References for Political Science, International Relations, and Law

On Ransomware --And Who Paid the Ransom

• "Not all who pay a ransom successfully recover their compromised data" (Help Net Security)
• 
• (Melrose, MA) Melrose Police Pay 1 Bitcoin to Get Rid of Ransomware
• (Tewksbury, MA) Police Pay Off Ransomware Operators, Again (Dark Reading)
• (Horry County School District in South Carolina) US School Agrees to Pay $8,500 to Get Rid of Ransomware (Softpedia)
• (Hollywood Presbyterian Medical Center) Hospital paid 17K ransom to hackers of its computer network (AP)
  • Ransomware takes Hollywood hospital offline, $3.6M demanded by attackers (CSO Online)
• (Methodist Hospital in Henderson, KY) Hospital Declares ‘Internal State of Emergency’ After Ransomware Infection (Krebs on Security)
• (Cloquet School District in Duluth, MN) Cloquet schools suffer 'ransomware' attack (Duluth News Tribune)
• (Plainfield, NJ) These hackers can hold a town hostage. And they want ransom — paid in bitcoin (WaPo)
• (Germany) German hospitals being held ransom by cyber attackers (IT Governance)
• (Washington D.C.) Washington's MedStar Health shuts down computers after virus (Reuters)
• (Calgary, Alberta) Bitcoin ransom demanded by hackers of Calgary wine store (CBC)
• (Calgary, Alberta) University of Calgary Pays $20K Following Ransomware Attack (Threatpost)
• NASCAR Team Pays Ransomware Fee to Recover Files Worth $2 Million (Softpedia)
• (Madison County, Indiana) Ransomware attack forces Madison County, Indiana to pay up (StateScoop)
• (Allegheny County, PA) Pennsylvania State Prosecutor's Office Paid Ransom In 'Avalanche' Ransomware Attack (Dark Reading)
• 70 Percent of Enterprise Ransomware Victims Paid Up, Data Shows (On the Wire)
• (Los Angeles, CA) Los Angeles college pays hacker ($28,000) student data compromised (KSBY)
• Half of Ransomware Victims Pay Criminals' Demands to Recover Data (Threatpost)
• (Cockrell Hill, TX) Police Department Loses Years Worth of Evidence in Ransomware Incident (bleepingcomputer.com)
• (Austria) Hotel ransomed by hackers as guests locked in rooms (The Local)
• (Washington D.C.) Hackers hit D.C. police closed-circuit camera network, city officials disclose (WaPo)
• (Sacramento, CA) Hackers attack Sacramento transit system and demand $8,000 ransom (MSN)
• (Riviera Beach, FL) Florida city pays hackers $600,000 in ransom to save computer records (USA Today)
• (Lake City, FL) Second Florida city pays giant ransom to ransomware gang in a week: Lake City officials give in and agree to pay nearly $500,000 to ransomware gang. (ZDNet)

On the Petya Ransomware Attack on June 27, 2017

• Fact sheet on Petra ransomware: https://gist.github.com/vulnersCom/65fe44d27d29d7a5de4c176baba45759
• "Petya ransomware successful in spreading because it combines both a client-side attack (CVE-2017-0199) and a network based threat (MS17-010)" by @HackerFantastic, https://twitter.com/hackerfantastic/status/879719012929875968
• "Anyone know what this is inside of #petya? This is in 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745" by @malwarejake, https://twitter.com/MalwareJake/status/879728987018231808
• "A tipster sends along this photo taken outside DLA Piper's D.C. office around 10am. #Petya" by @ericgeller, https://twitter.com/ericgeller/status/879738598244835328
• "Unexpected ransomware in bagging area" by @gcluley, https://twitter.com/gcluley/status/879721876305661953
• "#StopPetya We have found local “kill switch” for #Petya: create file "C:\Windows\perfc" by @PTsecurity_UK, https://twitter.com/PTsecurity_UK/status/879779707075665922
• Six quick facts to know about today's global ransomware attack (ZDNet)
• Pnyetya: Yet Another Ransomware Outbreak by the grugq
• ‘Petya’ Ransomware Outbreak Goes Global (Krebs on Security)
• Cyberattack Cripples Ukraine (Atlantic Council)
• Maersk says global IT breakdown caused by cyber attack (Reuters)
• Massive cyberattack hits Europe with widespread ransom demands (Washington Post)
• Pharma giant Merck hit in growing ransomware attack (The Hill)
• Global ransomware attack causes turmoil (BBC)
• Petya Ransomware Spreading Rapidly Worldwide, Just Like WannaCry (The Hacker News)
• New Petya Ransomware Attack Prevented by Minerva (Minerva Labs)
• A new ransomware attack is infecting airlines, banks, and utilities across Europe (The Verge)
• Pennsylvania hospital system hit in cyberattack (WHDH)
• Petya - Enhanced WannaCry? (comae.io)
• Hacker Behind Massive Ransomware Outbreak Can't Get Emails from Victims Who Paid (Motherboard)
• Cyberattack hits entire Heritage Valley Health System, shuts down computers (WTAE)
• Another Massive Ransomware Outbreak Is Going Global Fast (Forbes)
• Petya cyberattack hits Europe, disrupting banks, government agencies (USA Today)
• Schroedinger’s Pet(ya) (Securelist)
• Is this Cyber War? Ransomware Attack Hits Banks, Transport, Government in Ukraine (The Security Ledger)
• Ransomware halts production at Cadbury's Tasmanian chocolate factory (ZDNet)

