Episode: 3841
Title: HPR3841: The Oh No! News.
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3841/hpr3841.mp3
Transcribed: 2025-10-25 06:23:20

---

This is Hacker Public Radio Episode 3841 from Monday the 24th of April 2023.
Today's show is entitled The Oh No News.
It is hosted by some guy on the internet and is about 21 minutes long.
It carries a clean flag.
The summary is, Scotie and Bumblebee discusses U.S. Marshall's service ransomware attack
and more.
Hello and welcome to another episode of Hacker Public Radio.
I'm your host, some guy on the internet and I'm here with...
Hi, I'm Bumblebee.
Let's begin The Oh No News.
Let's start with threat analysis, your attack surface.
In our first article, U.S. Marshall service computer systems hit by ransomware attack.
Oh no!
The ransomware attackers, known as Scorch, has hit a computer systems at the U.S. Marshall
services.
All right, B, what do you know about ransomware?
Not much, to be honest.
If I think about it, I just think that if you hear the word ransom, you think that something
is being taken and that you need to either pay or give something as leverage or something
like that.
I don't...
That's the only thing I could think of.
Is it something like that?
Very, very close.
That is the gist of it.
Rantomware is software malware that usually encrypts a victim's systems, their servers, their
data, and then the user is locked out of that data because they don't have the encryption
key.
The users then give in a message, you know, an ultimatum either pay the attacker to get
the key to then decrypt their data.
The federal government has put in place guidelines instructing U.S. companies to not only report
when these incidents occur, but also not to pay the ransom.
Which I can understand that it just makes people do it over again.
If you're good to humor that behavior, that is what's going to happen.
But I can understand the feeling of wanting to go away and you just do that so I can understand.
No, in this case, because it's the United States Marshall services, these criminal actors
are attacking law enforcement in this situation.
So they're not just out attacking your local businesses target Walmart in the other healthcare
industries.
They're actually attacking the people who would ultimately pursue the criminals out of
all the things to hack into hacking into the U.S. government federal government is not
a smart idea.
I would agree 100% on that.
Now one of the ways that ransomware spreads or a victim encounters ransomware is usually
through email a victim clicks on something in an email.
It looks like a legitimate form or document or whatever, but what they don't realize is
that document has been infected with the malware payload.
The payload is designed to quietly in the background begin encrypting all of the user's
data.
Most of the time they're designed to spread.
So if your computer is connected to a network, it will begin to spread to other devices
on the network.
So if you're connected to a backup server, it will spread to that backup server and
it will begin encrypting all of the data on the backup server as well.
Not only does it deny the user's access to their data, but it also sends the data back
to the attackers.
Now encrypting all of the user's data has two functions.
One, it denies the user access to their own data.
And two, it also prevents the users or limits the user's ability to discover how the attackers
infiltrated the system.
So any tracks left behind by the attackers are now covered by the encryption.
What is the reason for them to do it to see if they can do it?
Obviously, they're not asking for money because that doesn't make sense because they know
if anyone knows the US government would never pay them, what information are they trying
to receive or take that the US marshals have?
That's my question.
Very good question.
Remember when I mentioned that the ransomware has two functions.
One, encrypts the data so that the user cannot have access to it.
The second function of it is to cover their tracks while the attackers steal the data.
They mention that federal judges, as well as other criminal fugitives, a lot of that
data was being stored on the service.
So legal processes, administrative information, and other personally identifiable information
pertaining to the subjects of the United States Marshall Service investigation, as well
as third party information, and US Marshall employees information was stolen.
So basically they are able to identify undercover agents, judges, decisions that are being
made, and all of the underworkings that are being held or administrative by the US Marshall
Services.
Yeah, because I was thinking the same thing, very similar things, because anyone that
is employed, when you do an employee, you give them your home address.
It may be their direct deposits are in there.
I think about that too, but I more think of people safety more than them trying to steal
someone's identity.
Obviously, they were looking for something, but it's terrifying.
They won't pay, but, and it doesn't say anywhere that there was even a ransom.
If these people aren't asking for anything in return, that means they were fishing for information.
They were fact finding, which is, in my personal opinion, even more scary than them asking
for money.
Exactly.
They are, as you put fact finding in this attack, this attack potentially revealed a lot
of strategies that the US Marshall Services had up their sleeves, and it's now floating
around on the internet.
Some attacker is possibly bidding this information out to whomever is willing to pay for it.
So this kind of information has very deep consequences behind it.
But it also shows the intelligence of these people.
For someone like me and you, to have, like you said, three backups.
I mean, I have so many backups.
So if someone happened to hack my computer, I'm like, all right, I'll just wipe my hard drive
and then get my other hard drive to back everything back up.
And there's no worry.
I mean, it's inconvenient, yes.
But I don't sit here and I'm not going to write home about for them to be able to hack
the government, which a lot of people that are in the government are MIT graduates and
all of these very skilled individuals.
