FBI Hack Called ‘Tipping Point’ in Struggle Against Cybercrime
A congressional committee began hearings Tuesday on cybersecurity in the shadow of a series of escalating threats that legislators warned could "create catastrophic consequences."
Landwebs
The sabotage against an FBI server, which resulted in a fake alert purportedly distributed by the Department of Homeland Security, should be considered a “tipping point” in the nation’s struggle against cybercrime, warns Rep. Carolyn B. Maloney (D-N.Y.), chair of the House Oversight and Reform Committee.
Maloney’s remarks came as the committee began hearings Tuesday into a new review of cybersecurity.
The review focused on three recent ransomware attacks — against CNA Financial Corporation, Colonial Pipeline and the meat processor JBS Foods — but the FBI attack attracted worried attention from legislators, reports The Washington Post.
In his opening statement, the top Republican on the committee, Rep. James Comer (Ky.), warned that “hackers’ ability to penetrate the FBI’s systems could create catastrophic consequences and chaos.”
The FBI blamed the hack on a “software misconfiguration.” Personally identifiable information was not exposed and the vulnerability was “quickly remediated,” the bureau said.
The review warned that companies hit by ransomware hackers are at a disadvantage during every phase of the attack. They often don’t know who in the federal government to call for help, and the firms are under intense pressure to pay ransoms quickly to get their computers systems back online.
Hackers with the REvil gang, for example, told JBS their $22.5 million ransom demand would double if it wasn’t paid quickly. They also threatened to post the company’s data publicly if they weren’t paid within three days. Eventually, JBS negotiated paying an $11 million ransom.
National Cyber Director Chris Inglis, CISA Executive Director Brandon Wales and FBI Assistant Director Bryan Vorndran were scheduled to testify at Tuesday’s hearing.
The hearing comes a day after President Joe Biden signed a $1.2 trillion infrastructure package, which included $2 billion in cybersecurity funds.
