It was back in Q4/20 when the UK based Outsourcing company serco were warned they were running with digital insecurities – something which was leveraged by the Babuk Gang when they exploited some of the said security weaknesses in Q1/21 with a Ransomware attack – followed by a public disclosure of the acquired data. Rumour does have it on this occasion a ransom was paid.
The Babuk Gang have yet again risen to adverse fame, this time by compromising the Washington DC Police Department with a successful Ransomware attack – and again, acquiring data – very sensitive data, releasing and making public real-time information relating to investigations, and the contact details of multiples of active, and retired Police Officers – a situation which is of course potentially life threatening. See Fig 1. (Thank you to our external helpers)
Fig 12 – Redacted – Babuk Gang Released Confidential Files
Whilst worrying, the serco incidence only compromised and released what was commercial information into the public domain. However, with the case of the DC Police Department we see highly sensitive operational intelligence being released into the Public Domain with very real and dangerous implications.
The added concern is of course, post such public disclosures, it is simply impossible to assess, even after a ransom may have been paid, what data has remined in the hands of the public, and in this case, the dangerous criminal elements, and Organized Crime Gangs (OCG) of society. But the bad news does not stop here – today an OSINT scan was run again 8 other US Law Enforcement Agencies, and they were also found to be wanting in the aspect of Digital Security.
To conclude, we have been warned by the Head of the US Security Services, as well as the Government Executive in the US, and the Cybersecurity Advisory published 26 April 2021, warning of the cyber threat we are facing – yet, still many Commercials and Government Agencies would seem to be running into the hands of the potential of future compromise by the Babuk Gang, or other such hostiles like CozyBear, rather than to doing the right thing – secure the assets!
John is the Principle at Shadow-Intelligence (Si), partnering with PALISCOPE, BreachAware and iStorage. He is a Visiting Professor at the School of Science and Technology, Nottingham, Trent University (NTU) and holds the appointment of Editor in Chief for the International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI). For the last decade he has delivered training courses in the Middle, and Far East to Commercial, Industrial, the Financial Services Sector, and Military Agencies, including the UAE, US, Pakistan, Saudi Arabia, Malaysia (KL), Singapore, Argentina, and Sao Paulo
He served in the Royal Air Force 22 years’, specialising in Counterintelligence, working with UK Agencies such as GCHQ/CESG, and others in the fields of SIGINT, COMINT and Satellite Communications, holding appointments such as System ITSO for a CIA SCIF.
In the commercials sectors of IT/Cyber he has worked for/with Logica, Bae, T5, GM, Experian, Betfair, Palace of Westminster, House of Lords/Commons, TSol (Treasury Solicitors) and provided Consultancy to the Saudi Arabian MOD, TRA (Telecommunications Authority (Dubai) and the Military Academy of Malaysia (KL) on SOC, CSIRT, Digital Forensics and OSINT. Within the last 5 years he has focused on Geopolitics, with global expertise around the UAE and Russia, Anti-Terrorist Operations (ATO), Cyber-Warfare, Dezinformatsiya (Disinformation) and Maskirovka (Military Deception).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.