And for them to be able to get through that, that is very telling on who these people are.
No matter how brilliant we are, if we don't keep ourselves informed and follow best practices
will all eventually succumb to these type of attacks.
So it's not a matter of when or it's not a matter of how it's a matter of when for us.
Now next story, major data breach for US lawmakers and staff in this story.
Our US Congress suffered a major data breach attackers claim to have stolen information
for over 170,000 people over at the US Congress.
That's the House of Representative and US Senate.
Some of this information included social security numbers and birthdays.
So this is very, very valuable information.
So B, what do you think about this attack?
I think it's devastating.
This criminal has all of this information from hundreds of thousands of people.
What they can do with this information, whether they sell it or use it, is really terrifying.
We just don't know what they're going to do with it.
You're right.
Now also in this attack, they mentioned the potential for fishing.
So these lawmakers and their staffers are not only going to have to one, review security
protocol, but two, now they have to go and update others on the protocol, meaning other
family members so that may be experiencing attacks in the future.
People don't realize that when they're looking for something, they may not be looking for
one individual.
They may be looking for hundreds of thousands just to have information.
Their families, they have their social security numbers on there.
Their emails, their birthdays, their phone numbers, their home addresses, everything.
When I was reading one of the headlines, they talked about that they're having security
for these people now because of this.
These are government officials, the highest of what we have.
Even if these hackers didn't have the intention to physically harm them, the information that
they're selling to other people, they might have that intent.
Now, B, you mentioned security that they're going to be providing the lawmakers.
Are we talking about, you know, secret service or something here?
Not at this moment, mostly it's identity protection.
Oh, I got what you're saying, the identity and credit protection, the monitoring services
got you.
Absolutely.
It'd be very difficult for them to have hundreds and thousands of them having, like you
said, secret service.
I mean, I wouldn't be surprised that they're doing that for the regular house representative,
but I'm not certain if they're doing it for staff.
On our next summit, we are going to talk about the owner of breach forms was arrested
for conspiracy to commit access device fraud.
All right.
So in this story, this breach forms was where they sell data, so what do you think about
this?
Well, it's really interesting because if you remember the last segment we were talking
about the politicians and the providers in the US House of Representatives, all of their
information was stolen and well, it was stolen and sold on this site.
They attempted to sell all the personal information on breach forms website.
So that being said, currently he was arrested on March 15th and he received bail on the
16th and he is supposed to be in court on the 24th.
Oh, man.
So we're talking about a place where attackers actually take their stolen data, go to
a bidding site to then sell that data.
This bidding site was seized by the FBI and the attacker who ran it was put in jail for
what sort of cybercrime was he charged with conspiracy to commit access device fraud.
Right now they're not releasing much information based on the court case, but what they are
saying is that they did seize all of his information, his documents, everything that he had
on it and right now they're trying to see who he bought it from.
Oh, so they're doing a trace investigation now.
Wow, well, I hope they end up finding out the links in this chain and bring them all
down actually because this is scary.
Absolutely, because at the moment they don't they don't have much information on whose
stole said documents and information, but they do know where is being sold.
So which is terrifying.
All of these things could be sold and put on the black market or even have it as public
view.
It's easy to change a phone number and change an email, you can't change a birthday
or your social.
Yeah, you're right.
So in our next story, it turns out it's a remote admin tool or it was disguised as
in a remote admin tool, but it was actually malware.
Well, it's pretty obvious that they were selling it just so they can use it to hack
into other people's information.
Literally, you were paying to be hacked.
Yeah, you're paying for your, you're paying to be made a victim here.
So this was a very insidious attack out of all the ones we've spoken today.
This one is probably the most ridiculous.
You want to, you want to know something even scarier about it?
The device that you have that you call an iPhone is virtually the same thing.
Here's someone selling you a device telling you it's secure and you can use it to manage
your daily life.
Meanwhile, they're turning around and selling every single thing you do with that device
to a third party that you have no knowledge of.
Absolutely.
It's the same thing when you see all those people, they say, oh, we will not sell or share
your information.
I'm always like, are you sure though?
Are you sure though?
Yeah.
I think the only difference between those scenarios with the iPhone and other services and
this one, this particular piece of malware was offered directly to attackers.
So that's the only difference here.
They charged you money to become a victim and then sold the information to attackers who
could have a much more direct path to exploiting you and the FBI sees that took it down.
So hopefully this is out of the way, but I don't recall seeing any arrests being made
there.
So the people that are doing this are still out there with that source code.
So we'll just have to look out for another administrative tool popping up on the market.
Let's go ahead and move on to our next story.
Hopefully this one isn't as scary.
And living systems provider notice of data breach.
All right.
And this story, be help me out here.
Am I seeing what I think I'm seeing?
Is this our most vulnerable citizens under attack?
Unfortunately, yeah, it's so, so devastating.
It's so sad because most of the elderly don't understand technology the way that we do.
