References for Political Science, International Relations, and Law

On the Petya Ransomware Attack on June 27, 2017

• Fact sheet on Petra ransomware: https://gist.github.com/vulnersCom/65fe44d27d29d7a5de4c176baba45759
• "Petya ransomware successful in spreading because it combines both a client-side attack (CVE-2017-0199) and a network based threat (MS17-010)" by @HackerFantastic, https://twitter.com/hackerfantastic/status/879719012929875968
• "Anyone know what this is inside of #petya? This is in 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745" by @malwarejake, https://twitter.com/MalwareJake/status/879728987018231808
• "A tipster sends along this photo taken outside DLA Piper's D.C. office around 10am. #Petya" by @ericgeller, https://twitter.com/ericgeller/status/879738598244835328
• "Unexpected ransomware in bagging area" by @gcluley, https://twitter.com/gcluley/status/879721876305661953
• "#StopPetya We have found local “kill switch” for #Petya: create file "C:\Windows\perfc" by @PTsecurity_UK, https://twitter.com/PTsecurity_UK/status/879779707075665922
• Six quick facts to know about today's global ransomware attack (ZDNet)
• Pnyetya: Yet Another Ransomware Outbreak by the grugq
• ‘Petya’ Ransomware Outbreak Goes Global (Krebs on Security)
• Cyberattack Cripples Ukraine (Atlantic Council)
• Maersk says global IT breakdown caused by cyber attack (Reuters)
• Massive cyberattack hits Europe with widespread ransom demands (Washington Post)
• Pharma giant Merck hit in growing ransomware attack (The Hill)
• Global ransomware attack causes turmoil (BBC)
• Petya Ransomware Spreading Rapidly Worldwide, Just Like WannaCry (The Hacker News)
• New Petya Ransomware Attack Prevented by Minerva (Minerva Labs)
• A new ransomware attack is infecting airlines, banks, and utilities across Europe (The Verge)
• Pennsylvania hospital system hit in cyberattack (WHDH)
• Petya - Enhanced WannaCry? (comae.io)
• Hacker Behind Massive Ransomware Outbreak Can't Get Emails from Victims Who Paid (Motherboard)
• Cyberattack hits entire Heritage Valley Health System, shuts down computers (WTAE)
• Another Massive Ransomware Outbreak Is Going Global Fast (Forbes)
• Petya cyberattack hits Europe, disrupting banks, government agencies (USA Today)
• Schroedinger’s Pet(ya) (Securelist)
• Is this Cyber War? Ransomware Attack Hits Banks, Transport, Government in Ukraine (The Security Ledger)
• Ransomware halts production at Cadbury's Tasmanian chocolate factory (ZDNet)

On the WannaCry Ransomware Attack on May 12, 2017

• Fact sheet: https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168
• WANNACRY RSA keys in PEM format: https://pastebin.com/SNBdGbJh
• WannaCry/Wcry Ransomware: https://otx.alienvault.com/pulse/5916115b0d3cde73f7669850/
• NHS services in England and Scotland hit by global cyber-attack (The Guardian)
  • Discussion on Hacker News: https://news.ycombinator.com/item?id=14324129
• Telefonica Tells Employees to Shut Down Computers Amid Massive Ransomware Outbreak (BleepingComputer)
• Leaked NSA Exploit Spreading Ransomware Worldwide (Threatpost)
• An NSA-derived ransomware worm is shutting down computers worldwide (Ars Technica)
• Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool (NYT)
  • Discussion on Hacker News: https://news.ycombinator.com/item?id=14326439
• Mass cyberattack strikes computer systems worldwide Live updates (RT)
• Malware, described in leaked NSA documents, cripples computers worldwide (Washington Post)
• 'My heart surgery was cancelled' (BBC)
• Player 3 Has Entered the Game: Say Hello to 'WannaCry' (Cisco / Talos)
• Virulent WCry ransomware worm may have North Korea’s fingerprints on it (Ars Technica)
• Tim Cook’s refusal to help FBI hack iPhone is validated by ‘WannaCry’ ransomware attack (BGR)
• China, Addicted to Bootleg Software, Reels From Ransomware Attack (NYT)
• The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack (Microsoft)
• WannaCry Ransomware Attack Is a Symptom of a Much Bigger Problem (Veracode)
• WanaCrypt0r Ransomworm (BAE System Research)
  • Discussion on Hacker News: https://news.ycombinator.com/item?id=14366162
• SMB Exploited: WannaCry Use of "EternalBlue" (FireEye)

On Russia

• GRIZZLY STEPPE – Russian Malicious Cyber Activity (US-CERT)
• Critiques of the DHS/FBI’s GRIZZLY STEPPE Report (Robert M. Lee)
• US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware (Wordfence)
• Grizzly Steppe IP and Hash Analysis (JerryGamblin)
• How Russia Recruited Elite Hackers for Its Cyberwar (NYT)
• Some notes on IoCs (ErrataSec)

