Shulou(Shulou.com)06/01 Report--

Produced by big data Digest

Authors: Li Lei, Gou Xiaobai, Song Xinyi

Government mailboxes cannot be accessed, all water and electricity parking fees cannot be paid, and all real estate transactions cannot be carried out.

In the eastern city of Baltimore, the municipal system has been paralyzed for three weeks.

In early May, hackers hacked and took control of about 10000 government computers in Baltimore, Maryland, and demanded 13 bitcoins (worth $100000).

But the city refused to pay the ransom.

In the weeks that followed, civil servants had no access to their e-mail accounts and ordinary citizens had no access to basic municipal services, including websites used to pay for water, property taxes and parking tickets.

The standoff has been going on for three weeks and there is still a stalemate.

Cyber attack: war without gunshots

Let's take a look at what happened.

Baltimore is the largest city in Maryland. Drugs, riots, crime and dilapidation are many people's impressions of the city. Baltimore has the highest homicide rate among the 50 major cities in the United States and is known as the most dangerous city in the United States, according to a report released by the FBI on September 24, 2018.

This time, the danger comes from silent and invisible cyber attacks.

On May 7, the Baltimore city computer screen was suddenly locked, and a rude statement appeared on the display screen. The hackers demanded that they pay about $100000 in bitcoin to release their system: "We will not negotiate with the government." we just want the money! come on! tick-tock, you hear me? time is passing! "

An unbreakable algorithm

The hackers used a ransomware called RobbinHood to attack the Baltimore city system.

"imagine a person sneaking into a government building and using a truck to take away a pile of boxes filled with all the pending permits and all the documents for all the ongoing business, and they demand a huge ransom to bring the truck back." Avi Rubin, a computer science professor and cyber security expert at Johns Hopkins University, described the seriousness of the attack.

That's what's happening in Baltimore. A program called RobbinHood quietly invaded, making it impossible for government departments to access the server without a specific digital key.

Professor Rubin says ransomware uses a public algorithm called RSA to encrypt data. It is believed that no government will be able to break it. Without a key, the city must rebuild its servers from scratch. It could take months to implement the new hardware and software and to recover all data from the city.

The hackers asked the government to pay three bitcoins for each system, or a total of 13 bitcoins to unlock all hijacked systems. If the payment is not made within four days, the hacker will increase the ransom; if the ransom is not received within 10 days, all data in the system will be lost forever. At present, both deadlines have passed.

This is a typical "ransomware" attack, in which hackers use malware to block access to or take over a computer system until the system owner pays a ransom.

This is a very malicious cyber attack because even if the victim is fully prepared to back up data completely offline, it still requires a lot of time and resources to restart all infected computers.

The city government has refused to pay the ransom, and the government e-mail system and payment platform controlled by hackers are still offline.

Helpless citizens

The attack also affected the Baltimore real estate market, and the real estate trading system was inaccessible.

Baltimore residents are in deep despair of the sudden "disaster plan".

"the computer system you rely on is completely unreliable, and you're not prepared for it, which is helpless," said 31-year-old nanny Ashley Mason.

Ashley Mason and her brother

Mason has been scrimping for a new house for four years. Finally, this year, she paid off her debt, got enough credit scores, and was finally able to afford a two-bedroom duplex.

She is ready to leave the crowded apartment where she shares with her brother.

But just as she was about to settle in her new home, the government system was attacked.

City officials launched a solution on May 20th to get real estate transactions back to normal, two weeks after the city's servers were damaged.

Mason now hopes that a large backlog of buyers will not delay her relocation. She said that the rent of the apartment where she currently lives is about to go up. Now she can't afford to pay the extra rent.

Pay the ransom? Never compromise!

Baltimore Mayor Jack Young said in a statement on May 17 that city staff are restoring the system and have hired leading cyber security experts to help.

"during the recovery process, we will rebuild some systems to ensure that we restart business functions in a secure manner," Young said. But he didn't give a timetable for all the systems to come back online. Professor Rubin estimates that the system will take at least a few more months to get up and running.

Baltimore offers a number of solutions. For example, take the system offline to prevent the spread of malware, and set up offline alternatives to online systems to handle home sales.

But in an interview on May 20th, the previously determined Mayor Young hesitated for the first time whether to succumb to hackers: "should I pay a ransom to move the city forward? I may think about it. I haven't made a decision yet."

Jack Young (Washington Post)

From a financial point of view, it makes perfect sense for Young to consider the hacker's request-the city will spend more than $100000 to restore the damaged system. But in the long run, it reinforces the view that software blackmail is a viable and profitable business model. It will encourage criminals to continue to use this approach to commit cyber crimes.

