mixed COVID positive workers with those not yet infected were untrue.

Videos show workers flipping over carts on the Foxconn campus, charging into the factory’s offices and bashing a COVID testing booth. Live streams from the scene on Wednesday afternoon showed groups of workers milling about in a courtyard between buildings. Some workers were livestreaming the protests on social media until censors stepped in to cut off the broadcasts.

“The Foxconn situation raises concern for China’s leaders because it challenges the narrative of being a reliable supplier,” said Shan Guo at Plenum China Research. “It’s clear workers are not happy being locked down,” she said.

Foxconn has been working with the local government in Henan province, where the plant is located, to repopulate its assembly lines with new workers after a mass staff exodus late last month spurred by conditions at the plant.

Local officials have been tasked with helping send workers to the plant, which is a big taxpayer and was responsible for 60 percent of the province’s exports in 2019.

Ivan Lam, an analyst at Counterpoint Research, said Foxconn had already been shifting iPhone 14 production away from the Zhengzhou factory amid the COVID problems. He estimated the Zhengzhou plant’s share of total iPhone 14 production was down to about 60 percent today from about 80 percent before the outbreak began.

Apple did not immediately respond to requests for comment.

© 2022 The Financial Times Ltd. All rights reserved. Please do not copy and paste FT articles and redistribute by email or post to the web.

Continue Reading

Trending