The Department of Justice hacked the Hive, and now the State Department wants to take down the whole nest. The State Department is offering up to $10 million for information on who’s behind the Hive hacking group after the DOJ successfully disrupted the ransomware gang in a monthslong operation dating back to July 2022.

The DOJ announced on January 26 that they had successfully taken Hive down, working alongside the German Federal Criminal Police, Reutlingen Police Headquarters–CID Esslingen, and the Netherlands National High Tech Crime Unit to seize servers and domains the gang used to coordinate its activities.

“In a 21st century cyber stakeout, our investigative team turned the tables on Hive, swiping their decryption keys, passing them to victims, and ultimately averting more than $130 million…in ransomware payments,” Deputy Attorney General Lisa O. Monaco said in a statement on the operation.

FBI agents also captured decryption keys and shared them with victims, saving millions in ransom payments.

“For months, we helped victims defeat their attackers and deprived the Hive network of extortion profits,” Monaco said. “Simply put, using lawful means, we hacked the hackers. We turned the tables on Hive and we busted their business model.”

Ransomware attacks have exploded in recent years, with groups like Vice Society targeting educational institutions and ransomware gangs going after connected infrastructure.

Read more here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

T-Mobile’s SEC filing—an announcement of a “bad actor” pulling data from a single application programming interface (API)—highlighted two dates…and a curiously long time span between them.

The report stated:

• “On January 5, 2023, T-Mobile US…identified that a bad actor was obtaining data through a single application programming interface (‘API’) without authorization.”
• “We currently believe that the bad actor first retrieved data through the impacted API starting on or around November 25, 2022.”

While holiday-hungry employees are known to tune out from Thanksgiving to New Years, the 41-day blind spot noted in the filing reveals a striking lack of oversight of an increasingly targeted application component: the API.

“The fact that it went on for five weeks suggests no monitoring was in place,” said Chester Wisniewski, field CTO of applied research at the security software company Sophos.

As hackers search for customer information via APIs (the T-Mobile actor had access to addresses, phone numbers, and birthdates), the defensive measures required to secure the interfaces are familiar ones used for traditional authentication: Take care of keys and watch for anomalous activity.

“We have all kinds of tools that monitor how frequently a user is logging in, what hours they’re logging in, and what country are they logging in from…The same exact technology should be applied to API endpoints,” Wiesniewski told IT Brew.

Keep reading here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Today’s top IT reads.

Stat: $1.3 billion. That’s how much money victims lost to romance scams in 2022. (Federal Trade Commission)

Quote: “As the adage goes, ‘you ship your org chart’...It’s chaos here right now, so we’re shipping chaos.”—a current Twitter employee, referring to recent glitches, outages, and disarray at the company (The Verge)

Read: When AI steals your art, who do you take to court? (the New Yorker)