In addition, even if the ransom is paid, the hacker may not restore the system or even continue to demand the ransom. According to a 2016 study by Kaspersky Lab, about 1/5 of blackmail software victims are still unable to retrieve their data after paying hackers.

And even if the perpetrators restore Baltimore's computer system after receiving the payment, there is no guarantee that they will not attack the city again in the future. They may even leave traces of malware or backdoors on the city's system for the next attack. Other attackers will also know that the Baltimore government is an easy target.

There was a similar RobbinHood attack on government computer systems in Greenville, North Carolina, in April. A spokesman for the Greenville city government said the city had not paid the ransom and that although its computer system had not yet been fully restored, "all major (security) technical indicators have been met."

What the city government and the police should do is to protect the public interest through slow, painstaking and expensive efforts to restore and protect the system, rather than simply paying ransoms.

Hacker attacks are becoming more and more serious.

This is not the first hacker to maliciously attack a government system.

In 2017, WannaCry, a ransomware targeting the Microsoft Windows operating system, attacked tens of thousands of computer systems in more than 100 countries. In the same year, companies in Britain, France, Russia, Israel and Ukraine were successively attacked by blackmail software, and American hospitals were also targeted by hackers.

In 2018, hackers demanded that Atlanta pay about $50000 in bitcoin as part of the ransom. According to a report by the Atlanta Constitution and Channel 2 Action News, repairing the impact of the attack eventually cost the city $17 million because the city refused to pay the ransom.

This year alone, more than 20 cities in the United States have been subjected to cyber attacks.

The basic idea behind the blackmail software is simple: criminals break into your computer, use unbreakable encryption programs to destroy files in the system, and then ask you to spend money on the encryption keys needed to recover the files. If you have important documents on your machine, you may pay a large ransom to avoid losing them.

Since the invention of Bitcoin in 2009, ransomware attacks have become easier. Hackers usually need identity information to collect money using traditional payment networks such as Visa and MasterCard, but not bitcoin. As a result, the number of ransomware attacks on unsuspecting computer users has soared over the past four years.

Some ransomware systems are so sophisticated that they even provide customer support services to help victims who want to pay ransoms figure out how complex bitcoins are acquired and paid.

Since 2017, many departments and organizations have improved their security measures to prevent blackmail software attacks. But the latest Baltimore hacking shows that this is a gopher game: if security is improved in this area, hackers will look for the next area.

How to prevent cyber attacks?

Like many local governments, Baltimore is not ready for such a thing. It is easy for the government to defend itself like this: "since this kind of thing has never happened, why should we spend a lot of money on it?"

Local governments now own and rely on a variety of Internet technology systems to operate services: laptops used by officials, light poles and road sensor systems, mapping and information systems in police cars, and so on. Cities are particularly vulnerable to digital attacks because their IT systems tend to be older and more complex than private sector organizations. And budgets are often very tight, resulting in a complete shortage of staff responsible for keeping these systems safe.

The threat of cyber attacks should be the most important security issue right now, but in fact local officials have not done enough to protect their technology from attacks.

44% of local governments report that they receive cyber attacks every day, 41% of governments say they do not know when they were attacked, and 54% of governments do not catalogue attacks. Most of the world's government leaders have no idea how serious cyber attacks are.

Government agencies must create a cyber security culture, including funding for cyber security, stronger cyber security policies, and cyber security protocols that train employees. Cyber security should not only be a matter for the IT department, it must become a top priority for local governments. Preventing and mitigating cyber attacks requires cooperation between governments, such as local and local coordination between states, and work with the federal government on key tasks such as elections, traffic management, intelligence sharing, and so on.

Technological advances are improving the efficiency of the government, such as helping to shift it from expensive and inefficient paper systems to digital systems to better work, and big data has also brought leaps and bounds for the government in decision-making. But where there is light, there is shadow. If the smart city is the light that technology brings to the government, then cyber attacks are dark corners. We don't need to stop technology deployment, but network security must be on the agenda.

Photo: associated Press

This is the second blackmail software attack in Baltimore in 15 months, and last year an attack shut down the city's 9 / 11 alarm system for nearly a day. The two attacks prompted the city of Baltimore to conduct a rigorous cyber security review. The city council president is planning to set up a special committee to investigate the hacking to make sure it doesn't happen again.

As of press time, Baltimore's municipal paralysis continues.

Related report

Https://www.vox.com/recode/2019/5/21/18634505/baltimore-ransom-robbinhood-mayor-jack-young-hackers

Https://statetechmagazine.com/article/2019/05/ransomware-protection-removal-and-recovery-best-practices-state-and-local-governments-perfcon

Https://www.bbc.com/news/world-us-canada-48371476

Https://nytlicensing.com/story/WvTAbzga/

Https://slate.com/technology/2019/05/baltimore-ransomware-robbinhood-attack-bernard-young.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.