On the WannaCry Ransomware Attack on May 12, 2017

• Fact sheet: https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168
• WANNACRY RSA keys in PEM format: https://pastebin.com/SNBdGbJh
• WannaCry/Wcry Ransomware: https://otx.alienvault.com/pulse/5916115b0d3cde73f7669850/
• NHS services in England and Scotland hit by global cyber-attack (The Guardian)
  • Discussion on Hacker News: https://news.ycombinator.com/item?id=14324129
• Telefonica Tells Employees to Shut Down Computers Amid Massive Ransomware Outbreak (BleepingComputer)
• Leaked NSA Exploit Spreading Ransomware Worldwide (Threatpost)
• An NSA-derived ransomware worm is shutting down computers worldwide (Ars Technica)
• Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool (NYT)
  • Discussion on Hacker News: https://news.ycombinator.com/item?id=14326439
• Mass cyberattack strikes computer systems worldwide Live updates (RT)
• Malware, described in leaked NSA documents, cripples computers worldwide (Washington Post)
• 'My heart surgery was cancelled' (BBC)
• Player 3 Has Entered the Game: Say Hello to 'WannaCry' (Cisco / Talos)
• Virulent WCry ransomware worm may have North Korea’s fingerprints on it (Ars Technica)
• Tim Cook’s refusal to help FBI hack iPhone is validated by ‘WannaCry’ ransomware attack (BGR)
• China, Addicted to Bootleg Software, Reels From Ransomware Attack (NYT)
• The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack (Microsoft)
• WannaCry Ransomware Attack Is a Symptom of a Much Bigger Problem (Veracode)
• WanaCrypt0r Ransomworm (BAE System Research)
  • Discussion on Hacker News: https://news.ycombinator.com/item?id=14366162
• SMB Exploited: WannaCry Use of "EternalBlue" (FireEye)

On Russia

• GRIZZLY STEPPE – Russian Malicious Cyber Activity (US-CERT)
• Critiques of the DHS/FBI’s GRIZZLY STEPPE Report (Robert M. Lee)
• US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware (Wordfence)
• Grizzly Steppe IP and Hash Analysis (JerryGamblin)
• How Russia Recruited Elite Hackers for Its Cyberwar (NYT)
• Some notes on IoCs (ErrataSec)

On the Security of U.S. Government Systems

tl;dr: complexity, dependence an reliance on third-party systems and consulting

• US Homeland Security’s $6B Firewall Has More Than a Few Frightening Blind Spots (Defense One)
• Top five U.S. defense contractors bungle commercial cybersecurity market opportunity (CSO Online)
• Navy Wants to Unplug From Some Networks to Stay Ahead of Cyberattacks (Military.com)
• U.S. Power Producers Seeking to Stem Grid Cybersecurity Threats (Bloomberg)
• U.S. to Blame Iran for Cyber Attack on Small NY Dam: Sources (NYT)
• Hackers Modify Water Treatment Parameters by Accident (Softpedia)
• Top US Undergraduate Computer Science Programs Skip Cybersecurity Classes (DarkReading)
• U.S. government worse than all major industries on cyber security: report (Reuters)

On the Encryption Debate

• CSAIL report: Giving government special access to data poses major security risks
• Apple's open letter
• Who Sets the Rules of the Privacy and Security Game? by Jennifer Granick
• Android phones are easier for police to crack than iPhones (CNN)
• "A very good summary of the technical issues in Apple v. FBI" from @SteveBellovin https://twitter.com/SteveBellovin/status/703414902594125824
• San Bernardino Shooter's iCloud Password Changed While iPhone was in Government Possession (ABC News)
• FBI says it might be able to break into seized iPhone, judge cancels order to aid decryption (ArsTechnica)
• Congress's New Encryption Bill Just Leaked, And It's As Bad As Experts Imagined (Vice)
• The Senate's Draft Encryption Bill Is 'Ludicrous, Dangerous, Technically Illiterate' (Wired)
• Ron Wyden vows to filibuster anti-cryptography bill (Boing Bong)

On the Office of Personnel Management (OPM) Incident

tl;dr: malware, social engineering

• "EPIC" fail—how OPM hackers tapped the mother lode of espionage data (ArsTechnica)
• FBI, DHS Share Lessons Learned from OPM Hack (OpenDNS)
• After OPM Hack, Security-Clearance Requests Will Run Through the Pentagon (Defense One)

On the Ukraine Power Plant Incident

tl;dr: denial of service, malware

• First known hacker-caused power outage signals troubling escalation (ArsTechnica)
• Everything We Know About Ukraine’s Power Plant Hack (Wired)
• The Malware That Led to the Ukrainian Blackout (Motherboard)
• DHS ICS-CERT Alert (IR-ALERT-H-16-056-01) Cyber-Attack Against Ukrainian Critical Infrastructure
• Lessons From The Ukraine Electric Grid Hack (Dark Reading)

On the Israel Electricity Authority Incident

tl;dr: social engineering, malware

• Israel's electric authority hit by "severe" hack attack (ArsTechnica)
• We’re Crying Wolf Over Nonexistent Infrastructure Hackers (Motherboard)

On China

• Why China hacks the world (Christian Science Monitor)

On Stuxnet

• Stuxnet Malware Analysis Paper (CodeProject) --a technical analysis

On Zero Days

• NSA's Hacker-in-Chief: We Don't Need Zero-Days To Get Inside Your Network (Motherboard)