On Ransomware --And Who Paid the Ransom

• "Not all who pay a ransom successfully recover their compromised data" (Help Net Security)
• "A new report by the CyberEdge Group found that 55 percent of responding organizations were compromised by ransomware in 2017, down from 61 percent in 2016. Respondents who were victimized by ransomware and who elected to pay the ransoms were asked if they successfully recovered their compromised data. Surprisingly, only half confirmed successful data recovery, while the other half acknowledged complete data loss."
• (Melrose, MA) Melrose Police Pay 1 Bitcoin to Get Rid of Ransomware
• (Tewksbury, MA) Police Pay Off Ransomware Operators, Again (Dark Reading)
• (Horry County School District in South Carolina) US School Agrees to Pay $8,500 to Get Rid of Ransomware (Softpedia)
• (Hollywood Presbyterian Medical Center) Hospital paid 17K ransom to hackers of its computer network (AP)
  • Ransomware takes Hollywood hospital offline, $3.6M demanded by attackers (CSO Online)
• (Methodist Hospital in Henderson, KY) Hospital Declares ‘Internal State of Emergency’ After Ransomware Infection (Krebs on Security)
• (Cloquet School District in Duluth, MN) Cloquet schools suffer 'ransomware' attack (Duluth News Tribune)
• (Plainfield, NJ) These hackers can hold a town hostage. And they want ransom — paid in bitcoin (WaPo)
• (Germany) German hospitals being held ransom by cyber attackers (IT Governance)
• (Washington D.C.) Washington's MedStar Health shuts down computers after virus (Reuters)
• (Calgary, Alberta) Bitcoin ransom demanded by hackers of Calgary wine store (CBC)
• (Calgary, Alberta) University of Calgary Pays $20K Following Ransomware Attack (Threatpost)
• NASCAR Team Pays Ransomware Fee to Recover Files Worth $2 Million (Softpedia)
• (Madison County, Indiana) Ransomware attack forces Madison County, Indiana to pay up (StateScoop)
• (Allegheny County, PA) Pennsylvania State Prosecutor's Office Paid Ransom In 'Avalanche' Ransomware Attack (Dark Reading)
• 70 Percent of Enterprise Ransomware Victims Paid Up, Data Shows (On the Wire)
• (Los Angeles, CA) Los Angeles college pays hacker ($28,000) student data compromised (KSBY)
• Half of Ransomware Victims Pay Criminals' Demands to Recover Data (Threatpost)
• (Cockrell Hill, TX) Police Department Loses Years Worth of Evidence in Ransomware Incident (bleepingcomputer.com)
• (Austria) Hotel ransomed by hackers as guests locked in rooms (The Local)
• (Washington D.C.) Hackers hit D.C. police closed-circuit camera network, city officials disclose (WaPo)
• (Sacramento, CA) Hackers attack Sacramento transit system and demand $8,000 ransom (MSN)

On the Security of U.S. Government Systems

tl;dr: complexity, dependence an reliance on third-party systems and consulting

• US Homeland Security’s $6B Firewall Has More Than a Few Frightening Blind Spots (Defense One)
• Top five U.S. defense contractors bungle commercial cybersecurity market opportunity (CSO Online)
• Navy Wants to Unplug From Some Networks to Stay Ahead of Cyberattacks (Military.com)
• U.S. Power Producers Seeking to Stem Grid Cybersecurity Threats (Bloomberg)
• U.S. to Blame Iran for Cyber Attack on Small NY Dam: Sources (NYT)
• Hackers Modify Water Treatment Parameters by Accident (Softpedia)
• Top US Undergraduate Computer Science Programs Skip Cybersecurity Classes (DarkReading)
• U.S. government worse than all major industries on cyber security: report (Reuters)

On the Encryption Debate

• CSAIL report: Giving government special access to data poses major security risks
• Apple's open letter
• Who Sets the Rules of the Privacy and Security Game? by Jennifer Granick
• Android phones are easier for police to crack than iPhones (CNN)
• "A very good summary of the technical issues in Apple v. FBI" from @SteveBellovin https://twitter.com/SteveBellovin/status/703414902594125824
• San Bernardino Shooter's iCloud Password Changed While iPhone was in Government Possession (ABC News)
• FBI says it might be able to break into seized iPhone, judge cancels order to aid decryption (ArsTechnica)
• Congress's New Encryption Bill Just Leaked, And It's As Bad As Experts Imagined (Vice)
• The Senate's Draft Encryption Bill Is 'Ludicrous, Dangerous, Technically Illiterate' (Wired)
• Ron Wyden vows to filibuster anti-cryptography bill (Boing Bong)

On the Office of Personnel Management (OPM) Incident

tl;dr: malware, social engineering

• "EPIC" fail—how OPM hackers tapped the mother lode of espionage data (ArsTechnica)
• FBI, DHS Share Lessons Learned from OPM Hack (OpenDNS)
• After OPM Hack, Security-Clearance Requests Will Run Through the Pentagon (Defense One)

On the Ukraine Power Plant Incident

tl;dr: denial of service, malware

• First known hacker-caused power outage signals troubling escalation (ArsTechnica)
• Everything We Know About Ukraine’s Power Plant Hack (Wired)
• The Malware That Led to the Ukrainian Blackout (Motherboard)
• DHS ICS-CERT Alert (IR-ALERT-H-16-056-01) Cyber-Attack Against Ukrainian Critical Infrastructure
• Lessons From The Ukraine Electric Grid Hack (Dark Reading)

On the Israel Electricity Authority Incident

tl;dr: social engineering, malware

• Israel's electric authority hit by "severe" hack attack (ArsTechnica)
• We’re Crying Wolf Over Nonexistent Infrastructure Hackers (Motherboard)

On China

• Why China hacks the world (Christian Science Monitor)

On Stuxnet

• Stuxnet Malware Analysis Paper (CodeProject) --a technical analysis

On Zero Days

• NSA's Hacker-in-Chief: We Don't Need Zero-Days To Get Inside Your Network (Motherboard)