On July 4th, 1996, the team of Hiller, Whitmore, Grey, and Casse delsivered a fatal Trojan virus using a simple PowerBook 5300 ino the data banks of a space vehicle, which then enabled them to destroy an alien mother-ship which had decimated several cities on earth, thereby freeing humanity from its existential threat. Their timing may have been impeccable, but—unlike in the movies—defenders rarely get a chance to be so discriminating.
Attackers usually have more control over the symbolism of their attack timetable. It seems that, if you are hell-bent on destroying freedom, then America’s “Independence Day” is an appropriate date to target.
Reveling in Revil
The world is still reeling from Russian-based REvil’s attack in 2021 on the Miami IT services company, Keseya. A month after ransoming Brazilian meat-packing giant JBS for an estimated $11m, attackers used their new base as a springboard to 40 cybersec suppliers, and from there infecting over a thousand businesses around the world. The take ranged from $50K to $5m—depending on company size—for decryption keys to decrypt locked data. Sweden’s Coop chain was one victim, NASA, reportedly, another
Although difficult to pinpoint, a month earlier US President Joe Biden had called on his Russian counterpart Vladimir Putin to crack down on cyberthugs before suffering US retaliation. The REvil attack was not pursued, however, as a Russian state initiative. Then, in October, the FBI in conjunction with Interpol and European agencies, the gang’s servers were compromised through a a backdoor and several individuals arrested. In January the following year, Russian security services claimed they had charged several related individuals.
Ironically, the backdoor supplied was through a chatroom used by gang members to discuss ways f cheating affiliates out of their cut.
This past year saw another attack—once again through a cybersecurity provider. Shi International, provides IT infrastructures, IT optimization, and cybersecurity products to companies like J&J, AT&T, Boeing, and more. During the July 4th holiday weekend, 2022, hackers launched a coordinated attack that was quickly identified. Luckily, the company’s response systems were well-oiled and the company—and its clients—were unaffected by the attack.
A company spokesman to Channel Futures that he wasn’t surprised, Target, Morley and health providers recently suffering similar fates. Perhaps with everyone expecting an attack on this eponymous date, we’re all just that little bit surprised that there aren’t more of them.
Railroading the Issue
Also in 2022, Iranian media reported that it had infiltrated the servers of Israel’s Tel Aviv Metro. Considered a close ally of the United States, July 4th celebrations here are widely attended, with fireworks and revelry attended as though it were a national holiday. None of these, however, impact Tel Aviv’s Metro system which—sadly–does not exist. It has been in the works for upwards of a decade, but with the current Transport Minister placing it very low on her list of priorities, it will probably not be a viable target for cyberhacks for years to come.
And, indeed, the following morning, one of the companies charged with its development admitted that a “glitch” had been detected—a DoS attack on its website from abroad that had been swiftly neutralized. Coincidentally, the attack came a day after the disruption of a website belonging to Iran’s culture and media agency.
Enjoy the fireworks
In short—as you prepare the barbecue, chill the beers, and unpack the flags, remember that the fireworks are wonderful to enjoy from a distance—up close you should keep your hands away from lit fuses.
It’s a day of celebration, a day of consequence, and a cultural icon. Don’t let July fourth become a day to remember for all the wrong reasons. Just because you’re receiving congratulatory messages, WhatsApp invitations and celebratory social Gifs doesn’t mean you have to click on the links each time you receive an invitation.