So they expect that when they go to a community care center or what we call it a nursing home,
they want to live out their life in peace.
They don't want to have to worry about this.
Most of these elderly, they worry about getting a phone call and scamming them that way.
That's a lot of the times where these people pry.
And now they hack into this to take it from our seniors.
It's just disgusting.
A company by name of independent living systems has had to put out a notice that their customers
elderly citizens who went there for safety and security all bundled up together to make
one prime target became under attack.
And now the types of information released in this attack.
I mean, it's it's kind of heartbreaking to hear it, but here, here is how their names,
their addresses, their date of birth, driver's license, state identification numbers, social
security numbers, financial information, Medicare and Medicaid, other medical record
numbers, as well as their mental and physical treatments and condition information, everything
down to their food delivery information, their diagnosis codes and diagnosis information,
the date they were admitted, the date that they were discharged, prescription information,
all of this was taken from this database.
This was a massive breach that left many vulnerable.
Independent living system is a third party.
So they are kind of like a broker, if you will, they manage a lot of these places.
The place that was actually hacked was Florida Community Care.
They're the actual nursing home or living facility is what most in the medical field call
it is a living facility.
So on average with insurance, cured with medical insurance, you will pay, you could pay
as low as 5,000 some people, but in my experience, people had to pay 20, 30, 40 grand, depending
on the facility you go to.
Is this 20, 30, 40 grand a year?
No, this is per month.
What goes into these facilities besides your security that got broken into that we're
now experiencing talking about, but there's also the care that depending on the type of
patient there is or what we call resident, there could be feeding protocols, there could
be bathing protocols, there could be a wide range of things which cost different.
If someone just has Alzheimer's, but they're able to walk and talk and speak for themselves,
but they just have slight confusion, then they don't charge as much.
But if they're what we call in medical field, a complete, which means they mean complete
assistance, that someone is 10 times more vulnerable because they can't say, oh, I've been,
you know, someone stole my identity because 90% of the time they can't communicate with
you, which is even worse.
All right.
So what you're telling me is people pay for the ultimate living package for their golden
years, and that package is expected to be secure, not only from the physical, because
they're kind of gated away or kept separate, but they're also expected to be kept safe
digitally as well.
And this facility down in Florida was hit, and not only was the facility hit, but the
third party which manages the data was also hit.
Yes.
What I've looked into is that this independent living system actually manages three other
places.
Wow.
Let's, let's go ahead and switch on over to user space for a little bit.
In this new segment, we're going to talk about how PayPal is issuing a $2,500 fee for
miss information on social media.
Whoa.
PayPal introducing a $2,500 fee.
Apparently, I can understand for certain points of views that maybe they're trying
to fight hate speech, but it seems a little excessive to me.
What do you think?
Yeah.
I'd say it's not just excessive.
It is absolutely crazy.
From what I can see here, they're imposing a fine on their customers of $2,500 for
quote, miss information, close quote, and they're the judges behind what is considered
miss information.
So if you want to challenge it, just know they're the judge and jury.
Now from what I could tell PayPal has reversed on this effort, but how long?
But I want to ask you a question.
I introduced you to HPR and I sent you a link so that way you can kind of see what the
community has for a website and some of our content on the site.
Let me know.
What do you think about HPR?
I had a little bit of a hard time navigating a little bit.
I don't know if it's because it was my first time when I hit the page or the link that
you gave me.
I didn't realize I had to go all the way down to listen to said recording.
I didn't know where I guess the recording would be or the podcast or radio aspect would
be.
For the whole time, I was like clicking things.
I didn't know.
I was clicking the icons.
I was clicking the all-no news image because there's a lot of thickness that you can click
on because you put links in the description.
You do all of those which are great, but I had no idea where to find it.
That was my one issue with it.
Obviously, when I did find it, now I know that it's at the end.
I'm just used to most of them being the first thing you see here.
Listen here.
And the listen now button is at the bottom.
I don't know if that's purposeful, but the one thing I really did like is how organized
it is.
For the most part, it is pretty organized.
It's bright.
I'm all about day mode.
I like that about it.
For user-friendly purposes, as long as you click through a little bit, it's pretty easy
to follow.
All right.
That's some good information for the site administrators who are looking for feedback
for future changes to the show.
I mean, to the site, I thank you for that information.
This concludes another episode of the all-no news, the I want to thank you for coming
by and participating in this with me.
Yeah.
I had a good time and I'm really happy that we learned all this information and that
we can be resilient and protect ourselves.
All right, thank you all for listening and we'll see you in the next episode of the
all-no news.
Oh, no!
You have been listening to Hacker Public Radio at Hacker Public Radio does work.
Today's show was contributed by a HBR listener like yourself.
If you ever thought of recording podcasts, you click on our contribute link to find out
how easy it really is.
The hosting for HBR has been kindly provided by an honesthost.com, the internet archive
and our things.net.
On the Sadois status, today's show is released under Creative Commons, Attribution 4.0 International
License.