hackers

WTF Fun Fact 13635 – Catgirl Nuclear Laboratory Hack

by

In a bizarre turn of events, a US nuclear laboratory, the Idaho National Laboratory (INL), fell victim to a hack by a group self-identifying as “gay furry hackers.” The group, Sieged Security (SiegedSec), has an unusual demand: they want the lab to research the creation of real-life catgirls.

The Idaho Nuclear Laboratory Cyber Attack

The Idaho National Laboratory is not just any facility; it’s a pioneer in nuclear technology, operating since 1949. With over 6,000 employees, the INL has been instrumental in nuclear reactor research and development. The unexpected cyber intrusion by SiegedSec marks a significant security breach.

SiegedSec’s demands are out of the ordinary. They have threatened to release sensitive employee data unless the INL commits to researching catgirls. The data purportedly includes Social Security numbers, birthdates, addresses, and more. SiegedSec’s tactics include using playful language, such as multiple “meows” in their communications, highlighting their unique approach.

The group has a history of targeting government organizations for various causes, including human rights. Their recent activities include leaking NATO documents and attacking US state governments over anti-trans legislation.

The Nuclear Laboratory’s Response and Investigation

The Idaho National Laboratory confirmed the breach and is currently working with the FBI and the Department of Homeland Security’s Cyber Security and Infrastructure Security Agency. The investigation aims to understand the extent of the data impacted by the incident.

SiegedSec’s actions, while unusual, shed light on several issues. First, it highlights the vulnerability of even high-profile, secure facilities to cyber attacks. Second, the group’s unique demand for researching catgirls, while seemingly whimsical, echoes broader internet discussions about bio-engineering and human-animal hybrids. Lastly, it demonstrates the diverse motives and methods of hacktivist groups.

The Future of Catgirls and Cybersecurity

While the likelihood of the INL taking up research on catgirls is slim, the breach itself is a serious matter. It underscores the need for heightened cybersecurity measures in sensitive facilities. As for SiegedSec, their influence in the realm of hacktivism is notable, blurring the lines between political activism, internet culture, and cybersecurity.

While the demand for catgirls is likely a playful facade, the breach at the Idaho National Laboratory is a reminder of the ongoing cybersecurity challenges facing institutions today. The INL’s breach is a wake-up call for enhanced security protocols in an era where cyber threats can come from the most unexpected sources.

WTF fun facts

Source: “Gay Furry Hackers Break Into Nuclear Lab Data, Want Catgirls” — Kotaku

WTF Fun Fact 13302 – Bug Bounty Programs

by

Have you heard of “bug bounty programs”? No, they’re not about capturing critters in your yard. These programs are run by major tech companies. Companies like Google, Microsoft, and Facebook use these programs to incentivize hackers and security researchers to find and report vulnerabilities in their systems by offering rewards or cash bounties.

Big Tech’s bug bounty programs

Bug bounty programs allow tech companies to identify and address security weaknesses. But more importantly, they do so before the weaknesses can be exploited by cybercriminals. Some programs have paid out millions to researchers and hackers who found major vulnerabilities. For example, in 2019, Google paid out over $6.5 million in bug bounties to people around the world.

Bug bounty programs typically have guidelines and rules. These outline what types of vulnerabilities are eligible for rewards and how they should be reported. Once a researcher or hacker identifies a vulnerability, they submit it to the company’s bug bounty program. The company then verifies the bug and determines if it is eligible for a reward. If the vulnerability is valid, the company forks over the reward to the person who reported it.

Some companies may also offer other incentives, such as swag or recognition. This helps encourage participation. Some programs may even have different reward tiers for different types of vulnerabilities. For example, more critical or severe vulnerabilities earn higher payouts.

A win-win solution for cybersecurity

There are several reasons why companies use these programs. Identifying security vulnerabilities before they can be exploited by cybercriminals saves the company from potential data breaches, financial losses, and reputational damage.

The programs also allow companies to work with the security community. This helps them improve their security measures and stay ahead of emerging threats. These programs are also cost-effective. Companies discover security weaknesses, as they only pay for valid bugs that are reported.

WTF fun facts

Source: “Google paid $6.7 million to bug bounty hunters in 2020” — ZDNet

WTF Fun Fact 13244 – The Dangers of Paying Ransom

by

2021 study from Cybereason found that 80% of organizations targeted with ransomware attacks and that paid a ransom were later targeted by a second attack. This adds to the evidence that paying ransom may not always be worth it for companies.

Ransomware and paying ransom

According to experts at Kaspersky, ransomware attacks doubled in the first ten months of 2022 compared to the previous year. This included individuals, government entities, and businesses. They also noted that most attacks originated with phishing emails imitating legitimate agencies to access personal information or credentials.

While companies subject to ransomware attacks face enormous pressure to pay a ransom to protect customer data, this carries risks. The FBI has warned some companies that paying ransom isn’t necessarily going to protect them.

Ransom demands are also rising – in fact, the amounts have increased by 500% in the last two years. The average ransom demand from cybercriminals is now half a million dollars. And while some insurance companies offer cyber insurance, it does not make up for the private data that gets leaked on the dark web.

Cyber insurance may soon become a thing of the past since many companies seem incapable of mounting a secure defense against hackers, and lawsuits pile up as a result.

Once a company pays a ransom, they seem to be a target for new attacks. Up to 80% are targeted a second time.

As of 2021, between 50 and 75% of ransomware targets were small businesses.

The importance of cybersecurity

Recent hacks have had devastating consequences. For example, Australia’s Medibank medical insurance company was hacked in 2021. As a result, people who had sought resources for mental health and addiction had their names and data published on the dark web. Medibank now faces a class action lawsuit. It’s unclear if they considered paying ransom demands.

New Internet of Things (IoT) and mobile devices are at the center of security discussions. It appears these are popular targets for hackers. For example, many recent hacks have targeted unsecured printers that people fail to update. If these are part of a company’s network, cybercriminals can gain access to a printer and move into a company’s entire network.  WTF fun facts

Source: “Ransomware” — NAIC